Download
1 / 51
530 likes | 832 Views
Operational Risk June 2002. Operational Risk on Everyone’s Desk – The RADAR System. External Requirement. Business Needs. Business Lines & Internal Stakeholders. Business OR. Group OR. Regulators & External Stakeholders. Risk Strategy. Business Direction.
E N D
Operational Risk June 2002 Operational Risk on Everyone’s Desk – The RADAR System
External Requirement Business Needs Business Lines & Internal Stakeholders Business OR Group OR Regulators & External Stakeholders Risk Strategy Business Direction Risk Advisory/ Risk Appetite Risk Disclosure Market Discipline Governance Supervisory Review Management & Daily Decisions Progress Tracking & Escalation Guideline/Policy Data Information Provision Risk Analysis & Costing/Profiling Economic Capital Methodology Regulatory Capital Charge OR Clients & Services Page 1
Mgt Actions & Projects OR Committees Risk Advisory Escalation & Tracking Risk Identification Scenarios OR Profile OR Costing Process Mapping Reporting & Analysis Self- Assessment Modelling Data Collation KRI Reporting Loss Data Collation Control & Management Process Page 2
Resource Planning Decision-Making Body Project Initiation Risk Costing / Risk Rating Loss Management • New Initiatives • Risk Mitigation • Project status • Risk-Priorities • Audit Issues • Corrective Action • Accountability • Risk Awareness • Corporate Memory • Analysis/Reports • Risk Mapping • Automation • Outsourcing • E-Commerce • Risk Transfer • Constraints • New Products • Infra. Projects • Capital Budget • Aggregation • Quality Scores • Healthcheck • Grey Areas • Scenarios • Issue Mngmt • Early Warning • Trending • Escalation • Benchmarking • Best Practice Value Added Program OR Committees Self-Assessment Risk Advisory KRI Reporting Loss Data Collation Proactive Value-Added Reactive Passive Potential Loss Audit Follow-Up Project Sign-Off Status Report Data Repository Data Intensity Page 3
Business Data - RADAR Economic Capital Budget Reporting Incident Capture Key Risk Indicators Self Assessment RADAR Process Model Incident Capture Features - Loss categorisation - Web-based workflow - Decentralised control - Tailored p+l calculations - Email notifications/alerts - Digital certification/sign-off - GDS group-based security - Data drilldown & extract - Multi-entity/multi-lingual - Fully Parameterisable - User/system notes - Online help KRI & Reporting Features - KRI measure/issue set up - Product/process mapping - Decentralised submission - Multiple reporting streams - Edit/report/read roleplay - Multi-dimension data capture - Item or bulk upload capability - Data drilldown/breakdown - Comparatives/benchmarks - Issue tracking/management - Scorecard report-writer - Web report distribution Self-Assessment Features - Detailed question sets - Loss frequency/severity - Quality scoring/weighting - Aggregated loss estimates - Assessor/approver roles - Data views and security - Multi-entity/multi-lingual - Standardised reporting System Architecture Page 4
Losses Operational Risk Data Described by Activity Attributes Category Location Org Unit Key Risk Indicators Process Product System Self-Assessment Simplified Activity Buckets IR OTC & Credit Derivativatives Cash Equities Cash Bonds Exch Traded Derivatives Equity OTC Derivatives Capital Mkts - Ldn Order Receipt/Routing BestConnect, DROM, Wonder Manual Gatornet Manual DealViewer Pricing & Execution Fidessa, Pirate, Colt, Spots, Reuters Bloomberg, e-Bond Trinitech, Liffe Connect, Eurex, ORC CFD2, EqTrader Kondor, Stars, Merlin Deal Capture & Risk Mgt BestConnect, Fidessa, Pirate, Colt, Imagine, Posts Bloomberg, RIBS, Bondseye Pirate, Trinitech, Imagine, GMI, Clearvision Murex, Equods, Imagine Kondor, Stars, Merlin Settlement & Reporting Posts, Gerts, Grave RIBS, GRR, TRMS Imagine, Gerts, Grave, POSTS, GMI, Clearvision POSTS, Imagine, Gerts, Grave AIMS, ANLOS, TRMS Process Model “We must have a consistent framework – the data model is the risk map” Page 5
