Transcript Operational Risk - Microfinance-India-Home

Operational Risk
S.Ramesh
Sa-Dhan
Risk categories and their importance for MFI
Risk categories
Credit
Market
Rating
Loan portfolio risk
XXXXX
Interbank risk
XX
Interest rate risk
XXXX
Currency risk
Liquidity
Liquidity risk
XXXXX
Other risk
Performance risk
XXXXX
Compliance risk
XXXXX
Reputation risk
XXXX
Country risk
Operational risk
Operational risk
XXXXX
Operational risk is every MFI's greatest
fear.
Credit Risk
Staff
Human Error
Disbursements /
Re payments
Management System Failures
Control Failures
Compliance
Rapid Expansion
Legal
Premises
Business Continuity
Fraud
Information Technology
Multiple
Financing
Market Risk
Operational Risk
•
Circumstances that have been identified and if left
unattended may lead to a loss in the future, example :
technology
•
Happening or occurrences that are indicative of the
underlying risk, they might have resulted in an economic
loss, but did not, example : large cash balances; no
monetary loss yet
•
Incidents that resulted in a monetary loss Example: Small
frauds
OR can arise from:

Internal and external fraud

Failure to comply with laws or meet workplace safety standards

Policy breaches

Failure to meet regulatory requirements

Personnel risks

Damage to physical assets

Business disruptions

Transaction processing failures (execution, errors)

Failure of internal controls and corporate governance
But how do you define, analyze and solve a
potential problem before it has even arisen?
“ Operational Risk is the risk of loss resulting from
inadequate or failed internal processes, people and
systems or from external events”





People
Process
Technology
Reputation
Operating Environment
But how do you define, analyze and solve a
potential problem before it has even arisen?




Systems
Legal
External Events
Includes legal risk but excludes strategic risk
Operational risk (OR) – People Risk
OR is more than people and technology risk. It encompasses all the hidden
dangers that do not come under the umbrella of market or credit risk.
People:
 Positing of Staff in Key Areas
 Competency of Staff
 Insufficient training,
 negligence, integrity, etc.
 Work Environment
 Employee Motivation
 HR initiatives
 Frequency and impact of staff turnover/rotation
Operational risk (OR) – Process Risk
Transaction risk:





Operational Manual to execute Transaction
Frequency of execution of errors in transactions
Business volume fluctuation/ concentration
Organizational complexity
Product complexity, and major changes
Operational Control risk







Frequency of Violation of operational controls ( exceeding limits, powers)
Efficiency of information flows
Frequency of operational disruption
Operational Control: inadequate segregation of duties
lack of management supervision
inadequate procedures.
Risk due to loose security at operational points ( overnight cash)
Operational risk (OR) – Technology Risk
Technology:
 Poor technology and Partial /disconnect computerization

Obsolete applications

lack of full automation for consolidation and /or accounts and Operations

MIS complexity, poor design, development and testing.
 Systems failure
 Volume of transaction Vis-a- Vis level of system development and capacity

Level of Manual intervention required to process transactions
 Validity of IT systems
 IT related frauds
Operational risk (OR) –
Reputation risk
 Customer perception of the Company/MFI
 Mostly dependent of Field officer
 Individual is recognized than the institution by the customer
 Public /Politicians perception of MFIs
Operating Environment
 Unanticipated changes in external environment
 Multiple lending
 Macro Economic Factors like loan waiver, low fund flow to MFIs leading to
failure to keep up commitments to customers
Operational Risk - 7 OP Risk types
Internal Fraud
External Fraud
Employment Practices
Professional Practices
Loss/Damage to assets
Business disruption & system failures
Transaction processing risk
Interconnection of Operational Risks
Dependencies
Operational
Risk
Categories
Internal
People
External
Process
Connectivity
of
Operational
Risk
Exposure
Technology
Change
Complexity
Sources
Complacency
Likely drivers
of Operational
Risk associated
with each
Operational Risk
Category
Risk types contd…

Internal fraud: intended to defraud, misappropriate property,
employee theft

External fraud: robbery, forgery, Collusion.

