| The operational risk requirements of
| |
| | monitoring and controlling the bank's
|
| Basel II proposes three measurement
| |
| | operational risk profile. This
|
| methodologies for calculating the
| |
| | information must play a major role in
|
| operational risk capital charges. These
| |
| | risk reporting, management reporting,
|
| are the Basic Indicator Approach, the
| |
| | internal capital allocation, and risk
|
| Standardized Approach and the Advanced
| |
| | analysis.-Operational risk exposures and
|
| Measurement Approach.Under the Basic
| |
| | loss experience must be reported
|
| Indicator Approach banks must hold
| |
| | regularly to business unit management,
|
| capital for operational risk equal to the
| |
| | senior management, and to the board of
|
| average over the previous three years of
| |
| | directors.-The bank's operational risk
|
| a fixed percentage (15% for this
| |
| | management system must be well documented
|
| approach) of positive annual gross income
| |
| | and the bank must have a routine in place
|
| (figures in respect of any year in which
| |
| | for ensuring compliance with a documented
|
| annual gross income was negative or zero
| |
| | set of internal policies, controls and
|
| are excluded).Although no specific
| |
| | procedures concerning the operational
|
| criteria are set out for use of the Basic
| |
| | risk management system, which must
|
| Indicator Approach, banks using this
| |
| | include policies for the treatment of
|
| method are encouraged to comply with the
| |
| | noncompliance issues.-Internal and/or
|
| Committee's guidance on "Sound Practices
| |
| | external auditors must perform regular
|
| for the Management and Supervision of
| |
| | reviews of the operational risk
|
| Operational Risk" (BIS; February 2003).
| |
| | management processes and measurement
|
| These principles require:-A hands on
| |
| | systems. This review must include both
|
| approach in the creation of an
| |
| | the activities of the business units and
|
| appropriate risk management
| |
| | of the independent operational risk
|
| environment,-Positive actions in the
| |
| | management function.-The validation of
|
| identification, assessment, monitoring
| |
| | the operational risk measurement system
|
| and control of operational risk,-Adequate
| |
| | by external auditors and/or supervisory
|
| public disclosure.Under the Standardized
| |
| | authorities must include the verification
|
| Approach a bank's activities are divided
| |
| | that the internal validation processes
|
| into eight business lines. Within each
| |
| | are operating in a satisfactory manner;
|
| business line, gross income is a broad
| |
| | and making sure that data flows and
|
| indicator that serves as a stand-in for
| |
| | processes associated with the risk
|
| the level of business operations and
| |
| | measurement system are transparent and
|
| therefore the probable size of
| |
| | accessible. In particular, it is
|
| operational risk exposure within each of
| |
| | necessary that auditors and supervisory
|
| these business lines. The capital charge
| |
| | authorities are in a position to have
|
| for each business line is calculated by
| |
| | easy access, whenever they judge it
|
| multiplying gross income by a factor
| |
| | necessary and under appropriate
|
| (called the "beta") assigned to that
| |
| | procedures, to the system's
|
| business line. The beta serves as a
| |
| | specifications and parameters.Because the
|
| substitute for the industry-wide
| |
| | analytical approaches for operational
|
| relationship between the operational risk
| |
| | risk continue to evolve the approach or
|
| loss experience for a given business line
| |
| | distributional assumptions used to
|
| and the aggregate level of gross income
| |
| | generate the operational risk measure for
|
| for that business line. The business
| |
| | regulatory capital purposes is not being
|
| lines and the beta factors range from 12%
| |
| | specified by the Basel Committee. A bank
|
| for "retail banking", "asset management"
| |
| | must however be able to show that its
|
| and "retail brokerage"; 15% for
| |
| | approach captures potentially severe
|
| "commercial banking" and "agency
| |
| | 'tail' loss events. Irrespective of the
|
| services" to 18% for "corporate finance",
| |
| | approach is used, a bank must demonstrate
|
| "trading & sales" and "payment &
| |