Participation “What is a loss ? There’s no debate once it is internally owned and authorised” RADAR Workflow Principles Errors & Loss Data • Anyone in the bank can identify an incident • Investigation requires specialist control groups • 3 managers as a minimum sign off each incident • Email notification and senior management alerts • Validation & routing managed by control groups Risk Indicators • Central KRI specifications, also some user defined • Any department can establish its own reporting stream • Newspaper style workflow – reporters, editors, readers • Anyone can write an OR Report for their user rights Page 6
Categories “What is a loss ? We need a lot of descriptive fields around the basic categories” Errors and Loss Data • fully parameterisable, multi-entity, multi-lingual, local views & naming • direct/indirect loss effect types, multi-select, entered by investigator • causal ‘reason codes’, primary/secondary, entered by error owner • causal process point, expected/unexpected, entered by error owner • recoveries, contributing parties, entered by authoriser • Basel event categories, mapped by system, checked by validator • error accounts, cost centres, control process, checked by validator • online help and support facility Risk Indicators • shared parameters/categories with loss platform • volume, exception, risk exception, error measures • multiple measure types – count, value, duration, score … • mandatory/optional data fields, high/med/low criticality • control processes, function reported by and reported for RADAR Parameters Page 7
Functionality “No-one uses a system unless there’s something in it for them” Errors and Loss Data – Multi-Currency P+L Calculations • Cash Equity – buy/sell amount and price • Cash Bonds – as above plus interest accruals • Equity-Linked – as above plus conversion ratios • Futures and Options – as above plus commission • Interest Claims and Funding – rate/daycount/amount • Freeform p+l – multiple effect types, user notes, attach file Risk Indicators – Data Management • Product/Process/System Mapping – by KRI, org unit, location • Multidimensional data entry and bulk data upload • Data Locking and submission management • Issues and action management RADAR User Tools Page 8
Reporting “It’s all about risk awareness .. if we can just put Operational Risk on everyone’s desk” Errors & Loss Data • Incident Search and data feed facility • League table reporting with incident drill down • Advanced power user reporting and data extract • Simple graphing and data analysis via data extract Risk Indicators • Report templates including ‘scorecard’ style • Measure/issue selection incl. prior period/benchmarks • Editable draft reports with OR commentary facility • HTML & PDF reports, data trending/graphing/drilldown • Integrated reporting of KRIs, loss data and self-assessment RADAR Reporting Page 9
Operational Risk June 2002 Loss Data Appendix & Screenshots
Loss Categorisation Causal CategoriesSample Loss Effects Direct Cost Indirect Costs Lost Clients/Deals, Damaged Reputation, Cost to Rehire/Lock-in Corporate Memory Loss, Failed Initiatives, Staff Morale, Ongoing Ability to Rehire One-off Developer/Support Costs Business Disruption, Damaged Reputation, Opportunity Cost of Management Time/Focus Asset/Facility Replacement Costs Project Write-downs, Write-offs Opportunity Cost of Management Time/Focus Trading Errors Funding Costs Regulatory Risk, Reputational Damage Penalties/Fines Cost to Cover Supply Failure Business Disruption, Regulatory/Reputation Risk Asset/Facility Replacement Costs Business Disruption, Damaged Reputation Human Capital IT Applications Infrastructure Management Procedures & Controls External Services External Damage Page 11
Loss Data Workflow Stage Name Identify reject Automated e-mail Investigate & Control reject Automated e-mail Owner Acceptance reject Automated e-mail Authorisation Automated e-mail reject Validation Loss Data Workflow Stage Owner Stage Description • Form Originator at Control Process Point • Enter basic incident details • Can be entered by any RADAR user • Details passed to central control group • Restricted Access: Control by independent function: • Fin Control • Risk Control • Ops Control • Investigation & validation of incident details • Independent calculation of profit/loss impact • Allocation of error to an Owner • Incident Owner: e.g. trader, salesman, officer • Review incident details • Explain causes of error • Accept & nominate authoriser • Level 1:Desk Head • Level 2: Head of Trading • Level 3: Head of Business • Review incident details & comment • Sign off on validity of incident • No of authorisers dependent on size • Restricted Access: Investigator or other members of Control Group • Validation of incident categorisation • Validate correct authorisation level Page 12
Main Menu Page 13
Online Help & Support Page 14
Identify Page 17
Investigate – Cash Equity Page 18
Investigate – Interest Claim Investigate – Interest Claim Page 19
Investigate – Funding Details Page 20
Investigate – Freeform P+L Page 21
Owner Accept Owner Accept Page 22
Authorise Authorise Page 23
Management Alerts Page 24
Validate Page 25
Routing, Void, Reassign Page 26
Multi-Entity Page 27
Search Page 28
League Table Reporting Page 29
Advanced Reporting Page 30
XX Division Trading Error Report - 2001 YY Product 1. High level losses by month 2001 Trading error losses (€) by Sub-Product 2001 Number of trading errors by Process Order Receipt AA Limit Checks BB Order Routing CC Price Quote DD Execution/Order Fill EE Client Reporting FF Deal Capture GG Position Management Monthly evolution of losses by location (€k) X Product corrected fields 900 200 Unidentified 160 700 AA Currency BB CC Account 120 500 DD Date Number of errors EE Loss (€k) Direction 80 FF 300 Instrument GG Price HH 40 100 Quantity JJ Whole Trade 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec -100 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Comments: 1. Trading errors peaked in February 2001, with a €XXXk loss on allocation to a client during the XYZ IPO. Aside from this, errors have fluctuated about the average of €YYYk per month. 2. The majority of errors in 2001 were related to an incorrect price field, although the number of errors related to the whole trade has increased steadily since May. Loss Data Reports Loss data can be analysed against any of the dimensions of the RADAR Process Model Page 31
Operational Risk June 2002 KRI Appendix & Screenshots
KRI Categorisation Causal CategoriesSample Key Risk IndicatorsVolume Exception Risk Exception Staff Key Leavers/Joiners Disciplinary Cases # Systems Helpdesk Calls Downtime Duration Enhancement Requests Change Releases System Bugs New/Deleted Accounts Firewall Changes Policy Breaches # Servers System Dependencies Firecalls Premises Capacity Occupancy Rate Engineering Incidents # Projects Milestones Missed Scrapped Projects Decisions Announced Decisions Pending Negative Media/Press Audits Conducted # Audit Issues Overdue Issues Trade Volumes Current Breaks Breaks >30 days Exposure Limits Limit Breaches Managed Positions # Stat/Reg Reports Targets Missed Restated Reports # Ext Suppliers SLAs Outstanding SLA Breaches Firewall Traffic Firewall Alerts Virus/Hacker Attacks Physical Exposure BCP Invocations Insurance Claims Indemnity Exposure Complaints/Investigations Lawsuits Human Capital IT Applications Infrastructure Management Procedures & Controls External Services External Damage Page 33
Risk Indicator Workflow Stage Name KRI Setup & Maintain Assign & Raise Submissions Automated e-mail Data Entry & Locking Automated e-mail Produce Reports Review & Edit Automated e-mail Distribution Risk Indicator Workflow Access Rights Stage Description • OR Editors • Define/set up new mandatory/optional KRIs • Classify measure or issue type and nature • Associate products, processes, org units • OR Editors • Define submissions for functions/locations • Assign KRI submissions to reporter groups • Raise/manage submissions for time periods • Reporter Groups • Enter data individually or via bulk upload • Enter commentary/issues and criticality • Lock data submissions once complete • Editor Groups • Produce OR reports and scorecards • Select optional data and issues • Add or edit OR commentary • Reader Groups • Receive/read reports • Query and drill down capability Page 34
KRI Set Up KRI Set Up Page 35
Process Mapping Page 36
KRI Submissions KRI Submissions Page 37
Submission Details Page 38
KRI Data Entry KRI Data Entry Page 39
Multi-Dimensional Data Entry Multi-Dimensional Data Entry Page 40
Bulk Data Entry Bulk Data Entry Page 41
Issues & Actions Issues & Actions Page 42
Manage Submissions Page 43
Report Templates Page 44
Report Writing Page 45
Measures Selection Page 46
Review & Edit Review & Edit Page 47
KRI Reporting KRI Reporting Page 48
Data Drilldown Page 49
