Browse By

Operational Risk Management under the Basel accord

Operational Risk Management under Basel accord

Operational Risk (OR) is the risk of direct and indirect loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes reputational and strategic risks.

According to the Basel II accord, a financial institution, based on the level of sophistication of their operational risk management systems and practices, has the option of using one of the following approaches to calculation their operational risk capital charge:

  1. The Basic Indicator approach under which capital is calculated as the average over the past three years of a fixed percentage, or alpha, equal to 15% times the enterprise – level positive gross income. Negative gross incomes incurred during this period are excluded from the calculation of the average.
  2. The Standardized approach where fixed percentages, called betas, of 12%, 15%, or 18% depending on the business line, are applied to that line’s gross income, positive or negative. The sum across business lines is floored at zero. The average of this result over the previous three years is the capital charge.

    There is an alternative to the Standardized Approach called the Alternative Standardized Approach that is available to entities that demonstrate that the use of this measure produces a better and improved risk charge. Under this alternative approach, the operational risk capital charge/methodology is the same as for the Standardized Approach except for two business lines — retail banking and commercial banking. For these business lines, loans and advances — multiplied by a fixed factor ‘m’ — replaces gross income as the exposure indicator.

  3. The Advanced Measurement approach (AMA) is calculated using the banks own internal operational risk measurement system. The internal operational risk measurement system must consist of the following four data elements:
    1. Internal loss data,
    2. External loss data,
    3. Scenario analysis, and
    4. Business environment and internal control systems factors.

The next two section review the current definition of Business lines, activities and loss events.

Operational Risk Management – Business lines and activities

According to Basel II, all activities of the entity are mapped in a mutually exclusive and jointly exhaustive manner in one of eight business lines:

LEVEL 1

LEVEL 2

Activity groups

Corporate Finance

Corporate Finance

Municipal/Government

Finance

Merchant Banking

Advisory Services

Mergers and acquisitions, underwriting, privatisations,

securitisation, research, debt (government, high yield), equity,

syndications, IPO, secondary private placements

Trading and Sales

Sales

Market Making

Proprietary positions

Treasury

Fixed income, equity, foreign exchanges, commodities, credit,

funding, own position securities, lending and repos, brokerage,

debt, prime brokerage

Retail Banking

Retail Banking

Retail lending and deposits, banking services, trust and estates

Private Banking

Private lending and deposits, banking services, trust and

estates, investment advice

Card Services

Merchant/commercial/corporate cards, private labels and retail

Commercial Banking

Commercial Banking

Project finance, real estate, export finance, trade finance,

factoring, leasing, lending, guarantees, bills of exchange

Payment and Settlement

External Clients

Payments and collections, funds transfer, clearing and

settlement

Agency Services

Custody

 


 

Escrow, depository receipts, securities lending (customers)

corporate action

Corporate Agency

Issuer and paying agents

Corporate Trust

 

Asset Management

Discretionary Fund Management

Pooled, segregated, retail, institutional, closed, open, private equity

Non-discretionary Fund Management

Pooled, segregated, retail, institutional, closed, open

Retail Brokerage

Retail Brokerage

Execution and full service

 

Operational Risk Management – Loss event and activities

According to Basel II (Annex 9 of http://bis.org/publ/bcbs128.pdf), loss events fall into one of seven categories. These categories are further divided by sub category and activities.

Other loss types

Besides the losses defined in the table below there may also be other loss types which are important for risk management but are not generally considered in the quantification of operational risk charge. These items are useful for detecting failures and errors in processes and internal control systems. They include:

  • Exceptions: Actions done in breach of the laid down policies intentionally, due to extraordinary circumstances and with due approval
  • Near Misses: Operational risk events that do not lead to a loss.
  • Transactions in Difficulty: (TIDs) transactions that could potentially have operational loss as a probable outcome
  • Operational risk gain events”: operational risk events that generate a gain
  • Opportunity costs/lost revenues: operational risk events that prevent undetermined future business from being conducted (eg unbudgeted staff costs, forgone revenue and project costs related to improving processes).

 

Event- Type Category (Level 1)

Definition

Categories (Level 2)

Activity Examples (Level 3)

Internal Fraud

Losses due to acts of a type intended to defraud,

misappropriate property or circumvent regulations,

the law or company policy, excluding diversity/

discrimination events, which involves at least one

internal party

Unauthorized Activity

Transactions not reported (intentional)

Transaction type unauthorized (w/monetary loss)

Mismarking of position (intentional)

Theft and Fraud

Fraud / credit fraud / worthless deposits

Theft / extortion / embezzlement / robbery

Misappropriation of assets

Malicious destruction of assets

Forgery

Check kiting

Smuggling

Account take-over / impersonation / etc.

Tax non-compliance / evasion (willful)

Bribes / kickbacks

Insider trading (not on firm’s account)

External Fraud

Losses due to acts of a type intended to defraud,

misappropriate property or circumvent the law, by a third party

Theft and Fraud

Theft/Robbery

Forgery

Check kiting

Systems Security

Hacking damage

Theft of information (w/monetary loss)

Employment Practices & Workplace Safety

Losses arising from acts inconsistent with

employment, health or safety laws or agreements,

from payment of personal injury claims, or from

diversity / discrimination events

Employee Relations

Compensation, benefit, termination issues

Organized labor activity

Safe Environment

General liability (slip and fall, etc.)

Employee health & safety rules events

Workers compensation

Diversity & Discrimination

All discrimination types

Clients, Products & Business Practices

Losses arising from an unintentional or negligent

failure to meet a professional obligation to specific

clients (including fiduciary and suitability

requirements), or from the nature or design of a

product.

Suitability, Disclosure & Fiduciary

Fiduciary breaches / guideline violations

Suitability / disclosure issues (KYC, etc.)

Retail customer disclosure violations

Breach of privacy

Aggressive sales

Account churning

Misuse of confidential information

Lender liability

Improper Business or Market Practices

Antitrust

Improper trade / market practices

Market manipulation

Insider trading (on firm’s account)

Unlicensed activity

Money laundering

Product Flaws

Product defects (unauthorized, etc.)

Model errors

Selection, Sponsorship & Exposure

Failure to investigate client per guidelines

Exceeding client exposure limits

Advisory Activities

Disputes over performance of advisory activities

Damage to Physical Assets

Losses arising from loss or damage to physical

assets from natural disaster or other events.

Disasters and other events

Natural disaster losses

Human losses from external sources (terrorism,

vandalism)

Business Disruption and System Failures

Losses arising from disruption of business or system

Failures

Systems

Hardware

Software

Telecommunications

Utility outage / disruptions

Execution, Delivery & Process Management

Losses from failed transaction processing or process

management, from relations with trade

counterparties and vendors

Transaction Capture, Execution &

Maintenance

Miscommunication

Data entry, maintenance or loading error

Missed deadline or responsibility

Model / system misoperation

Accounting error / entity attribution error

Other task misperformance

Delivery failure

Collateral management failure

Reference Data Maintenance

Monitoring and Reporting

Failed mandatory reporting obligation

Inaccurate external report (loss incurred)

Customer Intake and Documentation

Client permissions / disclaimers missing

Legal documents missing / incomplete

Customer / Client Account Management

Unapproved access given to accounts

Incorrect client records (loss incurred)

Negligent loss or damage of client assets

Trade Counterparties

Non-client counterparty misperformance

Misc. non-client counterparty disputes

Vendors & Suppliers

Outsourcing

Vendor disputes

 

Comodo SSL