Академический Документы
Профессиональный Документы
Культура Документы
On
By
Faculty Guide:
Prof. Debarati Bhattacharjee
ICFAI BUSINESS SCHOOL.
1
TABLE OF CONTENTS
Abstract 3
Introduction
Purpose 5
Scope of study 5
Methodology 5
Limitations 6
Background 6
- Risk Management in Banks 6
- The origin of Basel 6
- The three pillar approach 7
- Challenges envisaged 8
- Challenges for Indian Banking System in BASEL II 10
Main Text
Operational Risk defined 13
The measurement methodologies 15
1. Basic Indicator Approach 15
2. Standardized Approach 18
3. Advanced Measurement Approach 23
Qualifying Criteria 24
Ten Proposals 28
BASEL II Proposals : Bank’s concerns 29
Operational Risk Policy 30
Operational Risk and New Capital Accord : Views of RBI 31
RBI stresses on Internal Control 32
Operational Risk and Insurance 32
Risk Mitigation 33
Operational Risk Management Standards 34
Conclusion 36
References 37
2
ABSTRACT:
The banking environment has dramatically changed in the recent past. In addition with
Market risk and Credit risk one such all-pervasive risk that banks face is Operational risk.
It is one of the oldest risks that all along has been managed quite informally, but of late
has suddenly caught everyone’s attention. Emergence of new risk mitigation instruments
like credit derivatives, weather derivative, securitization and other derivatives instrument
brings different types of risk. Huge losses in Forex deals or securities deals are not
uncommon in banking industry. Human omission and commission in day-to-day
operational issue expose the banks to greater risk. These are only few issues which focus
the importance of operational risk management.
The increased competition resulting out of the deregulation and globalization are making
banks activities more diverse and complex. Aggressive adoption of technology for
delivering financial services has only landed banks in new zones of operational risk.
Further, the new capital guidelines proposed by the Basel II demand that banks adopt
robust operational risk managing strategies. The Basel committee, having identified
operational risk as an important risk faced by the banks, proposed allocation of certain
minimum capital by banks to protect themselves from such losses.
Operational risk is as old as banking. It even precedes market and credit risks, and yet,
there is no universally accepted definition for it. Operational risk is often defined by what
it is not. Any risk that is not related to credit, market and liquidity risk is identified as
operational risk. The Basel committee on Banking Supervision defined operational risk as
“the risk of loss resulting from inadequate or failed internal processes, people and
systems or from externals events. This definition includes legal risk but excludes strategic
and reputation risk”.
At present, there is no agreed upon universal definition of operational risk. Many banks
have defined operational risk as any risk not categorised as market or credit risk and some
have defined it as the risk of loss arising from various types of human or technical error.
Many banks associate operational risk with settlement or payments risk and
business interruption, administrative and legal risks. Several types of events (settlement,
collateral and netting risks) are seen by some banks as not necessarily classifiable as
operational risk and may contain elements of more than one risk. All banks see some
form of link between credit, market and operational risk. In particular, an operational
problem with a business transaction (for example, a settlement fail) could create market
3
or credit risk. While most banks view technology risk as a type of operational risk, some
banks view it as a separate risk category with its own discrete risk factors.
The majority of banks associate operational risk with all business lines, including
infrastructure, although the mix of risks and their relative magnitude may vary
considerably across businesses. Many banks have targeted operational risk as most
important in business lines with high volume, high turnover (transactions/time), high
degree of structural change, and/or complex support systems. Operational risk is seen to
have a high potential impact in business lines with those characteristics, especially if the
businesses also have low margins, as occurs in certain transaction processing and
payments-system related activities. Operational risk in trading activities was seen by
several banks as high. A few banks stressed that operational risk was not limited to
traditional “back office” activities, but encompassed the front office and virtually any
aspect of the business process in banks.
INTRODUCTION:
4
PURPOSE
This project shall discuss what operational risk is all about; how Basel II expects banks to
allocate capital against operational risk and the challenges posed by the suggested
methodologies for measuring operational risk to banks. The project also deals with the
mitigation of operational risk. It also discusses the issue relating to additional supervisory
scrutiny of risk management and disclosure of size of capital charge and techniques used
to calculate it.
Moreover, the project will definitely be an experiential learning process, which will
provide the practical essence of banking operation related to operational risk
management.
SCOPE OF STUDY
Basel II is a three pillar based approach, which seeks to develop a comprehensive and
sophisticated systems for banks to assess various risks to which they are exposed. The
first pillar deals with issues relating to minimum capital requirements, the second pillar
prescribed the supervisory review process. The third pillar is concerned with market
discipline or Public Disclosure.
