Ch 9 The Regulatory Treatment of Operational Risk

Question 1

** What are the key regulatory frameworks influencing operational risk management in the banking and insurance sectors, and how do they differ in their approach?**

Answer 1

• Basel III is the key regulatory framework influencing operational risk management in the banking sector. It focuses on enhancing the resilience of banks against operational risk by introducing a standardized approach for calculating capital requirements.
• In contrast, the Solvency II Directive is the key regulatory framework impacting operational risk management in the insurance sector within the European Economic Area (EEA). It mandates a capital requirement based on a 99.5% confidence level over a one-year period, influencing operational risk practices in the region.

The main difference between the two is the approach to calculating capital requirements. Basel III introduces a standardized approach, while Solvency II allows for more flexibility with a focus on a specific confidence level over a defined time period.

Question 2

How do supervisors approach operational risk management in the financial industry, and what are the consequences of failing to manage it effectively?

Answer 2

• Supervisors focus on operational risk management through risk frameworks, controls, and information systems.
• They allocate resources based on risk appetite and prioritize areas like customer service, operational risk frameworks, and specific risks like outsourcing.
• Supervisors use both desk-based work and on-site examinations, conducting thematic visits to address specific types of risk.
• They prioritize resources based on current needs and issue guidance based on standards and local market factors.
• Regulators emphasize corporate governance and hold executives accountable. They prefer cooperation but have escalating powers to enforce change, including fines and license revocation. Recent large fines demonstrate the severe consequences of operational risk mismanagement.

Question 3

How do regulators ensure financial firms comply with anti-financial crime regulations, and what factors do they consider in their assessments?

Answer 3

*Regulators, guided by FATF recommendations and national laws, enforce anti-financial crime measures.
* They focus on training, risk frameworks, customer due diligence, transaction monitoring, and handling of politically exposed persons.
* Assessments cover individual competence, firm-wide commitment from the board level down, and the effectiveness of anti-financial crime infrastructure.
* Central inspection units enhance expertise and oversight, conducting both desk-based and on-site inspections. Regulators must report any discovered wrongdoing.

Question 4

What specific operational risks are regulators focusing on in recent years, and how are they addressing these risks?

Answer 4

• Outsourcing Risk: Regulators emphasize that firms remain accountable for outsourced activities and cannot blame providers for errors. They are also concerned about outsourcing to non-regulated entities, leading to increased scrutiny and potential treatment of these entities as licensed financial firms.
• **Business Continuity Management: **Following events like 9/11, regulators now require firms to have effective business continuity plans and test them regularly. They also conduct industry-wide scenarios and peer comparisons, focusing on systemic risk mitigation.
• Legal and Documentation Risk: With increasing litigation, regulators focus on ensuring legal procedures and documentation are up-to-date and compliant. Firms are expected to have appropriate legal support and consider legal risk separately.
  * Change Management: Regulators pay attention to the oversight of change, looking for evidence of effective project management techniques to ensure firms can deliver change while serving clients.
• Systems (IT) Risk: Regulators are evolving their approach from traditional audits to a deeper understanding of IT risk through the use of third-party experts.
• Conduct Risk: The creation of the Financial Conduct Authority (FCA) and scandals like PPI mis-selling and LIBOR rigging have heightened focus on conduct risk. Regulations like the Senior Managers Regime (SMCR) and international directives like MiFID, EMIR, and CRD3 further emphasize conduct risk mitigation.

Question 5

What factors led to the inclusion of operational risk capital requirements in Basel II, and how are these requirements structured and implemented?

Answer 5

• The Basel Committee’s approach to operational risk management goes beyond just capital adequacy rules, emphasizing qualitative and management techniques.
• However, the rise of IT, outsourcing, securitization, and rogue trading incidents led to the inclusion of operational risk capital requirements in Basel II.
• These requirements are divided into Pillar 1 and Pillar 2. Pillar 1 sets mandatory minimum capital requirements, while Pillar 2 allows national supervisors to impose additional requirements based on individual bank circumstances.
• Pillar 2 is often used when Pillar 1 is deemed insufficient or when a bank is particularly vulnerable to operational risk.
• Pillar 3 focuses on external disclosure of operational risks. While it requires transparency, actual loss data is not always publicly available due to other regulatory and commercial constraints. The text further details Pillar 1 operational risk capital requirements for banks and equivalent Solvency Ratio requirements for insurance firms.

Question 6

What are the four approaches for setting Pillar 1 capital requirements against operational risk and how do they differ?

Answer 6

• **Basic Indicator Approach (BIA): **This approach produces an average percentage of income that can be applied by any bank without further calculation. Operational risk is derived as a percentage of the average annual gross income over three years, set at 15%.
• **Standardised Approach (TSA): **This approach takes the same approach as BIA but is risk-weighted according to the business line in which the income has been generated, using what is termed a beta factor.
• Alternative Standardised Approach (ASA): At national discretion, a supervisor can choose to allow a bank to use the ASA. The operational risk capital charge change/methodology is the same as for the Standardised Approach except for two business lines, retail banking and commercial banking.
• **Advanced Measurement Approach (AMA): **This approach requires banks to consider four elements in developing their own estimate of their operational risk capital at the 99.9% confidence interval. The elements being: Industry loss data, Internal loss data, Scenario analysis, and an adjustment factor for internal controls.

The Standardised Approach (TSA):
The Business Line Beta Factors (risk weightings) are as follows:
Corporate finance (β1) 18%.
Trading and sales (β2) 18%.
Retail banking (β3) 12%.
Commercial banking (β4) 15%.
Payment and settlement (β5) 18%.
Agency services (β6) 15%.
Asset management (β7) 12%.
Retail brokerage (β8) 12%.