operational risk management in the energy industry

Energy www.managementsolutions.com

Operational risk managementin the energy industry

Design and LayoutMarketing and Communication DepartmentManagement Solutions - Spain

PhotographsPhotographic archive of Management SolutionsFotolia

© Management Solutions 2014All rights reserved. Cannot be reproduced, distributed, publicly disclosed, converted, totally or partially, freely or with a charge, in any way or procedure, without the expresswritten authorisation of Management Solutions. The information contained in this publication is merely to be used as a guideline. Management Solutions shall not be heldresponsible for the use which could be made of this information by third parties. Nobody is entitled to use this material except by express authorisation of ManagementSolutions.

Content

Introduction

Executive summary

Operational risk

Operational risk measurement methods applied tothe energy industry

4

6

18

The Risk Function 10

30

Glossary 46

References 48

MANAGEMENT SOLUTIONS

Operational risk management in the energy industry

4

Introduction

5

The increasing complexity of business processes and thematerialization of large risk events have significantly increasedthe risk management activity in recent years, which has led tomany reflections, regulations and recommendations on thesubject as well as to much work being carried out to enhancerisk management in all types of businesses and institutions.

This has gone hand in hand with the growing use ofquantitative methods in company and business management,which has been brought about by the need for improvedsystems in areas as competitive as traditionally regulatedenergy markets, and further assisted by greater availability ofdata, technology resources and knowledge.

Against this backdrop, companies have created or developedrisk functions and worked on evolving the organization and itsgovernance, policies and models, as well as processes andtechnology to support the risk management and controlactivity. Significant improvements have been made in how riskis approached, driven by greater requirements fromstakeholders and new regulations, or simply by the addedvalue that developing best market practices provides.

One of the main challenges facing the Risk Function lies incontributing to value generation by integrating the risk modelin the business processes to support decision-making and notjust as a control tool. It could be argued that the level ofeffective integration of the risk model in the managementprocess is the most significant differentiating factor when itcomes to identifying the maturity of this function in non-financial companies. This maturity, however, tends to varywithin the same company depending on the types of riskinvolved as well as on the company areas and activities.

One of the most significant risks facing businesses in generaland energy companies in particular is operational risk, as itaffects productive assets that are susceptible to failure and thusto generating economic loss and personal injury orenvironmental damage, with a potentially significant impact onreputation.

It is precisely because of the potentially fatal consequences ithas in terms of economic loss, environmental impact and lossof human life, that operational risk has been traditionallymanaged through prevention and contingency plans.Operational risk has also been addressed through insuranceprograms run by specialist departments within theorganization that are generally advised by insurancecompanies and brokers. Although operational risk in general,and insurable1 operational risk in particular, have a history of

being managed by the companies themselves, the use ofquantitative techniques has been lower and less uniformlycarried out among companies.

This publication is precisely intended to explore the practicalapplication of operational risk models and techniques in theindustry, and therefore to serve as an example of how the useof advanced methodologies for operational risk managementmay contribute to adequate operational risk quantification andimproved insurance programs.

To do this, the document first provides an overview of the RiskFunction in the broad sense (Enterprise-Wide RiskManagement), followed by an explanation of the operationalrisk management concept and related methodologies, andconcludes with a quantitative exercise illustrating the specificapplication of these methods for optimizing the insuranceprogram of firms in the industrial sector, particularly those inthe energy industry.

1Insurable operational risk means operational risk that may be insured, and thusbe partially or fully transferred to another party, usually in exchange for paymentof a premium.



6

Executive summary

2Included here are the different types of market risk that affect the activity oforganizations (mainly exchange rate risk, interest rate risk and commodities risk)as well as credit, counterparty and liquidity risk. Also included here is structuralrisk, understood as the risk derived from the company's balance sheet structureitself.3See paragraph 644 in the International Convergence of Capital Measurement andCapital Standards (Revised Framework) of the Bank for International Settlements(June 2006).

7

The Risk Function

1. While there are multiple interpretations of the concept ofrisk, the general consensus is that risk is the possibility ofloss occurrence. Depending on the source and nature ofthis loss, risk may be classified into several domains:financial2, operational and technology, model, complianceand reputational, strategic and business.

2. In organizations, the Risk Function is responsible fordefining and implementing an effective framework for themanagement and control of all risks in line with thestrategic goals of the company.

3. The Risk Function has undergone profound changes overthe last few years, particularly in energy companies.

4. In terms of organization and governance, the Risk Functionhas evolved since it was first developed in the field offinancial risk management (sometimes also in theoperational and technology risk domains), to achieve anintegrated view, sometimes embodied in the role of a ChiefRisk Officer or CRO, that is increasingly independent frommanagement or risk-taking roles.

5. Many companies have not only developed but alsosignificantly improved risk maps and policies (including astatement of their risk appetite, partly encouraged byemerging regulatory activity), models and methodologies(especially in traditionally less advanced risk domains)processes and technical support. As regards the latter area,specialist tools are progressively being used, enabling anapproach to risk management that is both global and moreintegrated in the business activity.

6. While a more developed Risk Function is evident in manycompanies, the level of effective integration of risk data inmanagement is highly variable and sets apart thoseorganizations that are more advanced in terms of riskmanagement and control.

7. The Risk Function necessarily retains its control role andcomplements it with a support role in the managementprocess. It thus represents an additional mechanism forgenerating value, as it provides an analytical perspectivewhich is in many cases decisive for supporting businessdecisions.

8. The analysis includes, for instance, assessing the level of riskin business or investment decisions, measuring risk-

adjusted return including the actual or likely costs of risk,determining which resources are sufficient to makebusiness decisions while ensuring business continuity,adjusting the selling price of products and services toreflect a possible transfer or passing of risk to customers,defining action limits for committing company resources inline with the desired risk profile, and other informationaspects traditionally not covered.

Operational risk

9. Of the different types of risks mentioned, operational risk isamong the most significant and one that has seen muchdevelopment in recent years in terms of measurement andmanagement. In the financial industry, the formal definitionof operational risk is "the risk of loss resulting frominadequate or failed internal processes, people and internalsystems, or from external events”3.

10. Over the last few years, risk measurement methods basedon expert information from self-assessments and scenarioshave been developed alongside methods based on internaland external historical loss information. These methodsmake it possible to quantify risk in a simple,understandable and reliable manner as well as measure theexpected and unexpected loss that a company may suffer.

11. Methods based on expert information usually rely on twosources: (1) questionnaires developed in order to collectinformation about the estimated probability or frequencyof occurrence and the impact or severity of operational riskevents for an average scenario and for a worst-casescenario, as well as about the effectiveness of the controlenvironment; and (2) expert workshops to collectivelyassess the potential impacts on the company underdifferent risk scenarios.



8

12. This methodology is widely used to assess operational riskbecause it allows the risk of activities for which there is nohistory of events to be estimated or a future valuation to beprovided based on past events, which means risk metricscan be calculated for events that are less frequent (includingthe case of extreme events) but have a greater potentialimpact on the company. Its application can be reduced toasking simple questions in a language that is familiar toexperts, but nevertheless requires methodological rigor tostandardize answers and ensure they are consistent.

13. Methods based on historical loss information, however, usecompany or third party operational risk event records. Fromthese records, the probability distribution that best explainsthe event is estimated using statistical techniques. Thisrequires deciding on clusters of risk events of a similarnature which will be modeled together, which in turnrequires striking a balance between statistical rigor (samplesufficiency and statistical distribution adjustment) andbusiness intuition for clustering purposes.

14. These two methods are complementary, and the industrytends to use them in combination so as to integrate thehistorical view (based on loss data) with the prospectiveview (contributed by experts). Using them providesinformation which is generally new and valuable for thecompany, as it will result in a qualitative leap in themeasurement of actual exposure to operational risk.

Applying operational risk measurementmethods in the energy industry

15. The methods described are particularly useful to assessoperational risk that can be insured (insurable operationalrisk), as they allow a quantitative assessment to be made ofthe level of risk or risk profile of companies according totheir loss levels. These methods also contribute to

approximating the insurance conditions that are mostappropriate for each company based on their retentionlevels and risk appetite, as well as the technical andcommercial conditions of the insurance program.

16. Insurance programs in energy companies are critical bothin terms of defining the company’s risk profile (deciding onthe level of risk that the Company wishes to retain and thatwhich is to be transferred) and in terms of efficiency, in sofar as insurance premiums and accident costs have asignificant impact on the income statement.

17. Many companies are changing and implementing methodsto identify and measure operational risk and are makingconsiderable efforts: deployment of risk maps, self-assessments, operational loss data capture, etc. However,most companies and industries have not yet made themost effective use of this information to better manageinsurable operational risk and to act on both current losses(cost of premium and claims) and potential losses (level ofrisk assumed).

18. The study shows that using quantitative methods has avery beneficial impact in terms of risk management, as itallows companies to objectively and independentlyrespond to questions regarding the actual and desired levelof risk and the efficiency of the insurance program.

19. The document covers the various steps in the methodologyfrom a theoretical and applied perspective: (1)characterization of the assets concerned, the insuranceprograms (and their main parameters such as franchise anddeductible, individual and overall limits associated witheach line or risk and each business activity or asset type)and claims; (2) loss distribution fit; and (3) simulation of theclaims outcome to obtain the distribution of net lossesfrom insurance (therefore assumed by the company) byapplying the insurance terms to each claim.

9

20. From this process, it is also possible to obtain thedistribution of transferred losses, the average of which is anapproximation to the pure premium that should beexpected for that particular insurance program.

21. Next, and to find the optimal insurance terms, the abovesimulation process is repeated with changes in theprogram’s parameters in order to estimate the impact thatchanges in the insurance terms would have on retainedand transferred losses. The best scenario is the one out ofall acceptable scenarios in which the total cost of risk4 isminimized, consistent with the company’s risk appetite.

22. The above process, which is detailed in the document,allows companies to:

4 Quantify the company’s operational risk profile (therisk and retention levels) through the expected andunexpected loss (at a certain confidence level).

4 Assess the efficiency of the insurance program,understood as the suitability of the premiums paid inthe insurance program relative to the risk transferredto the insurer.

4 Analyze the impact of alternative insurance programson the total cost of risk and evaluate products orspecific clauses such as a stop loss5 or a cost-benefitanalysis of variations in insurance parameters. Thisanalysis is, however, conditioned by the availability ofprograms with specific parameter levels in the market,as well as by other elements in the insurance premiumother than the pure premium (commercial margins,insurer’s risk aversion, premium due to recent lossevents or to lack of information, etc.).

