Integration of Qualitative and Quantitative Operational Risk Data: A Bayesian Approach

Similar documents
Challenges and Possible Solutions in Enhancing Operational Risk Measurement

A discussion of Basel II and operational risk in the context of risk perspectives

Guidance Note Capital Requirements Directive Operational Risk

Advanced Operational Risk Modelling

A VaR too far? The pricing of operational risk Rodney Coleman Department of Mathematics, Imperial College London

Correlation and Diversification in Integrated Risk Models

Advisory Guidelines of the Financial Supervision Authority. Requirements to the internal capital adequacy assessment process

Challenges in developing internal models for Solvency II

Structured ScenarioS

Scenario analysis. 10 th OpRisk Asia July 30, 2015 Singapore. Guntupalli Bharan Kumar

Agenda. Overview and Context. Risk Management Association. Robust Operational Risk Program

COMP90051 Statistical Machine Learning

Probabilistic Benefit Cost Ratio A Case Study

Subject ST9 Enterprise Risk Management Syllabus

Basel Committee on Banking Supervision. Principles for the homehost recognition of AMA operational risk capital

External Data as an Element for AMA

Risk-modelling techniques: analysis and application for supervisory purposes 1

ADVANCED OPERATIONAL RISK MODELLING IN BANKS AND INSURANCE COMPANIES

Index. Managing Risks in Commercial and Retail Banking By Amalendu Ghosh Copyright 2012 John Wiley & Sons Singapore Pte. Ltd.

Operational Risk Measurement: Advanced Approaches

EBA FINAL draft Regulatory Technical Standards

INSTITUTE AND FACULTY OF ACTUARIES SUMMARY

Framework for a New Standard Approach to Setting Capital Requirements. Joint Committee of OSFI, AMF, and Assuris

Deutsche Bank Annual Report

FOR TRANSFER PRICING

Market Risk Analysis Volume IV. Value-at-Risk Models

EBF response to the EBA consultation on prudent valuation

ก ก ก ก ก ก ก. ก (Food Safety Risk Assessment Workshop) 1 : Fundamental ( ก ( NAC 2010)) 2 3 : Excel and Statistics Simulation Software\

Study Guide for CAS Exam 7 on "Operational Risk in Perspective" - G. Stolyarov II, CPCU, ARe, ARC, AIS, AIE 1

CEng. Basel Committee on Banking Supervision. Consultative Document. Operational Risk. Supporting Document to the New Basel Capital Accord

Guideline. Capital Adequacy Requirements (CAR) Chapter 8 Operational Risk. Effective Date: November 2016 / January

of Complex Systems to ERM and Actuarial Work

Lloyd s Minimum Standards MS13 Modelling, Design and Implementation

Economic Capital. Implementing an Internal Model for. Economic Capital ACTUARIAL SERVICES

Practical methods of modelling operational risk

9 Explain the risks of moral hazard and adverse selection when using insurance to mitigate operational risks

KARACHI UNIVERSITY BUSINESS SCHOOL UNIVERSITY OF KARACHI BS (BBA) VI

Re: European Banking Authority Consultation on the Guidelines on stress testing and supervisory stress testing (EBA/CP/2015/28)

Financial Stability Institute. The implementation of the new capital adequacy framework in the Caribbean

Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures

Supervisory Review and Evaluation Process (SREP) Credit institutions

4.0 The authority may allow credit institutions to use a combination of approaches in accordance with Section I.5 of this Appendix.

Risk Management anil Financial Institullons^

The Fundamental Review of the Trading Book - Tackling a new approach for market risk

About the Risk Quantification of Technical Systems

ERM (Part 1) Measurement and Modeling of Depedencies in Economic Capital. PAK Study Manual

Towards Basel III - Emerging. Andrew Powell, IDB 1 July 2006

Use of AMA for Risk Mitigation. Dr. Martin Dörr IOR OpRisk Forum Köln, 16. Mai 2013

The French Banking Federation appreciates the opportunity to provide its views on the issues raised in the Basel Committee consultations.

