Operational Risk - Microfinance-India-Home
Download
Report
Transcript Operational Risk - Microfinance-India-Home
Operational Risk
S.Ramesh
Sa-Dhan
Risk categories and their importance for MFI
Risk categories
Credit
Market
Rating
Loan portfolio risk
XXXXX
Interbank risk
XX
Interest rate risk
XXXX
Currency risk
Liquidity
Liquidity risk
XXXXX
Other risk
Performance risk
XXXXX
Compliance risk
XXXXX
Reputation risk
XXXX
Country risk
Operational risk
Operational risk
XXXXX
Operational risk is every MFI's greatest
fear.
Credit Risk
Staff
Human Error
Disbursements /
Re payments
Management System Failures
Control Failures
Compliance
Rapid Expansion
Legal
Premises
Business Continuity
Fraud
Information Technology
Multiple
Financing
Market Risk
Operational Risk
•
Circumstances that have been identified and if left
unattended may lead to a loss in the future, example :
technology
•
Happening or occurrences that are indicative of the
underlying risk, they might have resulted in an economic
loss, but did not, example : large cash balances; no
monetary loss yet
•
Incidents that resulted in a monetary loss Example: Small
frauds
OR can arise from:
Internal and external fraud
Failure to comply with laws or meet workplace safety standards
Policy breaches
Failure to meet regulatory requirements
Personnel risks
Damage to physical assets
Business disruptions
Transaction processing failures (execution, errors)
Failure of internal controls and corporate governance
But how do you define, analyze and solve a
potential problem before it has even arisen?
“ Operational Risk is the risk of loss resulting from
inadequate or failed internal processes, people and
systems or from external events”
People
Process
Technology
Reputation
Operating Environment
But how do you define, analyze and solve a
potential problem before it has even arisen?
Systems
Legal
External Events
Includes legal risk but excludes strategic risk
Operational risk (OR) – People Risk
OR is more than people and technology risk. It encompasses all the hidden
dangers that do not come under the umbrella of market or credit risk.
People:
Positing of Staff in Key Areas
Competency of Staff
Insufficient training,
negligence, integrity, etc.
Work Environment
Employee Motivation
HR initiatives
Frequency and impact of staff turnover/rotation
Operational risk (OR) – Process Risk
Transaction risk:
Operational Manual to execute Transaction
Frequency of execution of errors in transactions
Business volume fluctuation/ concentration
Organizational complexity
Product complexity, and major changes
Operational Control risk
Frequency of Violation of operational controls ( exceeding limits, powers)
Efficiency of information flows
Frequency of operational disruption
Operational Control: inadequate segregation of duties
lack of management supervision
inadequate procedures.
Risk due to loose security at operational points ( overnight cash)
Operational risk (OR) – Technology Risk
Technology:
Poor technology and Partial /disconnect computerization
Obsolete applications
lack of full automation for consolidation and /or accounts and Operations
MIS complexity, poor design, development and testing.
Systems failure
Volume of transaction Vis-a- Vis level of system development and capacity
Level of Manual intervention required to process transactions
Validity of IT systems
IT related frauds
Operational risk (OR) –
Reputation risk
Customer perception of the Company/MFI
Mostly dependent of Field officer
Individual is recognized than the institution by the customer
Public /Politicians perception of MFIs
Operating Environment
Unanticipated changes in external environment
Multiple lending
Macro Economic Factors like loan waiver, low fund flow to MFIs leading to
failure to keep up commitments to customers
Operational Risk - 7 OP Risk types
Internal Fraud
External Fraud
Employment Practices
Professional Practices
Loss/Damage to assets
Business disruption & system failures
Transaction processing risk
Interconnection of Operational Risks
Dependencies
Operational
Risk
Categories
Internal
People
External
Process
Connectivity
of
Operational
Risk
Exposure
Technology
Change
Complexity
Sources
Complacency
Likely drivers
of Operational
Risk associated
with each
Operational Risk
Category
Risk types contd…
Internal fraud: intended to defraud, misappropriate property,
employee theft
External fraud: robbery, forgery, Collusion.