4 Identify the contribution of the different lines ofbusiness or assets to the company’s risk profile andtherefore to the cost of the premiums, which makes itpossible to measure the impact on cost of the riskposed by plans involving maintenance, renovation ortechnical changes to assets.

4 Contribute to meeting regulatory requirements (e.g.Solvency II), either existing or potential, concerningreporting as well as capital measurement andallocation.

23. Implementing risk profile quantification techniques such asthose described provides companies with a useful tool toobjectively and independently respond to many questionsthat form part of the agenda of risk and insurance divisionsand generally of all business areas, and for which it is noteasy to provide an economically quantified answer: howmuch risk exposure does the company have?, how much ofthis risk should be transferred and how much retained?,how much risk does the company assume by implementinginsurance cost reduction measures?, what is the mostsuitable insurance program?, what are the areas thatcontribute most to the risk and to the cost of insuring thisrisk?, how should the price of an insurance program beexpected to change if certain parameters are changed?,what preventive or maintenance activities is it worthinvesting in from the point of view of reducing costs andrisk?, and other similar questions.

24. Answering the above questions does not require asubstantial effort in terms of methodology or systemsimplementation because methodologies have already beenthoroughly tested and the extent to which models are usedcan be adjusted in order to achieve greater accuracy levelswhile still gaining a first insight that is usually achievable inthe short term.

4Total cost of risk is defined as the sum of the cost of insured risk (insurance policypremium) and the cost of uninsured risk (losses borne by the company).5A product that limits the total loss to be borne by the company to a specificamount.



10

The Risk Function

11

Concept of risk

In the business context, risk is linked to the possibility ofsuffering a loss6, and is defined differently depending on itssource. Figure 1 shows some of the most common definitions.

The various definitions of risk can in turn be grouped intodomains: financial, operational and technology, model,compliance, reputational, strategic, business, etc. (Fig. 2).

4 Financial risk: includes the different types of market7 riskaffecting the activity of organizations (mainly exchange raterisk, interest rate risk and commodities risk) as well as creditrisk, counterparty8 risk and liquidity risk. This domain alsoincludes structural risk, understood as that derived from acompany’s balance sheet structure.

4 Operational and technology risk: operational risk isdefined as the risk of loss resulting from inadequate orfailed processes, people and systems or from externalevents. This definition includes legal risk, but excludesstrategic and reputational risk.

4 Model risk:model risk refers to the potential for adverseconsequences from decisions based on incorrect ormisused9 model outputs and reports. Model error mayinclude simplifications, approximations, inaccurateassumptions or an incorrect design process, while model

Figure 1. Risk definitions

6Other definitions sometimes focus on the probability of not meeting targetsrather than on potential losses.7Market risk is defined as the possibility of incurring losses in on and off-balancesheet positions as a result of movements in market prices.8Credit risk is defined as the possibility that a party to a transaction may default onits obligations before the transaction is settled. Economic loss would occur if thetransactions or portfolio of transactions with that counterparty would have apositive economic value at the time of default. Furthermore, counterparty riskimplies the bilateral risk of loss because the market value of the transaction, whichmay be positive or negative for both parties, is uncertain and can change overtime in line with underlying market factors.9See Management Solutions (2014).

Figure 2. Risk domains

The Risk Function

The Risk Function has shifted towards Enterprise Wide RiskManagement, which takes a holistic view of risk. This riskfunction’s reference model has several components: missionand general measurement principles, risk management andcontrol, risk map, organization, governance, policies andmodels, processes and IT support systems.

The main purpose of the Risk Function is to support SeniorManagement in defining risk appetite and ensuring thisappetite is met, as well as to support other strategic objectivesand facilitating decision making. A further purpose is to defineand implement a framework for action covering all significantrisks for the company.

This is achieved through the implementation of basic principlesof task segregation (management vs control), oversight andcontinued involvement of Senior Management, efficiency,quality and changing control environment.



12

misuse refers to applying models for purposes other thanthose for which they were designed. Model risk can lead tofinancial loss, events that may damage a company’sreputation or even sanctions.

4 Regulatory compliance risk and reputational risk: includespossible impacts resulting from noncompliance withexisting regulations and standards that apply to theindustry and the company - and are articulated throughinternal policies and procedures, with the resultingeconomic impact (fines and penalties, exclusions, etc.). Alsoincluded are the potential impacts resulting from damageto the company’s brand image and business10 reputation, aswell as accounting risk. The latter is a very specific type ofrisk concerning the proper and true economic and financialreflection of the company’s reality as well as compliancewith all related regulations (IFRS, SOX, etc.).

4 Strategic and business risk: this includes risks related tothe wider business environment (the macro-economicsituation in the country in which the company operates andthe conditions specific to the particular industry or sector),the market and the competition, and medium and longterm decision-making that may impact on businesscontinuity and profitability.

Different functions are carried out in order to address thedifferent types of risk, mostly dealing with risk identificationand measurement, management (e.g. establishing riskmitigation measures or taking out insurance), control (e.g.through KRI11 implementation) and reporting (Fig. 3)12.

Figure 3. Risk management life cycle

10Corporate reputation being understood (according to the Corporate ReputationForum) as the set of perceptions about a company by the different stakeholderswith whom it interacts, both internal and external. It is a result of the company’sbehavior over time and describes its ability to deliver value to stakeholders.11Key Risk Indicators.12Source: own preparation and Risk Management – Principles and guidelines. ISO31000-2009. Processes on the left relate to those on the right as follows:Identification and measurement corresponds to Establishing the context and toRisk Assessment (Risk identification, Risk analysis and Risk evaluation); Management,to Risk Treatment; Control and Reporting, to Monitoring and review and toCommunication and consultation respectively.

13

The Risk Function comprises both modeling and control tasks(risk treatment definition –terms of reference–, modeling,overall control and reporting) in addition to functions relatingto the integration of risk in the management process (riskpolicy development and deployment, and policyimplementation jointly with risk takers).

The Risk Function should afford a comprehensive view andcover all risks that may affect a company. Playing a central rolein this view is the risk map, which establishes what risks aresignificant and determines risk management and controlaccountabilities.

The risk map, therefore, serves not only to provide a fulltaxonomy of risks, but is also the starting point to determinethe roles and responsibilities of the various participants in therisk management and control process within the organizationin relation to each of the risk types identified. It is a basicelement of the enterprise-wide risk management model andserves as a basis for developing guidelines for action that arecommonplace in the industry (e.g. assurance mapping andcombined assurance).

Risk Function responsibilities under a EWRM (Enterprise WideRisk Management) model are exercised throughout thecompany with different objectives and by different areas, rolesand authority levels, but the Risk division executive retainsultimate control over the risk function.

Table 1. Lines of defense

Among the factors that determine the Risk Function structureare the risk type involved, the location of specific functionswithin the company and whether it is local or global in scope.However, the basic risk function tasks should be carried outensuring there is separation between management and control.

Management and control tasks (and the roles performing thesetasks) can be grouped into three lines of defense (Table 1):

4 First line of defense (Risk Management). Responsible forrisk identification and assessment, as well as for monitoringand action plan definition. This role is usually carried out bythe risk-taking areas themselves, and also by specialist riskmanagement areas.

4 Second line of defense (Risk Control). In its risk control andoversight capacity, this line of defense is responsible forreviewing first line of defense compliance with riskmanagement policies and procedures, as well as forvalidating the models and methodologies used. This role isusually carried out by a centralized Global Risk Control arealed by a Chief Risk Officer (CRO) who is able to provide acomprehensive, cross-cutting and independent view thatcomplements the first line of defense.

4 Third line of defense (Risk Audit). Finally, the third line ofdefense provides an independent review of processes toensure the company has an effective risk and controlfunction in place. This role is usually performed by theInternal Audit area.

Figure 4. Board Risk Committee characteristics



14

Risk Function governance refers to a company’s governingbodies and committee structure with risk management andcontrol responsibilities as well as to the delegated authoritystructure for decision-making in the area of risk.

In relation to the above, organizations with a more mature riskmanagement often consider having a Board Risk Committee(BRC) that reports directly to the Board and includes the keyexecutive positions involved in risk management (CEO13, CRO,CFO14, Audit Committee Chair, etc. Fig. 4) coexist with a numberof additional committees with more peripheral participation inrisk management15.

A properly planned Risk Function requires defining a hierarchyof policies based on a risk framework with an integratedapproach (which should be approved by the Board ofDirectors), that is later developed for each specific risk type inlower-level standards (management models, policies andprocedures, etc.).

One of the most important components, and a sphere ofactivity in which companies are investing substantial efforts, isrisk appetite, defined as the level of risk that a company wishesto take on in pursuit of profitability and value. It can beexpressed through a set of quantitative and qualitativestatements that define the desired risk profile. As it is the casewith the risk framework, a company’s risk appetite must beapproved by the Board of Directors and will subsequently bedeveloped into a structure of lower-level limits consistent withthe approved appetite.

For measurement and decision-making purposes, the RiskFunction is supported by different models and methodologies.The risk framework develops guidelines on the types of modelsto be used for measuring, managing and controlling risk, as

well as for integrating risk into the management process. Thesemethodologies should be documented in detail throughprocedure manuals, methodology documents, etc., whichshould be consistent with the different policies andmanagement models in the organization, and should considerany specificities of the geographies or businesses in which thecompany operates.

The Risk Function relies on a set of support IT processes andsystems (management tools, calculation engines andinformation systems). These processes develop the company’sprinciples, goals and high-level policies with the aim ofstructuring and facilitating the deployment of the riskmanagement, control and monitoring functions.

Risk management also relies on an information modelsupported by systems that are able to capture all materialsources of risk necessary to evaluate the effect that changes inrisk factors may have on value or on results from an economicand an accounting standpoint. This information should becomplete and current to enable the level and nature of therisks to which the company is exposed to be understood.

Based on these premises, the basic Risk Function supportarchitecture requires:

4 Management tools that support key risk processes (e.g.origination, monitoring, etc.).

13Chief Executive Officer.14Chief Financial Officer.15Such as the Audit Committee, the Remuneration Committee, the Appointmentsand HR Committee and the Compliance and Ethics Committee.

15

Figure 5. RDA&RRF coverage

Figure 6. Principles for risk data aggregation and risk reporting 4 Calculation engines that facilitate measurement (and later

control) in accordance with defined methodology.

4 Data analysis repositories and tools that supportinformation retrieval processes for decision-making and forrisk measurement, follow-up and control. They shouldcover transactional or operational data (e.g. internaloperational risk events) and client or market data (pricequotation data used in the market risk valuation process).

