Operational risks (ORs) are potentially fatal everyday reality for your organization and not always obvious to identify – especially in financial services. The large, sudden events are the most dangerous ones, and it takes expertise, investment and hard, diligent work to manage them.
To motivate banks, Basel II introduced OR as a component of the minimum capital requirements in 2004 and requires less capital from well-managed banks that transition from the BIA to more advanced approaches by improving the framework used to combine their own and others’ experience and expectations to facilitate appropriate actions.
Finalyse has supported a major regional banking group in its successful AMA preparation and can also support your organization along this journey however simple or complex your chosen approach is.
What benefits can you expect?
- Avoid mistakes like a “zero tolerance” policy for operational risk
- Complex treatment of all aspects of your ORM framework
- You decide if we should help your team; or get the work done for you
- You decide how simple or complex your ORM framework should be (pragmatic approach)
- You do not have to aim for AMA to benefit from talking to us
What services can Finalyse offer you?
- Operational Risk Assessment (from BIA to TSA/ASA to AMA)
- Operational Risk Model Validation (AMA or Pillar II)
- Operational Risk Quantification
- Implementation of Operational Risk Management Solutions (loss data collection, self-assessment, KRIs, scenario analyses)
Operational Risk Assessment (from BIA to TSA/ASA to AMA)
In order to establish an adequate operational risk framework, the primary issue is to find a robust risk methodology such as Value-at-Risk and be able to adapt it to the types of distributions involved in modelling extreme operational losses and provide sufficient data to feed the calculation process.
In this context banks need to cope with lack of internal data about extreme loss events due to failures or specific business events.
The key to success is to find the right mix between the use of internal and external data and to choose and calibrate the appropriate distribution-based methodologies to derive operational risk distributions and hence capital requirements.
Finalyse has quantitative, analytical and implementation skills and experience to help you face these challenges.
Operational Risk Model Validation (AMA or Pillar II)
Operational risk models are unique as they are designed to assess the risk of flawed processes, IT systems, manual operations or external events. Such risks have been present in operations since ancient times, but only recently have been included in the risk measurement techniques loop.
At Finalyse we support customers at all necessary steps to construct frameworks for operational risk measurement, starting with proper risk identification techniques, through information processing, and finally derivation of model parameters.
Our aim is to implement solutions that are value-added tools used in daily risk management, as well as strategic decision making processes. We integrate and validate methods for using methods such as Key Risk Indicators, Risk&Control Self Assessments, Scenario Analysis, External Data, Internal Loss Data.
We create a common framework that allows the organization to assess the exposure to operational risk. Validation of operational risk models requires the analysis of a vast amount of data from all of these tools. The process of validating should aim to verify if the achieved results generate a compliant view of the operational risk exposure, for example: are the RCSA segments for frequencies and severities aligned with loss database statistical parameters, are the limits for Key Risk Indicators aligned with the trends derived from scenarios and loss database, if AMA is used – are the models stable under stress tests of parameters, etc. Operational risk also requires the statistical assessment of data reliability, for which external data may be used in order to verify the adequacy of internal event database for a particular business environment. Finalyse is ready to support you in all of these themes.
Operational Risk Quantification
The greater dimension of banks and the complexity of financial markets, has given rise to an increased possibility of significant losses due to failures in systems or procedures. As this may have a dramatic impact on the institution and thus on the financial system (a classical example being Barings bank), "operational risk" remains one of the Pillar I major risks to be covered by adequate capital requirements set forth in the Basel III Capital Accord.
Operational risk is defined by the Basel committee as: "The risk resulting from inadequate or failed internal processes, people, systems or from external events". This covers a very wide range of risks, from external events like natural disasters that occur rarely but can lead to enormous losses, to simple transaction errors that occur frequently but generally do not engender large losses.
Currently three different approaches are proposed to quantify this risk in capital terms:
- The Basic Indicator Approach (BIA),
- The Standardised Approach (SA), and
- The Advanced Measurement Approach (AMA).
Specifically regarding AMA, the banks can estimate the capital themselves for each business line/event type combination. A typical way of doing this is to estimate separately the distributions of loss frequency and loss severity (in money terms). This involves the use of internal/external data as well as risk self-assessments (expert information). The probability distribution function of the operational risk loss is then computed as a combination of the frequency and the severity (giving the aggregate loss). The capital charge is based on the combination of all operational risks for each business line/event type, assuming a certain correlation level.
Finalyse can assist you in building a fully blown AMA model. This starts with the identification of risks and the definition of a data model, and progresses through the development of the statistical/expert model to quantify the capital, and the technology for reporting results.
Implementation of Operational Risk Management Solutions (loss data collection, self assessment, KRIs, scenario analysis)
For a proper implementation of a risk management solution, it is crucial that all steps of the implementation process are respected. This covers a conceptual, business and functional analysis followed by a technical analysis preceding the implementation. Finalyse consultants are very experienced in conducting and documenting these different steps, together with the required Delivery Management skills and tools. The latter are provided by Finalyse, in line with the scope of the project.