RegionsNorth AmericaOvercoming Key Challenges to Implementing an Operational Risk Regime for Basel II

Overcoming Key Challenges to Implementing an Operational Risk Regime for Basel II

The primary concern for organisations looking to implement Basel II compliant systems is currently the acceptance of the capital figure by regulators. However, to be an effective model internally, the operational risk information will need to be integrated into the day-to-day business management of the firm. Operational risk should be quantified within the business units and product lines of an organisation on as detailed a level as possible for managers to be able to make judgments on returns against operational risk capital requirements. It is critical that the model of operational risk chosen (and the software tools that report and measure it) provide sufficient detail that this risk can be reduced in a quantifiable fashion other than by closing profitable business lines. These internal considerations are all in addition to the obvious external benefits derived from improving public confidence in the firm’s ability to avoid large losses.

Poor quality capital models simply transfer operational risk to model risk, and regulators may not initially agree to figures from unproven models unless they meet some aggregate expectation or benchmark. Business line managers are likely to be skeptical about qualitative implementations and shallow links to capital using control risk assessments, and may eventually ignore key risk indicators that do not prove useful in reducing losses and capital. The public will become aware of the lack of effectiveness of an operational risk regime only when a large loss occurs and its cause will be viewed as something for which the firm can be held accountable. In this event, all concerned would not be blamed for viewing the entire exercise as ineffective and futile.

Avoiding the transfer of operational risk to model risk

Standard risk management practice recognises a concept of model risk as an integral part of market and credit risk. This can be loosely defined as possible losses arising from incorrect assumptions behind the (sometimes complex) models used to quantify these risks. Risk management is about measuring uncertainty. One can measure the uncertainty in a model as well as in a process, asset or transaction.

By measuring the amount of risk in the operational risk capital model, the firm and regulators are better able to assess the possibility that operational risk has been transferred into model risk. The procedure for measuring the risk in an operational risk model follows the fundamental of techniques commonly used for market and credit risk model assessment.

Advanced capital models are available that implement this technique and will provide a capital figure that includes the errors in the original loss data. One would expect this figure to be higher than a figure generated without errors, since it includes the model uncertainty, and the difference between the two can be used as a measure of the risk contained in the operational risk model. In the future, one would expect regulators to require an assessment of model risk using this technique.

Linking Key Risk Indicators to Loss Events

Many firms are collecting key risk indicators and some are collecting hundreds of indicators in order to determine later which of them are more useful for reducing loss events. Obviously each business line may have its specific set of indicators, but how will a firm determine if a specific indicator is useful? Most are relying on the business line manager because the specific loss event knowledge lies with them. Some are collecting associated classification and ‘causal’ information about the loss, but few are retaining transaction-related information.

Since businesses are transaction oriented, the lack of transaction-related information will severely restrict the ability of the business line manager to evaluate the effectiveness of key risk indicators over time, preventing them from reducing the resulting risks once they have been quantified. It is relatively easy to imagine two different product transactions that create the same sort of loss and yet require completely different control approaches in order to eliminate future recurrences. One effective way to generate key risk indicators is to analyze the loss event information together with transaction-related data in order to generate statistical feedback for business managers that is both consistent and reliable.

Advanced techniques (based on Bayesian networks) are now available in software products that can instantly provide this kind of feedback. This provides useful information to reduce risk, at a core level within the operational workflows of that organization. Without these techniques, organizations are in danger of implementing a risk measurement approach that will provide numbers that they cannot then reduce in a quantifiable fashion.

Extending operational risk regimes to cover specific events

Many operational risk regimes are trying to address the effectiveness of controls and use the key risk indicators and loss data to this end. Unfortunately, controls are applied to specific product types and the operations that affect them, so the link to loss data is unclear at best. A much more constructive approach is to use a transaction model to measure the effectiveness of control directly. Again, this requires access to transaction level information (as does the key risk indicator measurement described above), but provides an ability to measure the effectiveness of key controls across transactions and then ‘complete the loop’ by relating these to key risk indicators and, finally, to losses. Some firms are trying to accomplish this by recording control failures for loss events that have no losses associated with them (near misses). Others have attempted to extend rules-based exception systems to cover all cases. However, any realistic approach needs to be based on models that can respond over time due to the dynamics of operational processing and new business requirements.

Summary

To a large extent the purpose of Basel II is about providing assurance to the stakeholders that management understands and controls risks occurring in the business. The regulators will need to know that firms understand and can control the risk in capital models for operational risk. Business line managers need to know that key indicators of operational risk provide important useful information for reducing losses and associated capital. And the public needs to know that an effective operational risk regime can reduce the impact of large losses in a firm. Banks will need to work hard to overcome these challenges and the benefits of capital model error analysis, key risk indicator correlation, and transaction level risk control effectiveness measures will go a long way to providing the credibility and assurance that operational risk holds out as its promise.

About the co-author

This article was co-authored by Dr. Jack King is the managing director of Genoa (UK) Limited, a financial risk and software consulting firm near London. Dr. King has almost 30 years of experience in technology and its application to risk, and is the author of “Operational Risk: Measurement and Modelling,” published by John Wiley & Sons Limited.

Related Articles

Video: Supporting digital transformation in corporate treasury

Corporate to Bank Relationships Video: Supporting digital transformation in corporate treasury

4w Austin Clark
New LIBOR guidance gives providers transformation deadlines

Banking New LIBOR guidance gives providers transformation deadlines

1m Shannon Moyer
HSBC launches Treasury APIs for payments in 27 markets

Corporate to Bank Relationships HSBC launches Treasury APIs for payments in 27 markets

1m Jay Ashar
ING – bank or fintech?

Banking ING – bank or fintech?

2m Austin Clark
Corporate debt to default ratio falls as debt bubble fears rise

Banking Corporate debt to default ratio falls as debt bubble fears rise

2m Jeremy Chan
KYC registry of SWIFT now open to corporate customers

Corporate to Bank Relationships KYC registry of SWIFT now open to corporate customers

2m Jay Ashar
Deutsche Bank launches instant payments guide for corporates

Corporate to Bank Relationships Deutsche Bank launches instant payments guide for corporates

2m Jay Ashar
BigTech in financial services may require sweeping new laws

Big Data BigTech in financial services may require sweeping new laws

3m Jay Ashar

Whitepapers & Resources

Transaction Banking Survey 2019

Transaction Banking Survey 2019

5m
TIS Sanction Screening Survey Report

Payments TIS Sanction Screening Survey Report

8m
Enhancing your strategic position: Digitalization in Treasury

Payments Enhancing your strategic position: Digitalization in Treasury

9m
Netting: An Immersive Guide to Global Reconciliation

Netting: An Immersive Guide to Global Reconciliation

1y