At present, however, there is no one single systems map orglobal support architecture model for the Risk Function. Themarket offers both specialist risk management tools andholistic solutions with an enterprise-wide approach that aregenerally used not only to address risk management, but alsoto cover the audit, internal control and compliance functions.Sometimes Risk Function architecture models combine marketsolutions with in-house developments or adaptations oncorporate ERPs16.

This diversity in IT architecture has some drawbacks, especiallywhen it comes to integrating risk into management systems. ITsupport is therefore beginning to be regulated due to the factthat deficiencies can give rise to integrity problems in riskinformation. In the financial industry in particular, regulatorypublications such as BCBS 239 (RDA&RRF17) -Figs. 5 and 6- havebeen issued requiring companies to review the reporting of riskdata the Board and Senior Management.

16Enterprise Resource Planning.17Risk Data Aggregation & Risk Reporting Framework, in the publication Principlesfor effective risk data aggregation and risk reporting, BCBS (2013).



16

Changing role of the Risk Function in theenergy industry

In the energy industry, the Risk Function has undergone majorchanges in various areas over the past few years. Organizationsare aware of how a mature Risk Function can help them toachieve their objectives in addition to ensuring compliancewith increasingly demanding regulatory requirements andenhancing their image with the different internal and externalstakeholders.

With regard to mission and principles, the practice of definingthe Risk Function and making its mission explicit is becomingpart of the corporate culture, both internally and for the benefitof stakeholders; in addition, the fundamental principle ofcontrol function independence between the management andrisk taking functions (e.g. in financial risks) is being increasinglyadopted.

As for the risk map, companies have made significant progressin this area through the definition of a risk taxonomy thatprovides them with an overview of the risks affecting theiractivities, together with the identification of the roles andresponsibilities of different areas in the management of therisks involved.

In terms of organization and government, the Risk Functionhas not always been explicit in non-financial sectors and, whenit has, it has been located at a second organizational level,usually under Global Economic and Financial18 Divisions. In thisregard, it has been common practice to establish a specific Riskunit around the financial risk domain and sometimes aroundoperational and technology risk.

More recently, progress is being made towards building up theCRO role and developing a global and comprehensiveapproach to managing all material risks. These recently createdunits (which carry out the functions pertaining to the secondline of defense) are serving as an engine and a catalyst for thedevelopment of other risk domains.

In the area of policy and models, companies have mainlyworked to strengthen risk policies and refine measurementmethodologies and control procedures. More recently (drivenby increasing regulatory pressure), the definition of riskappetite is also being addressed together with its deploymentin the organization.

Finally, as far as IT processes and support for the RiskFunction are concerned, the energy industry has worked foryears to systematize the measurement and control of financialand operational risk, supporting the role of the first line ofdefense.

Today, the challenge for companies is mainly to enhance ITsupport for risk control and reporting purposes and to developless advanced risk areas such as operational risk.

In short, organizations are making efforts in three main areas ofaction:

4 Defining and deploying new risk functions that will furtherdevelop the three lines of defense model, and promotinginitiatives to foster integrated risk management ensuringthat all areas of the company participate and interact (likedefining the risk appetite framework).19

18In the financial industry, the Risk Function in general is located at the first level ofthe organization (Global Division Executive or VP reporting to chairman or CEO).19The combined assurance model developed from EWRM and focuses on anintegrated and coordinated approach by all participants in the risk managementprocess, both internal and external. The main purpose of this model is to optimizerisk assurance and integrate all assurance-related information into a single, clearand agreed upon vision of the risk management situation in the company.

17

4 Integrating the Risk Function in the business process so asto give it a more central role in decisions that are eitherstrategic or have a potentially significant impact onbusiness.

4 Developing risk domains that are traditionally lessadvanced in terms of risk measurement and management.In this regard, it is worth noting that there are highlysophisticated methods for commercial credit andcounterparty risk (and their interaction with market risk), aswell as for environmental risk, compliance risk, model riskand operational risk, which is discussed further later in thedocument.

Body Scope Publication Key aspects

BCBS (BIS) Worldwide Principles for Enhancing CorporateGovernance (2010)

• Governance (Board committees) andorganization

• Remuneration

COSO Worldwide Enterprise Risk Management -- IntegratedFramework (2004) (COSO II)

• Corporate risk management and Internal control

IIF Worldwide Implemementing robust risk appetiteframeworks to strengthen financialinstitutions (2011)

• Risk appetite• Stress and scenario testing

ISO Worldwide Risk Management – Principles andguidelines. ISO 31000-2009

• Guidelines for implementing riskmanagement processes

EBA EuropeGuidelines on Internal Governance (GL-44) (2011)

• Lines of defense• CRO, Internal Control, Compliance

and Audit

European Commission(Liikanen) Europe High-level Expert Group on reforming the

structure of the EU banking sector (2012)• Ring-fencing• Corporate governance

Senior Supervisors Group EuropeObservations on Developments in RiskAppetite Frameworks and ITInfrastructures(2010)

• Risk appetite: governance, scope andfollow-up

ESMA / U.S.A. Europe/USA European Market InfrastructureRegulation / Dodd–Frank Act

• Reporting of operations to a traderepository

• Potential obligations regarding clearing and the adoption of riskmitigations techniques

Independent Commissionon Banking (Walker) UK

A review of corporate governance in UKbanks and other financial industry entities (2009-ongoing)

• Board Risk Committee (BRC)• CRO• NEDs

PRA (ant. FSA) UK Effective corporate governance (CP 10/3and PS 10/15) (2010)

• Implementation of the Walker Review• Significant Influence Functions (SIFs)

Regulatory context

The development of the Risk Function in organizations is largelyencouraged, and in some aspects regulated, by bothsupranational organizations and local regulators, as well asagreements reached by company groups and associations, theacademic world and independent institutions (e.g. COSO).

The position adopted by all these bodies is convergent andpoints towards further development of the Risk Function. Table2 provides a non-exhaustive overview of some of the keypublications and regulations affecting the industry, including aspecific reference to financial sector regulations given theirparticular stage of development.

Table 2. Relevant publications



18

Operational risk

19

Operational risk concept

Operational risk definitions vary from broad views that includein this category everything that cannot be considered asbusiness risk, to more restrictive views that only include the riskof loss resulting from inadequate or failed internal processes,people, systems or external events.

In the financial industry, a commonly accepted definition iscontained in the Basel II accord: "the risk of loss resulting frominadequate or failed internal processes, people or internalsystems or from external events". This definition is significantbecause it is often used as a reference due to a lack of adaptedand widely accepted definitions in other industries.

Operational risk losses are usually understood to mean alladditional costs resulting from events that would not havebeen incurred had such events not occurred. Loss calculationsgenerally include losses, legal contingencies and refunds andnon-financial industries usually also include opportunity costand lost profits.

The amount of the loss can be reduced by partial or fullrecovery. Recoveries are usually classified into direct (caused byaction taken by the company) and indirect (usually broughtabout by insurance).

Operational risk classification andidentification

The Basel II Accord is particularly useful for classifyingoperational risk in the industry, as its proposed classificationinto seven types of operational risk is often used as a referencepoint in industries where operational risk management is notas heavily regulated:

4 Internal fraud: losses due to acts intended to defraud,misappropriate property or circumvent regulations, the lawor company policy, in which at least one internal party isinvolved for their own benefit.

4 External fraud: losses due to acts intended to defraud,misappropriate property or circumvent regulations, by athird party.

4 Employment Practices & Workplace Safety: losses arisingfrom acts inconsistent with employment, health & safetylaws or agreements, from payment of personal injuryclaims, or from diversity/discrimination events.

4 Clients, Products & Business Practices: fines, compensationand costs arising from regulation infringements by thecompany, and from claims from customers that havesuffered an economic loss or consider themselves to havebeen adversely affected by the company.

4 Damage to Physical Assets: damage to physical assets fromnatural disasters or other events.

4 Business Disruption & System Failure: direct losses arisingfrom failure of systems supporting the business activity.

4 Execution, Delivery & Process Management: losses fromfailed transaction processing or process management, fromrelationships with trade counterparties and vendors.

In the specific case of the energy industry, operational riskclassifications are often similar to the above, since they areusually based on the source of the risk, i.e. there are categoriesfor risk relating to individuals (e.g. health and safety), processes(e.g. productive asset management), systems (e.g. informationsecurity) and external events (e.g. environment). It is commonfor organizations to include compliance risk, as well as ethicsand conduct risk, within the operational risk domain.

Within the framework of insurable operational risk, the subjectof this document, it is common for risk categories to be linkedwith insurance lines: property damage and loss of profit, civilliability, political risk, freight, etc.



20

Having established a classification for operational risk,companies try to identify the specific risks to which they areexposed in their business activities, for which there aredifferent approaches:

4 Bottom-up approach: used to identify all company risks. Itentails a detailed review of processes, which often results inthousands of risks being revealed. Under this approach, riskidentification often goes hand in hand with theidentification of controls in place for each process for riskmitigation purposes. An example of this approach are thecontrol models derived from the Sarbanes-Oxley Act. It hasthe advantage of being highly comprehensive andthorough, and the disadvantage of requiring manyorganizational resources.

4 Top-down approach: aimed at identifying major companyrisks. It requires identifying the most common risks in eachcategory and mapping these risks to business lines in orderto determine their applicability, which tends to revealhundreds of risks. An example of this approach is the riskestimation effort carried out by internal audit areas as partof their planning activity. It has the advantage that it allowscompanies to focus efforts on managing key risks and thedisadvantage that some risks may be overlooked.

The techniques described below are valid irrespective of therisk classification and identification approach chosen.

Operational risk assessment methods

Once operational risks have been identified and classified, it isnecessary to assess their materiality. Different approaches andmethodologies may be used for this purpose.

Assessment methodologies may be classified according to thedata provisioning sources that support them. Based on thispremise, a distinction can be made between those using expertinformation, such as scenario analysis methodology, and thosebased on historical operational loss event data, such as the lossdistribution approach (LDA) methodology (Table 3).

Although this classification is useful for informative purposes,in practice data from the different sources available is used forall methodologies described.

Methodologies based on expert information are those used inoperational risk assessment through the estimates providedby organization staff ("experts") that have better knowledgeand information on the risks to be assessed, based onpreviously established criteria.

Different techniques are available to assess operational riskon the basis of expert information, self-assessmentquestionnaires and scenario analysis being those that aremost widely used:

4 Self-assessment questionnaires: techniques based oninformation collected by experts through questionnairesdesigned to gather information on the impact andfrequency of the identified risks, the effectiveness ofexisting controls and the possibility of setting upadditional controls, and the follow-up of ongoingimprovement plans.

