Institute of operational risk
Download
1 / 51

Institute of Operational Risk - PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on

Institute of Operational Risk. 2 nd Scottish Annual Conference 26th October 2012 (in conjunction with Glasgow Caledonian University).

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Institute of Operational Risk' - haven


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Institute of operational risk

Institute of Operational Risk

2nd Scottish Annual Conference

26th October 2012

(in conjunction with Glasgow Caledonian University)


Institute of operational risk

Institute of Operational Risk26 October 2012Data Capture, Accuracy and Recording of Operational Risk LossesAndrew Sheen (FIOR)Manager, FSARisk Frameworks team (PBU)


Context internal data external data supervisory concerns and issues relevant papers

Context

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Context internal data external data supervisory concerns and issues relevant papers1

Context

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Institute of operational risk

The nature and outcome of operational risk data collected ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

(Observed Range of Practice in Key Elements of AMA, BCBS, July 2009)


Institute of operational risk

So loss data collection is about: ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Risk management, including

Risk events and impact

RCSA

Scenarios

Risk measurement, including

Scenarios

AMA

Pillar 2


Context internal data external data supervisory concerns and issues relevant papers2

Context ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Context internal data external data supervisory concerns and issues relevant papers3

Context ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Institute of operational risk

Data sources ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Consortium –

May exclude key events (ie they did not happen to a member firm (rogue trading))

Limited supporting information

Public data –

Is the information accurate

What about events that did not get into the press

Issues include-

Data quality

Completeness

Consistency

Thresholds

Scaling

That could not happen here


Context internal data external data supervisory concerns and issues relevant papers4

Context ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Institute of operational risk

Loss definition ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Range of practice between firms using gross and net loss for AMA calculations

For the firm to justify its choice

Problems calculating the insurance allowance if using net loss


Institute of operational risk

Loss Data Thresholds ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Considerable variation in thresholds by firm and business line

Influences the management and measurement of operational risk

Should be based on statistical evidence showing items below the threshold are immaterial when calculating capital

Should not omit operational risk loss event data that are material for operational risk exposure and for effective operational risk management

Choice of threshold should not impact credibility


Institute of operational risk

Date of Internal Losses ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

BIS does not provide any guidance - Banks have several reference dates

Date of occurrence *

Date of discovery * ‘

Date of contingent liability

Date of accounting (first financial impact) * ‘

Date of settlement

* Typically used by banks

‘ Most prudent

Supervisory concern – can the selected date result in the omission of large internal losses and therefore significantly impact OR capital at a given point in time and over time

Firms can select which date to use as long as material loss data is not omitted


Institute of operational risk

Grouped Losses ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Banks sometimes group a number of losses and treat the group as a single loss for recording, management and modelling purposes. Depending on the reasons for grouping the following different guidelines apply

Losses caused by a common operational risk event should be grouped and entered into the loss calculation dataset as a single loss, unless the firm chooses to model causality or dependence among those losses in a different manner

Small losses grouped with no causal relations for data collection and registration should be excluded from the calculation dataset


Institute of operational risk

Review and Validation ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Has the data collection process been reviewed and validated by

Reconciling to the General Ledger

Internal audit

Third party

Using loss data and events to inform:

RCSA

Scenarios

KRIs


Institute of operational risk

Other Issues ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Near Misses

What % of losses are missed

Frequency

How relevant is old data

How are losses allocated across business lines

Boundary Issues

Losses, near misses and P2


Context internal data external data supervisory concerns and issues relevant papers5

Context ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Internal Data

External Data

Supervisory Concerns and Issues

Relevant Papers


Institute of operational risk

Key documents ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Enhancing frameworks in the Standardised Approach to Operational Risk, FSA, January 2011

http://www.fsa.gov.uk/library/policy/guidance/2011/gn11.shtml

http://www.fsa.gov.uk/pages/Library/Policy/guidance_consultations/2011/11_17.shtml

Operational Risk – Supervisory Guidelines for the Advanced Measurement Approaches, BCBS, June 2011

http://www.bis.org/publ/bcbs196.htm

Observed Range of Practice in Key Elements of the Advanced Measurement Approaches, BCBS, July 2009

http://www.bis.org/publ/bcbs160.htm

Results from the Loss Data Collection Exercise for Operational Risk, BCBS, July 2009

http://www.bis.org/list/bcbs/page_2.htm


Andrew sheen fior risk frameworks team pbu financial services authority andrew sheen@fsa gov uk

Andrew Sheen (FIOR) ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Risk Frameworks team (PBU)

Financial Services Authority

andrew.sheen@fsa.gov.uk


Institute of operational risk1

Institute of Operational Risk ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

2nd Scottish Annual Conference

26th October 2012

(in conjunction with Glasgow Caledonian University)


Institute of operational risk scottish conference

Institute of Operational Risk Scottish Conference ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

3 Lines of Defence

George Clark, Glasgow, October 2012


The 3 lines of defence
The 3 Lines of Defence ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Internationally recognised go to model for financial services firms.

  • Referenced by:

  • ECIIA/FERMA – Guidance on the 8th EU Company Law Directive, Sept 2010

  • Basel Committee on Banking Supervision – Sound Practices for the Management and Supervision of Operational Risk, December 2010

  • COSO – Exposure Draft: Internal Control Integrated Framework, December 2011

  • Key objective is sound internal governance but perhaps a better term is effective internal governance.


The 3 lines of defence model
The 3 Lines of Defence Model ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Board/Audit Committee

Senior Management

1st Line of Defence

2nd Line of Defence

3rd Line of Defence

Credit

External Audit

Internal Audit

Operational Management

Internal Controls

Compliance

Operational Risk

Others


Which in simple terms
Which in simple terms... ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Do

Review

Overview

  • The first line:

  • Identify, assess, control, mitigate and manage risk

  • Comply with risk framework

  • Ensure effective design, implementation and operation of controls

  • Escalate material threats and risk exposures

  • Operate good governance of the business function

  • The second line:

  • Provide policy and framework

  • Monitor, oversight of and challenge to 1st line

  • Support good Governance of the company

  • Report and escalate threats and risk exposures

  • The third line:

  • Independent assurance over the first two lines of defence

  • Quality assurance on the application of the framework

  • Evaluation of control adequacy


Big 5 factors which influence success
Big 5 factors which influence success ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Context and Environment

  • Roles and Responsibilities

  • Training, Education and Communication

  • Data

  • Culture


Context and environment
Context and Environment ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Capability

  • Complexity

  • Scale and spread

  • Retail

  • Wholesale

  • Automation


Roles and responsibilities
Roles and Responsibilities ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • NOT about structures but about “real world”

  • Clear, documented, understood and agreed

  • There will be grey areas – embedded risk

  • Align risk management silos

  • Don’t forget Senior Management and Board

  • Challenge for risk to be both trusted advisor and policeman

  • Learn from others experience – HR and IT


Training education and communication
Training, Education and Communication ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Awareness both initial and ongoing

  • Skill and capability

  • Build reliance and resilience

  • Align with company objectives and strategy

  • Don’t forget Senior Management and the Board nor the new entrant


Institute of operational risk
Data ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Intelligence gathering

  • Monitoring

  • Relationship Management

  • Management information

  • Key measures of success

  • What gets checked gets done


Culture
Culture ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

“Banks in this country are “two decades behind” other keystone global industries like aviation and oil and gas in recognising the critical importance of individual behaviour and corporate culture in managing and minimising their operational risks. The dominant banking instinct is to “reach for the sticking plaster” rather than confront the root cause of risk failures”

Source: The Back Office front line, Chartered Banker Magazine October/November 2012


Culture1
Culture ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Tone from the top

  • Communication

  • Paradigms and environments

  • Influences and drives business outcomes, including the taking of risk and the quality of processing

  • Major failings during the global financial crisis


The culture house
The culture house ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Responsibility

Accountability

Spirit of the law

Proportionate action

Consistent action

Willing to listen

Leading by example

Realistic

Transparent

Consequences


Closing observations
Closing observations ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Be proportionate and practical

  • Look for that “use test”

  • Ride out the storm, it gets worse before it gets better

  • Expect progress not perfection

  • Implementation is king


Questions and comments
Questions and Comments ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

??


Institute of operational risk2

Institute of Operational Risk ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

2nd Scottish Annual Conference

26th October 2012

(in conjunction with Glasgow Caledonian University)


Risk culture behaviours

Risk Culture + Behaviours ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Reflections From A Reformed Banker


Scene setting

Scene Setting ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Culture and behaviours are highly prized and difficult to change

They’re not all standard

They’re not always rational.

They shift for the better...and worse


Culture behaviour issues

Culture & Behaviour Issues ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.


And it gets worse

And it gets worse ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

McKinsey Survey of 2,207 executives:

28% say the quality of strategic decisions were generally good?

60% say good and bad decisions occur in equal measure

12% say nearly all decisions are bad

51% say major risk decisions are

attributed to a single function?!?!?


Is it taken seriously

Is it taken seriously? ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.


Ivory tower

Ivory Tower? ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

ACCA survey – 2012


Where to start

Where to start ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Root causes are ambiguous, multi faceted and outside your control

Be practical so start @ home:

It’s not someone else’s responsibility

People or admin?

Risk MI identification &

integration


Keep going

Keep going ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Be mindful of barriers

‘2nd line of defence’

fear

habit

history

Use internal and

external audit

Avoid orderly inaction

Engage senior management

in your thoughts


Don t stop

Don’t Stop ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Don’t drop the ball

Events, issues and actions MUST be complete, accurate and managed through to completion

Learn from other firms hard earned lessons

Map and assess the existence and design of the control environment

Focus on positive assurance arrangements

Keep communicating outcomes and

next steps


That s just the start

That’s just the start ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

Review and amend governance arrangements

Adequacy of performance

Business engagement and ownership

Don’t think this is a Co Sec responsibility; below Board/Exec level it’s often a gap

Recruit talent and relocate tasks

Build Risk IT capability

Then the fun starts...


The journey continues
The journey continues ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Recruit and reallocate existing talent

  • Integrate IT and Op risk processes with business processes, including outsourcers

  • Evaluate organisational and e2e

  • process design

  • Use the Exec and Board using

  • ‘position papers’


And continues
And continues ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

  • Maintaining credibility

  • Benchmark your Op Risk unit

  • Horizon scanning and increased engagement with ‘Corporate Change’

  • Get a risk change budget!

  • Develop cross discipline expertise

  • Reward and recognition


Questions and thanks
Questions and thanks ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

alan.esson@swip.com;

0131 655 8809


Institute of operational risk3

Institute of Operational Risk ….affects not only the outcome of the bank’s quantification process but also operational risk management decisions.

2nd Scottish Annual Conference

26th October 2012

(in conjunction with Glasgow Caledonian University)