Transcript Radar - ISDA - International Swaps and Derivatives

Operational Risk
June 2002
Operational Risk on Everyone’s Desk
– The RADAR System
OR Clients & Services
Business Needs
Business Lines &
Internal
Stakeholders
Business OR
External Requirement
Group OR
Regulators &
External
Stakeholders
Risk Strategy
Business
Direction
Risk Advisory/
Risk Appetite
Risk Disclosure
Market Discipline
Governance
Management &
Daily Decisions
Progress Tracking
& Escalation
Guideline/Policy
Supervisory
Review
Data
Information
Provision
Risk Analysis &
Costing/Profiling
Economic Capital
Methodology
Regulatory Capital
Charge
Page 1
Control & Management Process
Mgt Actions &
Projects
OR Committees
Risk Advisory
Escalation &
Tracking
Risk
Identification
Scenarios
OR
Profile
OR Costing
Modelling
Reporting &
Analysis
Process Mapping
Self- Assessment
KRI Reporting
Loss Data
Collation
Data
Collation
Page 2
Value Added Program
Proactive
ValueAdded
Reactive
SelfAssessment
OR
Committees
Risk Advisory
KRI Reporting
Loss Data
Collation
Resource
Planning
DecisionMaking Body
Project
Initiation
Risk Costing /
Risk Rating
Loss
Management
 Capital Budget
 Aggregation
 Quality Scores
 Healthcheck
 Grey Areas
 New Initiatives
 Risk Mitigation
 Project status
 Risk-Priorities
 Audit Issues
 Outsourcing
 E-Commerce
 Risk Transfer
 Constraints
 New Products
 Infra. Projects
 Scenarios
 Issue Mngmt
 Early Warning
 Trending
 Escalation
 Benchmarking
 Best Practice
 Corrective Action
 Accountability
 Risk Awareness
 Corporate
Memory
 Analysis/Reports
 Risk Mapping
 Automation
Potential Loss
Audit Follow-Up
Project Sign-Off
Status Report
Data Repository
Passive
Data Intensity
Page 3
System Architecture
Business Data - RADAR
Economic
Capital Budget
Reporting
Incident
Capture
Key Risk
Indicators
Self
Assessment
RADAR Process Model
Incident Capture Features
- Loss categorisation
- Web-based workflow
- Decentralised control
- Tailored p+l calculations
- Email notifications/alerts
- Digital certification/sign-off
- GDS group-based security
- Data drilldown & extract
- Multi-entity/multi-lingual
- Fully Parameterisable
- User/system notes
- Online help
KRI & Reporting Features
- KRI measure/issue set up
- Product/process mapping
- Decentralised submission
- Multiple reporting streams
- Edit/report/read roleplay
- Multi-dimension data capture
- Item or bulk upload capability
- Data drilldown/breakdown
- Comparatives/benchmarks
- Issue tracking/management
- Scorecard report-writer
- Web report distribution
Self-Assessment Features
- Detailed question sets
- Loss frequency/severity
- Quality scoring/weighting
- Aggregated loss estimates
- Assessor/approver roles
- Data views and security
- Multi-entity/multi-lingual
- Standardised reporting
Page 4
Process Model
“We must have a consistent framework – the data model is the risk map”
Category
Location
Org Unit
Losses
Key Risk Indicators
Operational
Risk Data
Described by
Activity
Attributes
Process
Product
System
Self-Assessment
Simplified Activity Buckets
Capital Mkts - Ldn
Cash Equities
Cash Bonds
Exch Traded
Derivatives
Equity OTC
Derivatives
IR OTC & Credit
Derivativatives
Order Receipt/Routing
BestConnect, DROM,
Wonder
Manual
Gatornet
Manual
DealViewer
Pricing & Execution
Fidessa, Pirate, Colt,
Spots, Reuters
Bloomberg, e-Bond
Trinitech, Liffe Connect,
Eurex, ORC
CFD2, EqTrader
Kondor, Stars, Merlin
Deal Capture & Risk Mgt
BestConnect, Fidessa,
Pirate, Colt, Imagine,
Posts
Bloomberg, RIBS,
Bondseye
Pirate, Trinitech, Imagine,
GMI, Clearvision
Murex, Equods, Imagine
Kondor, Stars, Merlin
Settlement & Reporting
Posts, Gerts, Grave
RIBS, GRR, TRMS
Imagine, Gerts, Grave,
POSTS, GMI, Clearvision
POSTS, Imagine, Gerts,
Grave
AIMS, ANLOS, TRMS
Page 5
Participation
“What is a loss ? There’s no debate once it is internally owned and authorised”
RADAR Workflow Principles
Stage Name
Stage Name
 Errors & Loss Data
Identify
reject
Automated e-mail
Investigate &
Control
reject
Automated e-mail
Owner
Acceptance
reject
Automated e-mail
Authorisation
reject
Automated e-mail
Validation
 Anyone in the bank can identify an incident
KRI Setup
& Maintain
 Investigation requires specialist control groups
 3 managers as a minimum sign off each incident
 Email notification and senior management alerts
Assign & Raise
Submissions
Automated e-mail
 Validation & routing managed by control groups
Risk Indicators 
 Central KRI specifications, also some user defined
 Any department can establish its own reporting stream
 Newspaper style workflow – reporters, editors, readers
Data Entry
& Locking
Automated e-mail
Produce Reports
Review & Edit