The new accord is based on risk-sensitive Minimum Capital Requirement (MCR)
supplemented by appropriate supervisory process and market discipline. MCR will be
calculated on the basis of three risk perceptions, namely, credit risk, market risk and
Operational risk.
METHODOLGY
LIMITATIONS
5
Complexity and vastness of the project requires lot of time and study.
Absence of practical exposure in banking operation is one of the major
limitations of the project.
Unavailability of real data will not result in meaningful conclusion.
BACKGROUND
6
The Three Pillar Approach
The capital framework proposed in the New Basel Accord consists of three pillars, each
of which reinforces the other. The first pillar establishes the way to quantify the minimum
capital requirements, is complemented with two qualitative pillars, concerned with
organizing the regulator's supervision and establishing market discipline through public
disclosure of the way that banks implement the Accord. Determination of minimum
capital requirements remains the main part of the agreement, but the proposed methods
are more risk sensitive and reflect more closely the current situation on financial markets.
The first pillar establishes a way to quantify the minimum capital requirements. While the
new framework retains both existing capital definition and minimal capital ratio of 8%,
some major changes have been introduced in measurement of the risks. The main
objective of Pillar I is to introduce greater risk sensitivity in the design of capital
adequacy ratios and, therefore, more flexibility in the computation of banks' individual
risk. This will lead to better pricing of Risks.
Regulatory capital is defined as the minimum capital; banks are required to hold by the
regulator, i.e. "The amount of capital a bank must have". It is the summation of Tier I and
Tier II capital.
1. Credit Risk:
The changes proposed to the measurement of credit risk are considered to have most far
reaching implications. Basel II envisages two alternative ways of measuring credit risk.
The standardized approach is conceptually the same as the present Accord, but is more
risk sensitive. The bank allocates a risk-weight to each of its assets and off-balance-sheet
positions and produces a sum of risk-weighted asset values. Individual risk weights
currently depend on the broad category of borrower (i.e. sovereigns, banks or corporate).
Under the new Accord, the risk weights are to be refined by reference to a rating provided
by an external credit assessment institution that meets strict standards. Under the IRB
approach, distinct analytical frameworks will be provided for different types of loan
exposures. The framework allows for both a foundation method in which a bank estimate
the probability of default associated with each borrower, and the supervisors will supply
the other inputs and an advanced IRB approach, in which a bank will be permitted to
supply other necessary inputs as well. Under both the foundation and advanced IRB
approaches, the range of risk weights will be far more diverse than those in the
standardized approach, resulting in greater risk sensitivity.
7
2. Operational Risk:
Basel II Accord set a capital requirement for operational risk. It defines operational risk
as "the risk of direct or indirect loss resulting from inadequate or failed internal processes,
people and systems or from external events". Banks will be able to choose between three
ways of calculating the capital charge for operational risk – the Basic Indicator Approach,
the Standardized Approach and the advanced measurement Approaches.
The supervisory review process requires supervisors to ensure that each bank has sound
internal processes in place to assess the adequacy of its capital based on a thorough
evaluation of its risks. Supervisors would be responsible for evaluating how well banks
are assessing their capital adequacy needs relative to their risks. This internal process
would then be subject to supervisory review and intervention, where appropriate.
The third pillar of the new framework aims to bolster market discipline through enhanced
disclosure by banks. Effective disclosure is essential to ensure that market participants
can better understand banks' risk profiles and the adequacy of their capital positions. The
new framework sets out disclosure requirements and recommendations in several areas,
including the way a bank calculates its capital adequacy and its risk assessment methods.
The core set of disclosure recommendations applies to all banks, with more detailed
requirements for supervisory recognition of internal methodologies for credit risk, credit
risk mitigation techniques and asset securitization.
Challenges Envisaged
Against the above background and the complexities involved as also the areas of
"constructive ambiguity" in concepts and their application we envisage the following
regulatory and supervisory challenges ahead:
• India has three established rating agencies in which leading international credit
rating agencies are stakeholders and also extend technical support. However, the
level of rating penetration is not very significant as, so far, ratings are restricted to
issues and not issuers. While Basel II gives some scope to extend the rating of
issues to issuers, this would only be an approximation and it would be necessary
for the system to move to ratings of issuers. Encouraging ratings of issuers would
be a challenge.
• Basel II provides scope for the supervisor to prescribe higher than the minimum
capital levels for banks for, among others, interest rate risk in the banking book
and concentration of risks / risk exposures. As already stated, we in India have
8
initiated supervisory capacity building to identify slackness and to assess /
quantify the extent of additional capital which may be required to be maintained
by such banks.
