4.4 Operational Risk

admin管理员组

文章数量:1597896

Operational Risk

1. Definition and Categories

1.1 Definition by the Basel Committee

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

This definition excludes reputation risk and risk resulting from
strategic decisions.

1.2 Seven Categories of Operation Risk

(1) Internal fraud: internal party.
eg: employee theft, intentional misreporting of positions.

(2) External fraud: third party
eg: robbery, forgery, check kiting

(3) Employment practices and workplace safety: inconsistent with relevant laws or agreements.
eg: workers compensation claims, discrimination claims.

(4) Damage to physical assets: loss from external damage
eg: terrorism, earthquakes, fires, floods.

(5) Clients, products, and business practices: failure to meet obligation, inappropriate use of products or business.
eg: fiduciary breaches, money laundering

(6) Business disruption and system failures:
eg: software failures, telecommunication problems

(7) Execution, delivery, and process management: failed transaction, disputes with counterparties and vendors.
eg: data entry errors, incomplete legal documentation

1.3 Large Risks

Cyber risks include data destruction, money theft, intellectual property theft, personal and financial data theft, embezzlement, fraud, etc.
Phishing is a common form of hacking. While phishing can take many forms, a common situation involves a hacker targeting a financial institution’s customers with an email asking them to confirm account information.

Compliance risk is the risk that an organization will incur fines or other penalties because it knowingly or unknowingly fails to act in accordance with industry laws and regulations, internal policies or prescribed best practices.
Examples are money laundering, terrorist financing and helping clients evade taxes.

Rogue trader risk is the risk that an employee will take unauthorized actions resulting in large losses.

2. Measurement and Management

2.1 Measure of Operational Risk Capital

2.1.1 Basic Indicator Approach (BIA)

In the Basic Indicator Approach(BIA), operational risk capital is set equal to 15 % 15\% 15% of annual gross income over the previous three years. Gross income is defined as net interest income plus noninterest income.

Captial B I A = ( G I 1 + G I 2 + G I 3 3 ) × α \text{Captial}_{BIA}=\left(\frac{GI_1+GI_2+GI_3}{3}\right) \times \alpha CaptialBIA​=(3GI1​+GI2​+GI3​​)×α

• Any year in which annual gross income is negative or zero should be excluded from both the numerator and denominator when calculating the average.

2.1.2 Standardized approach (SA)

A bank’s activities are divided into eight business lines. The average gross income over the last three years for each business line is multiplied by a “beta factor” for that business line and the result summed to determine the total capital.

Captial S A = ∑ y e a r 1 − 3 m a x [    ∑ ( G I 1 − 8 × β 1 − 8 ) , 0    ] 3 \text{Captial}_{SA}=\frac{\sum_{year1-3}max[\;\sum(GI_{1-8}\times\beta_{1-8}),0\;]}{3} CaptialSA​=3∑year1−3​max[∑(GI1−8​×β1−8​),0]​

• β 1 − 8 = a \beta_{1-8}=a β1−8​=a fixed percentage, set by the Basel Committee, relating the level of required capital to the level of the gross income for each of the eight business lines.
• The aggregate capital charge across all business lines within a given year is negative, then the input to the numerator for that year will be zero.

Business Lines	Beta Factors
Corporate finance ( β 1 \beta_1 β1​)	18 % 18\% 18%
Trading and sales ( β 2 \beta_2 β2​)	18 % 18\% 18%
Retail banking ( β 3 \beta_3 β3​)	12 % 12\% 12%
Commercial banking ( β 4 \beta_4 β4​)	15 % 15\% 15%
Payment and settlement ( β 5 \beta_5 β5​)	18 % 18\% 18%
Agency services ( β 6 \beta_6 β6​)	15 % 15\% 15%
Asset management ( β 7 \beta_7 β7​)	12 % 12\% 12%
Retail brokerage ( β 8 \beta_8 β8​)	12 % 12\% 12%

2.1.3 Advanced Measurement approach (AMA)

The regulatory capital requirement will equal the risk measure generated by the bank’s internal operational risk measurement system using the quantitative and qualitative criteria.

The Basel Committee has listed conditions that a bank must satisfy in order to use the standardized approach or the AMA approach. It expects large internationally active banks to move toward adopting the AMA approach through time.

The capital charge for AMA is calculated as the bank’s operational value at risk with a one-year horizon and a 99.9 % 99.9\% 99.9% confidence level.

All four elements of the framework must be included in the model: internal loss data, external loss data, scenario analysis, and business environment internal control factors.

2.1.4 Standardized Measurement Approach(SMA)

AMA operational risk methodology is unsatisfactory due to the high degree of variation in the calculations carried out by different banks.

The Basel Committee therefore announced in March 2016 a new approach: the standardized measurement approach(SMA), to replace all previous approaches for determining operational risk capital.

SMA first defines a quantity called Business Indicator(BI). It is similar to the gross income, but it is designed to be a more relevant measure of bank size.

The Basel committee provides a formula for calculating the required capital from the loss component and the BI component.

2.2 Loss Distribution

Operational risk loss distribution can be estimated by loss frequency and loss severity, assuming that loss severity and loss frequency are independent.

The loss frequency distribution is the distribution of the number of losses observed during the time horizon(typically one year). For loss frequency, a common probability distirbution is the poisson distribution.

e − λ × λ n n ! e^{-\lambda}\times\frac{\lambda^n}{n!} e−λ×n!λn​

The loss severity distribution is the distribution of the size of a loss, given that a loss occurs. For the loss severity distribution, a lognormal distribution is often uses.

Use Monte Carlo simulation to combine loss frequency distribution with loss severity distribution of each risk type/business line.

• Step 1: Sample from the Poisson distribution to determine the number of loss events (=n) in a year.
• Step 2: Sample n times from the lognormal distribution of the loss size for each of the n loss events.
• Step 3: Add up the n loss sizes to determine the total loss.
• Step 4: Repeat steps 1 to 3 many times.
  

2.3 Data Issues in AMA Approach

Two types of operational risk losses:

• HFLS: high-frequency low-severity losses
• LFHS: low-frequency high-severity losses (banks’ most concern)

There is little historical data for operational risk losses. Internal data is insufficient and external data and scenario analysis will be supplemented the operational risk losses analysis.

External data

• Data consortia
• Data vendors: data are biased, because only large losses are usually reported, and banks have different scales.

Scale adjustment should be model to external data.
Estimated    Loss BankA = Loss BankB × ( Revenue BankA Revenue BankB ) 0.23 \text{Estimated\;Loss}_{\text{BankA}}=\text{Loss}_{\text{BankB}}\times\left(\frac{\text{Revenue}_{\text{BankA}}}{\text{Revenue}_{\text{BankB}}}\right)^{0.23} EstimatedLossBankA​=LossBankB​×(RevenueBankB​RevenueBankA​​)0.23

Bank Luna is evaluating its loss severity but lack internal loss severity data. Bank Luna is a member of data consortia so it can use data from Bank Venus to estimate its own loss. The observed loss for Bank Venus is $ 3.5 3.5 3.5 million and its revenue is $ 2 2 2 billion. What would be the estimated loss for Bank Luna which has $ 7 7 7 million revenue?

Estimated Loss: 3.5 × ( 7 / 2000 ) 0.23 = 0.9532    million 3.5\times(7/2000)^{0.23}= 0.9532\;\text{million} 3.5×(7/2000)0.23=0.9532million

Scenario analysis is particularly useful for LFHS events. The objective for this approach is to list these events and generate a scenario for each one.

The key point is that scenario analysis considers losses that have never been experienced by a financial institution yet could happen in the future.

Estimation of loss frequency : specify several categories and assign each loss to a category.

Scenario frequency	λ of Poisson distribution
Scenarios happens once every 1000 years	λ=0.001
Scenarios happens once every 100 years	λ=0.01
Scenarios happens once every 50 years	λ=0.02
Scenarios happens once every 10 years	λ=0.1
Scenarios happens once every 5 years	λ=0.2

2.4 Allocation of Operational Risk Capital

The allocation of operational risk capital provides an incentive for a business unit manager to reduce operational risk. The unit’s return on capital will then improve and the manager can hope for a bigger bonus.

Some level of operational risk is inevitable in any business unit, and any decision to reduce operational risk by increasing operating costs should be justified with a cost-benefit analysis.

2.5 Power Law

Power law describes how fat the right tail of the distribution (not the whole distribution). If v v v is the value of a random variable and x x x is a high value of v v v, then the power law holds it is approximately true that:

Prob ( v > x ) ≈ K x − α \text{Prob}(v > x) \approx Kx^{-\alpha} Prob(v>x)≈Kx−α

• K K K is a scale parameter.
• α \alpha α reflects the fatness of the distribution’s right tail

2.6 Reducing Operational Risk

Causes of Losses
Try to find out other factors that may lead to operational risk losses.

Sometimes operational risk loss may be related to other manageable factors. A cost-benefit analysis should be undertaken, since the costs of reducing operational risk may sometimes outweighs the benefits.

Risk and Control Self-assessment (RCSA)
It is a way for financial institutions to try to understand operational risks and establish operational risk awareness among empolyees.

The key term is self-assessment. Line managers and their staff, not operational risk professionals, are asked to identify risk exposures.

The risks considered should include not just losses that have occurred in the past, but those that could occur in the future.

The evaluation process should be repeated regularly.

Key Risk Indicators (KRIs)
These are data points that may indicate a heightened chance of operational risk losses in certain areas. In some cases, remedial action can be taken before it is too late. Simple examples of KRIs are metrics related to:

• Staff turnover
• Failed transactions
• Positions filled by temps
• Unfilled positions

To use these indicators effectively, it is important to track how they change through time so that unusual behavior can be identified.

Education
Educating employees about unacceptable business practices and (more importantly) creating a risk culture where such practices are perceived to be unacceptable is important.

Legal disputes are unfortunately an inevitable part of doing business. The in-house legal department within a financial institution needs to remind employees to be careful about what they write in e-mails and (when they are recorded) what they say in phone calls.

Insurance
Many operational risks can be insured against, insuring against a loss can not only reduce the severity of losses, but also reduce capital requirement.

Moral Hazard is the risk that the existence of an insurance contract will cause the insured entity to behave in a way that make a loss more likely.

Adverse Selection is the problem an insurance company faces in distinguishing low-risk situations from high-risk situations.

本文标签： OperationalRISK