Automated e-mail
Distribution
 Anyone can write an OR Report for their user rights
Page 6
Categories
“What is a loss ? We need a lot of descriptive fields around the basic categories”
Errors and Loss Data
 fully parameterisable, multi-entity, multi-lingual, local views & naming
 direct/indirect loss effect types, multi-select, entered by investigator
 causal ‘reason codes’, primary/secondary, entered by error owner
 causal process point, expected/unexpected, entered by error owner
 recoveries, contributing parties, entered by authoriser
 Basel event categories, mapped by system, checked by validator
 error accounts, cost centres, control process, checked by validator
RADAR Parameters
 online help and support facility
Risk Indicators
 shared parameters/categories with loss platform
 volume, exception, risk exception, error measures
 multiple measure types – count, value, duration, score …
 mandatory/optional data fields, high/med/low criticality
 control processes, function reported by and reported for
Page 7
Functionality
“No-one uses a system unless there’s something in it for them”
Errors and Loss Data – Multi-Currency P+L Calculations 
 Cash Equity – buy/sell amount and price
 Cash Bonds – as above plus interest accruals
 Equity-Linked – as above plus conversion ratios
 Futures and Options – as above plus commission
 Interest Claims and Funding – rate/daycount/amount
 Freeform p+l – multiple effect types, user notes, attach file
Risk Indicators – Data Management 
 Product/Process/System Mapping – by KRI, org unit, location
 Multidimensional data entry and bulk data upload
 Data Locking and submission management
 Issues and action management
RADAR User Tools
Page 8
Reporting
t’s all about risk awareness .. if we can just put Operational Risk on everyone’s des
XX Division Trading Error Report - 2001
YY Product
1. High level losses by month
2001 Tr ading error losses (€) b y Sub-Product
2001 Number of trading error s b y Process
Order Receipt
AA
 Errors & Loss Data
Limit Checks
BB
Order Routing
CC
Price Quote
DD
Execution/Order Fill
EE
Client Reporting
FF
Deal Capture
GG
Position Management
Monthly evolution of losses b y location (€k)
160
AA
CC
500
DD
EE
FF
300
GG
HH
100
Number of errors
200
700
BB
Loss (€k)
 League table reporting with incident drill down
X Product corr ect ed fields
900
Unidentified
Currency
Account
120
Date
Direction
80
Price
Quantity
JJ
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
 Advanced power user reporting and data extract
Instrument
40
Whole T rade
-100
 Incident Search and data feed facility
0
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
 Simple graphing and data analysis via data extract
Comments:
1. Trading errors peaked in February 2001, with a €XXXk loss on allocation to a client during the XY Z IPO. Aside from this, errors hav e f luctuated about the av erage of €YYY k per month.
2. The majority of errors in 2001 were related to an incorrect price f ield, although the number of errors related to the whole t rade has increased steadily since May .
RADAR Reporting
 Risk Indicators
 Report templates including ‘scorecard’ style
 Measure/issue selection incl. prior period/benchmarks
 Editable draft reports with OR commentary facility
 HTML & PDF reports, data trending/graphing/drilldown
 Integrated reporting of KRIs, loss data and self-assessment
Page 9
Operational Risk
June 2002
Loss Data Appendix & Screenshots
Loss Categorisation
Causal Categories
Sample Loss Effects
Direct Cost
Indirect Costs
Human Capital
Cost to Rehire/Lock-in
Lost Clients/Deals, Damaged Reputation,
Corporate Memory Loss, Failed Initiatives,
Staff Morale, Ongoing Ability to Rehire
IT Applications
One-off Developer/Support Costs
Business Disruption, Damaged Reputation,
Opportunity Cost of Management Time/Focus
Infrastructure
Asset/Facility Replacement Costs
Project Write-downs, Write-offs
Opportunity Cost of Management Time/Focus
Trading Errors
Funding Costs
Penalties/Fines
Regulatory Risk, Reputational Damage
External Services
Cost to Cover Supply Failure
Business Disruption, Regulatory/Reputation Risk
External Damage
Asset/Facility Replacement Costs
Business Disruption, Damaged Reputation
Management
Procedures &
Controls
Page 11
Loss Data Workflow
Stage Name
Identify
reject
reject
• Investigation & validation of incident details
• Independent calculation of profit/loss impact
• Allocation of error to an Owner
Restricted Access: Control
by independent function:
• Fin Control
• Risk Control
• Ops Control
• Review incident details
• Explain causes of error
• Accept & nominate authoriser
• Incident Owner: e.g.
