Transcript Operational Risk Management

Operational Risk Management
By: A V Vedpuriswar
October 4, 2009
Introduction
Globalization and deregulation of financial markets,combined
with increased sophistication in financial technology, have
made banking activities very complex.
Events such as the September 11 terrorist attacks, rogue
trading losses at Barings and the Y2K scare serve to highlight
the importance of operational risk management.
Operational risks faced by banks today include fraud, system
failures, terrorism and employee compensation claims.
1
Typical Bank Org Structure
2
Front Office
The more client-facing side of the business is known as the
front office.
These personnel typically include:
– sales people who act as the main contact point between the
bank and its clients.
– traders/market makers, who are responsible for executing
trades with various counterparties.
3
Middle Office
4
Middle Office functions
 Initial trade verification
 The input of trades into relevant trading systems
 Investigation of any discrepancies in trade details
 Daily P&L reporting
 Reconciliation and updating of trading positions
 Monitoring risk limits
5
Middle Office functions
The middle office function attempts to bridge the gap between
– the front office
– the back office
 The middle office typically gets involved in
– risk management
– control aspects of trading.
The middle office personnel are capable of independently
– valuing portfolios
– analyzing risk positions.
6
Back Office
In performing its role, the operations area has a major
responsibility to control operations risk.
The back office should quickly detect errors and bring to the
attention of dealers and management.
Some key responsibilities of back office employees include:
– capturing trade details in the settlement system
– validating trade details
– issuing settlement instructions
– ensuring that the trades settle on the value date
– making payments by electronic transfer mechanisms
– ensuring timely delivery of securities
7
More about the Back Office
The term ‘operations’ or ‘back office’ describe those
operational areas within the bank that deal with the result of
trading by the front office.
Following the execution of a trade and recording of the trade
within the system, trade details are typically fed through an
interface between the trading system and settlement system.
The starting point for the settlement of trades and all
subsequent activities is the capture of the trade details within
the settlement system.
 The moment the details of a trade are captured within the
settlement system, the trading position for both securities and
cash, at a trading book level, must be updated.
8
Trade skeleton
The typical trade information fed by a trading system and
captured by the settlement system could be described as the
‘trade skeleton’.
These are the minimum details a trader or market maker must
provide as these items are variable and cannot be guessed by
the settlement department.

10
Recording details
Though the basic details of a trade may appear very clear-cut,
the inaccurate recording of the details can lead to
unnecessary costs being incurred and risks being taken by
the STO.
 In an attempt to prevent inaccurate information being sent to
the outside world, the process of validating trade information
is adopted by many banks.
11
Trade agreement/validation
Failure of the bank and its counterparty to agree about the
details of the trade, can result in monetary losses if the
discrepancy remains unresolved at the value date.
Consequently, it has become standard practice in many
markets to strive for trade agreement as soon as possible
after trade execution.
 In many securities marketplaces, individual trade details must
be sent to the regulator by a specified deadline.
12
Settlement : Exchanging Securities and Cash
The exchange of securities and cash is known as settlement
with the securities industry.
 The most efficient and risk-free method of settlement is
known as Delivery versus Payment (DvP).
DvP involves simultaneous exchange of securities and cash
between buyer and seller (through their custodians).
The seller is not required to deliver securities until the buyer
pays the cash.
The buyer is not required to pay cash until the seller delivers
the securities.
13
Free of Payment
The alternative to settling a DvP basis is to settle on a Free of
Payment (FoP) basis.
Parties will need to arrange delivery of securities or payment
of cash prior to taking possession of the other asset.
Due to the risks involved, most STOs avoid settling in this
manner, whenever possible.
14
Settlement Department
The STO must issue a settlement instruction to its custodian
in order for settlement to occur.
 All pending incomes against securities must be carefully
monitored.
The first step in collection of the benefit is to become aware
that the issuer is making a specific income payment.
 The bank must calculate whether it is in fact entitled to the
income.
If so, it must assess who will remit the income and monitor the
receivable amount until full payment is received.
 Where it offers a safe custody service to clients, the STO is
expected to collect income on behalf of its clients.
15
Static data
 Static data (sometimes referred to as ‘standing data’)
describes data that changes occasionally, or not at all.
 The two principal components are:
– Securities static data
– Counterparty static data.
 The data must be carefully maintained.
If for instance, the coupon rate on a bond is not set up
correctly, incorrect trade cash values will result.
16
Static Data
 Likewise, the setting up of an incorrect counterparty postal
address could result in a client failing to receive a trade
confirmation.
 Books and records must be accurate, up-to-date, complete
and reflect reality.
 Reconciliation is achieved through the comparison of specific
pieces of information within the bank’s books and records,
and between the bank’s books and records and the outside
world.
17
Compliance
 The compliance officers within a bank are responsible for
ensuring conformity to the various rules and regulations, as
laid down by the local regulatory authority.
 This includes ensuring that:
–
only qualified personnel execute trades on the bank’s behalf;
– reporting of trade and positional information to the regulatory authorities
is complete and effected within the stated deadlines;
– methods of investigating trade disputes between the STO and its
counterparties are carried out in a thorough and correct manner;
– measures are taken to prevent unlawful activities within the STO, such
as insider trading
18
Settlement failures
Insufficient securities
Insufficient cash
Unmatched settlement instructions
19
Definition
The Basel Committee defines operational risk as:
"The risk of loss resulting from inadequate or failed
internal processes, people and systems or from external
events."
This definition includes legal risk, but excludes strategic and
reputational risk.
Banks can adopt their own definitions of operational risk, if the
minimum elements in the Committee's definition are included.