Employment practices and workplace safety: workers
compensation claims, organized labor activities likely
Business disruptions and system failures: hw. and sw. failure.
Execution, delivery and process management: data entry errors,
incomplete legal documentation, unapproved access given to client
accounts.
How can we addressing Operational Risk?
Transfer the risk to another party (e.g. through
insurance)
Accept and manage the risk through effective
management monitoring and control
Put appropriate fall-back plans in place to reduce the
impact in case of an operational failure.
Least- Avoid the risk by withdrawing from a business
activity
OR Management
Risk Management systems-adequacy, demarcation
of responsibilities, day-to-day supervision
Areas- Cash management, internal control &
housekeeping, AML controls
Robust internal controlEffective internal Inspection/Audit
KYC & AML measures-emphasis
ORM Practices should be based on policy duly
approved at the board level that describes the
processes involved in controlling OR.
Clear strategies and oversight by the Board: Board of Directors
should approve and review the MFIs ORM framework.
Internal Control System: ORM framework is subject to effective
internal audit by operationally independent and competent staff.
Strong Operational Risk Culture: ORF should be implemented
throughout the whole organization, all levels of staff should understand
their responsibilities.
Contingency Planning: MFIs should have contingency and business
continuity plans to operate on an ongoing basis and limit losses.
Effective internal reporting: Senior management have responsibility
for developing policies, processes and procedures for managing OR.
Risk Monitoring and Control Practices
should be implemented.
Collection of Operational Risk Data (incident reporting
framework)
Regular monitoring and feedback mechanism in place for
monitoring any deterioration in OR profile.
Collation of incident reporting data to assess frequency
and probability of occurrence of OR events.
Monitoring and control of management of large exposures
to states/areas/branches. The modalities to be prescribed
in the Loan Policy.
Issues in ORM
Qualitative vs Quantitative approach
Mapping of existing business lines to the standard
business lines
Data collection
Proper identification of key risk indicators
Monitoring of databases
Gathering loss data
Estimating frequency/severity of loss
Quality of data
Cost/technology implications
Overlap with Credit and Market Risk
Distribution of Operational Losses
Expected
Loss-Loss Prov.
Absorbed
Unexpected
Loss -Op. Risk
Capital
Catastrophic
Loss -Risk financing using
Core Capital
Likelihood
of
Loss
Magnitude of loss
Expected Loss
Expected Loss (EL) - likelihood of failure and likely loss
severity given that a failure occurs
Exposure Indicator (EI) - proxy for the size of a particular
business line’s OR exposure
Probability of loss Event (PE) - probability of occurrence
of loss event
Loss Given that event (LGE) - proportion of transaction
or exposure that would be expressed as loss, given the
default
EL = EI X PE X LGE
The integrated operational risk management
framework
1. Op risk identification
5. Op risk management
Assessment of risks
Action plans by business
and risk management,
including business
continuity plans and
insurance programmes
Business activity
Exposure to risk types
Business environment
Control environment
All businesses
4. Op risk capital
Risk based
Operational
economic and
regulatory capital is
attributed to every
business
All new products
All new initiatives
2. Op risk measurement
Internal loss experience
Scenario analysis
Stress Scenarios
3. Op risk analysis and monitoring and reporting
Operational risk limit
Conclusion
Measurement should not be ignored rather focus should
be shifted to internal controls.
The internal control measures & measurements given by
Pilar II are not close to adequate, regulatory capital would
be an incentive for banks to develop own internal
measurement techniques.
Accurate measurement of OR cannot be the main focus
of regulators given the current constraints in data
collection and availability, a thought process has been
definitely put in place across the banking industry.
CONCLUSIONISSUES IN OR MANAGEMENT
DEFINE
MONITOR
MEASURE
MITIGATE
Thanks!!!