• Cross border issues have been dealt with by the Basel Committee on Banking
Supervision recently. But, in India, foreign banks are statutorily required to
maintain local capital and the following issues would therefore, require to be
resolved by us.
• Whether the internal models approved by their head offices and home country
supervisor adopted by the Indian branches of foreign banks need to be validated
again by the Reserve Bank or whether the validation by the home country
supervisor would be considered adequate?
• Whether the data history maintained and used by the bank should be distinct for
the Indian branches compared to the global data maintained and used by the head
office?
• Whether capital for operational risk should be maintained separately for the
Indian branches in India or whether it may be maintained abroad at head office?
• Basel II could actually imply that the minimum requirements could become pro-
cyclical. No doubt prudent risk management policies and Pillars II and III would
help in overall stability. We feel that it would be preferable to have consistent
prudential norms in good and bad times rather than calibrate prudential norms to
counter pro-cyclicality.
• Banks adopting IRB Approach will be much more risk sensitive than the banks on
Standardized Approach, since even a small change in degree of risk might
translate into a large impact on additional capital requirement for the IRB banks.
Hence IRB banks could avoid assuming high risk exposures. Since banks
adopting Standardized Approach are not equally risk sensitive and since the
relative capital requirement would be less for the same exposure, the banks on
Standardized Approach could be inclined to assume exposures to high risk clients,
which were not financed by IRB banks. As a result, high risk assets could flow
towards banks on Standardized Approach which need to maintain lower capital on
these assets than the banks on IRB Approach.
9
• Similarly, low risk assets would tend to get concentrated with IRB banks which
need to maintain lower capital on these assets than the Standardized Approach
banks. Hence, system as a whole may maintain lower capital than warranted.
A feature, somewhat unique to the Indian financial system is the diversity of its
composition. We have the dominance of Government ownership coupled with significant
private shareholding in the public sector banks and we also have cooperative banks,
Regional Rural Banks and Foreign bank branches. By and large the regulatory standards
for all these banks are uniform.
Costly Database Creation and Maintenance Process: The most obvious impact of BASEL II
is the need for improved risk management and measurement. It aims to give impetus to
the use of internal rating system by the international banks. More and more banks may
have to use internal model developed in house and their impact is uncertain. Most of
these models require minimum 5 years bank data which is a tedious and high cost process
as most Indian banks do not have such a database
Additional Capital Requirement: In order to comply with the capital adequacy norms we
will see that the overall capital level of the banks will raise a glimpse of which was seen
when the RBI raised risk weightage for mortgages and home loans in October 2004. Here
there is a worrying aspect that some of the banks will not be able to put up the additional
capital to comply with the new regulation and they may be isolated from the global
banking system.
Large Proportion of NPA's: A large number of Indian banks have significant proportion of
NPA's in their assets. Along with that a large proportion of loans of banks are of poor
quality. There is a danger that a large number of banks will not be able to restructure and
survive in the new environment. This may lead to forced mergers of many defunct banks
with the existing ones and a loss of capital to the banking system as a whole.
Relative Advantage to Large Banks: The new norms seem to favor the large banks that have
better risk management and measurement expertise. They also have better capital
adequacy ratios and geographically diversified portfolios. The smaller banks are also
likely to be hurt by the rise in weightage of inter-bank loans that will effectively price
them out of the market. Thus banks will have to restructure and adopt if they are to
survive in the new environment.
Increased Pro-Cyclicality: The appropriate question is not then whether Basel II introduces
pro-cyclicality but whether it increases it. The increased importance to credit ratings
10
under Basel II could actually imply that the minimum requirements could become pro-
cyclical as banks are required to raise capital levels for loans in times of economic crises.
Low Degree of Corporate Rating Penetration: India has as few as three established rating
agencies and the level of rating penetration is not very significant as, so far, ratings are
restricted to issues and not issuers. While Basel II gives some scope to extend the rating
of issues to issuers, this would only be an approximation and it would be necessary for
the system to move to ratings of issuers. Encouraging ratings of issuers would be a
challenge.
Cross Border Issues for Foreign Banks: In India, foreign banks are statutorily required to
maintain local capital and the following issues are required to be resolved;
• Validation of the internal models approved by their head offices and home
country supervisor adopted by the Indian branches of foreign banks.
• Date history maintained and used by the bank should be distinct for the Indian
branches compared to the global data used by the head office
• capital for operational risk should be maintained separately for the Indian
branches in India
Risk Management Resources: Experts say that dearth of risk management expertise in the
Asia Pacific region will serve as a hindrance in laying down guidelines for a basic
framework for the new capital accord.
