Session2 - Handout 3 - Operational Risk Flashcards
What is Operational Risk?
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events.
7 Different categories of operational risks are…
1) Execution, Delivery & Process Management
2) Clients, Products & Business Practices
3) Internal Fraud
4) External Fraud
5) Employment practices & workplace safety
6) Damage to physical assets
7) Business disruption & system failures
What are the 5 characteristics of Operational Risk?
1) Embedded risk - Not a transaction-risk but a risk embedded in processes, people and systems and due to external events.
2) Inherent risk - A large part of operational risk is inherent to the business in which we are engaging
and inherent to management processes
3) Hidden risk:
- The costs due to OR are difficult to trace or anticipate since most are hidden in the
accounting framework.
- Leads to underestimation of the risk (e.g. information security).
4)Unstable risk:
• Not linearly linked to the size of the activities. Small activities can be very risky high
risk, and vice versa.
• OR can be very unstable and grow exponentially in a short period.
5)Reputation risk
• A second-order risk, leading to additional damage in the form of damage to
reputation.
Between 2011 - 2016, banks lost 210 Billion $ due to Operational Risks, but in which segment was the loss the biggest?
1) Execution, Delivery & Process Management
2) Clients, Products & Business Practices
3) Internal Fraud
4) External Fraud
5) Employment practices & workplace safety
6) Damage to physical assets
7) Business disruption & system failures
2) Clients, Products & Business Practices
It amounted to 143.3 Billion $
What has been brought up in the lecture is that we can’t measure risks by using averages, why is that?
1) Because we don’t look at the volatility around the mean
2) Then, because just because peers are in the same industry this doesn’t mean that they have the same business model
3) Nicer to look at the variation around the mean
4) IT example of 5/100 vs 5/20
How is Skewness relateable to banks in terms of Operation Risks?
The skewness is that banks can report an average loss which then misses out on where the major losses actually are. This gives a picture of the bank to have fewer losses, on average, than what is actually relevant, in terms of how much money the bank is losing. (See slide 15 - handout 3)
To deal with Operational Risks, banks can arrange a Risk & Control Self Assessment, what is meant by this and what’s it for?
The banks create or arrange workshops in which they gather people from the bank to discuss potential scenarios in which the bank is more stressed to come up with possible solutions for these scenarios. Thus, being prepared for risks.
To do this, the bank has to be aware of TRUST and CONFIDENCE. This, to get proper feedback and to get people to participate.
What are the 3 Key Indicators of the indicator set?
- KPI - Key Performance Indicator
- KRI - Key Risk Indicator
- KCI - Key Control Indicator
What does KRI’s measure?
KRIs are the measures summarizing the frequency, severity and impact of operational risk events or corporate actions occurred in the bank during a reporting period.
In terms of KRI, what is meant by the frequency, severity and impact of operational risk events?
- Frequency: Number of Risk Events
- Severity: Volume of risk events, Average risk losses and Maximum duration of disruptions.
- Impact: Total amount of risk losses and Cost of mitigations.
In terms of KRI, what is meant by corporate actions in relation to operational risks?
That is about the risks in the following departments:
- Branch Network
- Legal Department
- Human Resources
- Loan/Client department
- Finance Department
- IT
(see slide 21 of handout 3 to examine what this is more about).
What does KPI’s measure?
1) KPIs are the measures that EVALUATE SCALE and PERFORMANCE of banking activities
2) directly related to operational risk exposure.
3) . According to many empirical observations
In terms of KPI, what type of categories or factors are measured?
1) Extension risk
- Gross Income
- Total Assets
- Book Value of Fixed Assets
- Cost to Income
2) Customer / Reputational Risk
- Number of client accounts
- Volume of client accounts
- Average balance of a single client account
3) People Risk
- Number of employees
- Staff payroll
- Income per employe
- Cost per employee
4) Process Risk
- Volume of transactions
- Number of transactions
- Average amount of single transaction
What does KCI’s measure?
A Key Control Indicator quantifies how effectively a specific control tool, approach, or methodology is working.
In terms of KCI, what type of categories or factors are measured?
1) Business Units
- Number of breaches identified by the staff
- Number of disciplinary actions
- Percentage of loss mitigation
2) Internal Audits
- Number of breaches in the process identified by internal audit
- Number of breaches eliminated
3) Risk Management
- Number of days before breaches are identified
- Number of action plans introduced
- Number of action plans failed to implement
4) Regulators
- Number of claims on the bank in the area of OpRisk made by the regulator
- Number of errors eliminated
