Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
8 likes2,632 views
The document provides a comprehensive overview of operational risk, defined as the potential loss from inadequate processes, systems, or external events, with a strong emphasis on the financial services sector. It discusses the importance of operational risk management (ORM), outlining its processes, benefits, and methods of implementation, including various approaches to capital calculation as prescribed by Basel II. The text also details the sources and types of operational risks, as well as management principles and techniques for assessing and mitigating them.
Chapter 5 - Risk Management - 2nd Semester - M.Com - Bangalore University
- 1. Chapter - V Introduction: Operations Risk Operational Risk - Introduction-typology of operational risk- measuring operational risk -Who manages operational risk- key to implementing bank- wide operational risk management- why invest in operational risk management. Technology Risk- Best practice –operational risk systems/Solutions.
- 2. Introduction to Operations Risk: Operational risk is defined as the “risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.” It includes regulatory (or legal) risk, external (including counterparty) risk and internal risk. Reducing operational risk is vital to firms within the financial services industry as sound operational risk management will improve a firm's efficiency, provide a stable working environment and improve day-to-day working conditions. Operational risk failures, however, can have severe consequences for firms and, in the most serious cases, threaten their survival.
- 3. Definition of Operations Risk: The Basel II Committee defines operational risk as: "the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events". Meaning of Operations Risk: Operational risk is the risk that is not inherent in financial, systematic or market-wide risk. It is the risk remaining after determining financing and systematic risk, and includes risks resulting from breakdowns in internal procedures, people and systems. Causes of Operational Risks: operational risks may occur from unknown and unexpected sources. Broadly, most operational risks arise from one of three sources. People risk: Incompetency or wrong posting of personnel and misuse of powers. Information technology risk: hacking of the computer network by outsiders, and the programming errors. Process-related risks: Possibilities of errors in information processing, data transmission, data retrieval, and inaccuracy of result or output.
- 4. Operations Risk Management: The term Operational Risk Management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events. Definition of ORM: “The term Operational Risk Management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk.”
- 5. Features of Operational Risk in Management: A. As inherent to business, i.e. inseparably linked with almost all business activities; B. As specific, i.e. its precise form and, therefore, all measures to control and mitigate it strongly depend on the specific company profile; and C. As a cultural risk because the handling of so varied and networked risks as they are summarized under the heading of operational risk is a question of a company’s risk culture, i.e. its approach and practices in treating risks especially in day-to- day business. Principles of ORM: a) Accept risk when benefits outweigh the cost. b) Accept no unnecessary risk. c) Anticipate and manage risk by planning. d) Make risk decisions at the right level.
- 6. ORM Process / Levels of ORM: A. In Depth: The International Organization for Standardization defines the risk management process in a four-step model: 1. Establish context 2. Risk assessment – Risk identification, Risk analysis & Risk evaluation 3. Risk treatment 4. Monitor and review B. Deliberate: The U.S. Department of Defense summarizes the deliberate level of ORM process in a five-step model: 1. Identify hazards 2. Assess hazards 3. Make risk decisions 4. Implement controls 5. Supervise (and watch for changes)
- 7. C. Time critical: The U.S. Navy summarizes the time critical risk management process in a four-step model: 1. Assess the situation 2. Balance your resources 3. Communicate risks and intentions 4. Do and debrief. (Take action and monitor for change.) Benefits of ORM: 1. Reduction of operational loss. 2. Lower compliance/auditing costs. 3. Early detection of unlawful activities. 4. Reduced exposure to future risks.
- 8. Methods of Operational Risk Management: Basel II and various Supervisory bodies of the countries have prescribed various soundness standards for Operational Risk Management for Banks and similar Financial Institutions. To complement these standards, Basel II has given guidance to 3 broad methods of Capital calculation for Operational Risk: - Basic Indicator Approach - based on annual revenue of the Financial Institution. Standardized Approach - based on annual revenue of each of the broad business lines of the Financial Institution. Advanced Measurement Approaches - based on the internally developed risk measurement framework of the bank adhering to the standards prescribed (methods include Internal Measurement Approach (IMA) or Loss distribution Approach (LDA) or Balance Scorecard Approach (BSA) , Scenario-based, Scorecard etc.)
- 9. What Comprises Operations Risk?
- 10. Features of ORM Software / Requirements A. A risk tracking process B. Identifying the instigating events and capturing the root causes C. Prompt risk notifications D. Report generation catered to stakeholders Basel II: The following lists the official Basel II define the seven event types with some examples for each category: Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery External Fraud - theft of information, hacking damage, third-party theft and forgery Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety Clients, Products, and Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning Damage to Physical Assets - natural disasters, terrorism, vandalism Business Disruption and Systems Failures - utility disruptions, software failures, hardware failures Execution, Delivery, and Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets.
- 12. Implementation of ORM in Business
- 13. ORM Framework
- 14. Risk Modeling Methods: A. Methods Based on Statistical Analysis of Historical Data: Market, credit, and insurance risks rely heavily on statistical analysis of historical data for quantification. These risks are modeled primarily by using methods on the left side of Figure 1. These include, for example: - Actuarial approaches based on convoluting (difficult) frequency and severity probability distributions. - Simulation using stochastic differential equations. - Extreme value theory to model the tail of a probability distribution Extreme value theory or extreme value analysis (EVA) is a branch of statistics dealing with the extreme deviations from the median of probability distributions. It seeks to assess, from a given ordered sample of a given random variable, the probability of events that are more extreme than any previously observed.
- 15. B. Methods Based on Expert Input: They have had to rely almost exclusively on expert input to quantify risks, such as likelihood of success or failure of a new drug in early stages of research. These include: - Delphi method to elicit information from a group of experts. - Decision trees, which lay out decision points and resulting discrete uncertain outcomes. - Influence diagrams, which also map out cause-effect relationships C. Methods Based on a Combination of Data and Expert Input: It is a combination of historical data, to the extent it's available, and expert input as needed to fill data gaps. They include, for example: - Fuzzy logic, which uses linguistic variables and rules based on expert input. - System dynamics simulation, which uses non-linear system maps to represent the causal dynamics of a system. - Bayesian Belief Networks (BBN), which relies on a network of cause-effect relationships, quantified using conditional probabilities.