jaipur ppt
TRANSCRIPT
OPERATIONAL RISKMANAGEMENT
experience in building
a Basle II compliant ORM software ORBIT
Hightening Operations RiskHighly Automated Technology - if not properly controlled has
the potential to transform risks from manual processing errors to system failure risks.
Networked computers ATMs EDCs providing seamless movement of funds
RTGS and cross country fund transfers Web based account operations
Idbi bank
Branch C
Branch ABranch B
Branch X
ATM R
ATM R
ATM R
ATM R
ATM R
ATM R
Shared ATM
EDC at POS
Emergence of e-commerce - risks not fully understood.
E Seller A
Logistics Company E Buyer
Clearing Agency
Bank X
Bank M
Hacker
Mergers, de-mergers and consolidation -test the viability of newly integrated systems.
Bank ABCFinacle
K+ITMS
Bank XYZBank Master
IRISCITI Sol
The Merged BankHow to integrate systems
Migrate DataCreate new controls
Emergence of banks acting as very large-volume service providers - needs maintenance of high-grade internal controls and back-up systems.
Electronic collection of Telecom Bills for a client base of 1 million bill collection every month. 12 million transactions annually
Dividend Payment mandate for Reliance 3.5 million share holders Instant credit of amount promised
Outsourcing arrangements - may present significant other risks.
Call centres: to respond to customer clients Have a chat with your credit card care agency
Clearing Upload and checking by contract agency
Collection of cash/cheques from client’s premises through security agencies
Courier services for delivery of cards/PINs and statements
Developing an Appropriate Risk Management Structure
Board of Directors
Internal Auditors
Senior Mgt
Risk Management Committee
Risk Mgt
Operations Personnel and Risk Takers
The Committee has proposed that the Minimum Regulatory Capital (MRC) be lowered from 20% of minimum regulatory capital of 8% (i.e. 1.8% of the total risk weighted assets) to 12% (ie 1.08% of the total risk weighted assets).
With AMA implementation this can be brought down to 9% (0.72%).
THE KEY DRIVER
Internal CausesPeople
ProcessesSystems
idbi bank has adopted Basel’s definition of
Operational Risk …..
The risk of loss resulting from inadequate or
failed internal processes, people and systems
or from external events.
Definition
External Events
BASLE II has prescribed Three approaches :
• Basic Approach • Standardised Approach• Advanced Management Approach -
AMA
Idbi bank has chosen to go by the AMA
BASIC INDICATOR APPROACH
Banks using Basic Indicator Approach(BIA) have to hold capital for operational Risk equal to a fixed percentage (alpha) of a single indicator (Gross Income)
K = EI * • Where K = Capital charge under BIA• EI = Gross Income = a fixed percentage set by the Basle
committee (LDCEs are conducted for this purpose.)
STANDARDISED APPROACH
• Bank’s activities are divided into 8 Business Lines. • Each Business Line is measured by an Exposure
Indicator which is Gross Income for that Business Line. • Within each Business Line the capital charge is
calculated by multiplying the said Business line Gross Income by a “beta” factor
• The sum of all Business Line Capital charge would be the Capital charge for the Bank.
K = E (EI * )
• K is capital charge• EI is Exposure Indicator – Gross Income is the a fixed percentage for each Business line set by
the Basle Committee.
ADVANCED MEASUREMENT APPROACH (AMA)
• The AMA gives banks incentive to collect internal loss data step by step. Under the AMA banks would be allowed to use the capital charge as per their internal measurement systems subject to Qualitative & Quantitative standards set by the Committee.
• Among the most important of these quantitative standards is that the risk measurement system must be based on internal loss data that can be mapped into the Basle Committee’s specified Business Lines and Loss Event Types.
Organisation Structure
Board of Directors
Risk Management Committee
Operational Risk Group ALCO
HeadRisk Management
Operational Risk Credit Risk Market Risk
Bank has developed a framework called ORBIT (Operational Risk Business Intelligence Tool) for measuring, monitoring and controlling Operational Risk, based on the guidelines set by Basel.
The main features of the framework of Operational Risk developed by IDBI Bank are as under:
KRI data gathering framework
Control Framework
Incident Reporting Structure (IRS) data gathering framework
VaR Engine
Query and reporting
Scenario analysis
Framework
• Key Risk Indicators (KRI’s) are identified product wise.
•Each KRI is linked to a product and each product to a Business line.
•Business lines are defined as per Basel guidelines.
•For any new product introduced by the Bank , KRIs are identified and gathered.
KRI - Data Gathering Framework
KRI - Data Gathering Framework
• (KRI’s) framework pinpoints information from Core banking software for use in ORBIT
• Most of the KRIs are gathered using an automated data upload process by which specific KRI are sourced from various applications of the Bank viz. Finacle, Net Bkg, Phone bkg, ATM etc.. Additionally, there are some KRIs which are sourced by means of manual feeds from branches / various functions.
• KRI’s are gathered every month and stored in the KRI data base from which Analysis of Ops data is done
kri
comprises of :
•Branch operations performance rating
•Trigger reports module
Control Framework
•KRIs are rated on a five grade scale:
Excellent / Good / Satisfactory / Fair / Poor
•Ratings are done by attributing weights to certain critical KRIs.
•Rating parameters are classified into five categories & Weight assigned to each category .
People management
Business management
Security management
Customer management
Compliance with internal policy
•Operational quality of a branch is rated on a 5 grade scale:
Well managed / Low risk / Medium risk / High Risk / very High Risk.
•Model
Control Framework - Branch Performance Rating
This module consists of reports, which as the name suggests, are triggered whenever certain events occur viz.
•Brisk Triggers. A trigger report is generated for branches which have scored poor in any of the parameters used in Ops rating model for branch heads to take corrective action.
•Report also goes to controlling authority concerned for monitoring corrective action effectively.
Control Framework - Trigger Reports
• An operational loss event is defined as one where the Bank suffers either an actual loss or a potential loss.
• Under the Advanced Measurement Approach, historical loss data forms the basis of VaR. The loss data is captured using an incident report framework. IRS is a loss incident gathering framework.
• An incident report is filed on the occurrence of an operational loss event.
• Loss event is categorised by Loss event category and Business line.
Event
IRS Structure
• VaR Model facilitates computation of Economic Capital for Operational Risk.
• Idbi bank has classified its business lines. Loss event category and loss effect category as per the guidelines of BASEL.
• Under this approach idbi bank estimates the likely distribution of operational loss over one year horizon, for each business line and loss event type, at a confidence level of 99.9%.
VaR Engine
VaR Engine MethodologyMethodology for VaR Computation-
• Data collection – capturing of Loss Data.
• Curve Fitting – applying Statistical formulas on Loss Data.
• Simulation – applying Monte Carlo Simulation
• VaR Estimation – reading the final value using a 99.9% Confidence Level.
Perform the same iterations for each Business Line, Event type combination
VaR Estimate for the Bank is the sum of all VaR estimates for all the Business Lines of the Bank.
Reports
Query & Reporting
This module generates queries/reports branch-wise, region wise and product wise.
Scenario Analysis
• What if analysis – adds flexibility to the system to stimulate the impact of external loss/fraud event or any extreme values.
Challenges for Indian banks
Data availability & integrity Data warehousing / mining Building up processes Strengthening skills Model validation – requires greater collaboration
with regulator Cost - investment in risk analytics and risk
technology – getting management buy-in Stress testing, scenario analysis – building
capabilities
Thank you!