Communication gap: An integrated risk management concept, which is the need of the
hour to align market, credit and operational risk, will be difficult due to significant
disconnect between business, risk managers and IT across the organizations in their
existing set up.
11
• 51.6 per cent said due to low levels of computerization,
• 87 per cent said due to absence of robust internal credit rating mechanism,
• 80.6 per cent said due to lack a strong management information system,
• And 58 per cent said due to lack of sufficient training and education to reach the
levels to conform to the provisions of Basel-II.
MAIN TEXT:
12
operational risk. The Basel committee on Banking Supervision defined operational risk as
“the risk of loss resulting from inadequate or failed internal processes, people and
systems or from externals events. This definition includes legal risk but excludes strategic
and reputation risk”.
Business
Processes
Business People
Environmen
t Operationa
l Constant
Risk Change
Business
Strategy Control
Systems
IT Systems
Analysis of Components
Internal process and system related areas of operational risk may be of the following
nature:
• Payment/settlement risk due to breakdown in process/reconciliation system.
• Incorrect processing of service charges/cost (other than interest matter).
13
• Inappropriate product selection/product complexity especially in related segments.
• Lack of integration of various processes e.g. deposit of cash by a customer of D/D
and subsequent issue of D/D
• Inadequate infrastructure for control of process/systems.
• Inadequate data information execution.
14
(3) Advanced Measurement Approaches (AMA)
• Banks are encouraged to move along the spectrum of available approaches as they
develop more sophisticated operational risk measurement systems and practices.
• Internationally active banks and banks with significant operational risk exposures
(for example, specialized processing banks) are expected to use an approach that
is more sophisticated than the Basic Indicator Approach and that is appropriate for
the risk profile of the institution.
• A bank will be permitted to use the Basic Indicator or Standardized Approach for
some parts of its operations and an AMA for others provided certain minimum
criteria are met.
• A bank will not be allowed to choose to revert to a simpler approach once it has
been approved for a more advanced approach without supervisory approval.
Banks using the Basic Indicator Approach must hold capital for operational risk equal to
the average over the previous three years of a fixed percentage (denoted alpha) of positive
annual gross income. Figures for any year in which annual gross income is negative or
zero, should be excluded from both the numerator and denominator when calculating the
average. The charge may be expressed as follows:
KBIA = GI *α
Where,
KBIA = the capital charge under the Basic indicator approach.
GI = average annual gross income over the previous three years.
α = 15%, which is set by the committee, relating the industry- wide level of
the required capital to the industry-wide level of the indicator.
‘Gross Income’ for the above purpose consists of net interest income plus non-interest
income. Extra- ordinary income/expenses are to be ignored.
Gross income is defined as net interest income plus net non-interest income. It is
Intended that this measure should:
(i) Be gross of any provisions (e.g. for unpaid interest).
(ii) Be gross of operating expenses, including fees paid to outsourcing service.
(iii) Exclude realized profits/losses from the sale of securities in the banking book.
15
and
(iv) Exclude extraordinary or irregular items as well as income derived from insurance.
As a point of entry for capital calculation, no specific criteria for use of the Basic
Indicator Approach is set out in this Framework. Nevertheless, banks using this approach
are encouraged to comply with the Committee’s guidance on Sound Practices for the
Management and Supervision of Operational Risk.
Example:
Say gross income for the last three years is respectively Rs.20000, 30000 and 80000. So
the capital requirement under the basic indicator approach is Rs.6500 as shown in Table
16
2007 1540
Total 4380
Average 1460 0.15 219
Bank of Baroda
Gross
Year Alpha (α) KBIA
Income
2005 670
2006 825
2007 1025
Total 2520
Average 840 0.15 126
ICICI Bank
Gross
Year Alpha (α) KBIA
Income
2005 2005
2006 2540
2007 3110
Total 7655
Average 2551.666667 0.15 382.75
HDFC
Bank
Gross
Year Alpha (α) KBIA
Income
2005 665
2006 870
2007 1140
Total 2675
Average 891.6666667 0.15 133.75
Axis Bank
Gross
Year Alpha (α) KBIA
Income
2005 335
2006 485
2007 660
Total 1480
Average 493.3333333 0.15 74
17
• In the Standardized Approach, banks’ activities are divided into eight business
lines: Corporate finance, trading & sales, retail banking, commercial banking,
payment &settlement, agency services, asset management, and retail brokerage.
• Within each business line, gross income is a broad indicator that serves as a proxy
for the scale of business operations and thus the likely scale of operational risk
exposure within each of these business lines.
