Operational Risk AMA at the EIB
-
Upload
shalin-bhagwan -
Category
Documents
-
view
229 -
download
0
Transcript of Operational Risk AMA at the EIB
-
8/13/2019 Operational Risk AMA at the EIB
1/31
AMA at the EIB
March 2009
-
8/13/2019 Operational Risk AMA at the EIB
2/31
Agenda
Operational risk framework
Basel II and the advanced measurement approach (AMA)
Adjusted risk capital (ARC)
Worked example
-
8/13/2019 Operational Risk AMA at the EIB
3/31
Operational risk framework
Operational risk policy
Operational risk methodology
Historical data
KRIs
Information on internal controls
Scenario analysis
Operational risk system: SAS
-
8/13/2019 Operational Risk AMA at the EIB
4/31
Basel II and the advanced
measurement approach (AMA)
-
8/13/2019 Operational Risk AMA at the EIB
5/31
Basel II / AMA Approaches
Basic
15% of Gross Income
Advanced Measurement ApproachRisk Measurement, Loss Data Base, Risk Exposure Report, Capital
Calculation Engine
Standardized
15% of Gross Income
Alternative
Standardized
15% x 3.5% of Assets
Only capital calculation, no risk measurement
-
8/13/2019 Operational Risk AMA at the EIB
6/31
EIB and Basel IIQualifying Criteria
Existing
Situation
Under Basel II / CAD
Objective
Basic Stand. Altern. Stand. AMA
Operational Risk Policy Yes No Yes Yes YesKeep Existing Operational
Risk Policy
Operational Risk Exposures
ReportYes No Yes Yes Yes
Keep Existing Operational
Risk Report
Loss Data Base Yes No Yes Yes YesKeep Existing Loss Data
Base
Capital Calculation Engine No No No No YesImplement Capital
Calculation Engine
Basel II Capital Requirement N/A 265M 265M 1,300MApprox.
100 M 150 M
-
8/13/2019 Operational Risk AMA at the EIB
7/31
Motivations for AMA
Basel II / CAD
Large international bank
Triple A rating
Non profit
Key objective is best practice not capital
-
8/13/2019 Operational Risk AMA at the EIB
8/31
AMA Key Elements
Scenario Analysis
Business Environment & Internal
Control Factors
Internal Data
External Data
Scenario Analysis
Key Risk Indicators since
2001
Scorecard / KRIs
Database of events
and losses since 2002
SAS Global Data
Operational Events and Losses
0%
20%
40%
60%
80%
100%
120%
2 00 2 200 3 20 04 200 5 20 06
Years
E
vents
0%
20%
40%
60%
80%
100%
120%
Losses(EUR)
Operational Events
Operational Losses
Preliminaryanalysis
Servicesvalidation
-
8/13/2019 Operational Risk AMA at the EIB
9/31
Adjusted risk capital (ARC)
-
8/13/2019 Operational Risk AMA at the EIB
10/31
Adjusted Risk Capital(A.R.C.)
Operational Risk Management Model
Key Principles
ARC
Capital adjustment
Reporting
-
8/13/2019 Operational Risk AMA at the EIB
11/31
OR Governance
Strategy and
Policy ORMOrganizational
Structure
OR Framework
& Processes
Qualitative Requirements
Internal
DataExternal
Data
Scenario Analysis BusinessEnvironment
OR Measurement
Quantitative Requirements
Operational RiskManagement Model
-
8/13/2019 Operational Risk AMA at the EIB
12/31
Key Principles
Management comes before measurement
No appetite for Operational Risk
You can do everything, but you cannot
do it alone
-
8/13/2019 Operational Risk AMA at the EIB
13/31
Annual riskassessment process
Frequencyof events
Severityof loss
43210
40-
50
30-
40
20-
30
10-
20
0-10
Annual Aggregate Loss($)Mean 99.9th Percentile
Business and internalcontrol environment
Key Risk Indicators
ScenarioAnalysis
Adjustedparameters
and distributions
Preliminary
analysis
LDA model
Prior VAR
Adjusted VAR
New Loss
Data
New KRIs
Historical Data
Internal/External
-
8/13/2019 Operational Risk AMA at the EIB
14/31
Preliminary analysis
Historical data onfrequency and impact
Distribution of lossesbased on historical data
Stress testing basedon scenario analysis
Historical data onfrequency only
No historical dataavailable
Distribution of lossesbased on scenario analysis.