Table 3. Main information sources

Information sources Characteristics Advantages Disadvantages

Expert information

Usual evaluation methods- Questionnaires: used to gather information onrisk evaluation and controls by thoseresponsible for business activities.

- Scenario analysis: working sessions duringwhich experts analyze material risks in depth.

- Operational risk can be estimated in respect ofactivitivies for which there is no history of pastevents (particularly useful for high impact,low frequency risks).

- Provides insight into how risk might developgoing forward (considers changes occurred inassets, processes, the control environment, etc.).

- It can be difficult to unify the evaluationcritaria among the different evaluators.

- It requires a strict approach by theevaluator as well as capacity for abstractthinking in order to picture hypotheticalscenarios.

Incident and internal lossdatabases

- List of company losses and incidents inprevious stages that may not necessarilyresult in losses.

- Basic information:- Date of occurrence.- Cause.- Gross loss.- Net loss.- Risk and line of business.

- Provide detailed information on the company'sinternal events.

- It is a key input for insurers to determine theprice of an insurance program.

- It requires internal data capture systemsand processes usually not available innon-financial industries except wherereported accidents are concerned.

- There are usually few low frequency,high impact events.

External loss databases

- Public databases that contain informationprovided by suppliers.

- Databases from entity groups (local orinternational).

- Allow the inclusion of events that couldeventually take place in the company.

- They often lack information on events(e.g. date of the event, cause, etc.).

- Require the use of scaling factors andcriteria to adjust to company size andcharacteristics.

Indicators (KRI))

- Metrics and ratios that contribute informationabout the level of operational risk.

- Warn on changes that might be indicative ofunfavorable developments in terms of riskexposure.

- Can be used to set limits that will triggeractions.

- Require internal information capturesystems and procedures.

20As may be the case in extreme weather events such as "El Niño”, which is ischaracterized, among other physical and atmospheric elements, for rising watertemperatures in the central and eastern tropical Pacific, leading to disastrousclimate changes (heavy rains, cyclones, droughts, erosion, waves, etc.).

21

Figure 7. Assessment scales example

Figure 8. Modeling example based on average frequency, average impact and worst case scenario

21Usually 99,9%.221 year frecuency.

The outcome from the questionnaires is the result of asubjective assessment by operational managers. Thecompany should ensure properly defined criteria areused in the assessment as well as a rigorous andimpartial approach during the completion process.

Impacts other than purely economic ones, such asreputational, compliance or goal achievement-relatedimpacts are often also recognized and assessed usingqualitative scales (Fig. 7).

From these assessments it is possible to approximate riskmetrics such as expected loss (qualitative) and maximumpotential loss (qualitative VaR) given a specific confidencelevel21 and time horizon22 (Fig. 8).

Finally, both recurrent loss data (expected loss) and data onpotential exposure (unexpected loss) can be converted to aqualitative scale that will be used to present the results.

Thus, companies often refer to low, medium, high and veryhigh potential exposure and recurrent losses.

The final step is to evaluate the controls associated with thedifferent risks and to determine the existence of any relatedreputational risk and its significance.



22

4 Scenario analysis: the scenario analysis methodology isbased on the definition of hypothetical operational risk-based scenarios, which are analyzed by expert groups inorder to:

- Identify and assess the most complex and significantrisks for the company.

- Advance the risk management culture through theinvolvement of executives from different areas of theorganization.

- Establish prevention or mitigation actions that should betriggered quickly in response to an operational event.

Scenario analysis is usually carried out through workshopsinvolving different professionals from the organization whocontribute their knowledge of business processes, (e.g.business areas), of the control environment for each risk (e.g.internal control or risk management areas), of internal andexternal conditions that may have an impact on riskassessment (e.g. systems areas), etc., coordinated by anoperational risk expert who provides a method as well asguidelines.

This method is based on defining a hypothetical risk situationconsidered to be plausible for the company and proposingdifferent what if hypotheses that will result in differentoutcomes in terms of probability and impact (Fig. 9).

Probability distributions of frequency and severity are fit to theabove data and are convoluted in order to produce the lossdistribution, from which the expected and unexpected loss isobtained.

Figure 9. Scenario analysis

Quantitative data-based methodologies rely on a previousstage of operational risk event loss collection and analysis. Inthe financial industry, banks often have events collected eitherinternally or externally. However, in companies operating in theenergy industry, internal loss event databases are rarelyavailable (except for reported claims), neither is this type ofdata available from external sources. For this reason, the firststep for the use of these methodologies is to prepare andstructure information that will feed the risk measurementprocess.

There are two types of operational risk event loss databases:

Internal loss event database. A key piece to supportquantitative data-based methodologies. It should helpcompanies to better understand their operational risk and itshould make it easier to establish corrective measures toimprove control, to compare between qualitative andquantitative results and to lay the foundations for theimplementation of methodologies that are based on thecompany’s own history of losses.

External loss event database. Basel II takes the view thatcompanies’ internal loss databases are not deep or reliableenough for modeling operational risk if advanced models(AMA23) are used and therefore requires them to besupplemented by using external loss databases.

23Advanced Measurement Approach.

23

Scenario analysisScenario analysis makes it possible to determine loss distributioncharacteristics for a particular operational risk through:

4 Estimating n loss scenarios considered to be plausible, in termsof their frequency and severity (usually expressed as: an eventamounting to s euros occurs once every d years).

4 Fitting the best loss severity distribution from the standardstatistical distribution range for operational risk (Weibull,gamma, lognormal, etc.).

4 Estimating a loss distribution from the data provided.

Two different techniques are typically used depending on whetheror not the average case scenario is identified24. (Fig. 10).

The main characteristics of each method are described in Fig. 11.

Any of the above techniques solves the operational riskquantification problem based on expert scenario simulation bymeans of statistical distribution fitting. If the average case scenariois provided, however, the approach is valid for any number ofscenarios.

One of the advantages of scenario analysis is that it is based onsimple sentences for the evaluator (y euros are lost every x years)and provides an objective criterion for choosing the bestdistribution among a range of possibilities. In addition, themathematical formulation can be supported by a calculationengine in a way that is virtually transparent for the user (does notrequire statistical knowledge).

Both methodologies can be used to obtain an estimate of risk andcan be supplemented by methods that rely on quantitativeinformation sources.

Operational risk classes Registering an ORC is an iterative process in which, based onalready established combinations (ORC base), candidate ORCs (orevent combinations) which could form part of a specific group dueto having a similar risk profile are examined.

Using techniques for the analysis of descriptive variables (centraltendency or location indices, variability or dispersion indices,shape indices25, position indices26, box-plots, histograms, etc.) andfor exploratory analysis (mid-summary, p-sigma, etc.), datasamples can be examined in order to identify any matchingpatterns in the candidate series against the base series and decideon their aggregation.

Operational risk classes add consistency to the calculation process,for the following reasons:

4 Operational risk source processes are standardized.

4 Events may be grouped to produce a number that is sufficientfor modeling purposes.

4 Provide statistical uniformity to samples (sets of indicators andstatistical graphs for descriptive and exploratory analysis aswell as for the analysis of model assumptions).

4 Provide a statistical basis that can be transferred to othersources: external and built from expert judgment scenarios.

Figure 10. Examples of scenario analysis with and without an average case scenario

Figure 11. Main characteristics of scenario analysis techniques

- Methodologically, it is difficult to find distributionsthat are a good fit for all scenarios.

- The evaluator needs to estimate scenarios that arerepresentative of the different parts of the severitydistribution.

- It is easier to find distributions that fit all scenarioswell.

- The expected loss can be obtained directly from theaverage scenario without the need to make statisticaladjustments.

- A good fit for the body and tail of the distribution canbe obtained from a few scenarios.

Without average case scenario

With average case scenario

24This methodology would also apply if the evaluator estimated the scenario thatoccurs more often rather than the average case scenario, i.e. the mode instead ofthe mean.25Skewness and kurtosis26Quartiles and percentiles.



24

Although this type of information is not yet available for theenergy business, in the financial industry there are currentlytwo types of external databases:

4 Publicly available databases: they collect informationprovided by vendors such as consulting firms or insurancecompanies, and typically provide information on eventswith a very high loss threshold.

4 Databases owned by consortiums of entities: they are eitherlocal or international. These consortiums provide a way formember institutions to exchange operational risk lossinformation while preserving the confidentiality of the data.The reporting threshold is much lower than in the publicdatabases. Some of the best examples are ORX (OperationalRisk Data Exchange Association), GOLD (Global OperationalLoss Database), DIPO (Database Italiano Perdite Operativo)and ABA (American Bankers Association).

Data from external databases are mainly used in two ways: inscenario analysis as supplementary information to assessexposure to high-severity loss events, and to provide extremeevents in the loss distribution tail.

They also serve as a tool to benchmark against otherinstitutions in the industry, as they allow companies tocompare capital charge relative to gross income, losses overtime and loss distribution by business line, as well asinformation on severe loss events.

The loss distribution approach (LDA) or loss distributionmethodology is the most commonly used method formeasuring operational risk from quantitative events.

This method is used to model a company’s operational risk andproduce a loss distribution for each of the identified risks. Also,if insurable risk is being assessed, it can be used to determinethe optimal coverage scenario, linking the economic impact tothe income statement through the insurance program.

This method requires the availability of operational loss eventdata which are then classified according to their nature in orderto be modeled jointly and for the distributions to be fitted.Typically, different sources are combined, usually internal andexternal loss databases, or internal loss databases andinformation obtained through subjective loss scenarioassessment.

The two main steps in this methodology are data analysis andprocessing, and gross loss modeling, which in turn can bebroken down into five stages (Fig. 12).

Risk analysis and data processing. First, it is necessary to verifythe quality of the data available for the calculation process anddetect records that will not be used by performing a series ofvalidations. Some of these records are: data outside the definedtime window, anomalous and erroneous data, or atypical data.

Also, the risks to be assessed need to be identified andclassified in order to group operational risk events with asimilar behavior. Risks are then classified into uniform classes orcategories (ORC - Operational Risk Class) both from a statisticaland an insurance standpoint.

It should be noted that the Basel accords establish uniform riskcategories based on two classification criteria: line of businessand risk category. Basel also defines second-level categories foreach of these criteria, leaving it at the entities’ discretion to addadditional levels if necessary. In the case of non-financialcorporates, there is no closed definition regarding theclassification criteria.

Figure 12. LDA methodology – Stages of the loss distribution calculation process

Data analysis (internal,external and qualitativedata).Selection of OperationalRisk Classes (ORC).

