ERM Chapter 24 Flashcards
Why is operational risk being managed on a more formal basis?
- Operational risk has been the main driver behind many cases of major financial disaster in recent times.
- Operational risk is inter-linked with credit and market risk and it is important to minimise the likelihood of operational risk failure during already stressed market conditions.
- Operational risk may other be treated differently in different areas of the country. The can lead to key risks being overlooked and decisions being taken based on inaccurate information or an incorrect assessment of a business unit’s risk-adjusted returns.
Outline the benefits of consistent and effective operational RM that is distinct from the general benefits of management of other type of risk.
- minimises the impact of reputational damage arising from incidents linked to operational losses. Such incidents give the appearance that the company is badly managed and ill-equipped to deal with errors
- minimises day-to-day losses and reduces the potential for more extreme and costly incidents
- improves a company’s ability to meet it’s business objectives (less time spent on crisis management)
- strengthens the overall ERM process and framework
What has been revealed by initial analysis of available data on operational losses?
- distribution is skewed to the right (large number of small losses and relatively few large losses)
- loss severities have a heavy-tailed distribution
- losses occur randomly in time
- loss frequency may vary considerably over time
- some classes of operational loss have an underlying cyclical component and/or depend on the current economic conditions
What are the two types of operational losses that occur, and how are they modelled?
- Small day-to-day mistakes made in the course of business. Modelled using statistical distributions or high-claim-frequency non-life reserving techniques.
- Infrequent, large events e.g. major fraud or failed projects. Modelled using other methods such as EVT techniques.
What are bottom-up models?
- estimates the operational risk capital by starting the analysis at a low level of detail and then aggregating the results to obtain an overall assessment
A:
- give a more robust picture of a company’s overall risk profile
D:
- difficult to break down aggregated losses into their constituent components
- there may be little robust internal historic data, especially for low probability and high impact events
- differences between companies mean that application of external data is difficult
Why is scenario analysis used to assess operational risk exposure, and what are the steps involved?
- potential linkage between operational and other risks
- Risk exposures need to be grouped into broad categories - all risks involving financial fraud, all involving system errors etc.
- For each group of risks, a plausible adverse scenario is developed. The scenario is deemed to be representative of all risk in the group.
- For each scenario, the consequences of the risk event occurring are calculated. Financial consequences may include redress paid to those affected, cost of correcting systems and records, regulatory fees and fines, and opportunity costs while changes are made.
- Total costs calculated are taken as the financial cost of all risks represented by the chosen scenario.
- Assessments of likelihood and severity made by a scenario analysis can be displayed on a risk map.
What are the benefits of scenario analysis?
- capturing the opinions, concerns and experience of risk managers
- not relying heavily on the availability, accuracy or relevance of historic data
- providing an opportunity to identify hard to predict, high-impact events
- identifying and improving understanding of cause and effect relationships
- reducing risk-reward arbitrage opportunities
Outline the use of factor-based models in assessing operational risk.
- a simpler approach, often used due to a lack of data
- an example is assuming that losses are related to volume of transaction, and applying a weighting to the actual or expected volume of transactions
- examples include the Basel Indicator Approach and the Basel standardised approach
D:
- operational risk exposure may not be proportional to business volume
What are top-down models? Give four examples.
- use readily-available data and fairly simple calculations to give a general picture of the operational risk of a company
- examples include:
> implied capital model
> income volatility model
> economic pricing model
> analogue model - note that all of the above models fail to capture successfully low probability, high consequence risk events
Outline the implied capital model.
Operational risk capital = total risk capital - non-operational risk capital
A:
- the approach is simple and forward-looking
D:
- total risk capital needs to be estimated
- inter-relationships between different types of risk are ignored
- this model does not capture cause and effect scenarios
Outline the income volatility model.
Operational risk capital = total income-volatility - non-operational-risk income-volatility
A:
- there is better data available in respect of total income-volatility than for total risk capital needed for the implied capital model
D:
- it ignores the rapid evolution of companies and industries - over time the income volatility of companies will change
- by focusing on income rather than value, this model does not capture the ‘softer’ measures of risk, such as opportunity cost and the value of reputation/brand
Outline the economic pricing model.
- The CAPM is the most widely used example of this kind of model
- CAPM assumes all market information is included in a company’s share price and so the impact of any publicised operational losses can be identified by looking at the movement in a company’s share price and stripping out the overall market movement
A:
- includes both the aggregate effect of specific risk events and the ‘softer’ issues e.g. opportunity cost and/or damage to reputation/brand
D:
- no information is provided on losses due to specific risks
- the level of operational risk capital is unaffected by any controls put in place, so there is little motivation to improve the RM process
- tail-end risks are not accounted for thoroughly
- does not help anticipate incidents of operational risk, as there is no consideration of individual risks in isolation
Outline the analogue model.
- use data from similar models to derive operational risk capital
- these models are useful if there is little internal data available, although it is debatable how accurate one company mirrors another in terms of risk profile
List the six components of a comprehensive operational risk management policy.
- principles for operational RM
- definitions and taxonomy for operational risk
- objectives and goals of operational RM
- operational RM processes and tools
- organisational structure, as it applies to operational RM
- roles and responsibilities of different business areas involves in operational RM
What are the steps involved in the systematic process for managing a company’s operational risk?
- risk policy and organisation
- risk identification and assessment
- capital allocation and performance measurement
- risk mitigation and control
- risk transfer and finance