Scenario frequency based on historical dataScenario impact to include extreme (stress) losses
Distribution of lossesbased on scenario analysis.
Scenario impact to include extreme (stress) losses
-
8/13/2019 Operational Risk AMA at the EIB
15/31
Scenario identification
Events with losses already happened
Near misses
ICFAudit points with AAPs
Events identified by management
Events identified through external info
-
8/13/2019 Operational Risk AMA at the EIB
16/31
Scenario assessment
Frequency of occurrence
Severity of impact
Worst case (substantial deviation from
business as usual)
-
8/13/2019 Operational Risk AMA at the EIB
17/31
Services assessment
Is each scenario credible? Need to
modify/discard?
Are estimates (probability, impact, worst
case) reasonable?Are there other scenarios to consider?
In this case what are probability, impact
and worst case?
-
8/13/2019 Operational Risk AMA at the EIB
18/31
Business andControl Environment
2006 Q1
Evolution1
%
Front office trade capture
Number of treasury portfolio deals # 2,819 10% 3,000 4,000
Percentage of new transactions % 0 0 10
Number of cancellations and rejections in FK # 60 -50% 40 100
Back office transaction processing and accounting
Number of payments and transfers # 6,586 -13% 9,000 15,000
Number of cancellations and rejections in payments and transfers # 178 -1% 90 180
Average number of outstanding items older than 7 days at month end
in the nostro accounts reconciliation.
working
days 27 -15% 25 40
Number of cancellations and amendments in Swift Alliance # 141 14% 100 250
Number of manual interventions in accounting # 63 25 40
Risk and control environment
Total Operational Losses EUR 7,500 1,000 150,000 Risk Assessment score from ICF Score 1 0% 1 2
System server downtime during working hours hrs 0 -95% 0 2
Treasury Process Scorecard
Indicators Units ValueThreshold
2 Limit3
-
8/13/2019 Operational Risk AMA at the EIB
19/31
Business andControl Environment
1.7
Front office trade capture 1 1.4
Number of treasury portfolio deals 1.0 1
Percentage of new transactions 1.0 2
Number of cancellations and rejections in FK 2.0 2
Back office transaction processing and accounting 1 2.1
Number of payments and transfers 1.0 1
Number of cancellations and rejections in payments and transfers 2.0 2
Average number of outstanding items older than 7 days at month end
in the nostro accounts reconciliation. 2.0 2
Number of cancellations and amendments in Swift Alliance 2.0 2
Number of manual interventions in accounting 3.0 2
Risk and control environment 1 1.7
Total Operational Losses 2.0 3
Risk Assessment from ICF 1.0 2
System server downtime during working hours 2.0 2
Activity6
Process7Indicators Scores
4Weight
5
-
8/13/2019 Operational Risk AMA at the EIB
20/31
Capital Adjustment
-
8/13/2019 Operational Risk AMA at the EIB
21/31
A.R.C. Reporting
Monthly Report
Quarterly Report
Ad-hoc Report
President
Board of
Directors
ManagementCommittee
Directors general, Internal Audit,External Audit, Audit Committee
W k d E l
-
8/13/2019 Operational Risk AMA at the EIB
22/31
Worked Example
P li i l i
-
8/13/2019 Operational Risk AMA at the EIB
23/31
Preliminary analysiswith historical data
Level 3 Business Level
A trader deals in unauthorized
derivatives and hides losses in adummy account.
A system failure on a major paymentdate leads to inability to settle a
portion of that days transactions.
BODY OF DISTRIBUTION (based onhistorical losses)
A mis-specified SWIFT code leads to
an incorrect payment.
STRESS SCENARIO FOR TAIL OFDISTRIBUTION A payment is sent out just before a
counterparty defaults.
AverageFreq.
N. A.
Once ayear
Fourtimes a
year
Once in50 years
Averageimpact
N. A.
N. A.
15,000
70M
WorstCase
N. A.
N. A.
450,000
126M
1.1.1 Internal fraud
Unauthorized
transaction notreported
6.1.1 Losses arising fromsystem failures
Hardware
7.1.1 Transaction capture,
execution and maintenance
Data entry,
maintenanceor loading
error
Level 3 Business Level
A trader deals in unauthorized
derivatives and hides losses in adummy account.