Internal data: datacompleteness andabsence of anomalous /erroneous data.External data: relevanceand scaling.Expert information: lackof consistency inscenarios (model inputand output data).

Fitting of frequency andseverity distributions toeach ORC.

Samples: lack of data insome ORCs.Distribution catalogue:wide range of severitydistributions to consider.Distributions: need to fitfat tails.

Completing series withexpert information andexternal data.Integrated frequency andseverity distributions.

Integration: rule andmixtures to be applied.Extreme events: considerthem, though limitingtheir ‘weight’ in thecalculation.Expert assessments fromthe last self-assessmentexercise.

Integrated lossdistribution generation.Expected loss and VaRcalculation.

Correlation: robustness ofcorrelation estimators.Estimation at Group leveland for each Unit:diversification effect.

Stability techniques.Sensitivity: impact ofcalculation decisions onresults.

Knowledge of factorswith the greatest impacton the results achieved.Active management andconsideration of actionlines that support theGroup’s interests.

Operational risk-based costsdefinition

Distributionfitting

External andqualitative dataintegration

Loss distributioncalculation

Sensitivityanalysis

KEY ASPECTS

AIM

25

The last step requires verifying that the LDA methodologypremises are met: independence between frequency andseverity27 (by examining seasonality, trends and frequency-severity correlation, etc.) and absence of serial autocorrelationin frequency and severity28 (through the autocorrelationfunction and Durbin-Watson, Ljung-Box and runs tests) for eachORC.

The Operational Risk Category (ORC) groupings, ready to beused in modeling, are the output from the risk analysis anddata treatment process.

Fitting of distributions. Once events have been groupedaccording to their nature, the loss distribution for each ORC isdetermined by fitting a frequency distribution and a severitydistribution. This is done by conducting a number of statisticaltests on a range of commonly used distributions and selecting

Distribution fittingParametric distributions are typically used in distribution fittingprocesses for the estimation of severity. Bi-parametric distributions(e.g. Weibull, lognormal) are often used, as are distributions ofmore than two parameters that are sensitive to skewness andkurtosis patterns (e.g. generalized hyperbolic distribution).

However, sometimes parametric distributions do not provide asufficiently good fit to operational event sample data. This

Figure 13. LDA methodology

insufficient fit is most evident in data clusters with fat tails or,where this is the case, with outliers that should not be deletedbased on business considerations. In such cases, it is possible toundertake the fitting process using semi-parametric distributions(e.g. kernel).

Typically, the chosen severity distributions do not take negativevalues because a negative loss could be considered again, whichwould not make sense.

the pair that provides the best fit. Integrating the lossdistributions obtained for each group allows you to obtain anaggregate loss distribution, which should be built taking intoaccount the diversification effect across groupings through thecorrelation matrix.

27The frequency of an ORC should not determine the amount of its severity.28Verifying that both severity and frequency at a given time are independent fromseverity and frequency in the preceding time.



26

Severity distributions used to estimate losses should reflect areality in which high frequency, low impact events coexist withlow frequency, very high impact events. This situation requiresdistributions to have sufficiently wide tails to contain highseverity events.

However, in some cases, the body and the tail of the samplecan be fitted with two separate distributions. When this is thecase, Extreme Value Theory29 is used, as it focuses on improvingthe fit for high losses through a mixture of distributions inwhich the body follows one distribution and the tail followsanother distribution: a General Pareto Distribution (GPD) or anexponential distribution.

External and qualitative data integration. There are differentmethods for integrating data from expert assessments or fromexternal databases into the loss distribution calculation.

The most common methods are the Credibility Theory-basedmethod to integrate data on frequency and the Dutta andBabbel30 method to integrate data on severity, which basicallyconsists of adding data to the historical sample shown in thosesections where the sample is underrepresented.

Loss distribution calculation. Once the frequency and severitydistributions have been fitted, the loss distribution for eachORC in the data sample and also for the totality needs to beobtained. This requires the frequency and severity distributionsto be convoluted using Monte Carlo simulations.

Several representative measures can be obtained from the lossdistribution:

4 Expected Loss (EL): arithmetic mean of the simulated loss.

4 Value at Risk (VaR): maximum expected potential loss givena specific confidence interval and time horizon.

4 Unexpected Loss (UL): difference between the expectedloss and value at risk (VaR).

4 Conditional VaR (CVaR) o expected shortfall: average of alllosses greater than VaR for a specific time horizon.

The different insurance policy plans available can be applied tothe resulting loss distribution in order to mitigate the outcomeand adapt it to the true underlying reality.

As a last step in the process, the previously described measuresmay be calculated taking into account the diversification effect.This is done by performing a Monte Carlo simulation using arandom number generation process in which the initialcorrelation matrix is preserved (Lurie-Goldberg simulationmodel).

Validation. The quantitative model obtained should becompared with different techniques and studies on a regularbasis to ensure its validity. Some aspects to be considered arethe sensitivity of results to changes in the model variables, thestability of the calculations to variations due to both intrinsiccauses (operational loss distribution dependent on therandomness of the simulation process) and outside causes(reduced size of the loss data sample and loss data variability,such as fat tails), and model backtesting (comparing theestimated operational loss to the actual loss for the calculationperiod).

Figura 15. Loss distribution measures

29If the distribution of the losses exceeding a threshold converges to a limitdistribution when the threshold increases, then this distribution is either anexponential distribution or a generalized Pareto distribution.30Scenario Analysis in the Measurement of Operational Risk Capital: A Change ofMeasure Approach.

27

Goodnes of fit testsOnce the various candidate distributions have been fitted, theyshould be tested and compared in terms of their suitability. Thiscan be done through a number of goodness of fit tests that can beeither analytical or graphical:

Analytical testing: using tests to observe the differences betweenthe empirical distribution (F) and the selected theoreticaldistribution (F₀). These tests calculate the maximum distancebetween the two distributions and decide based on this distancewhether the null hypothesis (H₀:F= F₀) is to be accepted; i.e.whether the empirical distribution provides a good fit to thechosen theoretical distribution, or if this hypothesis is to berejected in favor of the alternative hypothesis (H₁:F₁�F₀) isaccepted.

Some commonly used tests are the Kolmogorov-Smirnov, theCramer-von Mises and the Anderson-Darling tests. Their inputsare the loss variable from the ORC (𝑥) and the level of acceptedsignificance (𝛼).- Kolmogorov-Smirnov test. Checks the maximum differencebetween the empirical distribution and the chosen statisticaldistribution. It can be applied generally to all distributions, asits critical values do not depend on the specific distributionbeing tested.

This statistic is expressed in the following way:D�=max{max₍₁��₎[F�(𝑥�)―F₀(𝑥�)],max₍₁��₎[F�(𝑥�)―F₀(𝑥�₋₁)]}where

- 𝑛 is the number of observations in the sample.- F� is the value of the empirical distribution function for agiven 𝑥�.

- F₀ is the value of the theoretical distribution function for agiven 𝑥�.

The values of the distribution function for this statistic aretabulated based on the level of statistical significance (𝛼) and thesample size (𝑛).

- Cramer-von Mises test. It has the same applications as theKolmogorov-Smirnov test, but greater sensitivity to irregularpoints in the sample (or aberrant points).

This test is based on a statistic that measures the sum of thesquared maximum distance between the empirical and thetheoretical distributions, and needs to be calculated taking intoaccount the distribution being considered:

where:

- 𝑛 is the number of observations in the sample- 𝑍 = 𝐹 (𝑥 ; 𝛳) is the vector of probabilities for thedistribution function considered 𝐹 and the vector ofestimated parameters 𝛳.

The 𝑊� statistic should then be fitted based on the distributionbeing considered.

The p-value will need to be calculated to obtain the test result,using a different procedure for each distribution.

- Anderson-Darling test. Used to test whether a data samplecomes from a population that follows a specific distribution.This test gives more weight to the distribution tails than theprevious two tests and uses the specific distribution being testedto calculate critical values. It has the advantage of allowing moresensitive testing and the disadvantage that critical values haveto be calculated for each distribution being tested.

The Anderson-Darling statistic is defined as:

where:

- 𝑛 is the number of observations in the sample.- 𝑍 = 𝐹 (𝑥 ; 𝛳) is the vector of probabilities for the distributionfunction considered 𝐹 and the vector of estimatedparameters 𝛳.

The 𝐴� statistic should be then fitted based on the distributionbeing considered.

As in the Cramer-von Mises test, in order to obtain the testresult, the p-value will need to be calculated using a differentprocedure for each distribution.

Graphical tests: goodness of fit tests provide a general measure ofhow the theoretical distribution fits the empirical distribution.Thus, it may well be that the distribution passes the test becausethe overall fit is good while the fit for the tails is not appropriate.

Using graphical tests to supplement analytical tests can determinehow appropriate this fit is:

- Mean excess graph: allows you to distinguish betweenlight-tailed and heavy-tailed models by comparing theshape of the theoretical and empirical mean excessfunctions.

- GQQ-plot and PP-plot31 graphs: these graphs plot theempirical distribution against the theoretical distribution todetermine whether the theoretical distribution is a good fitto the sample data. The difference between the QQ-plot andPP-plot is that the first compares parametric families ofdistributions, i.e. does not consider parameter estimates,while the second compares a single distribution that iscompletely specified through parameter estimates.

Figure 14. QQ-plot showing the fit of a lognormal distribution

31Quantile-Quantile Plot and Probability-Probability Plot.



28

Finally, a series of indicators are necessary to monitor theoperational risk management model. Key Risk Indicators (KRI)are statistics or parameters which are used to anticipatechanges in the risk exposure of companies (Fig. 16). Theseindicators are typically checked on a regular basis to be used asalerts about changes that may reveal negative patterns in riskexposure.

The main KRI methodology goals are:

- Provide information on the company’s level of operationalrisk and identify the main causes of any changes.

- Set warning levels and limits for decision-making by thoseresponsible.

- Identify and measure the effectiveness of controls and anyimprovements made.

- Identify KRI correlations with operating losses.

The level of detail of the KRI information is different for eacharea of management and should be suited to the level of thoseinvolved in each operational risk management committee.

Figura 16. Example of key risk indicators (KRIs)

Product losses in the transport of goods

Losses incurred in assets and relatedamounts

Number of disciplinary proceedingsinitiated with employees

Investment projects with unavailablefunds

Purchase orders issued withoutauthorization

Number of people with rights of accessto invoice return and the master ledger

Average frequency in updating firewallsto protect access

Number of hits on the trading rooms

Number of days with incidents in thedata backup (or days without backup)

KRIs Control-orientedKRIs Loss-oriented KRIs Risk-oriented

29

Advanced measurement approach (AMA): based on estimatingthe operational risk loss distribution using loss frequency andseverity distributions. These loss frequency and severitydistributions can be estimated for each business line and risk typecombination. Regulatory capital is based on the calculation of theexpected and unexpected loss at a 99.9% confidence level and aone-year time horizon.

