operational risk & incident reporting

April 13, 2023Kachhapi 1


OPERATIONAL RISK

Operational risk is the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and system or from external events. Also includes, settlement or payment risk and business interruption, administrative and legal risks.


OPERATIONAL RISK IS

• EMBEDDED IN EACH ACTIVITY

• IMPLICIT IN ORDINARY COURSE OF CORPORATE ACTIVITY.

• NOT DIRECTLY A RISK Vs EXPECTED REWARD FUNCTION

• AN INDEPENDENT RISK MANAGEMENT FUNCTION, COMPARABLE TO MANAGEMENT OF CREDIT & MARKET


TYPES OF OPERATIONAL RISK EVENTS

EVENT EXAMPLE

Internal FraudInternal Fraud Intentional Mis-representationIntentional Mis-representationEmployee theftEmployee theftInsider Trading - EmployeesInsider Trading - Employees

External Fraud Robbery, Forgery, ChequekitingComputer Hacking Damage


Clients, Products, Business Practices

Fiduciary BreachesImproper TradingConfidential InformationMoney Laundering Claim

Employment Practices & Work Place Safety

Health & Safety RulesDiscrimination ClaimsGeneral Liability

EVENT EXAMPLE


EVENT EXAMPLE

Damage to Physical Damage to Physical AssetsAssets

Terrorism, VandalismTerrorism, VandalismEarth Quake, Fires & Earth Quake, Fires & FloodsFloods

Business Disruption & System Failures

Hardware & Software Failures, Telecom Failures, Utility Usage

Execution, Delivery & Process Management

Data Entry Errors, Incomplete Documentation, Vendor Disputes, Unauthorized Access to Client Accounts


MAJOR CASES OF LOSS MAJOR CASES OF LOSS EVENTS IN BANKINGEVENTS IN BANKING


LOSS EVENTS TYPE

BANK QUANTUM IN USD

Internal Fraud BaringsDaiwa Bank

$ 1.0 Billion$ 1.4 Billion

External Fraud Custodial Client of Republic of NY Corporation

$ 611 Mio

WORKPLACE SAFETY

Merrill Lynch Legal Settlement

$ 250 Mio


LOSS EVENTS TYPE

BANK QUANTUM IN USD

Client products & business practices

Improper SalesPractices Banks in US( Provision)

$ 405 Mio

Damage tophysical assets

Bank of NewYork 9/11

$ 140 Mio


LOSS EVENTS TYPE

BANK QUANTUM IN USD

Business disruption& system failure

Solomon Brothers( Due toUn-reconciledBalances withchange in I.TSystem )

$ 303 Mio

Execution, delivery& Processmanagement

BOA Wells Fargo BankFailed transactionProcessing &System IntegrationProcessing

$ 225 Mio$ 150 Mio


OPERATIONAL RISK –LOSS TYPES

• Processing risk.

• People risk.

• System risk.

• External events risk.

• Legal risk.

• Reputation risk.


PROCESSING RISK• Transactions put through without proper

authority/mandate.• Erroneous transaction execution.• Wrong reporting.• Erroneous cash movement.• Omission of task.• Inaccurate/incomplete documentation.• Frauds both internally/externally.• Money laundering.• Unauthorized persons access to bank’s records.


PEOPLE RISK• Inadequate staff.

• Hiring unsuitable staff.

• Loss of key personnel.

• Over reliance on few key staff.

• Insufficient succession & development planning.

• Insufficient training.

• Poor communication.

• Behaviour & attitude.

• Age profile.


SYSTEM RISKS• Programming error.• Irrelevant, inaccurate, incomplete MIS.• I T System failure.• Telecommunication failure.• Technology interference.• Failure of support functions.• Inadequacy of backup systems/procedures.• Working under different platforms/ software

environment.


LEGAL RISKS

• Breaching of regulatory requirements.

• Unenforceable contracts,lawsuits.

• Adverse judgments.

• Executing illegal transactions.

• Failure to fulfill fiduciary duties


External events risks.

• Natural disasters.Natural disasters.

• War/terrorism.War/terrorism.

• Sabotage.Sabotage.

• Crime.Crime.


REPUTATION RISKS.• Negative publicity leading to decline in

customer base, costly litigation, reduction in current & prospective earnings & capital.

• Effect of other risks.


Operational Risk – Framework & Management.

1. Organizational set up.

2. Operational Risk Management Policy.

3. Risk mapping.

4. Risk assessment.

5. Collection of Operational risk loss incident data.

6. Risk Quantification


Risk AssessmentCategorization of identified risks – Low,

Medium, High.

Grading of controls – Low, Medium, High.

Comparison between assessed risks & existing controls to identify :

1. High risk low control types 2. Low risk high control types 3. Less frequent high impact types 4. More frequent less impact types.


RISK QUANTIFICATION

OPERATIONAL OPERATIONAL RISKRISKCREDIT RISKCREDIT RISK MARKET RISKMARKET RISK

STANDARDIZEDSTANDARDIZED

APPROACHAPPROACH

FOUNDATION –FOUNDATION –

IRB APPROACHIRB APPROACH

ADVANCED – ADVANCED –

IRB APPROACHIRB APPROACH

STANDARDISEDSTANDARDISED

APPROACHAPPROACH

INTERNALINTERNAL

MEASUREMENTMEASUREMENT

APPROACHAPPROACH

BASIC BASIC INDICATOR INDICATOR APPROACHAPPROACH

STANDARDIZED STANDARDIZED APPROACHAPPROACH

ADVANCED ADVANCED MEASUREMENT MEASUREMENT APPROACHAPPROACH


Basic Indicator Approach

• Fixed percentage on Gross income shall be the Capital to be held by the Bank for Operational risk


Standardized Approach• Bank’s activities are divided into:

1) Corporate Finance.2) Trading & Sales.3) Retail Banking.4) Commercial Banking.5) Payment & Settlement.6) Agency Services & Custody.7) Retail Brokerage.8) Asset Management.

• Capital charge to be calculated for each business line by multiplying gross income by a factor percentage assigned to it.


Advanced Measurement Approach

• Gives discretion to the Bank to use their own internal loss data & assessment methods.

• Approach shall be used only after sufficient reliable data base of operational risk loss events is built up.


• We have to measure operational risk We have to measure operational risk by Basic Indicator Approach in terms by Basic Indicator Approach in terms of RBI guidelines.of RBI guidelines.

• What is beneficial to Banks is AMA. What is beneficial to Banks is AMA.


• THANK YOU

• T.V.RAO.FACULTY

operational risk & incident reporting

Automotive

people risk

risk of direct

payment risk

risk vs

risk mapping

processing risk transactions

high risk low control

low risk high control