24. Analysing operational risk

Question 1

What are benefits of assessing operational risk

Answer 1

• Reduce reputational damage
• Minimise day-to-day losses
• Improve ability to meet objectives by reducing time on crisis management
• Strengthens overall ERM process and framework

Question 2

What are the characteristics of operational risk data

Answer 2

• Data of losses is skewed to right (large # of small losses vs big losses)
• Loss severities heavy tailed
• Losses occur randomly in time
• Loss frequency varies considerably over time
• Some classes of op loss are cyclical/depend on eco conditions&raquo_space; statistical methods may be difficult to apply

Question 3

What are the two losses that must be assessed

Answer 3

• Small day-to-day losses from business mistakes
• Infrequent large events

Question 4

List the models that can be used to model operational risks

Answer 4

• Bottom-up
• Top-down
  o Implied capital
  o Income volatility
  o Economic pricing
  o Analogue
• Scenario analysis
• Factor based models

Question 5

Outline how the bottom-up approach works

Answer 5

• Estimate operational risk capital by starting analysis at low level of detail (categories) and aggregate results
• Statistical analysis
  o Must cope well with outer tails
  o Can use EVT and Generalised Pareto for extreme events
  o If sufficient data&raquo_space; Monte Carlo simulation and confidence intervals for capital
• E.g., Basel (AMA)

Question 6

Outline the merits of bottom-up approaches

Answer 6

Pros:
o More robust picture of risk profile

Cons:
o Difficult to break down aggregate losses into constituents
o May be little internal historic data
o External data limited due to diffs

Question 7

Outline how scenario analysis would be applied

Answer 7

o Group risk exposures into broad categories, e.g. fraud etc. using input from people in org
o Develop possible adverse scenario for each group. Must be plausible and represents all risk in group
o Assess consequences
 Financial
 Non-financial e.g. operational strain, regulator
o Total costs is cost of all risks represented in chosen scenario

Question 8

Outline the merits of scenario analysis

Answer 8

Pros:
o Can reflect links between op risks and other risks
o Captures opinions, concerns and experience of risk managers
o Doesn’t rely too heavily on availability/accuracy/relevance of past data
o Can identify black swans
o Identify and improve understanding of cause and effect relationship
o Reduces risk-reward arbitrage opportunities

Cons:
o Subjective

Question 9

Outline how Factor based models

Answer 9

• If no data, can assume losses related to volume of transactions
  o Losses weighted by a or e volume
• Cons:
  o May not be proportional to business volume
• E.g., Basel basic indicator and standardised approaches

Question 10

Outline how the implied capital model works

Answer 10

• ORIV = TIV – NORIV
  Pros:
  o Vs. ICM- Better availability of total income volatility vs total risk capital
  Cons:
  o Ignores rapid evolution of cos and industries- income volatility changes over time
  o Focusing on income vs value ignores softer risk measures e.g., opportunity cost & value of reputation/brand

Question 11

Outline how the CAPM model work

Answer 11

• Assumes all market info is included in share price&raquo_space; impact of any publicised op losses can be found by looking at movement in share price and stripping out overall market movement

Pros:
o Vs. IVM- Includes aggregate of specific risk events + softer issues

Cons:
o No info on losses caused by specific risks
o ORC unaffected by controls- little motivation to improve RM process
o Tail-end risks not accounted for thoroughly
o Doesn’t help anticipate and avoid incidents of OR&raquo_space; no consideration of individual risks in isolation

Question 12

Outline how the analogue model works

Answer 12

• Use data from similar companies to get ORC
  Pro:
  o Useful if little internal data
  Con:
  o How well does one company reflect another?

Question 13

Wat is the operational risk assessment process

Answer 13

1. Risk policy and organisation
2. Risk identification and assessment
3. Capital allocation + performance measurement
4. Risk mitigation + control
5. Risk transfer + finance

Question 14

Which components make up the risk policy

Answer 14

• Principles for ORM
• OR definitions and taxonomy
• Objectives + goals of ORM
• ORM processes + tools
• ORM organisational structure
• Roles and responsibilities of business units involved in ORM

Question 15

Suggest some tools that can be used to identify and assess operational risk

Answer 15

• Loss incident databases
• Controls self-assessment
• Risk maps
• Risk indicators and min acceptable performance triggers

Question 16

What are the two approaches to calculating operational risk under Basel

Answer 16

• Advanced Measurement Approach (AMA)
• Factor based approaches

Question 17

Outline the AMA approach

Answer 17

o Assess OR using internal models (stat analysis) and scenario analysis (subject to approval + continual checking by supervisory authorities)
o Standard is 1-year holding period and 99.9% confidence interval
o Transactions / losses grouped into 7 business lines

Question 18

Outline the two factor based approaches under Basel

Answer 18

o Basic indicator approach: calculate the average gross income over a three year period. But only allow for the periods where the Gross Income is positive and multiply that by a fixed multiple alpha// Transactions / losses grouped into 7 business lines(details in summary)
o Standardised approach: split the business into 8 business lines and capital is allocated to each business line. We calculate Gross Income for each business line over a 3 year period (allowing for negative gross incomes), multiply by the multiplicative factor and divide by 3 (Details in summary)
o Transactions / losses grouped into 7 business lines