Breaking down OpRisk Value-at-Risk for management purposes

Similar documents
Deutsche Bank German, Swiss & Austrian Conference Gregor Pottmeyer, CFO. Berlin, 17 June 2015

Q2/2017 Results Analyst and Investor Conference Call. 27 July 2017

Structured ScenarioS

Risk management. VaR and Expected Shortfall. Christian Groll. VaR and Expected Shortfall Risk management Christian Groll 1 / 56

Scenario analysis. 10 th OpRisk Asia July 30, 2015 Singapore. Guntupalli Bharan Kumar

Q1/2016 Results Analyst and Investor Conference Call. 28 April 2016

RISK MANAGEMENT. Budgeting, d) Timing, e) Risk Categories,(RBS) f) 4. EEF. Definitions of risk probability and impact, g) 5. OPA

Q3/2018 Results Analyst and Investor Conference Call. 30 October 2018

Q1/2010 Results Analyst and Investor Conference 11 May 2010

Operational Risk Management. By: A V Vedpuriswar

Financial year 2017 preliminary results Annual press briefing. Frankfurt/Main, 21 February 2018

Key Points of Scenario Analysis

The Determinants of Operational Risk in Financial Institutions

Final draft RTS on the assessment methodology to authorize the use of AMA

Basel 2.5 Model Approval in Germany

Deutsche Börse Group - Comments on ESMA Consultation Paper -

CAPITAL MANAGEMENT - FOURTH QUARTER 2009

Morgan Stanley European Financials Conference Gregor Pottmeyer, CFO. London, 26 March 2014

PROJECT SCENARIOS, BUDGETING & CONTINGENCY PLANNING

An Integrated Risk Management Model for Japanese Non-Life Insurers. Sompo Japan Insurance Inc. Mizuho DL Financial Technology 25 February 2005

Modelling Operational Risk

External Data as an Element for AMA

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

ICAAP Q Saxo Bank A/S Saxo Bank Group

Mr. André Proite Brazilian National Treasury

Solvency Opinion Scenario Analysis

SOCIETY OF ACTUARIES Enterprise Risk Management General Insurance Extension Exam ERM-GI

Traded Risk & Regulation

Annual General Meeting of Deutsche Börse Aktiengesellschaft Frankfurt/Main. 13 May 2015

Credit Securitizations, Risk Measurement and Credit Ratings

GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY SUPPLIERS

Risk e-learning. Modules Overview.

Basel II Pillar 3 disclosures

REGULATORY REPORT CARD May 2015

Prioritization of Climate Change Adaptation Options. The Role of Cost-Benefit Analysis. Session 8: Conducting CBA Step 7

Portfolio Risk Management and Linear Factor Models

The ALM & Market Risk Management

Use of the Risk Driver Method in Monte Carlo Simulation of a Project Schedule

Challenge ICAAP Andreas Weingessel

Project Risk Management. Prof. Dr. Daning Hu Department of Informatics University of Zurich

Risk vs. Uncertainty: What s the difference?

9 Explain the risks of moral hazard and adverse selection when using insurance to mitigate operational risks

Modeling credit risk in an in-house Monte Carlo simulation

CAPITAL MANAGEMENT - THIRD QUARTER 2010

MUSTER AG RISK MANAGEMENT

Berenberg / Goldman Sachs German Corporate Conference. 21 September 2015, Munich

Indication Investments Ltd

Chapter-8 Risk Management

GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY SUPPLIERS

Defined Contribution (DC) Risks PD-10. Canadian Institute of Actuaries June 28, 2007 Vancouver. Minaz Lalani and Ian Genno Towers Perrin

A GUIDE TO CYBER RISKS COVER

About the Risk Quantification of Technical Systems

Regulatory Capital Disclosures Report. For the Quarterly Period Ended March 31, 2014

Measurement of Market Risk

Risk Management anil Financial Institullons^

Fundamental Review Trading Books

DECEMBER 2010 BASEL II - PILLAR 3 DISCLOSURES. JPMorgan Chase Bank, National Association, Madrid Branch INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS

OpRisk. Loss Distribution Approach. Capital Allocation for Operational Risk Conference November 14 th - 16 th, Boston - G.

OPERATIONAL RISK. New results from analytical models

Analyst and Investor Conference Call Q4 and FY February 2012

Market Risk Disclosures For the Quarter Ended March 31, 2013

Most Critical Factors Impacting Cost-Effectiveness of Feedback Programs

Market Risk Capital Disclosures Report. For the Quarterly Period Ended June 30, 2014

Capital Management 4Q Saxo Bank A/S Saxo Bank Group

Deutsche Börse Group Response

Operational Risk Management. Operational Risk Management: Plan

ADVANCED OPERATIONAL RISK MODELLING IN BANKS AND INSURANCE COMPANIES

Modelling Counterparty Exposure and CVA An Integrated Approach

ABILITY OF VALUE AT RISK TO ESTIMATE THE RISK: HISTORICAL SIMULATION APPROACH

Q1/2014 Results Analyst and Investor Conference Call. 29 April 2014

RISK COMMITTEE TERMS OF REFERENCE. The Board has resolved to establish a Committee of the Board to be known as the Risk Committee.