| | that its operational risk measure meets a
|
| settlement".The total capital charge is
| |
| | soundness standard comparable to that of
|
| calculated as the three-year average of
| |
| | the internal ratings-based approach for
|
| the simple summation of the regulatory
| |
| | credit risk.Based on this, bank
|
| capital charges across each of the
| |
| | supervisors will require the bank to
|
| business lines in each year. In any given
| |
| | calculate its regulatory capital
|
| year, a negative capital charges (as a
| |
| | requirement as the sum of expected loss
|
| result of negative gross income) in any
| |
| | (EL) and unexpected loss (UL), unless the
|
| business line may offset positive capital
| |
| | bank can demonstrate that it is
|
| charges in other business lines without
| |
| | adequately capturing EL in its internal
|
| limit.At national supervisory level, the
| |
| | business practices (to base the minimum
|
| supervisor can choose to allow a bank to
| |
| | regulatory capital requirement on UL
|
| use the Alternative Standardized Approach
| |
| | alone, the bank must be able to
|
| (ASA) provided the bank is able to
| |
| | demonstrate to the satisfaction of its
|
| satisfy its supervisor that this
| |
| | national supervisor that it has measured
|
| alternative approach provides an improved
| |
| | and accounted for its EL exposure).A bank
|
| basis for measurement of risks. Under the
| |
| | needs to have a credible, transparent,
|
| ASA, the operational risk capital charge
| |
| | well-documented and verifiable approach
|
| methodology is the same as for the
| |
| | for weighting these basic elements in its
|
| Standardized Approach except that two
| |
| | overall operational risk measurement
|
| business lines - "retail banking" and
| |
| | system.Internal loss data is critical to
|
| "commercial banking" where a fixed factor
| |
| | linking a bank's risk estimates to its
|
| 'm' - replaces gross income as the
| |
| | actual loss experience. Such data is most
|
| exposure indicator and is related to the
| |
| | relevant when it is clearly linked to a
|
| extent of loans granted in these
| |
| | bank's current business activities,
|
| areas.Under the Advanced Measurement
| |
| | technological processes and risk
|
| Approaches (AMA) the regulatory capital
| |
| | management procedures. To do this a bank
|
| requirement equals the risk measure
| |
| | must have documented procedures for
|
| generated by the bank's internal
| |
| | assessing the on-going relevance of
|
| operational risk measurement system using
| |
| | historical loss data, including those
|
| specific quantitative and qualitative
| |
| | situations in which judgment overrides or
|
| criteria. Use of the AMA is subject to
| |
| | other adjustments may be used, to what
|
| supervisory approval.Supervisory approval
| |
| | extent they may be used and who is
|
| has to be conditional on the bank being
| |
| | authorized to make such decisions.
|
| able to show to the satisfaction of the
| |
| | Internally generated operational risk
|
| supervisory authority that the allocation
| |
| | measures used for regulatory capital
|
| mechanism for these subsidiaries is
| |
| | purposes must be based on a minimum
|
| appropriate and can be supported
| |
| | five-year observation period of internal
|
| empirically. The quantitative standards
| |
| | loss data. However, when the bank first
|
| that apply to internally generated
| |
| | moves to the AMA, a three-year historical
|
| operational risk measures for purposes of
| |
| | data window is acceptable.To qualify for
|
| calculating the regulatory minimum
| |
| | regulatory capital purposes, a bank's
|
| capital charge are that any internal
| |
| | internal loss collection processes must
|
| operational risk measurement system must
| |
| | be able to map its historical internal
|
| be consistent with the definition of
| |
| | loss data into the relevant supervisory
|
| operational risk and a range of defined
| |
| | categories as are defined in detail in
|
| loss event types (covering all
| |
| | the Basel II Annexes. The bank must have
|
| operational aspects such as fraud,
| |
| | documented objective criteria for
|
| employee practices, workplace safety,
| |
| | allocating losses to the specified
|
| business practices, processing practices,
| |
| | business lines and event types. A bank's
|
| business disruption and loss of physical
| |
| | internal loss data must be comprehensive.