20
Types of Operational Risk
Internal fraud
External fraud
Employment practices and workplace safety
Clients, products and business practices
Damage to physical assets
Business disruption and system failures
Execution, delivery and process management
21
Internal Fraud
 Intentional misreporting of positions
 Unauthorized undertaking of transactions
 Deliberate mismarking of positions
 Insider trading (on an employee's own account)
 Malicious destruction of assets
 Theft/robbery/extortion/embezzlement
 Bribes/kickbacks
 Forgery
 Willful tax evasion
22
External Fraud
 Theft/robbery
 Forgery
 Computer hacking damage
 Theft of information
 Check kiting
23
Employment practices and workplace safety
 Employee compensation claims
 Wrongful termination
 Violation of health and safety rules
 Discrimination claims
 Harassment
 General liability
24
Clients, products and business practices
 Breaches of fiduciary duties
 Suitability/disclosure issues (KYC, and so on)
 Account churning
 Misuse of confidential client information
 Antitrust
 Money laundering
 Product defects
 Exceeding client exposure limits
25
Damage to physical assets
 Natural disasters (earthquakes, fires, floods, and so on)
 Terrorism
 Vandalism
26
Business disruption and system failures
 Hardware and software failures
 Telecommunication problems
 Utility outages/disruptions
27
Execution, delivery and process management
 Miscommunication
 Data entry errors
 Missed deadline or responsibility
 Model/system misoperation
 Accounting errors
 Mandatory reporting failures
 Missing or incomplete legal documentation
 Unapproved access given to client accounts
 Non-client counterparty disputes
 Vendor disputes
 Outsourcing
28
Qualitative assessment
Environment
Activities
Supervision
Disclosure
29
Risk Assessment
Checklists
Questionnaires
Workshops
Scorecards
30
Operational Risk Indicators
Operational risk indicators attempt to identify potential
losses before they happen.
 Some indicators are applicable to specific organizational
units (for example, transaction volumes and processing
errors).
Others can be applied across the entire bank (for example,
employee turnover, new hires and number of sick days).
In practice, the most common risk indicators are lagging or
ex-post measures.
They provide information on events that have already taken
place (eg, failed trades, settlement errors, and so on).
31
From lagging into leading indicators
The challenge for risk managers is to transform lagging
indicators into leading or predictive indicators.
This can be done by changing the focus of the indicators that
are tracked or by adding new information to these indicators.
 Thus the focus of the indicators could be changed to highlight
issues that are still outstanding or remain open after a
specified period of time (for example, 24 hours) has elapsed.
In reality, however, it is not easy to transform lagging
indicators into predictive indicators.
32
Statistical Approaches
Statistical approaches to operational risk measurement
generally involve the use of methodologies to quantify
operational risk .
The approaches involve the collection of actual loss data and
the derivation of an empirical statistical distribution.
An unexpected loss amount, against which banks must hold a
capital buffer, can then be calculated from the distribution.
 In theory, the unexpected loss can be calculated to any
desired target confidence level.
In practice, many banks are working towards measuring
operational risk to a 99.9% confidence level.
33
Legal risk
The Basel Committee's definition of operational risk explicitly
includes legal risk.
Legal risk is the risk of disruption or adverse impact on the
operations or condition of a bank due to:
– unenforceable contracts
– lawsuits
– adverse judgments
– other legal proceedings
 It can arise due to a variety of issues, from broad legal or
jurisdictional issues to something as simple as a missing
provision in an otherwise valid agreement.
34
Master Agreements
There are now master agreement forms for many financial
products.
These agreements:
– create a common legal framework that can be understood by all
market participants.
– cover most of the major legal points that should be agreed as part of
documenting the transactions.
 Individual transactions are tied to master agreements with
confirmation documents containing specific terms of each
transaction.
35
The master agreements should ideally be negotiated prior to
any individual transaction being agreed.
But, in many cases, the master agreement is only negotiated
as a consequence of the first transaction.
Master agreements cover how the parties will conduct
themselves in case of the early termination of the contractual
agreements due to credit default or other unforeseen events.
 The agreements specify how the exposures for more than
one transaction under the master agreement will be netted
against each other.
36
Reputation risk
Reputation Risk
Negative public opinion regarding an institution's practices,
whether true or not, may result in a decline in its customer
base, expensive litigation and/or a fall in revenue.
 Reputational risk may cause liquidity difficulties, fall in share
price and a significant reduction in market capitalization.
In 1994, Bankers Trust was accused of having misled
customers by selling them inappropriate derivatives positions.
Its reputation was so badly damaged that it was forced into
acquisition.
38
Strategic Risk
Strategic(Business) Risk
It incorporates the risk arising from an adverse shift in the
assumptions, goals and other features that underpin a strategy.
Business Risk is a function of:
– a bank's strategic goals
– the business strategies developed to achieve these goals
– the resources deployed in pursuit of these goals
– the quality of implementation of these resources
Business risk, however, is difficult to assess in practice.
It can be particularly difficult to separate from other forms of
risk, such as market risk.
40
Model Risk
Model Risk
Model risk arises out of the failure of a model to sufficiently
match reality, or to otherwise deliver the required results.
 It can arise from a number of issues, including:
– mathematical errors (for example, in determining the formulas for valuing
more complex financial instruments)
– the lack of transparent market prices for some of the more illiquid market
factors
– invalid assumptions
– inappropriate parameter specification
– incorrect programming
42
Dealing with model risk
Companies must model the instruments and the portfolio carefully.
Very large and unexpected moves may occur in market factors
sometimes in conjunction with each other.
Liquidity can suddenly vanish.
Being based on assumptions, models are always a simplified
representation of what happens under real-life conditions.
 If these assumptions break down, then the model is worthless.
Therefore, modeling for disaster as well as for normal market
conditions is highly desirable.
This is why stress testing is important in addition to value at risk
calculations.
43