trader, salesman,
officer
• Review incident details & comment
• Sign off on validity of incident
• No of authorisers dependent on size
• Level 1:Desk Head
• Level 2: Head of Trading
• Level 3: Head of Business
• Validation of incident categorisation
• Validate correct authorisation level
• Restricted Access:
Investigator or other
members of Control Group
Automated e-mail
Authorisation
reject
• Form Originator at
Control Process Point
Automated e-mail
Owner
Acceptance
Stage Owner
• Enter basic incident details
• Can be entered by any RADAR user
• Details passed to central control group
Automated e-mail
Investigate &
Control
reject
Stage Description
Automated e-mail
Validation
Page 12
Main Menu
Page 13
Online Help & Support
Page 14
Parameterisation – Control Groups
Page 15
Parameterisation – Loss Categories
Page 16
Identify
Page 17
Investigate – Cash Equity
Page 18
Investigate – Interest Claim
Page 19
Investigate – Funding Details
Page 20
Investigate – Freeform P+L
Page 21
Owner Accept
Page 22
Authorise
Page 23
Management Alerts
Page 24
Validate
Page 25
Routing, Void, Reassign
Page 26
Multi-Entity
Page 27
Search
Page 28
League Table Reporting
Page 29
Advanced Reporting
Page 30
Loss Data Reports
Loss data can be analysed against any of the dimensions of the RADAR Process Model
XX Division Trading Error Report - 2001
YY Product
1. High level losses by month
2001 Trading error losses (€) by Sub-Product
2001 Number of trading errors by Process
Order Receipt
AA
Limit Checks
BB
Order Routing
CC
Price Quote
DD
Execution/Order Fill
EE
Client Reporting
FF
Deal Capture
GG
Position Management
Monthly evolution of losses by location (€k)
X Product corrected fields
900
200
AA
BB
CC
Loss (€k)
500
DD
EE
FF
300
GG
HH
100
Unidentified
160
Number of errors
700
Currency
Account
120
Date
Direction
80
Instrument
Price
40
Quantity
JJ
Whole Trade
-100
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
0
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Comments:
1. Trading errors peaked in February 2001, with a €XXXk loss on allocation to a client during the XYZ IPO. Aside from this, errors have fluctuated about the average of €YYYk per month.
2. The majority of errors in 2001 were related to an incorrect price field, although the number of errors related to the whole trade has increased steadily since May.
Page 31
Operational Risk
KRI Appendix & Screenshots
June 2002
KRI Categorisation
Causal Categories
Sample Key Risk Indicators
Volume
Exception
Risk Exception
Human Capital
Staff
Key Leavers/Joiners
Disciplinary Cases
IT Applications
# Systems
Enhancement Requests
New/Deleted Accounts
Helpdesk Calls
Change Releases
Firewall Changes
Downtime Duration
System Bugs
Policy Breaches
Infrastructure
# Servers
Premises Capacity
System Dependencies
Occupancy Rate
Firecalls
Engineering Incidents
Management
# Projects
Decisions Announced
Audits Conducted
Milestones Missed
Decisions Pending
# Audit Issues
Scrapped Projects
Negative Media/Press
Overdue Issues
Trade Volumes
Exposure Limits
# Stat/Reg Reports
Current Breaks
Limit Breaches
Targets Missed
Breaks >30 days
Managed Positions
Restated Reports
External Services
# Ext Suppliers
SLAs Outstanding
SLA Breaches
External Damage
Firewall Traffic
Physical Exposure
Indemnity Exposure
Firewall Alerts
BCP Invocations
Complaints/Investigations
Virus/Hacker Attacks
Insurance Claims
Lawsuits
Procedures &
Controls
Page 33
Risk Indicator Workflow
Stage Name
Stage Description
Access Rights
KRI Setup
& Maintain
• Define/set up new mandatory/optional KRIs
• Classify measure or issue type and nature
• Associate products, processes, org units
• OR
Assign & Raise
Submissions
• Define submissions for functions/locations
• Assign KRI submissions to reporter groups
• Raise/manage submissions for time periods
•OR Editors
• Enter data individually or via bulk upload
• Enter commentary/issues and criticality
• Lock data submissions once complete
• Reporter
• Produce OR reports and scorecards
• Select optional data and issues
• Add or edit OR commentary
• Editor
• Receive/read reports
• Query and drill down capability
• Reader
Editors
Automated e-mail
Data Entry
& Locking
Groups
Automated e-mail
Produce Reports
Review & Edit
Groups
Automated e-mail
Distribution
Groups
Page 34
KRI Set Up
Page 35
Process Mapping
Page 36
KRI Submissions
Page 37
Submission Details
Page 38
KRI Data Entry
Page 39
Multi-Dimensional Data Entry
Page 40
Bulk Data Entry
Page 41
Issues & Actions
Page 42
Manage Submissions
Page 43
Report Templates
Page 44
Report Writing
Page 45
Measures Selection
Page 46
Review & Edit
Page 47
KRI Reporting
Page 48
Data Drilldown
Page 49
Integrated Reporting
Actual loss & risk indicator data validate self-assessment loss estimates & KRI benchmarks
KRI Benchmarks &
Self Assessment
Loss Estimates
Actual Monthly
RIsk Indicators
& Loss Data
Page 50