24. Analysing operational risk Flashcards
What are benefits of assessing operational risk
- Reduce reputational damage
- Minimise day-to-day losses
- Improve ability to meet objectives by reducing time on crisis management
- Strengthens overall ERM process and framework
What are the characteristics of operational risk data
- Data of losses is skewed to right (large # of small losses vs big losses)
- Loss severities heavy tailed
- Losses occur randomly in time
- Loss frequency varies considerably over time
- Some classes of op loss are cyclical/depend on eco conditions»_space; statistical methods may be difficult to apply
What are the two losses that must be assessed
- Small day-to-day losses from business mistakes
- Infrequent large events
List the models that can be used to model operational risks
- Bottom-up
- Top-down
o Implied capital
o Income volatility
o Economic pricing
o Analogue - Scenario analysis
- Factor based models
Outline how the bottom-up approach works
- Estimate operational risk capital by starting analysis at low level of detail (categories) and aggregate results
- Statistical analysis
o Must cope well with outer tails
o Can use EVT and Generalised Pareto for extreme events
o If sufficient data»_space; Monte Carlo simulation and confidence intervals for capital - E.g., Basel (AMA)
Outline the merits of bottom-up approaches
Pros:
o More robust picture of risk profile
Cons:
o Difficult to break down aggregate losses into constituents
o May be little internal historic data
o External data limited due to diffs
Outline how scenario analysis would be applied
o Group risk exposures into broad categories, e.g. fraud etc. using input from people in org
o Develop possible adverse scenario for each group. Must be plausible and represents all risk in group
o Assess consequences
Financial
Non-financial e.g. operational strain, regulator
o Total costs is cost of all risks represented in chosen scenario
Outline the merits of scenario analysis
Pros:
o Can reflect links between op risks and other risks
o Captures opinions, concerns and experience of risk managers
o Doesn’t rely too heavily on availability/accuracy/relevance of past data
o Can identify black swans
o Identify and improve understanding of cause and effect relationship
o Reduces risk-reward arbitrage opportunities
Cons:
o Subjective
Outline how Factor based models
- If no data, can assume losses related to volume of transactions
o Losses weighted by a or e volume - Cons:
o May not be proportional to business volume - E.g., Basel basic indicator and standardised approaches
Outline how the implied capital model works
- ORIV = TIV – NORIV
Pros:
o Vs. ICM- Better availability of total income volatility vs total risk capital
Cons:
o Ignores rapid evolution of cos and industries- income volatility changes over time
o Focusing on income vs value ignores softer risk measures e.g., opportunity cost & value of reputation/brand
Outline how the CAPM model work
- Assumes all market info is included in share price»_space; impact of any publicised op losses can be found by looking at movement in share price and stripping out overall market movement
Pros:
o Vs. IVM- Includes aggregate of specific risk events + softer issues
Cons:
o No info on losses caused by specific risks
o ORC unaffected by controls- little motivation to improve RM process
o Tail-end risks not accounted for thoroughly
o Doesn’t help anticipate and avoid incidents of OR»_space; no consideration of individual risks in isolation
Outline how the analogue model works
- Use data from similar companies to get ORC
Pro:
o Useful if little internal data
Con:
o How well does one company reflect another?
Wat is the operational risk assessment process
- Risk policy and organisation
- Risk identification and assessment
- Capital allocation + performance measurement
- Risk mitigation + control
- Risk transfer + finance
Which components make up the risk policy
- Principles for ORM
- OR definitions and taxonomy
- Objectives + goals of ORM
- ORM processes + tools
- ORM organisational structure
- Roles and responsibilities of business units involved in ORM
Suggest some tools that can be used to identify and assess operational risk
- Loss incident databases
- Controls self-assessment
- Risk maps
- Risk indicators and min acceptable performance triggers