A system failure on a major paymentdate leads to inability to settle a
portion of that days transactions.
BODY OF DISTRIBUTION (based onhistorical losses)
A mis-specified SWIFT code leads to
an incorrect payment.
STRESS SCENARIO FOR TAIL OFDISTRIBUTION A payment is sent out just before a
counterparty defaults.
AverageFreq.
N. A.
Once ayear
Fourtimes a
year
Once in50 years
Averageimpact
N. A.
N. A.
15,000
70M
WorstCase
N. A.
N. A.
450,000
126M
1.1.1 Internal fraud
Unauthorized
transaction notreported
6.1.1 Losses arising fromsystem failures
Hardware
7.1.1 Transaction capture,
execution and maintenance
Data entry,
maintenanceor loading
error
P li i l i
-
8/13/2019 Operational Risk AMA at the EIB
24/31
Preliminary analysisincluding scenarios
Level 3 Business Level
A trader deals in unauthorizedderivatives and hides losses in adummy account.
A system failure on a major paymentdate leads to inability to settle aportion of that days transactions.
BODY OF DISTRIBUTION (based onhistorical losses)
A mis-specified SWIFT code leads toan incorrect payment.
STRESS SCENARIO FOR TAIL OFDISTRIBUTION A payment is sent out just before a
counterparty defaults.
AverageFreq.
Once in10 years
Once ayear
Fourtimes a
year
Once in50 years
Averageimpact
1M
10,000
15,000
70M
WorstCase
50M
150,000
450,000
126M
1.1.1 Internal fraud
Unauthorizedtransaction notreported
6.1.1 Losses arising fromsystem failures
Hardware
7.1.1 Transaction capture,execution and maintenance
Data entry,maintenance
or loadingerror
Level 3 Business Level
A trader deals in unauthorizedderivatives and hides losses in adummy account.
A system failure on a major paymentdate leads to inability to settle aportion of that days transactions.
BODY OF DISTRIBUTION (based onhistorical losses)
A mis-specified SWIFT code leads toan incorrect payment.
STRESS SCENARIO FOR TAIL OFDISTRIBUTION A payment is sent out just before a
counterparty defaults.
AverageFreq.
Once in10 years
Once ayear
Fourtimes a
year
Once in50 years
Averageimpact
1M
10,000
15,000
70M
WorstCase
50M
150,000
450,000
126M
1.1.1 Internal fraud
Unauthorizedtransaction notreported
6.1.1 Losses arising fromsystem failures
Hardware
7.1.1 Transaction capture,execution and maintenance
Data entry,maintenance
or loadingerror
R lt f i
-
8/13/2019 Operational Risk AMA at the EIB
25/31
Results of reviewwith the services
20,000,000
Between
50M and
150M
Between 50M
and 150M
Once in 50
years
53,832,905Total Operational Risk Capital (EUR)
53,832,905Total VAR
1,061,082
Between
150,000 and
500,000
Less than
10,000Quarterly
7. Execution, Delivery &
Process Management
471,823
Between
50,000 and
150,000
Between 10,000and 50,000
Once a year6. Business disruption andsystem failures
32,300,000
Between
50M and
150M
Between 1M
and 5M
Once in ten
years
1. Internal Fraud
Unauthorized Activity
VAR (EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
20,000,000
Between
50M and
150M
Between 50M
and 150M
Once in 50
years
53,832,905Total Operational Risk Capital (EUR)
53,832,905Total VAR
1,061,082
Between
150,000 and
500,000
Less than
10,000Quarterly
7. Execution, Delivery &
Process Management
471,823
Between
50,000 and
150,000
Between 10,000and 50,000
Once a year6. Business disruption andsystem failures
32,300,000
Between
50M and
150M
Between 1M
and 5M
Once in ten
years
1. Internal Fraud
Unauthorized Activity
VAR (EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
I t ti ith
-
8/13/2019 Operational Risk AMA at the EIB
26/31
Integration withnew loss data
During the first three months of the year, two events in Risk
Category 6., with losses of40,000 and60,000, respectively.
Risk assessment is updated accordingly.