• The capital charge for each business line is calculated by multiplying gross
income by a factor (denoted beta) assigned to that business line. Beta serves as a
proxy for the industry-wide relationship between the operational risk loss
experience for a given business line and the aggregate level of gross income for
that business line.
• The total capital charge is calculated as the three-year average of the simple
summation of the regulatory capital charges across each of the business lines in
year. In any given year, negative capital charges (resulting from negative gross
income) in any business line may offset positive capital charges in other business
lines without limit. However, where the aggregate capital charge across all
business lines within a given year is negative, then the input to the numerator for
that year will be zero.
18
KTSA = Σ (GI1-8 Х ß1-8)
Where
KTSA = the capita charge under the standardized Approach
GI1-8 = the average annual level of income over the past three years, as defined
above in the Basic Indicator Approach, for each of the eight business
lines.
ß1-8 = a fixed percentage fixed by the committee, relating the level of required
capital to the level of the gross income for each of the eight business lines.
19
Retail Banking 881.67 0.12 105.80
Commercial
Banking 1046.67 0.15 157.00
Payment &
Settlement 238.33 0.18 42.90
Agency Services 128.33 0.15 19.25
Asset Management 198.33 0.12 23.80
Retail Brokerage 133.33 0.12 16.00
KSA 686.35
Bank of Baroda
Trading Payment
Corporate Retail Commercial Agency Asset Retail
Year and &
Finance Banking Banking Services Management Brokerage
Sales Settlement
2005 180 70 95 165 50 30 40 40
2006 205 95 80 190 70 55 70 60
2007 290 115 95 225 80 60 85 75
Total 675 280 270 580 200 145 195 175
Average 225.00 93.33 90.00 193.33 66.67 48.33 65.00 58.33
ICICI Bank
20
Trading Payment
Corporate Retail Commercial Agency Asset Retail
Year and &
Finance Banking Banking Services Management Brokerage
Sales Settlement
2005 470 295 405 420 160 60 90 105
2006 580 350 510 525 230 95 120 130
2007 705 400 645 655 270 120 155 160
Total 1755 1045 1560 1600 660 275 365 395
Average 585.00 348.33 520.00 533.33 220.00 91.67 121.67 131.67
At national supervisory discretion a supervisor can choose to allow a bank to use the
Alternative Standardized Approach (ASA) provided the bank is able to satisfy its
supervisor that this alternative approach provides an improved basis by, for example,
avoiding double counting of risks. Once a bank has been allowed to use the ASA, it will
not be allowed to revert to use the standardized Approach without the permission of its
supervisor.
Under the ASA, the operational capital charge/methodology is the same as for the
Standardized Approach except for the two business lines- retail banking and commercial
banking. For these business lines, loans and advances -multiplied by a fixed factor ‘m’-
replace gross income as the exposure indicator. The betas for retail and commercial
banking are unchanged from the Standardized Approach. The ASA operational risk
capital charge for retail banking (with the same basic formula for commercial banking)
can be expressed as:
21
For the purposes of the ASA, total loans and advances in the retail banking business line
consists of the total drawn amounts in the following credit portfolios: retail, SMEs treated
as retail, and purchased retail
receivables. For commercial banking, total loans and advances consists of the drawn
amounts in the following credit portfolios: corporate, sovereign, bank, specialized
lending, SMEs treated as corporate and purchased corporate receivables. The book value
of securities held in the banking book should also be included.
Under the ASA, banks may aggregate retail and commercial banking (if they wish to)
using a beta of 15%. Similarly, those banks that are unable to disaggregate their gross
income into the other six business lines can aggregate the total gross income for these six
business lines using a beta of 18%, with negative gross income treated as described
above.
As under the Standardized Approach, the total capital charge for the ASA is calculated as
the simple summation of the regulatory capital charges across each of the eight business
lines.
Average Beta
Business Lines GROSS INCOME (GI) GI (ß) GI*ß m LA*ß*m KASA
Year 1 Year 2 Year 3
Corporate Finance 4200 2500 2300 3000 18% 540 540
Trading and Sales 1200 1300 3500 2000 18% 360 360
Payment & Settlement 2000 4000 3000 3000 18% 540 540
Agency Services 3000 5000 4000 4000 15% 600 600
Asset Management 500 1200 1300 1000 12% 120 120
Retail Brokerage 2000 1500 2500 2000 12% 240 240
LOANS & ADVANCES
(LA) Average LA LA*ß
55000
Retail Banking 0 450000 500000 500000 12% 60000 0.035 2100 2100
40000 100000 130000
Commercial Banking 0 0 0 900000 15% 135000 0.035 4725 4725
TOTAL KASA 9225
Under this method, banks are permitted to use their in-house model to calculate the
required capital, subject to, of course, supervisory approval on the following:
• Active involvement of directors and senior management in the oversight of the
operational risk management framework.