Employment practices and workplace safety: workers
compensation claims, organized labor activities likely

Business disruptions and system failures: hw. and sw. failure.

Execution, delivery and process management: data entry errors,
incomplete legal documentation, unapproved access given to client
accounts.
How can we addressing Operational Risk?

Transfer the risk to another party (e.g. through
insurance)

Accept and manage the risk through effective
management monitoring and control

Put appropriate fall-back plans in place to reduce the
impact in case of an operational failure.

Least- Avoid the risk by withdrawing from a business
activity
OR Management
 Risk Management systems-adequacy, demarcation




of responsibilities, day-to-day supervision
Areas- Cash management, internal control &
housekeeping, AML controls
Robust internal controlEffective internal Inspection/Audit
KYC & AML measures-emphasis
ORM Practices should be based on policy duly
approved at the board level that describes the
processes involved in controlling OR.
 Clear strategies and oversight by the Board: Board of Directors
should approve and review the MFIs ORM framework.
 Internal Control System: ORM framework is subject to effective
internal audit by operationally independent and competent staff.
 Strong Operational Risk Culture: ORF should be implemented
throughout the whole organization, all levels of staff should understand
their responsibilities.
 Contingency Planning: MFIs should have contingency and business
continuity plans to operate on an ongoing basis and limit losses.
 Effective internal reporting: Senior management have responsibility
for developing policies, processes and procedures for managing OR.
Risk Monitoring and Control Practices
should be implemented.
 Collection of Operational Risk Data (incident reporting
framework)
 Regular monitoring and feedback mechanism in place for
monitoring any deterioration in OR profile.
 Collation of incident reporting data to assess frequency
and probability of occurrence of OR events.
 Monitoring and control of management of large exposures
to states/areas/branches. The modalities to be prescribed
in the Loan Policy.
Issues in ORM
 Qualitative vs Quantitative approach
 Mapping of existing business lines to the standard
business lines
 Data collection




Proper identification of key risk indicators
Monitoring of databases
Gathering loss data
Estimating frequency/severity of loss
 Quality of data
 Cost/technology implications
 Overlap with Credit and Market Risk
Distribution of Operational Losses
Expected
Loss-Loss Prov.
Absorbed
Unexpected
Loss -Op. Risk
Capital
Catastrophic
Loss -Risk financing using
Core Capital
Likelihood
of
Loss
Magnitude of loss
Expected Loss
 Expected Loss (EL) - likelihood of failure and likely loss
severity given that a failure occurs
 Exposure Indicator (EI) - proxy for the size of a particular
business line’s OR exposure
 Probability of loss Event (PE) - probability of occurrence
of loss event
 Loss Given that event (LGE) - proportion of transaction
or exposure that would be expressed as loss, given the
default
EL = EI X PE X LGE
The integrated operational risk management
framework
1. Op risk identification
5. Op risk management
Assessment of risks
Action plans by business
and risk management,
including business
continuity plans and
insurance programmes
 Business activity
 Exposure to risk types
 Business environment
 Control environment
All businesses
4. Op risk capital
Risk based
Operational
economic and
regulatory capital is
attributed to every
business
All new products
All new initiatives
2. Op risk measurement
 Internal loss experience
 Scenario analysis
 Stress Scenarios
3. Op risk analysis and monitoring and reporting
Operational risk limit
Conclusion
 Measurement should not be ignored rather focus should
be shifted to internal controls.
 The internal control measures & measurements given by
Pilar II are not close to adequate, regulatory capital would
be an incentive for banks to develop own internal
measurement techniques.
 Accurate measurement of OR cannot be the main focus
of regulators given the current constraints in data
collection and availability, a thought process has been
definitely put in place across the banking industry.
CONCLUSIONISSUES IN OR MANAGEMENT
 DEFINE
 MONITOR
 MEASURE
 MITIGATE
Thanks!!!