Week 5 Flashcards
What is Incident Data Collection?
The process of gathering detailed information about incidents and events that may pose risks to the organization, creating a comprehensive database for risk assessment and management.
What are the three main methods of data collection mentioned in the material?
Automated Systems, Manual Reporting, and Audits and Reviews.
What is a ‘Near Miss’ in operational risk terms?
Avoided losses by luck or accident outside of normal controls. These do not include events where controls worked properly or events with only indirect financial impacts.
What is the difference between Direct and Indirect Losses?
Direct losses are immediate financial consequences (e.g., client compensation, regulatory fines). Indirect losses are resulting impacts like loss of customers, reputational damage, increased compliance costs, and lower employee morale.
What is a ‘Boundary Event’ in operational risk?
Boundary events occur when the impact materializes in a different risk class than the cause (e.g., a credit loss due to an operational error).
What regulatory threshold for operational loss data is mentioned in the Basel Committee requirements?
€20,000 threshold for reporting operational losses.
What is the minimum history requirement for operational loss data according to BCBS?
10-year history of operational loss data must be maintained.
What are Key Risk Indicators (KRIs)?
Metrics used to monitor the level of exposure to risks and the effectiveness of controls within an organization, providing early warning signs of potential risk events.
What are the four categories of KRIs mentioned?
Exposure Indicators, Stress Indicators, Failure Indicators, and Causal Indicators.
What does a ‘Leading KRI’ focus on?
Leading KRIs focus on risk drivers (causes or factors that increase likelihood or impact) to flag risks before they occur.
What does a ‘Lagging KRI’ track?
Lagging KRIs track events that have already occurred, identifying weaknesses in the control system that need correction.
What is the difference between KRIs, KPIs, and KCIs?
KRIs track exposure to operational risk; KPIs measure performance; KCIs measure control effectiveness. These metrics can often overlap.
What are the three common color codes used in KRI dashboards and what do they indicate?
Green: No action required; Amber: Monitor (some firms take action); Red: Action required (no shades of red; red means immediate action for all KRIs).
What are the three types of incident data mentioned?
Internal Data (operational failures, process breakdowns, human errors), External Data (market disruptions, regulatory changes, competitor failures), and Near-Misses.
What is meant by ‘Incentivizing Timely Self-Reporting’ in operational risk management?
Practices ranging from soft encouragement to strict oversight to ensure incidents are reported promptly, often with penalties if incidents are discovered later rather than self-reported.
What are the ‘Golden Rules of Reporting’ for risk information?
1) Value Must Exceed Cost, 2) Clear Purpose, 3) Influence Decision-Making, 4) Purposeful Reporting (adopt a ‘so what?’ approach).
What is the typical reporting frequency for incident data in large banks?
Usually monthly, sometimes weekly in large banks.
What are the main challenges in risk reporting mentioned?
Balancing information (avoiding overload vs. oversimplification), Filtering and Aggregation of risk information, and Maintaining Engagement with stakeholders.
Why is averaging problematic for operational loss data?
Due to the asymmetry of operational loss data (rare and large losses vs. frequent and small losses), averages can be misleading due to outliers.
What alternatives to averages are suggested for operational loss data?
Median and quartiles (P25, P75) are better alternatives, and splitting data into Expected Losses (EL) and Unexpected Losses (UL).
What percentage of gross income typically indicates high-performing operational risk management?
1.8% - 2.2% of gross income attributed to operational losses indicates high-performing operational risk management.
What percentage of gross income as operational losses often signals underreporting?
A ratio below 1.5% of gross income often signals underreporting, not excellent performance.
What are the key components that should be included in incident data fields?
Unique Incident ID, Place of occurrence, Event type, Event description, Cause type, Control failures, Relevant dates, Financial loss data, Impact type, and Action plans.
What is the recommended approach for boundary events from a management perspective?
Many firms reclassify boundary events to their original risk class, especially for significant losses, but it’s recommended to reclassify and investigate boundary events only for major events.