22
• Implementation of conceptually sound risk management system with integrity.
• Process of sufficient resources that are required to manage different business lines
and to manage “control” and “audit” functions effectively.
As the approach to measurement of operational risk is still not perfected as much as the
measurement of market risk or credit risk, banks are in dilemma as to how to implement
the advanced model approach. The consultation paper has, however, identified three
forms of models for estimating operational risk:
Under this method, the expected losses in each business lines are calculated by examining
the average of past losses experienced, and then multiplied by a standard Gama” factor to
derive a figure for unexpected or worst case losses which give the capital requirement.
As in case pf VaR this method attempts top fit a statistical distribution of the historical
losses and derives the capital requirement from a confidence level on this distribution.
Scorecard Approach
Under this method, bank start estimating historical loss data as in the previous two
methods, but also take into consideration the future risk such as staff turnover and the
qualitative assessment of the bank’s control environment.
Amongst the three models, the scorecard approach is perceived as an attractive approach
for it offers the following advantages:
• It provides a more complete and accurate measure of operational risk, by
incorporating forward-looking risk indicators and qualitative assessments of the
control environment as well as loss data.
• It gives managers much stronger incentives to reduce risks, and much better tools
to help them identify how to do so.
• It is much easier to implement and also easier to adapt as the requirements of the
bank and the regulators evolve over time.
The first two methods have measure defects. They fails to take into account the loss type
that have not yet occurred and secondly, they fails to adapt to the recent changes in the
23
risk environment that have altered the probability of likely impact of the events. As
against this, the scorecard approach captures these two issues by focusing on general risk
classes and on the risk factor that are internal and external to the bank that drives the
probability of these risks. There is, however, an element of ‘subjectivity’ under the
scorecard approach in assigning weights to each item.
Qualifying criteria
• In order to qualify for use of the Standardized Approach, a bank must satisfy its
supervisor that, at a minimum:
(A) Its board of directors and senior management, as appropriate, are actively
involved in the oversight of the operational risk management framework.
(C) It has sufficient resources in the use of the approach in the major business
lines as well as the control and audit areas.
• A bank must develop specific policies and have documented criteria for
mapping gross income for current business lines and activities into the
standardized framework. The criteria must be reviewed and adjusted for new or
changing business activities as appropriate.
(A) The bank must have an operational risk management system with
clear responsibilities assigned to an operational risk management
function. The operational risk management function is responsible for
developing strategies to identify, assess, monitor and control/mitigate
operational risk; for codifying firm-level policies and procedures
concerning operational risk management and controls; for the design and
implementation of the firm’s operational risk assessment methodology;
and for the design and implementation of a risk-reporting system for
operational risk.
24
(B) As part of the bank’s internal operational risk assessment system, the
bank must systematically track relevant operational risk data including
material losses by business line. Its operational risk assessment system
must be closely integrated into the risk management processes of the
bank. Its output must be an integral part of the process of monitoring and
controlling the banks operational risk profile. For instance, this
information must play a prominent role in risk reporting, management
reporting, and risk analysis. The bank must have techniques for creating
incentives to improve the management of operational risk throughout the
firm.
(F) The bank’s operational risk assessment system (including the internal
validation processes) must be subject to regular review by external
auditors and/or supervisors.
• In order to qualify for use of the AMA a bank must satisfy its supervisor that, at
a minimum:
25
(C) It has sufficient resources in the use of the approach in the
major business lines as well as the control and audit areas.
26
taking appropriate action according to the information within the
management reports.
• Given the continuing evolution of analytical approaches for operational risk, the
Committee is not specifying the approach or distributional assumptions used to
generate the operational risk measure for regulatory capital purposes. However, a
bank must be able to demonstrate that its approach captures potentially severe
‘tail’ loss events. Whatever approach is used, a bank must demonstrate that its
operational risk measure meets a soundness standard comparable to that of the
internal ratings-based approach for credit risk,(i.e. comparable to a one year
holding period and a 99.9th percentile confidence interval).
• The Committee recognizes that the AMA soundness standard provides significant
flexibility to banks in the development of an operational risk measurement and
management system. However, in the development of these systems, banks must
27
have and maintain rigorous procedures for operational risk model development
and independent model validation. Prior to implementation, the Committee will
review evolving industry practices regarding credible and consistent estimates of
potential operational losses. It will also review accumulated data, and the level of
capital requirements estimated by the AMA, and may refine its proposals if
appropriate.