The use of advanced methodologies for measuring regulatorycapital has led to improvements and developments in other areas,both within financial institutions (e.g. the measurement ofeconomic capital) and in companies operating in other industries(e.g. for negotiating the insurance program). While the lossdistribution parameters analyzed in a loss distribution may varydepending on the needs of the analysis, the methodology will besimilar to that used in this domain.

Operational risk and regulatory capitalRegulations on the calculation of regulatory capital in financialinstitutions now include operational risk (along with credit riskand market risk) as part of the information on capital adequacythat needs to be individually reported under Pillar 1 of Basel II,where three methods are established for the calculation ofregulatory capital for operational risk (Fig. 17):

Basic indicator approach: calculation of regulatory capital throughthe application of a percentage (15%) on adjusted gross income.This method is aimed at small institutions with a simple businessactivity structure.

Standardized approach: a step ahead of the basic indicatorapproach that divides the firm’s activity into predefined units andbusiness lines, and calculates capital as a percentage (which variesdepending on each line of business) of gross income for eachspecific line.

Figure 17. Regulatory Capital calculation methods (Basel II)

Capital based on ordinaryadjusted margin (15%).Aimed at small institutions with asimple business activity structure.

Institution’s activity is divided intopredefined units and business lines.Capital based on ordinary adjustedmargin for each business line (calibratedat 13%).- Retail banking (ß = 12%)- Retail intermediation (ß= 12%)- Asset management (ß=12%) - Commercial banking (ß = 15%) - Agency services (ß = 15%) - Sales and marketing (ß = 18%) - Corporate finance (ß = 18%) - Payments and settlements (ß = 18%)

Institution’s activity is divided intobusiness lines and risk types.Capital based on the calculation ofexpected and unexpected loss (99.9%confidence level over a 1-year horizon). Two distribution functions are used(Severity and Frequency) from whichthe Operational Risk loss distributionfunction (VaR) is derived.Insurance is recognized as a mitigatingfactor up to a 20% limit.

ADVANCED(LOSS DISTRIBUTION)BASIC INDICATOR STANDARDIZED

QUANTITATIVE REQUIREM

ENTS

Lower complexity Greater complexityLower capital requirements+_



30

Use of operational risk measurementmethodologies in the energy industry

31

Background

In recent years, the energy industry has experienced anincrease in both the number and magnitude of events thathave given rise to claims. Examples such as the oil spill in theGulf of Mexico from the sinking of BP’s Deepwater Horizonplatform and the nuclear disaster in Japan in 2011 show theeconomic and environmental impact that a single operationalrisk event can have on the energy industry.

During that time, the insurance industry has had to takesignificant losses that have contributed to higher insurancecosts and to heightened pressure on insured companies toretain more risk. Against this backdrop, both insurance andreinsurance companies and regulators, shareholders andstakeholders as a whole require organizations to allocateresources to improve their operational risk managementsystems.

Recent trends reveal two areas for improvement in operationalrisk management in the energy industry:

- Improved prevention and mitigation in order to preventaccidents and to minimize damage in the event ofoccurrence. For instance, more rigorous and frequentinspections of critical assets.

- Improved measurement to better typify and estimate therisks assumed by the company as a result of its businessactivity and minimize the related cost.

A case study on the implementation of operational riskassessment methodologies in relation to the second area willbe provided in this section.

Insurable operational risk management

Transferring risk through insurance is a widely used operationalrisk management tool. Although different insurancemanagement models are used by companies in the energybusiness, the most commonly used among large corporations isbased on captive insurance.

Under this model, the risk of an organization, usuallymultinational, is concentrated in a group company thatprovides insurance for the organization’s activities. This modelmakes it possible to determine the level of risk to be retained inthe captive company, and means the organization as a wholehas access to the reinsurance market, which gives it greaterbargaining power and thus results in lower costs.

The methodology described below answers some of thequestions that companies need to consider in order to improvetheir operational risk management systems:

4 What is the risk assumed by the company in each of itsactivities or business lines?

4 What is the reasonable cost of the premium for a particularinsurance program?

4 What is the total cost of risk?

4 How does risk vary with changes in company size?

4 How is the risk retained by the group distributed betweenactivities or business lines?



32

Insurance program optimizationmethodology

The optimization methodology described in this section, whichis based on the previously described LDA methodology,consists of seven stages (Fig. 18).

The risk analysis and data processing methodology used in thiscase is similar to that described in relation to the LDAmethodology, with the particularity that the sources ofinformation used are usually:

4 Loss data base: the company’s historical claims database isused.

4 Expert information: the model often incorporates, as asubjective input, the maximum probable loss andmaximum possible loss estimates that are usually producedfor the most critical assets using methodologies based onexpert information.

4 Industry information: as a supplement to the previoustwo sources, based on incidents occurred in the industrywhich, due to their characteristics, are thought to be likelyto occur in the company.

One of the goals pursued by the use of this methodology is tominimize the total cost of operational risk (TCOR) for thecompany. Total cost of operational risk is defined as the sum ofthe losses caused by the realization of operational risk plus thecosts associated with managing this risk. According to this

definition, the following key TCOR components have beenidentified:

4 Transfer costs: costs relating primarily to the acquisition ofinsurance (premium, brokerage, intermediation costs, etc.).

4 Retention costs: cost relating to the realization ofuninsured risk or costs outside the insurance thresholds(events below the franchise or above the insured limit).

4 Management costs: costs relating to risk identification,assessment, monitoring, risk prevention plans, riskmitigation and risk control.

4 Other costs: in some cases, other components such as thecost of capital or the cost of internal resources needed totackle risk are included in the definition of total cost.

For the purposes of this study, the total cost of risk is made upof two summands:

4 Cost of insured risk (CostIR): corresponds to the insurancepolicy premium.

4 Cost of uninsured risk (CostUR): loss borne by the company.

TCOR=CostIR+CostUR

Both components will be defined by both the retention levels(“R” – loss levels below which losses are borne by the company)and the insured limit32 (“L” – maximum loss covered) of theinsurance scenario33:

TCOR=CostIR(R,L)+CostUR(R,L)

Figure 18. Stages of the insurance program optimization process

Definition of uniformgroups of losses forinsurance modelingand mappingpurposes.

Analysis of dataquality, depth andconsistency.

Analysis ofinformation sources.

Scoping.

Definition of ‘cost ofinsured risk’ concept.

Definition of ‘cost ofuninsured risk’concept.

Adjustment offrequency and severitydistributions for eachportfolio of insurableassets.

Review of goodness offit (and use of expertcriteria as acomplement).

Gross loss distributionoutcome (calculation ofexpected loss, VaR andConditional VaR).

Allocation of policiesto assets according tothe line of insurance.

Standardization ofcalculation parameters(franchise, stop loss,limit, etc.).

Loss distributionoutcome afterinsurance (retainedand transferred).

Characterization oflosses retained by thebusiness and thecaptive

Definition of purepremium based on theretained level andinsured limit.

Analysis of premiumcomponents (expectedloss -EL-, safety factor,cost and businessmargin).

Comparison ofpremiums andexpected losses andidentification ofpotential savings.

Definition of the totaloperational risk costfunction.

Definition of the regionof acceptable insurancescenarios for differentconfidence levels.

Definition of theefficient frontier(theoretical optimalpremium for each levelof risk).

Definition of insurablerisk appetite policies.

Definition ofmaximum acceptableloss and relatedconfidence level.

Definition of minimumcost function andselection of optimalretention level.

Risk analysis anddata processing

Operational risk-based costsdefinition

Frequency andseveritymodeling

Loss modelingwith insurance

Pure premiumcalculation

Acceptable regionand efficient

frontier definitionOptimal scenario

definition

32The insured limit is usually defined in terms of limit per occurrence andaggregate limit.33This characterization has been simplified for the purposes of illustrating themethodology. In practice other variables are considered, including the operatingdeductible or limits such as the stop loss, which put a limit on the loss that can beborne by a company.

33

Fig. 19 illustrates the concepts of insured risk (IR) and uninsuredrisk (UR), as well as the retention level (R) and the insured limit(L). These concepts can be expressed graphically using the lossseverity distribution of a single risk.

CostIR may be calculated as the pure premium or expected lossborne by the insurance policy (ELReinsurance). This value willdiffer from the actual premium payable for such coverage,which includes other costs unrelated to the risk borne by theinsurance company (administration costs, commercialpremium, tax, brokerage, etc.). However, it is considered to bean acceptable proxy for the purpose of finding the optimumcoverage level.

CostIR = ELReinsurance

CostUR may be calculated as the sum of the expected loss forthe group (ELGroup) and the unexpected loss for the group at aconfidence level 𝛼 (ULGroup). The values given to 𝛼 are typicallychosen from the high loss distribution percentiles (between95% and 99.9%) when considering adverse loss realizationscenarios34.

CostUR = ELGroup + ULGroup (𝛼)Thus, the total cost of risk is defined as:

TCOR = ELReinsurance + ELGroup + ULGroup (𝛼)This definition of total cost of risk does not account formanagement costs as defined above. For the purposes ofapplying this methodology, these costs can be considered tobe constant and, therefore, would have no impact on theoptimization calculations.

Sometimes companies want to add the cost of capital to thedefinition of total cost of risk. In this case, the TCOR formulamay be adapted as follows:

- Adding WACC (weighted average cost of capital): weigh theunexpected loss by the average cost of capital35.

- TCOR = p + expected loss+ unexpected loss

TCOR = ELReinsurance + ELGroup + ULGroup (𝛼) ∗ WAC

It should be noted that this expression represents a linearbehavior of the cost of insurance to movements in retentionlevels. However, the reality of the insurance market shows that:(a) it is not possible to obtain quotations for all insurancescenarios and (b) increasing retention levels do not result in aproportional reduction in the premium. To reflect this fact, aloading factor (LF) on the pure premium can be included in theTCOR formula, to reflect the fact that the variation in thepremium quoted does not respond linearly to changes in thelevel of retention or stop loss.

