Operational risk

From Wikipedia, the free encyclopedia

 This article or section includes a list of references or external links, but its sources remain unclear because it lacks in-text citations.
You can improve this article by introducing more precise citations.

Basel II

Bank for International Settlements
Basel Accord - Basel I
Basel II
Background

Banking
Monetary policy - Central bank
Risk - Risk management
Regulatory capital
Tier 1 - Tier 2
Pillar 1: Regulatory Capital

Credit risk
Standardized - F-IRB - A-IRB
PD - LGD - EAD
Operational risk
Basic - Standardized - AMA
Market risk
Duration - Value at risk
Pillar 2: Supervisory Review

Economic capital
Liquidity risk - Legal risk
Pillar 3: Market Disclosure

Disclosure
Business and Economics Portal

An operational risk is a risk arising from a company's business functions and from the practical implementation of the management's strategy. As such, it is a very broad concept including e.g information risks, fraud risks, physical or environmental risks, etc. The term operational risk is most commonly found in risk management programs of banks that must organize their risk management program according to Basel II. In Basel II, risk management is divided into credit, market and operational risk management. The definition doesn't talk about strategic risks at all. In many cases, credit and market risks are handled through a company's financial department, whereas operational risk management is perhaps coordinated centrally but most commonly implemented in different operational units (e.g. the IT department takes care of information risks, the HR department takes care of personnel risks, etc)

More specifically, Basel II defines operational risk as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Although the risks apply to any organisation in business, this particular way of framing risk management is of particular relevance to the banking regime where regulators are responsible for establishing safeguards to protect against systemic failure of the banking system and the economy. The Basel II definition talks only about operational risks or risks arising from basic operations and practical execution of strategy, but excludes strategic risk: i.e. the risk of a loss arising from a poor strategic business decision. This definition also excludes reputational risk (damage to an organisation through loss of its reputation or standing) although it is understood that a significant but non-catastrophic operational loss could still affect its reputation possibly leading to a further collapse of its business and organisational failure.

Contents

[edit] Background

Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement and management of both these forms of risk.

Globalization and deregulation in financial markets, combined with increased sophistication in financial technology, have introduced more complexities into the activities of banks and therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.

Events such as the September 11 terrorist attacks, rogue trading losses at Societe Generale, Barings, AIB and National Australia Bank, and the Y2K scare serve to highlight the fact that the scope of risk management extends beyond merely market and credit risk.

The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.

The identification and measurement of operational risk is a real and live issue for modern-day banks, particularly since the decision by the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk as part of the new capital adequacy framework (Basel II).

[edit] Definition

Operational risk was initially defined in the negative as any form of risk that is not market or credit risk. This negative definition is rather vague as it does not tell us much about the exact types of operational risks faced by banks today, nor does it provide banks with a proper basis for measuring risk and calculating capital requirements.

A better definition is provided by the Basel Committee, who define operational risk as:

"The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."

This definition includes legal risk, but excludes strategic and reputational risk. However, the Basel Committee recognizes that operational risk is a term that has a variety of meanings and therefore, for internal purposes, banks are permitted to adopt their own definitions of operational risk, provided the minimum elements in the Committee's definition are included.

Although the definition has gained some acceptability in the banking industry, there are also some analysts who believe it to be flawed, describing it as opaque, open-ended and leaving many unanswered questions regarding the exact type of events that can be attributed to operational losses.

In particular, the somewhat abrupt manner in which legal risk is incorporated into the definition and then left undeveloped has been the subject of criticism, as has the decision to exclude certain risks (reputational and strategic).

[edit] Basel II event type categories

The following lists the official Basel II defined event types with some examples for each category:

  • Internal Fraud - misappropriation of assets, tax evasion, intentional mismarking of positions, bribery
  • External Fraud - theft of information, hacking damage, third-party theft and forgery
  • Employment Practices and Workplace Safety - discrimination, workers compensation, employee health and safety
  • Clients, Products, & Business Practice - market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
  • Damage to Physical Assets - natural disasters, terrorism, vandalism
  • Business Disruption & Systems Failures - utility disruptions, software failures, hardware failures
  • Execution, Delivery, & Process Management - data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

[edit] Difficulties

It is relatively straightforward for an organisation to set and observe specific, measurable levels of market risk and credit risk. By contrast it is relatively difficult to identify or assess levels of operational risk and its many sources. Historically organisations have accepted operational risk as an unavoidable cost of doing business.

[edit] Methods of operational risk management

Basel II and various Supervisory bodies of the countries have prescribed various soundness standards for Operational Risk Management for Banks and similar Financial Institutions. To complement these standards, Basel II has given guidance to 3 broad methods of Capital calculation for Operational Risk

  • Basic Indicator Approach - based on annual revenue of the Financial Institution
  • Standardised Approach - based on annual revenue of each of the broad business lines of the Financial Institution
  • Advanced Measurement Approaches - based on the internally developed risk measurement framework of the bank adhering to the standards prescribed (methods include IMA, LDA, Scenario-based, Scorecard etc.)

The Operational Risk Management framework should include identification, measurement, monitoring, reporting, control and mitigation frameworks for Operational Risk.

[edit] See also

[edit] External links