Ten Principles
Basel committee has identified the following 10 principles for successful management of
operational risk:
28
• It is obvious that an internationally active bank has more exposure to operational
risk than a “domestic-centered” bank by virtue of its leaning towards large scale
fee-generating activities such as instantaneous payments and transfer of funds,
trading in global financial markets on behalf of the clients etc. However, the
proposed method of calculating capital charge does not take into consideration the
source of income, its volatility and the level of exposure. Instead, this method
treats both on par.
• Some banks have averred that the Beta factors assigned to various lines of
business under the standardized approach are high and are only applicable for
banks having above average exposure to operational risk.
• It felt that there are no incentives such as reduction in capital charge, etc., for
banks to move from the basic indicator method to standardized approach, though
the qualifying criteria for such switch over calls for significant investment.
• The guidelines indicate that the banks should use internal data, external data,
scenario analysis and other qualitative adjustments to arrive at the capital
allocation under operational risk. However, it is desirable to grant discretion to
banks using whichever data they feel would be more suitable in the given context.
• Some banks strongly feel that “business strategy”, which is a choice of direction
to steer towards in future, is in itself highly risk prone and yet it is not captured in
the definitions. They argue that any major change in strategy usually requires a
change in the organizational structure, information and control systems, attitudes
and the training requirement of staff etc. At times, the very change initiated by the
CEO may inflict financial losses by virtue of the alienating the operating staff
from the proposed change. Failure of strategies, for whatever reasons, in
29
delivering the intended results lead to “lost opportunities”. Hence, some bank
argues that “business strategy” must be captured under operational risk.
• Bank’s top management assessment (by a study of previous 5/7 years positions) as
to the intensity of each component-process/system related vis-à-vis people related
vis-à-vis externals event related risk should be on regular basis.
• Zone/area wise application of risk component e.g. in some parts of the country,
external events related risks may be more than internal process/ system/people
related risk.
• What risk mitigates bank would like to have e.g. fidelity insurance for staff,
bank’s property insurance etc.
As per guidelines of RBI, operational policy document in a bank may take into account
following aspects:
• Business areas with the probability of high level of risk and on terms severity of
loss: to be avoided.
30
• Areas of lower level of severity but high probabilities of losses: process and
system design related problems to be thoroughly checked before taking up such
business.
• Where probability is low but severity is high, after initiating necessary preventive
measures e.g. governance, internal control etc. and risk may be accepted.
The above is only indicative. Each bank will have to thoroughly look its business
segments and operational risk elements and evolve its policy within the framework of
regulatory guidelines.
Operational risk and New Capital Accord: Views of Reserve Bank of India
The scope of new operational risk is measured by the probabilities and impact of the
unexpected losses stemming from the deficiency or failure of internal processes, people
and systems, or from external events. A quantitative assessment requires such losses to be
quantified as expected and assumes that probabilities and actual losses can be measured.
Complete quantification is difficult in practice. The analysis of the probability and size of
operational risk is also defeated by the lack of relevant data. One possible way out is to
systematize operational risk and place them in the loss probability and size matrix.
For operational risk policy, the following rules result from an analysis of the size and
probability of losses.
• Business area with a high like hood and high level of operational risk (Cell A) to
be avoided.
• Areas with a low level but high probability of losses (B) are often not perceived as
“risk areas”, but merely “cost-intensive” or “low quality”. In such cases, problems
are frequently to be found in process and system design.
• Small-sale losses with a low degree of probability (C) should be accepted if the
cost of prevention exceeds the amount of reduction in losses.
31
• The significant operational losses are mostly located where the probability is low,
but the severity is high (D). In such cases, preventive measures such as
governance, internal control and management incentives are most important.
Since operational risk is one of the important elements of the new Capital Accord, banks
would be required to stress upon their internal control and systems, particularly towards
clearing backlog in balancing of books to ward off clearing differences and inter-branch
and Nostro accounts reconciliation. The progress made by banks in India in reconciliation
of clearing differences as well as inter branch and Nostro accounts, which are prone to
frauds, should be closely monitored by banks. It is also imperative that banks make
concerted efforts to build up appropriate system to reduce the outstandings as early as
possible and also to avoid incidence of fresh outstandings. In order to prevent frauds and
mitigate operational risk arising out of it, bank would be require to strengthen their
internal systems and procedures and take specific steps, particularly in the following
areas (a) Strictly follows the principles of corporate governance; (b) Adhere to the KYC
principles; (c) Build robust systems and procedure to prevent fraud; and (d) Strengthen
internal audit and control systems and put in place the accountability process for audit
and inspection staff.
