operational risk management.ppt
TRANSCRIPT
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 1/43
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 2/43
1
Introduction
Globalization and deregulation of financial markets,combined
with increased sophistication in financial technology, have
made banking activities very complex.
Events such as the September 11 terrorist attacks, rogue
trading losses at Barings and the Y2K scare serve to highlight
the importance of operational risk management.
Operational risks faced by banks today include fraud, system
failures, terrorism and employee compensation claims.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 3/43
2
Typical Bank Org Structure
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 4/43
3
Front Office
The more client-facing side of the business is known as thefront office.
These personnel typically include:
– sales people who act as the main contact point between the
bank and its clients.
– traders/market makers, who are responsible for executing
trades with various counterparties.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 5/43
4
Middle Office
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 6/43
5
Middle Office functions
Initial trade verification
The input of trades into relevant trading systems
Investigation of any discrepancies in trade details
Daily P&L reporting
Reconciliation and updating of trading positions
Monitoring risk limits
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 7/43
6
Middle Office functions
The middle office function attempts to bridge the gap between
– the front office
– the back office
The middle office typically gets involved in
– risk management – control aspects of trading.
The middle office personnel are capable of independently
– valuing portfolios
– analyzing risk positions.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 8/43
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 9/43
8
More about the Back Office
The term ‘operations’ or ‘back office’ describe those
operational areas within the bank that deal with the result oftrading by the front office.
Following the execution of a trade and recording of the tradewithin the system, trade details are typically fed through aninterface between the trading system and settlement system.
The starting point for the settlement of trades and allsubsequent activities is the capture of the trade details withinthe settlement system.
The moment the details of a trade are captured within thesettlement system, the trading position for both securities andcash, at a trading book level, must be updated.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 10/43
10
Trade skeleton
The typical trade information fed by a trading system andcaptured by the settlement system could be described as the‘trade skeleton’.
These are the minimum details a trader or market maker must
provide as these items are variable and cannot be guessed bythe settlement department.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 11/43
11
Recording details
Though the basic details of a trade may appear very clear-cut,the inaccurate recording of the details can lead to
unnecessary costs being incurred and risks being taken by
the STO.
In an attempt to prevent inaccurate information being sent tothe outside world, the process of validating trade information
is adopted by many banks.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 12/43
12
Trade agreement/validation
Failure of the bank and its counterparty to agree about thedetails of the trade, can result in monetary losses if the
discrepancy remains unresolved at the value date.
Consequently, it has become standard practice in many
markets to strive for trade agreement as soon as possibleafter trade execution.
In many securities marketplaces, individual trade details must
be sent to the regulator by a specified deadline.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 13/43
13
Settlement : Exchanging Securities and Cash
The exchange of securities and cash is known as settlement
with the securities industry.
The most efficient and risk-free method of settlement is
known as Delivery versus Payment (DvP).
DvP involves simultaneous exchange of securities and cash
between buyer and seller (through their custodians).
The seller is not required to deliver securities until the buyer
pays the cash.
The buyer is not required to pay cash until the seller deliversthe securities.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 14/43
14
Free of Payment
The alternative to settling a DvP basis is to settle on a Free ofPayment (FoP) basis.
Parties will need to arrange delivery of securities or payment
of cash prior to taking possession of the other asset.
Due to the risks involved, most STOs avoid settling in this
manner, whenever possible.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 15/43
15
Settlement Department
The STO must issue a settlement instruction to its custodian
in order for settlement to occur.
All pending incomes against securities must be carefully
monitored.
The first step in collection of the benefit is to become aware
that the issuer is making a specific income payment.
The bank must calculate whether it is in fact entitled to the
income.
If so, it must assess who will remit the income and monitor thereceivable amount until full payment is received.
Where it offers a safe custody service to clients, the STO is
expected to collect income on behalf of its clients.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 16/43
16
Static data
Static data (sometimes referred to as ‘standing data’) describes data that changes occasionally, or not at all.
The two principal components are:
– Securities static data
– Counterparty static data.
The data must be carefully maintained.
If for instance, the coupon rate on a bond is not set up
correctly, incorrect trade cash values will result.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 17/43
17
Static Data
Likewise, the setting up of an incorrect counterparty postaladdress could result in a client failing to receive a tradeconfirmation.
Books and records must be accurate, up-to-date, complete
and reflect reality.
Reconciliation is achieved through the comparison of specificpieces of information within the bank’s books and records,and between the bank’s books and records and the outsideworld.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 18/43
18
Compliance
The compliance officers within a bank are responsible forensuring conformity to the various rules and regulations, as
laid down by the local regulatory authority.
This includes ensuring that:
– only qualified personnel execute trades on the bank’s behalf;
– reporting of trade and positional information to the regulatory authorities
is complete and effected within the stated deadlines;
– methods of investigating trade disputes between the STO and its
counterparties are carried out in a thorough and correct manner;
– measures are taken to prevent unlawful activities within the STO, such
as insider trading
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 19/43
19
Settlement failures
Insufficient securities
Insufficient cash
Unmatched settlement instructions
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 20/43
20
Definition
The Basel Committee defines operational risk as:
"The risk of loss resulting from inadequate or failed
internal processes, people and systems or from external
events."
This definition includes legal risk, but excludes strategic and
reputational risk.
