Operational Risk Management

Question 1

What is ORM concerned with?

Answer 1

Risks that disrupt everyday activities

Question 2

Which element of the FIRM scorecard is most closely related to ORM?

Answer 2

Infrastructure

Question 3

What are financial institutions required to quantify under Basel II regulations?

Answer 3

Exposure to operational risk in order to determine capital requirement also known as ‘economic capital’.

Question 4

Solvency II adopts a similar approach to Basel II. What industry does it apply to?

Answer 4

Insurance

Question 5

Why are international standards required?

Answer 5

So that regulators can set out universal regulations about how much capital must be kept in reserve to cover the financial and operational risks they face.

Question 6

What is the Basel II definition of ORM?

Answer 6

“Managing the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”

Question 7

Give an example of how inadequacies or failures by ‘people’ can result in loss?

Answer 7

Failure to comply with procedures

Lack of segregation of duties

Question 8

Give an example of how process failures can result in loss?

Answer 8

Inadequate controls in place

Question 9

Give an example of how system failures can result in loss?

Answer 9

Absence of built-in controls

Failure of applications

Question 10

Give an example of how external events can result in loss?

Answer 10

Changes to regulations

Legal action

Fraud

Question 11

Contrast ‘market risk’ with ‘credit risk’.

Answer 11

Market = changing value of investments
Credit = failure of a client repaying loan/interest

Question 12

What are Basel II’s 10 ORM principles?

Answer 12

1. Board set operational strategy
2. Senior management implement ops risk strategy
3. Info comms and escalation flows established
4. Identification of risks inherent in activities, processes, products
5. Processes for assessing ops risk established
6. System implemented to monitor exposure and loss events
7. Policies and processes for controlling ops risks
8. Supervising bodies require banks to have an effective system for identifying, measuring, monitoring and controlling risk.
9. Supervising bodies conduct regular independent evaluations of these principles
10. Public disclosure so stakeholders can assess ops risk exposure and quality of ORM.

Question 13

What are the three approaches used to measure Basel II ORM?

Answer 13

Basic indicator: Calculate value of OR capital using a single indicator for overall exposure

Standard approach: Calculates value of OR capital using a broad financial indicator multiplied by ops loss experience

Advanced approach: Calculates OR capital using internal loss data plus qualitative and quantitative methods

Question 14

What are the challenges of measuring ops risk?

Answer 14

Losses can be indirect e.g. losing a customer and subsequent future income

Question 15

How is the failure of ORM attributed to financial crisis of 2008?

Answer 15

Banks failed to properly quantify risk exposure. Now adopting frameworks such as ISO31000, COSO and IRM.

Question 16

What are two concerns associated with ORM and a focus on quantifying exposure?

Answer 16

Danger of it being seen as compliance rather than an opportunity to optimise risk exposure

Technical nature means it can be left to the risk manager rather than an appropriate ops manager