Lognorm(30000; 42500) Trunc(0;+inf)
Probability
Valuesx10^-5
LossesValues in Thousands
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
050
100
150
200
250
300
350
400
450
500
>0.1%99.9%0.0 440.0
Lognorm(400000; 280000) Trunc(0;+inf)
Probability
Valuesx10^-6
LossesValues in Thousands
0.0
0.5
1.0
1.5
2.0
2.5
0
600
1200
1800
2400
>99.9%0 2350
R lt ith
-
8/13/2019 Operational Risk AMA at the EIB
27/31
Results withNew internal loss data
20,000,000
Between 50M
and 150MBetween 50M
and 150M
Once in 50
years
56,097,730Total Operational Risk Capital (EUR)
56,097,730Total VAR
1,061,082Between
150,000 and
500,000
Less than 10,000Quarterly7. Execution, Delivery &
Process Management
2,736,648Between
150,000 and
500,000
Between 50,000
and 150,000Quarterly
6. Business disruption and
system failures
32,300,000Between 50M
and 150M
Between 1M and
5M
Once in ten
years
1.Internal Fraud
Unauthorized Activity
VAR(EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
20,000,000
Between 50M
and 150MBetween 50M
and 150M
Once in 50
years
56,097,730Total Operational Risk Capital (EUR)
56,097,730Total VAR
1,061,082Between
150,000 and
500,000
Less than 10,000Quarterly7. Execution, Delivery &
Process Management
2,736,648Between
150,000 and
500,000
Between 50,000
and 150,000Quarterly
6. Business disruption and
system failures
32,300,000Between 50M
and 150M
Between 1M and
5M
Once in ten
years
1.Internal Fraud
Unauthorized Activity
VAR(EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
New KRIs and
-
8/13/2019 Operational Risk AMA at the EIB
28/31
New KRIs andcapital adjustment
Business and control environment is reflected in a Scorecardsummarizing a set of Key Risk indicators (KRIs).
Six months later the relevant Business Units score is rated VeryGood.
Capital charge is adjusted according to the following formula.
%2.72exp1exp
expexp
2.12.1
K
SSK
Exponential function limits downside reductions of capital
-10%
-5%
0%
5%
10%
15%
20%
25%
30%
35%
1 VeryGood
Good Medium Bad VeryBad
3
Risk Score
Capital Adjustment
= - 7.2%
Results with new KRIs
-
8/13/2019 Operational Risk AMA at the EIB
29/31
Results with new KRIs
20,000,000Between 50M
and 150MBetween 50M
and 150M
Once in 50
years
56,097,730Total Operational Risk Capital (EUR)
52,058,693Total Adjusted Operational Risk Capital (EUR)
56,097,730Total VAR
1,061,082Between
150,000 and
500,000
Less than 10,000Quarterly7. Execution, Delivery &
Process Management
2,736,648
Between
150,000 and
500,000
Between 50,000
and 150,000Quarterly
6. Business disruption and
system failures
32,300,000Between 50M
and 150M
Between 1M and
5M
Once in ten
years
1.Internal Fraud
Unauthorized Activity
VAR(EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
20,000,000Between 50M
and 150MBetween 50M
and 150M
Once in 50
years
56,097,730Total Operational Risk Capital (EUR)
52,058,693Total Adjusted Operational Risk Capital (EUR)
56,097,730Total VAR
1,061,082Between
150,000 and
500,000
Less than 10,000Quarterly7. Execution, Delivery &
Process Management
2,736,648
Between
150,000 and
500,000
Between 50,000
and 150,000Quarterly
6. Business disruption and
system failures
32,300,000Between 50M
and 150M
Between 1M and
5M
Once in ten
years
1.Internal Fraud
Unauthorized Activity
VAR(EUR)
Worst case
(EUR per
event)
Mean severity
(EUR per
event)
Mean
frequency
What is your risk of
incurring losses related to
ResultsAnswers (self-assessment)Questions
Conclusions
-
8/13/2019 Operational Risk AMA at the EIB
30/31
Conclusions
Strong top management commitment
Analysis of all incidents (and near
misses)Risk measurement andmanagement
Work with the business units
Keep it simple
-
8/13/2019 Operational Risk AMA at the EIB
31/31
Any questions?
Thank you for
attention!