1 / 16

2006 General Meeting Assemblée générale 2006 Chicago, Illinois

Canadian Institute of Actuaries. L’Institut canadien des actuaires. 2006 General Meeting Assemblée générale 2006 Chicago, Illinois. Contents. Introduction to CIBC Operational Risk Definition Rationale for Measuring Operational Risk Implementing an Operational Risk Program

albin
Download Presentation

2006 General Meeting Assemblée générale 2006 Chicago, Illinois

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Canadian Institute of Actuaries L’Institut canadien des actuaires 2006 General Meeting Assemblée générale 2006 Chicago, Illinois

  2. Contents • Introduction to CIBC • Operational Risk Definition • Rationale for Measuring Operational Risk • Implementing an Operational Risk Program • Measuring Operational Risk • Future Developments / Enhancements

  3. Introduction to CIBC • The Canadian Imperial Bank of Commerce (CIBC) is a leading North American financial institution with (at year end 2005): • 11 million individual and small business clients; • $12.5 billion in revenues; • $280.4 billion of total assets; • $24.1 billion market capitalization; and • 37,000 employees worldwide

  4. Operational Risk Definition • Operational risk is defined as: “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events” • At CIBC Operational Risk is classified using the following seven loss types: • Client Disservice; • Legal Liability – Employees; • Legal Liability – Clients and/or Third Parties; • Loss or Damage to Assets; • Regulatory, Compliance and Taxation Violations; • Theft, Fraud, Unauthorized Activities; and • Transaction Processing

  5. Rationale for Measuring OpRisk 1. Because it Benefits the Bank • Better understanding of our risks allows us to: • Mitigate risks by changing controls, and/ or avoiding certain exposures; • Price our risks into our products and services; and • Transfer (i.e. insure) our risks to third parties • Ensures we have a more complete capital capture for performance measurement. The economic capital for each business line is made up of credit, market, and operational risk capital. Some business have little or no credit/market risk but a substantial amount of OpRisk (e.g. fee based businesses) 2. Because it is a regulatory requirement under the new Basel Accord “You can’t manage what you can’t measure”

  6. Basel II & Regulatory Requirements • In June 2004, regulators from the G-10 countries approved the Basel II Capital Accord, which will require, for the first time, banks to set aside regulatory capital for operational risks • Basel II provides three methods for the calculation of operational risk capital: (i) the Basic Indicator Approach; (ii) the Standardized Approach; or (iii) the Advanced Measurement Approach (AMA) • The Basic Indicator & Standardized Approaches are based upon simple multipliers of gross revenue, differing only by their organizational level of calibration (e.g. capital is 15% of the avg. annual gross revenue from the previous 3 yrs) • The Advanced Measurement Approach (AMA) determines capital based on a bank’s internal operational risk measurement system

  7. CIBC’s OpRisk Program Background OpRisk program has evolved over time to become compliant with the AMA requirements • CIBC initially assessed operational risk capital in 1999 using an “AMA-like” approach; • The approach was updated in 2002 to better align with the available guidance related to Basel II; • Following the release of the new Basel Accord in June 2004; CIBC completed a gap analysis and identified eight projects that would enable the Bank to meet the new AMA requirements; and • With the completion of all of the principal objectives for each of the eight projects in 2005, CIBC formally applied to OSFI for AMA for operational risk on February 1, 2006

  8. CIBC’s OpRisk Program • Framework: The Framework is aligned with the new Capital Accord and allows the Bank to: • Identify Operational Risks; then • Measure the risks identified; and • Monitor/Report on the risks that have been measured • Policy and Methodology: CIBC has a documented and approved Policy and Methodology which specifies how OpRisk is measured and outlines the roles and responsibilities of the various groups involved • Supporting Technology: CIBC has invested in a technology solution which serves as a central repository for thousands of records used in the calculation of operational risk

  9. Risk Identification Process Risk Identification is the first step in attributing Operational Risk capital • The Operational Risk Department works with business management to complete a Risk Identification • The Risk Identification process summarizes which loss types are applicable to a given business activity • As the business evolves and changes over time, the New Initiative Approval Process (NIAP) and the Risk and Control Self Assessment Processes (RSA & CSA) ensures that any relevant and material changes are communicated and incorporated into a revised Risk Identification for the given business.

  10. Operational Risk Measurement OpRisk capital is comprised of two components: (1) Baseline Capital • Determined using a Loss Distribution Approach • The inputs to the Baseline Capital are either; [1] Actual internal loss experience where there is a sufficient loss history available to perform statistical analysis; or [2] Loss scenarios, which are based on available internal/external loss data and management judgment (2) Qualitative Adjustments • Qualitative Adjustments (QAs) are added in order to make timely adjustments for internal control issues and risks that were not included in the original operational risk profile • Derived from the quarterly Risk and Control Self Assessment Processes (RSA & CSA) and add approximately 10% to 20% to baseline capital

  11. Operational Risk Monitoring Risk monitoring ensures that the capital remains current and that management is apprised of changes in the level of risk • Risk monitoring involves the regular monthly reporting of operational risk capital to the business lines and to the Economic Capital group for performance measurement and the quarterly reporting of risk capital to senior management (Governance and Control Committee) and to the Board • The underlying process for supporting and monitoring operational risk include: • the monthly tracking of actual operational losses; • the monthly review of the Key Risk Indicators (KRIs); • the quarterly Risk and Control Self Assessment Process (RSA & CSA); and • the quarterly capital update process

  12. OpRisk Supporting Technology The AMA Program requires processing thousands of records information and to maximize efficiency a technology solution has been developed • At the core of CIBC’s operational risk AMA compliance efforts is the “Sub-ledger” system • The “Sub-ledger” system is a central repository which houses all of the operational risk data (e.g., losses, issues, etc.) feeds; performs the capital calculations and provides management reporting

  13. Risk Measurement Operational risk capital is comprised of two main components: 1. Baseline (internal loss data or scenarios) • Expected loss = frequency X severity • Baseline capital = Worst Case Loss • depends on the expected loss, distributional assumptions, and the confidence interval 2. Qualitative Adjustments (RSA/CSA output) • Covers risks and key control deficiencies

  14. Baseline Capital Quantification Loss Distribution High Freq / Low Severity High frequency loss data for a given regulatory business line and loss type are fitted to a loss distribution and the Worst Case Capital calculated at a 99.9% Confidence Interval Expected Worst Case Low Freq / High Severity Low frequency events are defined through loss scenarios. The OpRisk group works with mgmt to determine a frequency and severity for each applicable loss type / business line. Internal and External loss data are used along with professional judgments to define the input parameters to the frequency and severity distributions. The resultant loss distribution is determined by running simulations Frequency Loss Distribution Severity Expected Worst Case

  15. Qualitative Adjustments Qualitative Adjustments (QAs) ensure capital reflects the current internal control and risk environment • In order to incorporate the latest information in regards to internal control issues arising from people, process and systems that were not addressed by baseline capital • The adjustments are identified through the Risk and Control Self Assessment (RSA/CSA) process may have either a positive or negative impact on risk capital • At CIBC this process is managed via a partnership of the OpRisk & Controls Group; and includes participation by the other governance groups (i.e. Audit, Legal & Compliance) • The QAs adds 10% to 20% to baseline capital and provide a degree of conservatism. Also serves as both a penalty & an incentive for improvement of the risk/control environment

  16. Future Developments / Enhancements • Reporting of Operational Risk Capital to OSFI as part of the parallel run through F2007 • Ongoing enhancements of the methodology • Continue to independently benchmark and validate the AMA Methodology

More Related