|
| assets).To qualify for use of the
| |
| | It must capture all material activities
|
| Advanced Measurement Approaches (AMA), a
| |
| | and exposures from all appropriate
|
| bank must satisfy its supervisor
| |
| | sub-systems and geographic locations. The
|
| that,-The banks board of directors and
| |
| | bank must be able to justify that any
|
| senior management, are actively involved
| |
| | excluded activities or exposures, both
|
| in the oversight of the operational risk
| |
| | individually and in combination would not
|
| management framework;-The bank has an
| |
| | significantly impact the overall risk
|
| operational risk management system that
| |
| | estimates. This should be based on an
|
| is conceptually sound and which includes
| |
| | appropriate minimum gross loss threshold
|
| an independent operational risk
| |
| | for internal loss data collection.
|
| management function that is responsible
| |
| | Additionally, a bank should collect
|
| for the design and implementation of the
| |
| | information relating the date of the
|
| bank's operational risk management
| |
| | event, any recoveries of loss amounts, as
|
| framework;-The bank has It has sufficient
| |
| | well as descriptive information about the
|
| resources to use this approach in the
| |
| | drivers or causes of the loss event. The
|
| major business lines as well as the
| |
| | level of detail in any descriptive
|
| control and audit areas.A bank using the
| |
| | information should be appropriate to the
|
| AMA will be subject to a period of
| |
| | size of the gross loss amount.Operational
|
| initial monitoring by its supervisor
| |
| | risk losses that are related to credit
|
| before it can be used for regulatory
| |
| | risk and have traditionally been included
|
| purposes. This period will allow the
| |
| | in banks' credit risk databases (e.g.
|
| supervisor to determine if the approach
| |
| | collateral management failures) must
|
| is credible and appropriate. The bank's
| |
| | continue to be treated as credit risk for
|
| internal measurement system must be able
| |
| | the purposes of calculating minimum
|
| to reasonably estimate unexpected losses
| |
| | regulatory capital. It follows that such
|
| based on the combined use of internal and
| |
| | losses will not be subject to the
|
| relevant external loss data, scenario
| |
| | operational risk capital charge.
|
| analysis and bank-specific business
| |
| | Nevertheless, for the purposes of
|
| environment and internal control
| |
| | internal operational risk management,
|
| factors.The bank's measurement system
| |
| | banks must identify all material
|
| must also be capable of supporting an
| |
| | operational risk losses consistent with
|
| allocation of economic capital for
| |
| | the scope of the definition of
|
| operational risk across business lines in
| |
| | operational risk and the defined event
|
| a manner that creates incentives to
| |
| | types, including those related to credit
|
| improve business line operational risk
| |
| | risk.A bank's operational risk
|
| management.Additionally,-The operational
| |
| | measurement system must use pertinent
|
| risk management function is responsible
| |
| | external data (either public data and/or
|
| for documenting policies and procedures
| |
| | pooled industry data), especially when
|
| concerning operational risk management
| |
| | there is any possibility to believe that
|
| and controls, designing and implementing
| |
| | the bank is potentially exposed to severe
|
| the bank's operational risk measurement
| |
| | losses, however infrequent. Additionally
|
| methodology, designing and implementing a
| |
| | a bank must use scenario analysis of
|
| risk-reporting system for operational
| |
| | expert opinion in conjunction with
|
| risk, and developing strategies to
| |
| | external data to evaluate its exposure to
|
| identify, measure, monitor and control
| |
| | high-severity events.Stanley Epstein is a
|
| mitigate operational risk,-The bank's
| |
| | Principal Associate and Director of
|
| internal operational risk measurement
| |
| | Citadel Advantage Ltd., a consultancy
|
| system must be closely integrated into
| |
| | dealing in bank operations and
|
| the day-to-day risk management processes
| |
| | specializing in Operations Risk and
|
| of the bank and its output must be an
| |
| | Payment Systems.
|
| integral part of the process of
| |
| |
|