By Silvan Ebnöther a, Paolo Vanini b Alexander McNeil c, and Pierre Antolinez d

INDIAN INSTITUTE OF QUANTITATIVE FINANCE

Bayesian Methods for Improving Credit Scoring Models

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

Basel II: Application requirements for New Zealand banks seeking accreditation to implement the Basel II internal models approaches from January 2008

St. Xavier s College Autonomous Mumbai F.Y.B.A. Syllabus For 1 st Semester Course in Statistics (June 2017 onwards)

Basel II Implementation Update

Experimental Probability - probability measured by performing an experiment for a number of n trials and recording the number of outcomes

Preparing for the Fundamental Review of the Trading Book (FRTB)

The Basel Committee Guidance on credit risk and accounting for expected credit losses. January 2016

Section 3 describes the data for portfolio construction and alternative PD and correlation inputs.

Chapter 3 Statistical Quality Control, 7th Edition by Douglas C. Montgomery. Copyright (c) 2013 John Wiley & Sons, Inc.

Stress Testing A new approach and applications. Alexander Denev Risk Dynamics

25 February 2011 Burgstrasse 28 AZ ZKA: BASEL AZ BdB: C 17 - Sz/Ha/Gk

Risk Measuring of Chosen Stocks of the Prague Stock Exchange

CreditEdge TM At a Glance

RISK QUANTIFICATION IN OPERATIONAL RISK

SOLVENCY ADVISORY COMMITTEE QUÉBEC CHARTERED LIFE INSURERS

Likelihood Approaches to Low Default Portfolios. Alan Forrest Dunfermline Building Society. Version /6/05 Version /9/05. 1.

Consultation Paper CP25/17 Pillar 2: Update to reporting requirements

Final draft RTS on the assessment methodology to authorize the use of AMA

Modeling Private Firm Default: PFirm

Decision Support Models 2012/2013

Guidelines on PD estimation, LGD estimation and the treatment of defaulted exposures

In various tables, use of - indicates not meaningful or not applicable.

Greek household indebtedness and financial stress: results from household survey data

January CNB opinion on Commission consultation document on Solvency II implementing measures

Fundamentals of Statistics

Supervisory Views on Bank Economic Capital Systems: What are Regulators Looking For?

Guidance consultation FSA REVIEWS OF CREDIT RISK MANAGEMENT BY CCPS. Financial Services Authority. July Dear Sirs

Modelling Operational Risk

Index. Table 1 General requirements..5. Table 2 Scope of application Table 3 Supervisory capital structure Table 4 Capital adequacy...

Advice on how to account for derivatives

SIMULATION OF ELECTRICITY MARKETS

Credit Securitizations, Risk Measurement and Credit Ratings

Monitoring systemic institutions for the analysis of micro-macro linkages and network effects

Quantifying Operational Risk within Banks according to Basel II

Is it implementing Basel II or do we need Basell III? BBA Annual Internacional Banking Conference. José María Roldán Director General de Regulación

Application of Bayesian Network to stock price prediction

Internal Model Industry Forum (IMIF) Workstream G: Dependencies and Diversification. 2 February Jonathan Bilbul Russell Ward

Basel Committee on Banking Supervision. Consultative document. Guidelines for Computing Capital for Incremental Risk in the Trading Book

Operational Risk Management: Regulatory Framework and Operational Impact

Competitive Advantage under the Basel II New Capital Requirement Regulations

Taking the stress out of operational-risk stress testing

Value at Risk, Expected Shortfall, and Marginal Risk Contribution, in: Szego, G. (ed.): Risk Measures for the 21st Century, p , Wiley 2004.

Market Risk Disclosures For the Quarter Ended March 31, 2013

Statistical Models of Operational Loss

CAPITAL MANAGEMENT - FOURTH QUARTER 2009

Uncertainty Analysis with UNICORN

Lecture 4 of 4-part series. Spring School on Risk Management, Insurance and Finance European University at St. Petersburg, Russia.

Using Bayesian networks to model the operational risk to information technology infrastructure in financial institutions

Transcription:

Integration of Qualitative and Quantitative Operational Risk Data: A Bayesian Approach 6 Paolo Giudici University of Pavia The aim of this chapter is to provide a Bayesian model that allows us to manage operational risk and measure internally the capital requirement, compliant with the Advanced Measurement Approaches (AMA) recommended by Basel Committee on Banking Supervision (Basel II) for internationally active banks (see, eg, Basel Committee on Banking Supervision, 2003). In general, the objective is to estimate a loss distribution and to derive functions of interest from it (such as the value-at-risk, or VAR). More precisely, losses in operational risk are realisations of a convolution between a counting process (frequency) and a number of continuous ones (severities). For a review of statistical models used in operational risk management see, eg, Cruz (2002) and Cornalba and Giudici (2004). A general problem for such models is the lack of appropriate historical databases, which makes difficult to apply statistical inference techniques to squeeze in a correct manner information to check the tail of loss distribution. Bayesian networks offer a solution to this problem, combining in a coherent way qualitative and quantitative data, as well as risk indicators and external databases. Indeed such an approach seems to well reflect the requirements of the AMA to measuring operational risk. Consider the following quotation from the 2001 working paper on the regulatory 131

OPERATIONAL RISK MODELLING AND ANALYSIS treatment of operational risks: Any risk measurement system must have certain key features to meet the supervisory soundness standard set out in this section. These elements must include the use of internal data, relevant external data, scenario analysis and factors reflecting the business environment and internal control systems. From the citation it appears clearly that a valid AMA approach should take into account, in a correct way, internal and external loss data, scenario-based expert opinions and causal factors reflecting the business environment and control systems. The Bayesian network approach proposed here can model coherently all these elements. In fact, a Bayesian statistical approach allows us to integrate, via Bayes s theorem, different sources of information, for example coming from loss data collection, self-assessment and external consortium loss data, to give a unified knowledge that allows us to manage operational risk and, at the same time, to determine a better op VAR, reflecting a holding period of one-year and a confidence level of 99.9%. In addition, a Bayesian network model, based on a Bayesian statistical approach, can give us more: we can also consider the correlation between losses of different business lines and risk types and we can evaluate the impact of causal loss factors, such as the effectiveness of internal/external control systems and the available key risk indicators (measured on people, IT and processes). For a more technical review on this proposed approach see Bilotta and Giudici (2004). 132 THE MODEL A Bayesian network is a set of nodes representing random variables and a set of arrows connecting these nodes in an acyclic manner (for a more precise definition see, eg, Jensen, 1996, or Giudici, 2003). Each node has assigned a function that describes how the state of a node depends on the parents of the node. The topology of the graph that relates the nodes defines the probabilistic dependencies between the node variables, by means of a set of conditional distributions. In this context, a Bayesian network will typically contain three type of node: loss nodes, corresponding to the desired granularity

INTEGRATION OF QUALITATIVE AND QUANTITATIVE OPERATIONAL RISK DATA level (in the simplest case the bank can decide to measure losses for each business line/risk type combination; a larger bank can add specification of its processes and owned companies); control nodes, describing the perceived efficacy of internal/external control systems; key risk indicator nodes, describing the levels of loss drivers. A Bayesian network can contain both categorical and continuous variables. In practice, to ease the computation and the interpretation of the results, most networks are either continuous (eg, contain only nodes of the continuous type) or discrete (eg, contain only nodes of the categorical types). In general, discrete Bayesian networks can describe more accurately the (multivariate) loss distribution than continuous ones; however, they require more detailed information and data that may not often be available, especially for small and medium-sized banks. In this latter case continuous networks more parsimonious models are strongly suggested. In our actual experience in implementing Bayesian networks in banks, we have used both networks, a discrete one for the larger bank and a continuous one for the smaller one. The results reported in this chapter will refer to discrete Bayesian networks, typically easier to describe. Each loss node in a discrete Bayesian network is a discrete random variable, for each combination of business lines/risk type/process. Data on such nodes will come from internal and external loss data collection as well as from self-assessment questionnaires. Each key risk indicator is a discrete random variable, for the loss combination that it affects. Such variables will be estimated using available bank performance data (typically at the monthly level). Finally, the variables corresponding to the effectiveness of the internal and external controls (CI and CE) node in each process can be formulated on the basis of expert opinions, which give information about the quality of the internal and external control system of the organisation. In our operational risk Bayesian network, each loss datum gives one piece of information to the system in the form of an operational loss for a fixed time period. This means that, if the period is the day, that the operational loss for that day is the product between the frequency and severity of the corresponding node for that day. On the other hand, each loss opinion accounts for one piece of information, in the form of an (expected) operational loss. Notice that data and opinions are both defined at the same level of operational loss. This allows their interchangeability in the model. 133

OPERATIONAL RISK MODELLING AND ANALYSIS 134 APPLICATION In order to apply the Bayesian network previously described, a loss database is needed, as in all operational risk models. In this case, the actual database can be made of four related component tables, representing: the internal loss data collected; the external loss data available (from pooled consortium data in Italy DIPO); the key risk indicators database; and the self-assessment database. The last of these is typically produced by the audit department and can thus contain expert opinion data both for the losses and the effectiveness of the controls. Bayesian networks are a rather general methodology: they can be applied to only one of the previous four datasets, or to any combination of the four, without loss of generality for the model. We can thus compare, using the same model, the quality and the value of the different datasets available. The previous datasets must of course be compatible and normalised; once they are ready we can apply Bayesian network modelling. First of all, the network is initialised with expert opinions coming from the self-assessment (qualitative or structural learning). This means that the topology of the network (that is, the relationships between the different nodes) is at first learned only with expert opinions. Each expert does not typically know how his opinions will be used but implicitly expresses in his opinions the dependencies he perceives between the different nodes. A Bayesian network is therefore a good tool to elicit and value expert prior knowledge, especially in the form of correlations between different losses, between losses and control and also key risk indicators. Figure 1 gives an example of an operational risk Bayesian network, learned exclusively with experts opinions. In the figure each node represents losses (or CI/CE) at the business line/risk type/owned bank/process. This is because the analysed data belong to a banking group, with about 60 owned companies. The figure is only a portion of the large network built. As we have seen, qualitative learning consists in determining the graphical description of the dependencies (the links between nodes) induced by the data. Such data can be of any kind: internal losses, external losses, opinions or combinations of them. Figure 1 is obtained on the basis of expert opinions only. A typically correct, and stepwise, way to proceed is to first build a network with expert

INTEGRATION OF QUALITATIVE AND QUANTITATIVE OPERATIONAL RISK DATA Figure 1 Example of a learned operational risk Bayesian network CI1/3/4/... 1/3/4/31 1/3/4/1564 1/3/4/165 1/3/4/1660 1/3/4/239 1/3/4/12a 1/3/4/672 1/3/1/1660 CI1/3/4/12 1/3/7/883 CE1/3/4/... 1/3/5/1564 1/3/6/1660 1/3/7/1468 1/3/7/1564 1/3/7/1660 CI1/3/7/... 1/3/7/31 1/3/4/674 1/3/4/12 1/3/4/883 1/3/5/91 1/4/2/1660 1/4/4/1564 1/4/4/1660 1/4/4/239 Cl1/5/6/... CE1/3/7/... 1/4/7/31 1/3/7/939 CE1/4/7... CE1/3/7... 1/4/2/1564 1/4/7/1660 CI1/3/4/91 1/5/1/463 CI1/5/1/... 1/5/6/1280 CE1/5/6/... CI1/4/7/31 1/5/4/463 1/3/7/91 CI1/5/4/... 1/5/4/464 1/5/6/520 CE1/3/4... CI1/5/6/... CE1/5/1... 1/3/4/91 CI1/5/2/... CE1/5/4... CI1/3/7/91 CE1/5/6... 1/5/6/466 1/6/7/1660 1/5/6/674 1/5/2/465 1/5/6/464 CI1/5/6/... CI1/5/6/... CE1/5/6... CE1/5/2... CE1/5/6... 1/6/2/1280 1/5/7/1660 1/5/6/1660 CE1/5/6... 1/5/7/672 1/6/2/463 1/3/7/12 1/6/7/672 1/5/7/463 1/5/6/463 CI1/5/6/... 1/6/4/674 1/6/6/1280 1/6/4/463 1/6/4/1280 1/5/7/12 1/6/3/1280 1/5/7/1280 1/5/7/674 1/6/6/674 1/8/7/91 1/5/7/464 1/6/6/1660 1/5/7/670 1/6/6/464 1/6/7/463 1/6/7/674 1/6/7/1280 1/6/7/670 1/8/7/672 1/8/6/474 1/8/4/672 opinions only, then with internal data only and then with external data. Comparison of the three gives good hints on data (and opinion) quality. If the three networks are retained based on valid data we can proceed in building up a network based on two on all three data sources. The network that best represents the company structure can then be chosen. Alternatively, one can choose the network with best performances (eg, with the least number of predictive errors, or the lowest total VAR). Once a topology is chosen, we can learn from it the conditional probabilities linking the different nodes and, from them, the marginal probability of each loss node, from which the VAR can be assessed. Given the chosen Bayesian network topology, we build the conditional probability distribution, or local distribution, P(X X ), for each variable X, given its parents X. This process is called quantitative learning. Marginal distributions (discrete distributions of probability) for each node of the network can be calculated from the local distributions, ie, for each variable X given each combination of states of its parents P. Figure 2 gives an example of such a marginal distribution, for a node appearing in Figure 1. On the basis of Figure 2 we can calculate an annual operational VAR. Note that data might not have been collected and inserted in the model at the yearly level. Indeed, while opinions can be usefully referred to a year ahead, loss data should be inserted for shorter 135

OPERATIONAL RISK MODELLING AND ANALYSIS Figure 2 Marginal distribution of loss node 1/3/4/1660 49.2447 1 5.1964 2 19.8792 3 5.1964 6 10.0906 7 5.1964 12 5.1964 15 Table 1 Result of simulation for node 1/3/7/91 VAR OP Scenarios 1.324.612,310 with 10000 1.379.085,286 with 25000 1.377.908,000 with 25000 1.357.427,000 with 50000 1.357.430,072 with 50000 1.360.500,435 with 60000 periods (days or weeks). Therefore, in order to calculate the required capital coverage for the correct holding period, it is necessary to simulate total losses from each marginal loss distribution, by summing over days (or weeks). In Table 1 we can see the result of simulation for the node 1/3/7/91 (firm/retail banking/execution, delivery and process management/process) according to different simulation sizes. From Table 1 notice that the results, as expected, become more stable as more scenarios are being considered. The previous calculation can be repeated, in a similar fashion, for all nodes of the network, thus obtaining all operational VARs. Such measures can be simply summed to obtain the overall VAR (this is because correlations have been implicitly taken into account). As we saw earlier, a Bayesian network can naturally model dependency effects of the operational losses from causal factors, such as key risk indicators and control systems. In other words, a Bayesian network can make a Bayesian model also capable of becoming a causal model. For example, in the audit context it is often important to evaluate the effectiveness of the internal and external controls in reducing operational risks. From the proposed Bayesian network we 136

INTEGRATION OF QUALITATIVE AND QUANTITATIVE OPERATIONAL RISK DATA Table 2 Evaluation of the causal effect of the control system Loss node 1/3/4/91 Loss node 1/3/4/91 Internal controls Not existing Effective External controls Not existing Not existing 8 0,10 0,20 11 0,15 0,35 13 0,20 0,40 18 0,30 0,03 23 0,25 0,02 Median class 18 11 VAR 23 23 can obtain the probability distribution of the node s effectiveness of internal controls and effectiveness of external controls, described above, as for any other node. If there are losses nodes that have control nodes as parents (that is, loss nodes that, on the basis of the structural learning process, are estimated to significantly depend on control nodes), we can evaluate the effectiveness of the control system through a summary index of the conditional probability distribution of such losses given the values of the control parents. An example of such conditional distributions is shown in Table 2. Table 2 reports two conditional distributions of the losses arising in the node 1/3/4/91: one conditional on the absence of both internal and external controls on that node; the other conditional on the internal controls being effective, and external controls absent. We remark that, in this application, the loss variable is categorical, with 25 increasing levels of severity, numbered from 1 to 25 (plus the zero class). From Table 2 notice that the introduction of effective internal controls has decreased considerably the median of the distribution (not the VAR, the latter being calculated in correspondence of the 99.99% percentile it is rather difficult to move). REFERENCES Basel Committee on Banking Supervision, 2003, The New Basel Capital Accord, Consultative Document, URL: http://www.bis.org/publ/bcbsca.htm. Bilotta, A., and P. Giudici, 2004, Modelling operational losses: a bayesian approach, Quality and reliability engineeering internationa, forthcoming. 137

OPERATIONAL RISK MODELLING AND ANALYSIS Cornalba, C., and P. Giudici, 2004, Statistical Models for Operational Risk Management, Physica A: Statistical Mechanics and its applications, forthcoming. Cruz, M., 2002, Modelling, Measuring and Hedging Operational Risk (Chichester: John Wiley & Sons). Giudici, P., 2003, Applied Data Mining: Statistical Methods for Business and Industry (Chichester: John Wiley & Sons). Jensen, F. V., 1996, An Introduction to Bayesian Networks (London: UCL Press). 138

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback