Chapter 3: Operational Risk Flashcards
What is Operational risk
The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events
What elements are essential for effective operational risk management framework
Clear risk oversight by board and SM
Strong operational risk culture
Strong Internal control culture
Effective internal reporting
Contingency planning
What are the seven operational risk types
Internal fraud
External fraud
Employment practices and workplace safety
Clients, products and business practices
Damage to physical assets
Business disruption and system failures
Execution, delivery and process management
Examples of market abuse
Insider dealing
Improper disclosure
Improper dissemination
What are the three stages of money laundering
Placement
Layering
Integration
What are the Anti-money laundering provisions
Identify customers and report suspicious transactions at the placement and layering stages
Keep adequate records which should prevent the integration stage being reached
Report suspicious activity or behavior to the relevant regulatory or legislative authority
What are some risk management precautions in place to prevent financial crime
Educating staff
Putting systems and controls in place to mitigate the risk of occurrence
Monitoring staff compliance with the internal rules and the external legal and regulatory stipulations
Escalating behavioral exceptions to a specific individual or committee for investigation
Penalizing contravention with the rules and if necessary informing the relevant authorities
Operational risk’s consequential effects
Reputational risk
Compliance risk
Credit risk
Market risk
Liquidity risk
Investment risk
What is an operational risk policy
A document which outlines a firms strategy and objectives for operational risk management
What is included in an operational risk policy
Identify key officers
Roles and responsibilities
Segregation of duties
Cross-functional involvement and agreement
Roles of operational risk management function
Assess risks
Benchmark good practice
Support and maintain
Provide oversight
Ensure issues are escalated
Statistical modelling
How to identify operational risk
Self assessment
Key risk indicators (KRIs)
Risk workshops
Loss data trend analysis
External loss data
Audit reviews
How to prevent a risk from materializing
Identify risk before it occurs
Establish clear ownership of the risk
Monitor appropriate risk indicators
How to reduce impact of materialized risk
Quick escalation
Assign an owner
Ensure appropriate insurance is in place
What is included in an operational risk management framework
Risk identification
Risk measurement and assessment
Risk monitoring
Risk Reporting
Operational risk policy
Why is categorizing risks beneficial
More succinct risk management
Better understanding of weaknesses
Common language for discussing risks
What is self assessment risk identification
Typically involves a checklist of the risk that a particular area of the firm faces. Risks are scored on probability and impact
Why does self assessment have limitations
It is subjective and therefore subject to manipulation
Combining scores from different participants can be difficult
reasons for measuring and assessing operational risk
Establish quantitative baseline from improving control environment
Provide incentive
Improve management decision making
Satisfy regulators and shareholders
Make an assessment if the financial risk exposure
What is risk measurement
The use of quantitative techniques to understand the size of a firm’s or business area’s risk profile
What is risk assessment
Utilizes objective data and uses human judgement to estimate the impact on the business
What is an impact and likelihood assessment
The assessment may be subjective or objective. The risk severity ranking depends on the likelihood of the risk being realized and the impact
What is an example of likelihood probability ratings
1 = very low - not likely to occur within 10 years
2 = low - Likely to occur within 3 to 10 years
3 = medium - Likely to occur within 3 years
4 = High - Likely to occur within a year
What is an example of impact loss ratings
1 = Very low - under £1000
2 = low - £1000 to £10,000
3 = Medium - £10,000 to £50,000
4 - High - Above £50,000
How to calculate risk score
Likelihood score*Impact score
Advantages of impact and likelihood assessment
Simple
Evaluates control environment
Focuses attention on most important risks
Disadvantages of impact and likelihood assessment
Over simplified
Subjective
What is scenario analysis
A top down method of highlighting potential risk combinations in order to allow preventative action to be taken
What is bottom up analysis
Bottom up measurement seeks to analyze the individual risks and adequacy of controls across business processes.
Advantages of bottom up analysis
Addresses risk issues at process level
Clearly defines responsibility
Encourages better risk culture
Can improve quality of management information
Disadvantages of bottom up analysis
Takes time to implement
can be subjective
Not always straight forward
Advantages of using KRIs
They allow trends to be monitored and can be used to anticipate problems
Allow for limits of acceptability
Provide a basis for objective risk management
Disadvantage of KPIS
Can cause skewed business performance if managers start managing to their KRIs
What are expected losses
errors that occur with reasonable frequency. They represent known process weaknesses which may be too expensive to fix. These errors are paid for through a pre-provided budget
What are unexpected losses
Low frequency, high impact events that can create serious problems
What are the practical constraints in risk management
Data collection constraints
Cultural constraints
Resource and cost constraints
Indicator constraints
What is a BCP
A business continuity plan deals with the premises and people aspects of a disaster e.g., where will staff work if main site is out of action
What is DR
Disaster recovery procedures deal with the IT and other infrastructure required to keep the business running
What is a CMT
Crisis management team
what can historical loss data be used for
Escalation thresholds
Loss casual analysis