Advanced Operational Risk Modelling

University of Colorado at Boulder Leeds School of Business Dr. Roberto Caccia

Market Risk Management Framework. July 28, 2012

1.011 Project Evaluation Dealing with Risks & Uncertainty Carl D. Martland

Risk Management Policy & Procedures. Premier Ltd.

SCAF Workshop Integrated Cost and Schedule Risk Analysis. Tuesday 15th November 2016 The BAWA Centre, Filton, Bristol

Dr. Alexia Nalewaik FRICS CCP CCA November 2015

Analytical Finance 1 Seminar Monte-Carlo application for Value-at-Risk on a portfolio of Options, Futures and Equities

Regulatory Capital Pillar 3 Disclosures

Agenda. Agenda (cont.) Risk Management Association. Loss Data in an Organization s DNA

A. Introduction. This paper consists of a management summary / general comments (part B), responses to the questions for consultation (part C).

SRA Company Profile. Company Background Products and Services Our Perspective Thought Leadership and Research Contact Information

A. Introduction. (International) Central Securities Depository

STOCHASTIC COST ESTIMATION AND RISK ANALYSIS IN MANAGING SOFTWARE PROJECTS

MAINFIRST BANK AG. BASEL III Pillar 3 - Disclosures as at. 31 December 2014

Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures

Demystifying Operational Risk

Homeowners Ratemaking Revisited

Basel Committee Norms

ECONOMIC AND REGULATORY CAPITAL

READING THE SIGNS OF ORDER BOOK AND PRICE MOVEMENTS. Authors Dr. Stefan Teis & Georg Gross. A report for

A. Introduction. This paper consists of general comments (part B) and a part which contains our responses to the questions for consultation (part C).

Capital position and risk profile

RISK MANAGEMENT POLICY October 2015

Aligning Risk Management with CU Business Strategy

Uncertainty in Economic Analysis

DOES LOST TIME COST YOU MONEY AND CREATE HIGH RISK?

CASE STUDY DEPOSIT GUARANTEE FUNDS

ICAAP Q Saxo Bank A/S Saxo Bank Group

Transcription:

for management purposes Stefan Look, Deutsche Börse

1 OpRisk Value-at-Risk at Deutsche Börse Group

Breaking down OpRisk Value-at-Risk Deutsche Börse Group 2 Operational Risk Analysis Operational Risk at DBG is defined in line with Basel II definition as loss resulting from inadequate or defective systems and internal processes, from human or technical failure, from inadequate or defective external processes, from damage to physical assets, and from legal risk. Root Cause Event Effect A risk event can be the result of various root causes, such as: software flaws, process / products flaws, capacity squeeze, internal human error, terrorist attack, internal fraud, external fraud like cyber risk, elementary event like fire, water, storm, earthquake DBG classifies its risk events in four risk types: Availability: Unavailability of technical infrastructure, facilities or staff, Service Deficiency: Impaired (no or wrong) process or execution due to product, process or execution deficiencies, Damage to Physical Assets: Risk of losses arising from damage to physical assets, Legal: Non-respect of existing laws & regulation and all contractual commitments A risk event can have several effects, such as: Customer compensation, External lawyers fees, Replacement cost for destroyed equipment, Regulatory fines All effects could lead to a loss for Deutsche Börse Group

Deutsche Börse Group 3 Examples of Operational Risk Analysis There are usually no one-to-one relationships between root cause, event, effect and loss but a complex network: Root Cause Terrorist Attack Internal Human Error Cyber Attack Event Damage to data centre Unavailability of IT system Missed deadline Wrong cash instruction Effect Replacement costs Customer compensation External lawyers fees

OpRisk Quantification Deutsche Börse Group 4 In a simplified OpRisk quantification approach, loss data (internal and external) and scenario data is used as input into the model. The OpRisk model generates distributions for severity and frequency, which are the basis for the simulation of the annual loss distribution. The annual loss distribution is used to derive different risk measures. Deutsche Börse Group uses Value-at-Risk as main risk measure. Input Data OpRisk Model Monte Carlo Simulation Annual Distribution OpRisk Quantification Internal / external loss data Severity Distributions % Value-at-Risk Expected Shortfall Frequency Distributions Expected

OpRisk Scenario Data Deutsche Börse Group 5 As Deutsche Börse Group (DBG) is lacking internal loss data and as not sufficient external loss data from comparable institutions is available, DBG mainly uses scenarios as input data. An OpRisk scenario is based on expert opinion and describes an OpRisk event, its underlying root causes and subsequent effects and losses. Key parameter of an OpRisk scenario are the probability that the scenario occurs and the severity in case it occurres. Example: Scenario 1 Description: Description of potential event, root causes, effects and losses Scenario 2 Probability: 1x every 10 years range: 100k 1m Min value Max value

Deutsche Börse Group 6 Examples of OpRisk Scenario Data OpRisk scenarios could either focus on a root cause (e.g. terrorist attack) and describe all subsequent events, effects and losses, or event (e.g. unavailability of IT system) including all root causes and subsequent effects and losses OpRisk Scenario Terrorist Attack OpRisk Scenario Unavailability of IT System Root Cause Terrorist Attack Terrorist Attack Internal Human Error Cyber Attack Event Damage to data centre Unavailability of IT system Missed deadline Unavailability of IT system Effect Replacement costs Customer compensation External lawyers fees Customer compensation External lawyers fees OpRisk scenarios need to be defined independent and non-overlapping to prevent double counting.

2 OpRisk Value-at-Risk for management purposes

Deutsche Börse Group 8 Management View on OpRisk For OpRisk Management purposes it is important to know the impact of input data on the Value-at-Risk, because only with this knowledge it is possible to take risk based decisions: Input Data OpRisk Quantification Root Cause Scenario data Value-at-Risk Event Math. modelling could be black box Effect The problem is that because of the complex modelling, the impact of single input data (e.g. a specific scenario or root cause) on VaR cannot be easily derived directly from the input data.

Deutsche Börse Group 9 Example 1 for OpRisk Management Question Assume that a new service (e.g. product or IT system) is planned that would lead to new risks. The new risks could be described by experts by one or more new OpRisk scenarios. Question: What is the impact of the new service on the VaR? Input Data OpRisk Quantification Root Cause Scenario data Value-at-Risk Event Effect The answer to this question is important to assess the risk / return of the new service.

Deutsche Börse Group 10 Example 2 for OpRisk Management Question Assume that new risk mitigating measures are planned that would reduce the likelihood that a root cause will lead to a risk event. Question: What is the impact of a single root cause (e.g. cyber attack) on the VaR? Input Data OpRisk Quantification Root Cause Scenario data Value-at-Risk Event Effect The answer to this question is important to prioritise risk mitigation measures.

Deutsche Börse Group 11 Questions to be answered What would be the impact on Value-at-Risk of a new service? one or more new OpRisk scenarios are added to the input data a single root cause (e.g. cyber attack)? the root cause could be the driver for several events and be described in several OpRisk scenarios additional investments in risk mitigating measures (e.g. compliance or information security)? frequency or severity of OpRisk scenarios could change

Breaking down OpRisk Value-at-Risk Deutsche Börse Group 12 Problem to be solved to answer the questions Value-at-Risk is calculated on Deutsche Börse Group level for capital adequacy assessment. To answer management questions it is necessary to break down this total figure to: Business segments (i.e. Xetra, Eurex, Clearstream, MD+S) Legal entities (e.g. Eurex Clearing, Clearstream Banking) Root causes (e.g. cyber attack, violations against laws/ regulations, staff unavailability, natural disaster) Events (e.g. system unavailability, physical damage) business segments, legal entities root causes events

3 Potential Solutions and their shortfalls

Deutsche Börse Group 14 Incremental Risk -Approach VaR is calculated with and without the new OpRisk scenarios. The difference is called incremental risk and shows how much VaR would change with the new service Scenario data Root Cause VaR basic = Event Effect Value-at-Risk without new service VaR new - VaR basic = Root Cause Event Scenario data VaR new = Incremental Risk Effect Value-at-Risk with new service

Deutsche Börse Group 15 Incremental Risk - Evaluation Advantages Easy to calculate no implementation effort Additional calculation is not time consuming Easy to explain for one new service as it shows the incremental VaR to the known VaR figure without the new service Disadvantages Approach difficult for two or more new services (because calculation order and combination has impact on result) Could be negative, although new service is risky (because of changed fitted severity distribution) Depends on VaR without new service

Deutsche Börse Group 16 Risk Allocation -Approach VaR is calculated with the new OpRisk scenarios and afterwards allocated to all services / root causes. The allocation key α could be based e.g. on: Expected maximum loss = probability of loss * max loss amount Expected loss VaR or Expected Shortfall of individual service Root Cause Event Scenario data VaR new = VaR new * α 1 = VaR 1 = VaR allocated to service 1 VaR new * α 2 = VaR 2 = VaR allocated to service 2 Effect Value-at-Risk with new service VaR new * α N = VaR N = VaR allocated to service N

Deutsche Börse Group 17 Risk Allocation - Evaluation Advantages Easy to calculate low implementation effort Additional calculation is not time consuming Easy to explain Always positive Disadvantages Result very sensitive to selected allocation key Stopping service i (and its related risks) would not reduce VaR by VaR i

Contact Dr. Stefan Look Deutsche Börse AG Group Risk Management Mergenthalerallee 61 65760 Eschborn Germany Phone: + 49-(0) 69-2 11-17723 Fax: +49-(0) 69-2 11-617723 stefan.look@deutsche-boerse.com www.deutsche-boerse.com

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback