Chapter 13 Operational Risk

Angela Ricky Wiriya Dharma Chuandra Angeline Goh

1941036 1941097 1941155 1941180

Hendry Setiawan Endy Widianto Angelina Alicia

1941225 1941287 1941350
OPERATIONAL RISK
Operational risk is both the oldest and the
newest threat faced by financial institutions.
Banks are putting significant energy into
wide-ranging frameworks for managing
enterprise wide operational risk and are trying
to relate operational risk directly to the risk
capital that they set aside to cover unexpected
losses.
Operational risk is a predictable and
unpredictable potential event that has a negative
impact on the bank's income. Attitudes toward
operational risk have begun to change over the
last few years partly because of the trend
toward managing banks in terms of their risk-
adjusted performance and stakeholders' demand
for this kind of information.
2
5 types of operational risk of financial institutions

● Internal Process Risk

● Human Risk
● System and Technology Risk
● External Risk
● Legal Risk
Eight Key Elements to Achieve Best
- Practice Operational Risk
Management
1. Policy
2. Risk Identification
3. Business Process
4. Measurement Methodology
5. Exposure Management
Eight Key Element
6. Reporting
7. Risk Analysis Best Practices
8. Economic Capital
4
Eight Key Elements to Achieve Best-Practice Operational Risk
Management
Developing an appropriate risk management environment with 8 principles

Principle 1 : The board of directors should be Principle 2 : The board of directors

should

-aware of the major aspects of the bank -ensure that the banks operational risk
operational risk that should managed management framework is subject to
effective and comprehensive internal audit
-should approve and periodically review the
bank’s operational risk arrangement -The internal audit function should not be
framework directly responsible for operational risk
management.
-operational risk is to be identified, assessed,
monitored and controlled or mitigated.
Developing an appropriate risk management environment with 8 principles

Principle 3 : The Senior management should

-have responsibility for implementing the operational risk management
framework approved by board of directors
- Make all levels of staff should understand their responsibilities with respect
to operational risk management
-also have responsibility for developing policies, processes, procedures (risk
in all of the bank’s product, activities, processes, and system)
 RISK MANAGEMENT : IDENTIFICATION, ASSESMENT,
MONITORING, AND MITIGATING OR CONTROLLING

Principle 4 : Banks should Principle 6 : Banks should

-identify and assess the operational risk -have policies, processes and procedures
inherent in all material products, activities, to control or mitigate material operational
processes and systems risk

Principle 5 : Banks should Principle 7 : Banks should

-implement a process to regularly monitor -have contingency and business
risk profiles and material exposure to continuity plans in place to ensure their
losses. There should be regular reporting ability to operate as going concerns and
of pertinent information to senior minimize losses in the event of severe
management of operational risk. business distruption.
 ROLE OF DISCLOSURE

Principle 8 : Banks should

- Make sufficient public disclosure to allow market
participant to assess their approach to operational risk
management.

9
HOW CAN WE DEFINE

AND CATEGORIZE OPERATIONAL LOSSES ?

It's clear that quantifying operational risk represents a key

challenge in implementing the framework that we've
described. But before we try to attach a number to a
particular operational risk, we must think through how we
define and classify the operational losses that might arise
from that risk.

Three keys terms we can define and categorize operational

losses :

● Cost to Fix
● Write-Down
● Resolution
HOW CAN WE DEFINE AND
CATEGORIZE OPERATIONAL
LOSSES ? (Cont’s)
The new Basel Capital Accord helpfully
considers seven loss event types:
1. Internal Fraud.
2. External Fraud.
3. Employment practices and workplace
safety.
4. Clients, products, and business practices.
5. Damage to physical assets.
6. Business disruption and system failures.
7. Execution, delivery, and process
management.

11
 WHAT KIND OF OPERATIONAL RISK SHOULD ATTRACT
OPERATIONAL RISK CAPITAL?
In the most banks, the methodology for translating operational risk into capital is
developed by the group responsible for making risk-adjusted return on capital
(RAROC).

Mechanisms for attributing capital to operational risk should be risk based, transparent,
scalable, and fair. Specifically, capital requirements should vary directly with levels of
variable risk and should provide incentives to manage operational risk so as to improve
operational decisions and increase the risk-adjusted return on capital.

But it does not make sense to attribute risk capital to all kinds of operational loss, as
Figure 13-3 make clear.
WHAT KIND OF OPERATIONAL RISK SHOULD ATTRACT
OPERATIONAL RISK CAPITAL?
WHAT KIND OF OPERATIONAL RISK
SHOULD ATTRACT OPERATIONAL
RISK CAPITAL?
As the figure suggest, unexpected failures can
themselves be further subdivided into :
● Severe but no catastrophic losses.

Unexpected severe operational failures should be

covered by an appropriate allocation of operational
risk capital
● Catastrophic losses.

These are the most extreme but also the rarest

operational risk events the kind that can destroy the
bank entirely.

14
 VAR FOR OPERATIONAL RISK

In the operational risk, value at risk (VaR) is the total one

year amount of capital that would be cover all unexpected
losses

VaR can potentially have a practical impact in the

following areas of business activities :

● Comparing Risk Level

● Determining Capital Charge
● Providing A Risk Reduction Incentive
● Measuring Performance
REGULATORY APPROACHES TO
OPERATIONAL RISK MODELS
The banking industry new basel capital accord
proposes a spectrum of three increasingly risk sensitive
approaches for measuring operational risk.

● Alternative Standard Approach (ASA)

○ Basic Indicator Approach (BIA)
○ Standard Approach (SA)
● Advance Measurement Approach (AMA)

Only The AMA is risk sensitive the others are

somewhat will not produce the right incentives to
reduce operational risk.

16
REGULATORY APPROACHES TO OPERATIONAL RISK MODELS
What measures should we use to begin calculate the OpVaR for the risk?

● Exposure Indicator For Legal ● Exposure Indicator For Loss Of Or

Liability Damage To Assets
● Exposure Indicator For Employee ● Exposure Indicator For Client
Liability Restitution
● Exposure Indicator For Regulatory, ● Exposure Indicator For Transaction
Compliance, and Taxation Penalties Processing Risk
THE ROLE OF KEY RISK DRIVERS

A tool used to monitor changes

in operational risk for each
business and any type of loss,
as well as provide warnings
about possible operational risk
events
MITIGATING OPERATIONAL RISK

•Many banks and other financial institutions

are presently struggling to rationalize how
they decide which operational risks should be
mitigated, and at what cost.
•The process of operational risk assessment
should include a review of the likelihood, or
frequency, of a particular operational risk, as
well as a review of that risk's possible MITIGATING OPERATIONAL RISK
magnitude or severity.

21
Operational Risk Severity versus Frequency
•One major factor distinguishes operational risk from both market risk and credit risk. In making risk/reward
decisions, a bank can often expect to gain a higher rate of return on its capital by assuming more market risk or
credit risk, i.e., with these types of risk, there is a trade-off between risk and expected return. However, a bank
cannot generally expect to gain a higher expected return by assuming more operational risk; operational risk
destroys value for all claimholders.

•For example, a bank can install better IT systems with more security devices, and also a state-of-the-art backup
system. But this investment in new technology is likely to cost the bank millions, or even tens of millions, of
dollars. So should the bank spend this int of money to reduce its exposure?

•There is often no easy answer to this question. But banks are increasingly looking at the cost of risk capital (as
indicated by OpVaR calculations) when assessing such operational risk mitigation decisions. They also compare
the economic benefits and costs of many different kinds of risk mitigants, from system investments to risk capital
to insurance
INSURING AGAINST OPERATIONAL
RISK
Well before banks began to develop ways of measuring
operational risks. they employed insurance contracts to
mitigate the effects of key operational risk events. It is
common for a bank to purchase insurance to pro tect
itself from large single losses arising from acts of
employee dishonesty (e.g., fictitious loans or
unauthorized activities), robbery and theft, loans made
against counterfeit securities, and various forms of
computer crime

However, in essence, insurance is a mechanism for

pooling and trans ferring common loss exposures within
the industry or across economies.

The availability of insurance for specific risks therefore

depends on the ability of an insurer or group of insurers
to generate sufficient premium volume and an adequate
dispersion of risk to "make a market" and enable them to
24
take on the risk of others.
Thank
You

25