WHAT if suddenly ATMs stopped vending crisp notes, bank branches closed for few days, the data centre of major banks shut down, busy operations in dealing rooms of major banks come to a halt and banking personnel don't reach their offices.
This is not a doomsday scenario but what actually happened during the Mumbai floods. Uncertainty has crept into our lives. In technical parlance, we can call the risk involved in running daily operations "operational risk", or op-risk, for short.
In the banking industry, op-risk is as old as banking itself. The banking landscape has undergone a sea change and is becoming more complex in terms of volume of business, product innovation, financial engineering, new market practices, fast and rapid technology innovation, deregulation, consolidation of banks and increasing competition among banks.
This has increased probability of failure or mistakes from the operations point of view; it has increased the focus on managing op-risk.
The new BIS guidelines, generally known as "Basel II Accord", recognises this and places increased emphasis on op-risk management. The Basel committee defines op-risk as the risk "of loss resulting from inadequate or failed internal processes, people and systems or from external events". This definition includes legal risk, but excludes strategic and reputation risk. As banks move towards implementing Basel II norms, they need to evolve an internal framework for effective management of op-risk.
Depending on the size, complexity and organisational structure of bank, a five-step approach can be used for building a robust op-risk framework:
- Identification of operational risk through event framework
- Analysing the causes of events
- Risk mapping
- Risk measurement and control
- Management of operational risk and, thereby, capital management
To start with, banks, as part of identification, should classify and capture all operational losses in the form of "events". Events are nothing but "occurrences" or "happenings". Banks should start accumulating data on events that have occurred in the past and also identify potential events.
All events should be defined with attributes, such as, frequency of event, severity, loss amount, reason for loss, date of discovery of loss and date of occurrence.
Banks can adopt the seven type of events suggested by Risk Management Group (RMG) of Basel committee for one of their quantitative studies (QIS-2) which includes internal fraud, external fraud, employment practices and work safety, client products and business services, damages to physical assets, business disruption and system failures and execution delivery.
The second step involves doing a causal analysis to understand the exact cause for the above events and estimate the actual loss as well as potential loss in case the events are repeated. This analysis on cause of events can make the bank understand the level of exposure and the op-risk management strategy it needs to adopt.
Once banks have developed an event database and done the causal analysis, they can start risk mapping. Risk mapping is a tool wherein banks can map the above risk events and losses to any specified set of business lines.
Basel has come out with eight set of business lines — corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency and custody services, asset management and retail brokerage — to which the events collected by bank can be mapped.
Op-risk measurement is still evolving in terms of tools and techniques that can be used for effective measurement and management. Banks can follow either or both of qualitative risk measurement or quantitative risk measurement:
The generic ways of measuring op-risk include qualitative risk measurement techniques such as critical assessment method, which involves questionnaire format and interviews with all line managers to identify the op-risk events.
Another widely used approach, which is a combination of qualitative as well as quantitative approaches, is the Key Risk Indicators (KRI) approach, which involves identifying indicators, which convey good idea about the scope of business and thereby the risk involved.
For instance, portfolio size, volume of transactions traded, volume of deals routed through payment and settlement systems, etc., form one set of predictive indicators. KRI is more a predictive model than a cause-and-event approach.
A common quantitative approach used is Loss Distribution Approach (LDA), which involves arriving at a right fit distribution of historical loss events and, thereby, at quantitative results like expected loss and finally operational value at risk.
Another forward-looking scenario generation approach for op-risk measurement is Loss Scenario Modelling, which involves generating simulations for loss scenarios based on the events and losses captured in the first step.
Basel II norms suggest three approaches for measurement of op-risk. The simplest approach, best suited for less sophisticated and small balance-sheet banks, is the Basic Indicator Approach (BIA). BIA requires banks to allocate capital based on a single indicator of operational risk, which in this case will be average gross income of past three years multiplied by factor called alpha, which is set at 15 per cent.
The second approach is the Standardised Approach (SA), which involves mapping the bank's business lines to the set of eight business lines and use multiplier (Beta) of average gross income to compute capital charge.
Also, there is the Alternative Standardised Approach (ASA), which uses loans and advances, instead of gross income, for retail banking and commercial banking business lines multiplied by fixed factor which results in capital charge to be set aside.
The most sophisticated approach suggested is advanced measurement approach (AMA). Under the AMA, the regulatory capital requirement will equal the risk measures generated by the bank's internal operational risk measurement system using quantitative and qualitative criteria for the AMA. Internal data used must be based on a minimum historical observation period of five years. However, when a bank first moves to AMA, a three-year period is acceptable.
Banks need to employ the quantitative approaches like Internal Measurement Approach (IMA) or Loss distribution Approach (LDA) or Balance Scorecard Approach (BSA) for adopting AMA. All AMA approaches compute the expected and unexpected loss. The most significant aspect for a bank to graduate from Basic Indicator Approach (BIA) to Advanced Measurement Approach (AMA) is the potential benefit of less capital allocation for operational risk.
As op-risk involves failures during operations in daily business, the key steps in op-risk management involve improving internal control environment, designing and developing procedures to implementing the risk management processes and employing risk transfer techniques, such as insurance, to mitigate the loss arising from operational risk. Credit rating agencies have started rating banks based on their risk control and management frameworks. Investor awareness has also increased to the extent that banks with robust risk management frameworks are able to attract strategic investments with less effort.
Given the known benefits of implementing the provisions of the Basel II accord, banks should prioritise their strategy towards op-risk management. A constructive approach in this direction could be to automate the suggested five-step approach and, as a first step, to start developing a loss event database.
(The author is a senior consultant with Misys Banking Systems, Bangalore. The views are personal.)
Source : http://www.thehindubusinessline.com/2006/01/19/stories/2006011900991000.htm
Posts
No comments:
Post a Comment