Insurance could be used to externalize the risk of potentially “low frequency high severity
losses”. The Basel draft expresses its readiness to recognize instruments of insurance to
reduce capital held against operational risk.
The new accord proposes market disclosure on operational risk through pillar 3. The
wider capital markets which hitherto have rarely priced the embedded operational risk of
business are likely to begin to do so. Banks that are in a strong position will be able,
through greater degree of transparency, to apply pressure on less forthcoming competitors
and signal to regulators, the current standards that best reflect good practice.
This is not about the desirability or otherwise of the Basel draft accepting insurance to
reduce the regulatory capital held against operational risk but on the bright prospects hat
the insurance industry has, both as a consequence of Basel norms and the general
willingness of major banks to use insurance products more intensely in their risk
management programs.
Risk Mitigation
32
Under the AMA, a bank will be allowed to recognize the risk mitigating impact of
insurance in the measures of operational risk used for regulatory minimum capital
requirements. The recognition of insurance mitigation will be limited to 20% of the total
operational risk capital charge calculated under the AMA. A bank’s ability to take
advantage of such risk mitigation will depend on compliance with the following criteria:
• The insurance provider has a minimum claims paying ability rating of A (or
equivalent).
• The insurance policy must have an initial term of no less than one year. For
policies with a residual term of less than one year, the bank must make
appropriate haircuts reflecting the declining residual term of the policy, up to a
full 100% haircut for policies with a residual term of 90 days or less.
• The insurance policy has a minimum notice period for cancellation of 90 days.
• The risk mitigation calculations must reflect the bank’s insurance coverage in
manner that is transparent in its relationship to, and consistent with, the actual
likelihood and impact of loss used in the bank’s overall determination of its
operational risk capital.
• The bank discloses a description of its use of insurance for the purpose of
mitigating operational risk.
The BASEL Committee is offering a range of options for assessing the Pillar 1 capital
charge for operational risk. An institution’s ability to meet specific criteria will determine
the specific capital framework for its operational risk calculation. To the extent they can
demonstrate to supervisors increased sophistication and precision in their measurement,
33
management and control of operational risk, institutions are expected to move into more
advanced approaches. This will generally result in a reduction of the operational risk
capital requirement.
Pillar 2 is an integral and critical component of the New Basel Capital Accord and
directly complements the Pillar 1 operational risk charge. Pillar 2 is intended not only to
ensure that banks have adequate capital to support all risks in their business, but also to
encourage banks to develop and use better risk management techniques in monitoring,
managing and controlling those risks. Pillar 2 strongly emphasises the importance of bank
management developing an internal capital assessment process and setting targets for
capital that are commensurate with the bank’s particular risk profile and control
environment. This internal process will be subject to supervisory review and intervention,
where appropriate.
• The bank’s particular capital framework for determining its Pillar 1 operational risk
capital charge (i.e. Basic Indicator, Standardised Approach, or Internal Measurement
Approach);
• The bank’s process for assessing overall capital adequacy for operational risk in
relation to its risk profile and its internal capital targets;
• The effectiveness of the bank’s risk management process with respect to operational
risk exposures;
• The bank’s systems for monitoring and reporting operational risk exposures and
other data quality considerations;
• The bank’s procedures for the timely and effective resolution of operational risk
exposures and events;
• The bank’s process of internal controls, reviews and audit to ensure the integrity of
the overall operational risk management process; and
Deficiencies identified during the supervisory review may be addressed through a range
of actions. Supervisors should use the tools most suited to the particular circumstances of
the bank and its operating environment. Possible supervisory responses include:
• Increased monitoring of the bank’s overall operational risk management and assessment
process;
34
• Requiring enhancements to internal measurement techniques;
CONCLUSION:
On the basis of the research done, it can be concluded that the Indian Banks are still in the
preparatory phase of implementing Basel II. Most of the banks are confident in
implementing it by March 31, 2009. A major number of banks expressed that Data
collection and IT infrastructure are the biggest challenges in preparing the Basel II
roadmap. Most of the banks use Standardized approach to measure the operational risk
which is more sophisticated than the Basic Indicator approach.
Moreover, the regulatory framework for the Indian banks has failed in supporting these
banks with their preparedness of implementing Basel II.
35
REFERENCES:
www.bis.org
www.rbi.gov.in
www.erisk.com
www.riskglossary.com
www.ronalddomingues.com
36
www.cmie.com
www.google.com
www.indiainfoline.com
www.fsa.gov.com
http://www.bis.org/publ/bcbs107.htm
http://www.sungard.com/basel_ii/solutions/oprisk.htm
37