Chapter 3: Operational Risk

Question 1

What is the definition of operational risk?

Answer 1

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.

Question 2

What does the Basel Committee require banks to do?

Answer 2

Hold capital for operational risk

Question 3

What is an example of a workplace safety operational risk event?

Answer 3

Personal injury claim, Health and Safety fines

Question 4

What does improper dissemination mean?

Answer 4

Giving out misleading information about an investment or issuer of an investment purposely.

Question 5

What 3 provisions are used to prevent Money Laundering and Terrorist financing?

Answer 5

1. Customer Identification (KYC)
2. Record keeping of customer activity
3. Reporting suspicious activity to authorities

Question 6

How can Operational Risk cause Reputational Risk?

Answer 6

If clients or media become aware of the issue it can tarnish the firms reputation.

Question 7

How does Segregation of Duties reduce operational risk?

Answer 7

If an employee has access to multiple areas of an institution they can cover up losses and skirt in place risk mechanisms.

Question 8

How does having an independent centralized risk department help?

Answer 8

Work with other departments to improve controls
Maintain operational risk systems and framework
Ensure there are no ownerless areas of the bank
Escalation, analysis, oversight etc

Question 9

What 3 ways can you reduce the likelihood of a risk materializing?

Answer 9

1. Identify the risk
2. Clear ownership for the risk
3. Set up risk indicators

Question 10

What are the 6 steps of a Risk Management Framework?

Answer 10

1. Risk Identification
2. Risk Measurement
3. Management and Control
4. Risk Monitoring
5. Risk Reporting
6. Operational Risk Policy / Appetite

Question 11

Why is it useful to categorize risks?

Answer 11

More succinct risk frameworks, based on each category
Better understanding where weaknesses lie
Resource allocation

Question 12

What categories can you put operational risk into?

Answer 12

Process risks
People risks
System risks
External events

Question 13

What are the limitations of Self-Assessment Risk Identification

Answer 13

It is subjective, and open to abuse. Should be independently validated.
Aggregating scores can be difficult. People view risks subjectively.

Question 14

What is risk measurement?

Answer 14

Using quantitative techniques to understand the size of a firm’s risk profile.

Question 15

What is risk assessment?

Answer 15

Using human judgement to analyse risk data to estimate business impact.

Question 16

What is Impact and Likelihood Assessment?

Answer 16

Using the product of an events Likelihood and Impact ratings to determine the event Severity/Risk.
Likelihood can be events per year, Impact can be financial loss.

Question 17

What is Scenario Analysis?

Answer 17

‘Top down’ method, highlights potential risk combinations.
Using a model possible scenarios can be used to determine which risks are exposed. Preventative measures can be used to decrease the risk of occurrence.

Question 18

What is Bottom-Up Analysis?

Answer 18

Identifying individual risks and control inadequacy across business processes.
Aggregate them for a detailed profile of risks in each department

Question 19

What are some pros and cons of Bottom-Up Analysis?

Answer 19

Its advantages are:
* It addresses risk and control issues at the process level.
* Accountability and responsibility for risk management can be clearly defined.
* It encourages a more transparent and risk aware culture.
* It encourages continuous improvement.
be taken immediately if necessary.
* It can improve the quality of management information.
Its disadvantages are:
* It takes time to implement.
* It can be subjectively influenced by managers if not properly managed.

Question 20

What is a Key Risk?

Answer 20

Risks with the highest severity.

Question 21

What are Key Risk indicators?

Answer 21

Quantitative data that describes the status of a Key Risk

Question 22

What are the advantages of KRIs?

Answer 22

• Trends can be monitored, problems anticipated
• Basis for objective risk management

Question 23

What are expected losses?

Answer 23

Losses that occur with a regular frequency, usually with limited business impact. In a firms risk appetite.

Question 24

What are unexpected losses?

Answer 24

Low frequency, high impact events. Hard to manage due to small sample.

Question 25

What are some constraints of operational risk management?

Answer 25

Data collection - hard to build a comprehensive data set.
Cultural constraints - Many people are opposed to operational controls
Resource - Takes a lot of time and resources to implement
Indicators - Often the indicators are not comprehensive

Question 26

What is a risk register?

Answer 26

List of key risks from high to low impact
Includes the impact of risk, risk owner, action plan, mitigation controls etc.

Question 27

If a risk is too high and managing it is too resource intensive what can be done?

Answer 27

Withdraw from business
Modify a product offering
E.g. Prime for CS

Question 28

What is a preventative control?

Answer 28

Prevents error from occuring in the first place. Conventionally technological
E.g. Bilateral matching in CREST prevents incorrect settlement
Segregation of duties

Question 29

What is a detective control?

Answer 29

Detect errors once they have occurred.
Fails reports
EOD’s

Question 30

What is a business continuity plan (BCP)

Answer 30

Deals with premises and people plan after a disaster. “Where will staff work if main site is out of action?”

Question 31

What is disaster recovery?

Answer 31

Procedures which deal with IT and key infrastructure to keep business running

Question 32

How can you outsource risk?

Answer 32

Allowing a third-party to handle it.
In Prime, many hedge funds have J.P.M handle settlement risk.

Question 33

What is the major disadvantage of KRIs?

Answer 33

Can affect business performance if managers start managing to their KRIs to enhance bonus rating.
E.g. Rich cancelling the SLRs.

Question 34

What kind of operational risk would a damage to premises be called?

Answer 34

Damage to physical assets

Question 35

A firm decides it is not worth the expense of mitigating a risk. What would this be called?

Answer 35

Risk acceptance

Question 36

Customer identification prevents which stage of money laundering?

Answer 36

Placement/Layering
Report suspicious customers and identify customers

Question 37

Which type of risk assessment uses loss data and experience of personnel to measure risk?

Answer 37

Bottom-up measurement

Question 38

Who is operational risk best MANAGED by?

Answer 38

Business departments in which they arise. E.g. OTMs managed by us.
Best planned and monitored by a centralised risk department though.