Banks can adopt their own definitions of operational risk, if the
minimum elements in the Committee's definition are included.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 21/43
21
Types of Operational Risk
Internal fraud
External fraud
Employment practices and workplace safety
Clients, products and business practices
Damage to physical assets
Business disruption and system failures
Execution, delivery and process management
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 22/43
22
Internal Fraud
Intentional misreporting of positions
Unauthorized undertaking of transactions
Deliberate mismarking of positions
Insider trading (on an employee's own account)
Malicious destruction of assets
Theft/robbery/extortion/embezzlement
Bribes/kickbacks
Forgery
Willful tax evasion
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 23/43
23
External Fraud
Theft/robbery
Forgery
Computer hacking damage
Theft of information
Check kiting
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 24/43
24
Employment practices and workplace safety
Employee compensation claims
Wrongful termination
Violation of health and safety rules
Discrimination claims
Harassment
General liability
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 25/43
25
Clients, products and business practices
Breaches of fiduciary duties
Suitability/disclosure issues (KYC, and so on)
Account churning
Misuse of confidential client information
Antitrust
Money laundering
Product defects Exceeding client exposure limits
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 26/43
26
Damage to physical assets
Natural disasters (earthquakes, fires, floods, and so on)
Terrorism
Vandalism
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 27/43
27
Business disruption and system failures
Hardware and software failures
Telecommunication problems
Utility outages/disruptions
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 28/43
28
Execution, delivery and process management
Miscommunication
Data entry errors
Missed deadline or responsibility
Model/system misoperation
Accounting errors
Mandatory reporting failures
Missing or incomplete legal documentation
Unapproved access given to client accounts
Non-client counterparty disputes
Vendor disputes
Outsourcing
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 29/43
29
Qualitative assessment
Environment
Activities
Supervision
Disclosure
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 30/43
30
Risk Assessment
Checklists
Questionnaires
Workshops
Scorecards
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 31/43
31
Operational Risk Indicators
Operational risk indicators attempt to identify potential
losses before they happen.
Some indicators are applicable to specific organizational
units (for example, transaction volumes and processing
errors).
Others can be applied across the entire bank (for example,
employee turnover, new hires and number of sick days).
In practice, the most common risk indicators are lagging or
ex-post measures.
They provide information on events that have already taken
place (eg, failed trades, settlement errors, and so on).
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 32/43
32
From lagging into leading indicators
The challenge for risk managers is to transform lagging
indicators into leading or predictive indicators.
This can be done by changing the focus of the indicators that
are tracked or by adding new information to these indicators.
Thus the focus of the indicators could be changed to highlight
issues that are still outstanding or remain open after a
specified period of time (for example, 24 hours) has elapsed.
In reality, however, it is not easy to transform lagging
indicators into predictive indicators.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 33/43
33
Statistical Approaches
Statistical approaches to operational risk measurement
generally involve the use of methodologies to quantifyoperational risk .
The approaches involve the collection of actual loss data and
the derivation of an empirical statistical distribution.
An unexpected loss amount, against which banks must hold acapital buffer, can then be calculated from the distribution.
In theory, the unexpected loss can be calculated to any
desired target confidence level.
In practice, many banks are working towards measuring
operational risk to a 99.9% confidence level.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 34/43
34
Legal risk
The Basel Committee's definition of operational risk explicitly
includes legal risk.
Legal risk is the risk of disruption or adverse impact on the
operations or condition of a bank due to:
– unenforceable contracts
– lawsuits
– adverse judgments
– other legal proceedings
It can arise due to a variety of issues, from broad legal or
jurisdictional issues to something as simple as a missing
provision in an otherwise valid agreement.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 35/43
35
Master Agreements
There are now master agreement forms for many financial
products.
These agreements:
– create a common legal framework that can be understood by all
market participants.
– cover most of the major legal points that should be agreed as part ofdocumenting the transactions.
Individual transactions are tied to master agreements with
confirmation documents containing specific terms of each
transaction.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 36/43
36
The master agreements should ideally be negotiated prior to
any individual transaction being agreed.
But, in many cases, the master agreement is only negotiated
as a consequence of the first transaction.
Master agreements cover how the parties will conduct
themselves in case of the early termination of the contractualagreements due to credit default or other unforeseen events.
The agreements specify how the exposures for more than
one transaction under the master agreement will be netted
against each other.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 37/43
Reputation risk
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 38/43
38
Reputation Risk
Negative public opinion regarding an institution's practices,
whether true or not, may result in a decline in its customerbase, expensive litigation and/or a fall in revenue.
Reputational risk may cause liquidity difficulties, fall in share
price and a significant reduction in market capitalization.
In 1994, Bankers Trust was accused of having misled
customers by selling them inappropriate derivatives positions.
Its reputation was so badly damaged that it was forced into
acquisition.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 39/43
Strategic Risk
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 40/43
40
Strategic(Business) Risk
It incorporates the risk arising from an adverse shift in the
assumptions, goals and other features that underpin a strategy.
Business Risk is a function of:
– a bank's strategic goals
– the business strategies developed to achieve these goals
– the resources deployed in pursuit of these goals
– the quality of implementation of these resources
Business risk, however, is difficult to assess in practice.
It can be particularly difficult to separate from other forms ofrisk, such as market risk.
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 41/43
Model Risk
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 42/43
42
Model Risk
Model risk arises out of the failure of a model to sufficiently
match reality, or to otherwise deliver the required results.
It can arise from a number of issues, including:
– mathematical errors (for example, in determining the formulas for valuing
more complex financial instruments)
– the lack of transparent market prices for some of the more illiquid marketfactors
– invalid assumptions
– inappropriate parameter specification
– incorrect programming
8/14/2019 Operational Risk Management.ppt
http://slidepdf.com/reader/full/operational-risk-managementppt 43/43
Dealing with model risk
Companies must model the instruments and the portfolio carefully.
Very large and unexpected moves may occur in market factorssometimes in conjunction with each other.
Liquidity can suddenly vanish.
Being based on assumptions, models are always a simplifiedrepresentation of what happens under real-life conditions.
If these assumptions break down, then the model is worthless.
Therefore, modeling for disaster as well as for normal market
conditions is highly desirable.
This is why stress testing is important in addition to value at risk
calculations.