TCOR = ELReinsurance ∗ (1+FL) + ELGroup + ULGroup (𝛼) ∗ WACC

Figure 19. Cost of insured risk and uninsured risk

34𝛼 of 95% would be equivalent to including in the TCOR value all unexpectedgroup losses below the distribution’s 95th percentile, i.e. excluding the losssuffered by the company 5% of all years (1 in 20 years). Similarly, 𝛼 of 99.9%would be equivalent to including in the TCOR value all losses below the 99.9%percentile, i.e. excluding those occurring 0.1% of all years (1 in 1000 years). Itshould be mentioned that a year is the usual scale for calculating loss distributionsdue to being similar to the period of validity of the insurance.35Some companies, mainly in the financial sector, include in the total cost of riskthe weighted average cost of capital needed to meet unexpected losses.

This section aims to determine the frequency and severitydistributions that best fit the data relating to gross loss, definedas the realized loss without considering the mitigating effect ofinsurance. The methodology used is similar to that described insection 4 of this document.

Once a gross loss distribution has been obtained, the next stepin the methodology is to determine the mitigating effect thatan insurance program has on that loss.

Figure 20 shows that using insurance allows companies to shiftthe loss severity distribution to the extent that such insurancetransfers losses between R and L.

The method used to obtain the loss after insurance is tosimulate events and apply the existing coverage conditions.

Thus, for each event we obtain:

- Amount of the loss retained by the group: depending onthe characteristics of the insurance program and the focusof the analysis, this data can in turn be divided into the lossborne by the business and the loss borne by the captiveinsurer.

- Amount of the loss borne by the insurer: correspondingto the gross loss arising from the event less the amountretained.

From the application of a given insurance program on thegross loss scenarios, it is possible to characterize thedistribution of losses borne by the insurance and, specifically,to obtain the expected loss or pure premium and the lossassociated with a given percentile.

Pure Premium = CostIR = ELReinsurance

As already mentioned, the pure premium does not match thequoted premium because of the different surcharges that needto be added to the first to achieve the second. However, bycalculating the loss distribution borne by the insurance, we areable find out:

- The efficiency of the insurance program: by comparing thepure premium calculated with the quoted premium we candetermine how efficient the program is (Fig. 21).

- The percentile for the quoted premium: it is possible toidentify which loss distribution percentile the premiumrequested for a particular insurance policy corresponds toand how far it is from the mean.



34

Figure 21. Insurance program efficiency

Figure 20. Loss distribution with insurance

35

Not all insurance scenarios represent a tolerable risk situationfor a company. Tolerable risk is determined by the company’srisk appetite, which in practical terms is usually expressed asthe maximum acceptable loss at a given confidence level, i.e. a𝛼 confidence level means that there is an 𝛼 probability thatlosses will be under the acceptable limit. Equivalently, lossesabove the acceptable limit will occur with a probability notexceeding 1 – 𝛼.The risk appetite levels allow a company to rule out insurancescenarios that do not maintain group losses below themaximum acceptable loss at a specific confidence level 𝛼. Theremaining scenarios are referred to as the acceptable region.

Within the set of insurance scenarios in the acceptable region,those that minimize the total cost of risk represent the efficientfrontier.

To illustrate this, the surface shown in (Fig. 22) represents fullrisk aversion. For retention and limit combinations for whichhigh probability losses are below the acceptable loss (3.2million euros in this case), total cost is the cost of the premium.Thus, the pure premium will be at its minimum on the efficientfrontier of acceptable scenarios.

Using a basic insurance program as a basis, progressivechanges in franchise and limit conditions are simulated toobtain a distribution of the losses retained by the group andtransferred to the insurer.

From this simulation of the insurance conditions, we can find:

- The program that minimizes total cost of risk.

- The lowest pure premium program that maintainsunexpected loss within the acceptable threshold.

- The most efficient program (best pure premium to quotedpremium ratio).

Fig. 23 illustrates TCOR behavior using the above definition.

In scenarios where the retention level is low (scenario 1), thepremium will be high and, conversely, in scenarios where theretention level is high, the premium will be low (scenario 6).

The lowest TCOR point will determine the optimal balancebetween premium and retained risk, and will largely depend onthe TCOR definition used, as shown below.

Figure 22. Acceptable region and efficient frontier

Figure 23. Simulation of insurance scenarios



36

a) TCOR = pure premium + Expected loss + unexpected loss

As it happens, in this case the pure premium plus the expectedloss is a constant that depends only on the gross loss (isequivalent to the expected gross loss).

Under these conditions, TCOR behaves qualitatively like theunexpected loss borne by the group. Therefore, the higher thelevel of retention, the greater the unexpected loss borne by thegroup, and the higher the TCOR value (Fig. 24).

If a cap on the loss to be borne by the group is introduced inthe insurance program (through stop loss products, forinstance), TCOR is no longer sensitive to changes in retentionlevels above the cap threshold (Fig. 25).

b) Incorporating cost of capital in the TCOR formula

Including cost of capital in the TCOR formula reduces the

amount of the TCOR value (because it weighs the unexpectedloss), whilst it does not alter its qualitative behavior (Fig. 26).

c) Incorporating the Premium Loading Factor in the TCORformula

Introducing a loading factor causes the pure premium’sbehavior to be non-proportional to changes in the retentionlevel and the limit. The effect observed is an increase in theTCOR value when retention levels are low, and a decrease inthe TCOR value when retention levels are high (Fig. 27).

If the loading factor is made dependent on both the retentionlevel and the cap, the following is observed (Fig. 28):

- In insurance scenarios where the retention level is low andthe cap is high (region 1), the TCOR value is high due to thepremium being high (since practically all risk is transferredunder these scenarios).

Figure 25. TCOR sensitivity to retention level and cap

Figure 24. TCOR sensitivity to the retention level

37

Figure 27. Impact of premium loading factor on TCOR

Figure 28. Overall impact of the loading factor and WACC on TCOR

Figure 26. Impact of WACC on TCOR

The historical average loss amount was 74 million euros, withthe gross loss and net loss breakdown being shown in Fig 30.At first sight, it can be seen that the net loss is not subject tothe same fluctuations as the gross loss, which suggests that theinsurance program is able to maintain the loss stable for thecompany at approximately 34 million euros.

Insurance program: the group has an insurance program (Fig.31) for each of the three countries in which it operates and foreach aspect under analysis in this example: MD and LP.

Expert and industry data have not been used in this example.

In accordance with the methodology, events have been filteredin order to identify those that should be excluded from theanalysis (outliers, negative value data, data whose dates do notfall within the time window selected for the analysis, etc.).

Once the data input has been filtered and events included havethe right characteristics for the analysis, event groupings areclassified into ORCs.



38

- The optimal TCOR value is found in insurance scenarioswhere the retention level is average and the cap is reached(region 2).

Applied example

An example of how this methodology is applied to a companyin the electricity business is shown below. This example aims toillustrate the modeling of material damage (MD) and loss ofprofit (LP) for the whole of the power generation anddistribution activities over a five-year period.

The input data are36:

Historical loss: Figure 29 shows cumulative historical lossesover the five-year period including a detail of the type andnumber of assets affected as well as the cumulative impact interms of material damage and loss of profit.

Figure 29. Loss events and impact by asset type Figure 30. Historical loss over a period of 5 consecutive years

Figura 31. Insurance program structure by asset type and country

36Actual data modified for confidentiality purposes.

39

ORC Selection

ORCs are defined by grouping events with similar characteristics(according to their frequency and severity). Events are classifiedaccording to the type of activity and the type of risk.

The matrix in Table 4 shows the types of activities and risksidentified as well as the number of events within theirintersection.

The data set was tested for statistical uniformity and thefollowing was decided:

4 Joint treatment of damage to physical assets and loss ofprofit caused by accidents for each of the power generationactivities (ORC 1, 2, 3 and 4).

4 Joint treatment of damage to physical assets in distributionactivities, whether they relate to electric power networks orsubstations (ORC 5), and likewise for all loss of profit (ORC 6).

4 Separate treatment of purposeful damage to electric powernetworks (ORC 7).

4 Joint treatment of all natural disasters, regardless of thebusiness activity (ORC 8).

Thus, there are eight ORC defined (Table 5).

Model premises and data treatment

Once the ORCs have been defined, the data is analyzed toverify it complies with the model assumptions. The analysismust be conducted on each ORC, so that if any one of themshould fail the test, it shall be modified, which may impact onthe grouping of data for the others.

Table 4. ORC groupings (with number of events)

By performing and exploratory data analysis we are able toverify effective compliance with model assumptions (Fig. 32).

In this exercise, total cost of risk is defined as:𝑇𝐶𝑂𝑅 = 𝐸𝐿Reinsurance + 𝐸𝐿Group + 𝑈𝐿Group (𝛼)This expression includes:

4 𝐸𝐿Reinsurance: expected underwriting loss, which is anapproximation to the risk premium under the insuranceprogram.

4 𝐸𝐿Group: expected loss for the group.

4 𝑈𝐿Group (𝛼): unexpected loss for the group.

Table 5. ORC defined

Figure 32. Model assumption analysis outcome



40

Frequency distribution calculation

To fit the frequency distribution of the empirical data, twoaspects need to be considered: the chosen frequencydistribution itself and the time series data for each ORC.

The chi-squared test is used to select a frequency distributionand time series combination, yielding a p-value for eachcombination. This indicator shows the distribution that best fitsthe sample data; in principle, the combination with the highestp-value is the best choice (Fig. 33).

In addition, a graphical fitting of the empirical data to thetheoretical data can be used to supplement the p-valueanalysis on the different distributions (Fig. 34). This analysis isuseful when more than one distribution and time seriescombination shows a high p-value.

A similar process is followed for all ORCs defined, and thedistribution that best models the frequency of events in eachORC is selected.

Distributions typically used for modeling frequencydiscriminate whether the variability in the number of claimshas above average volatility (negative binomial), below averagevolatility (binomial) or near-average volatility (Poisson). Itshould be noted that the binomial and negative binomialdistributions are complementary, and cannot be fittedsimultaneously.

The choice of a frequency distribution, therefore, does notdetermine the mean values of the claims model, but it doesdetermine the outliers or unexpected losses.

Severity distribution calculation

The next step is to fit the severity distributions. In this example,a statistical analysis covering ten different theoreticaldistribution types was carried out based on the loss amountsattributable to the events in each ORC.

Once the parameters for each of these distributions have beenobtained, it is possible to compare their suitability usinggoodness of fit tests. Two tests were conducted in this case:Kolmogorov-Smirnov (KS) and Kuiper (K). For the particularcase of ORC 1, a lognormal distribution was selected (Figs. 35and 36).

Table 6 shows the chosen distributions for each ORC.

Gross loss distribution calculation

After selecting the frequency and severity distributions for eachORC, both functions are convoluted. This convolution providesthe simple loss distribution for each ORC, which may be used toestimate expected and unexpected losses individually. Thesimple loss distributions are then added together to obtain theaggregate loss distribution (Fig. 37).

This outcome represents the gross loss which, according to themodel, the company will incur from their power generationand distribution activities for the risks considered.

It can be seen that the expected loss is approximately 74.3million euros and the unexpected loss, at a 95% confidencelevel, would reach 107.2 million euros in the absence ofdiversification; i.e. the loss to be expected over a 20 year periodwould exceed this amount. However, taking into accountexisting diversification across ORCs, the unexpected loss wouldamount to 85.3 million euros; i.e. a gain of 22 million euros isobtained from diversification. This effect, known as the"portfolio effect" is due to the independence of loss eventsbetween business lines.

Figure 33. Fitting of ORC 4 frequency distributions

41

Figure 35. Severity distribution fitting for ORC 1

Figure 34. Graphical fitting of empirical distribution to theoretical distribution

Figure 36. Cumulative probability function for ORC 1 –lognormaldistribution

Figure 37. Aggregate loss distribution

Table 6. Distribution fitting for each ORC



42

Based on the calibration results, it is possible to analyze theeffect that the current insurance program would have on theretained loss and the transferred loss. To do this, we followed aprocess for the simulation of 100,000 scenarios such as thatdescribed in the methodology. As a result, we obtained thedistribution for the losses borne by the company and by theinsurance. Company losses are also broken down into thoseborne by the captive and those borne by each business (Fig. 38,in million euros).

It can be seen that, under the current insurance program (witha stop loss) the expected gross loss amounts to 76.2 millioneuros, of which 41.4 would be transferred to reinsurance and34.8 would be retained by the group. Of these 34.8 millioneuros, 15.9 would be borne by the business and 18.9 by thecaptive.

The pure premium, as it has been defined here, would be theexpected loss transferred to reinsurance. Therefore, thepremium for the insurance program analyzed (with stop loss)would amount to 41.1 million euros.

Since we are able to break down the effect that the insuranceprogram has on each business activity, we can estimate thepure premium attributable to each of them. In the example, thepower generation business appears to have contributed 39.3million euros to the total pure premium amount for thisprogram. This breakdown allows us to identify the weight orcontribution of each business to the group’s loss and establisha system to define the cost of risk based on marketmechanisms (i.e. transferring the cost of the premiums quotedaccording to their contribution to loss).

Figure 38. Simulation of company losses

43

Figure 39. TCOR optimization

As previously mentioned, acceptable risk is determined by acompany’s risk appetite. In order to simplify the example, riskappetite was defined as a EUR 100 million cap on operationalrisk losses at a 95% confidence level.

Under the current insurance program, the loss borne by thecompany, both from the business deductible and from theamount retained by the captive, amounts to 57.7 million euros(87.7 million euros without stop loss). At a 95% confidencelevel, as seen above (Fig. 38), this would be a possibleacceptable insurance scenario for the company.

Insurance scenarios involving losses above 100 million eurosfor the company would not be acceptable, such as a non-risktransfer or non-insurance scenario setting the loss at 161.4million euros, as seen in the VaR total in Fig 38.

This means that the definition of acceptable region establishesinsurance scenarios which: (1) are consistent with thecompany’s risk appetite and policies and (2) correspond toinsurance programs that can be accessed on the market. Withinthe feasible region, the most efficient insurance scenario will bethat in which the difference between the theoretical and thequoted premium is the lowest (which minimizes the premiumcost inefficiency arising from the insurer’s risk aversion, tradecosts, etc.).

Changes can be made to the franchise and excess conditions inan insurance program with a view to analyzing the effect thesechanges would have on the total cost of risk and therefore beable to determine the optimal insurance scenario. Figure 39shows the results of applying 20% per cent increases andreductions to the franchise and stop loss levels.

In this case, the minimum total cost of risk (TCOR) would beachieved under a scenario with a 60 % increase in the franchiseand a 60% reduction in the stop loss. This is to say, that in TCORterms it would be beneficial to increase the retention levelwhile at the same time decreasing the stop loss. The loss for thegroup under this scenario would be 52 million euros at a 95%confidence level, which is within the acceptable region andhence within the company’s risk appetite policy.

In this example, the optimal insurance scenario corresponds tothe lowest stop loss level because the cost of risk definition isproportional to the percentile or unexpected loss that thecompany is able to withstand, i.e. the sum of the expected lossretained and the expected loss transferred to the reinsurancemarket (the latter is an approximation to the theoreticalpremium) is a constant independent from the insuranceprogram and corresponds to the expected loss for the assetportfolio. Therefore, the TCOR value is proportional to theunexpected loss or percentile and is directly affected by thearranged stop loss level if the latter is activated (when theannual loss percentile exceeds the stop loss level).



44

Case study conclusions

This case study, necessarily simplified, illustrates how themethodologies discussed throughout the document help toobjectivize and quantify the level of insurable operational riskas well as to assess the most suitable insurance program for acompany. These methodologies also provide usefulinformation for insurance negotiation purposes, such as theestimated cost of the premium or a measurement of possible"inefficiencies" in the premium quote. The process that hasbeen followed in the practical example can therefore provideanswers to some key questions related to operational riskmanagement, such as:

4 The loss that the company is exposed to, i.e. the level of riskinherent in the business assets and activity. This loss isquantified by modeling the gross loss distribution (lossprior to implementing an insurance program) underspecific scenarios (different distribution percentiles formeasuring loss exposure every year or every 𝑥 years). In theexample, the potential loss would amount to about 161million euros every 20 years (95th percentile in thedistribution) versus an expected annual gross loss of 76million euros.

4 How much each business contributes to the Group's totalrisk amount. The amount that each business activity orgroup of assets contributes to the company’s risk profile, sothat the company may objectively allocate costs andprioritize actions to renovate, improve, operate or maintainassets. In the example (Figure 38), power generation assetscontribute about 85% of the Group’s expected loss orclaims, compared with 15% contributed by distributionassets. Within power generation assets, combined cyclesare the cause of approximately 50% of Group claims. Interms of potential losses (every 20 years) the contributionof power generation and distribution activities is 93% and18% respectively (112% altogether) and reveals that power

generation and distribution assets have a 12%diversification effect between them (the Group’s potentialloss is 12% lower than the sum of the potential loss for eachasset group).

4 The reasonable cost of the premium for a particularinsurance program, particularly regarding the theoretical orpure premium, which is the first of the three premium costcomponents (complemented by the commercial ormanagement cost and a margin related to the insurer’s riskaversion). This pure premium is estimated from theresulting loss function as the difference between the grossand net loss. In the example, it represents about 41 millioneuros.

4 The total cost of risk for the company, i.e. the sum of thecost from expected losses, the premiums paid and thepotential losses. In the example: 35, 41 and 58 millioneuros, respectively.

4 The ways for improving and optimizing the currentinsurance program, i.e. management levers to optimize notonly the premiums paid, but the total cost of risk. In theexample (which uses fictitious data), an increase in thefranchise and a reduction in the stop loss of around 60%reduces the total cost of risk by 4%, changing from 102 to98 million euros.

4 The value of products such as stop loss insurance. This isthe quantification of the reasonable cost associated witheach of the components in the insurance program basedon their economic impact on the Company’s loss profile. Itis calculated as the variation in the Group’s total cost of riskresulting from inclusion in the program. In this example,figures 25 to 28 show those franchise and stop losscombinations in which the latter is not effective in terms ofreducing the cost of risk for the company, while it does notsubstantially alter the potential loss. This analysis makes it

45

37In this regard, the fitting of frequencies and severities should take account ofscaling factors when incorporating changes arising from investments,disinvestments, new technology or corrective measures into the asset portfolio.For instance, the acquisition of a distribution network will increase the frequencyof accidents but perhaps not their severity, and a power increase in an electricitygeneration turbine may result in increased profit loss if an accident occurs, whilefrequency will not be affected.

possible to determine whether it makes economic sense tomodify the conditions of the insurance program, allowingthe company to determine, for instance, the franchise orstop loss levels whose effectiveness in reducing risk justifiestheir price or a premium increase.

4 The market response to changes in the insurance programdesign. This is a measure of the impact that a change in thefranchise, insured value, etc. has on the premium. Theexistence of premium components other than the losstransferred to the insurer, such as the insurer’s risk aversionor commercial costs, introduces uncertainty or inefficiencyin the insurance cost faced by the insurance company, andthis can be measured as the difference between the quotedpremium and the theoretical premium, which varies as theinsurance program conditions change (deductible -franchise- and stop loss).

Also, it is reasonable to assume that the insurance market willbe very sensitive to significant changes in the insuranceconditions (e.g. a nonlinear increase in the premium inresponse to significant reductions in retention levels).Therefore, in formulating total cost, cost reduction factors aretaken into account. These can be estimated from market pricesfor equivalent programs, different only in retention and limitlevels. This tighter market conditions, or exponential premiumgrowth in response to changes in risk transfer levels, can resultfrom recent accident rates, whether suffered by the companyor by third parties, as well as from immaturity and fromignorance of the risk profile of new technologies, among otherfactors.

In this exercise, the TCOR behavior is determined by the limit orstop loss activation. This behavior makes it possible to identifythose stop loss levels that do not affect the company’s cost ofrisk, and hence those where a premium increase associatedwith a better stop loss does not justify the investment in termsof risk reduction.

Regarding the availability of information sources, using thistype of methodology does not require significant amounts ofhistorical event data, as results can be obtained with fewoccurrences. In such cases, events do not need to be groupedinto ORCs at a high level of detail; coarse granularity is sufficient(for instance, events can be grouped by business activity andtype of risk) to achieve reasonable results. If industry events arenot available, as it is the case in the example, the model resultsshall only be tied to the company’s recent history of events,which on the other hand tends to be the major input used byinsurance companies to determine the premium for a givenprogram. In any case, the analysis can be enriched by stresstesting or sensitivity exercises, which can be used to estimaterisk in response to changes in modeling parameters byincorporating hypothetical events that are representative ofsimilar events in the industry as well as changes in the scopeinsured (e.g. those resulting from disinvestments in productiveassets37).



46

Glossary

47

Captive insurer: insurance and reinsurance company belongingto a business group whose mission is to cover the risks of thegroup.

Coverage: basic insurance component that defines the insuredobject, the entity that acquires the risk (insurer), the entity thattransfers the risk (insured), the sum insured (limit), thedeductible (franchise or excess) and the level of coverage(percentage covered).

Event: an event that results in operational loss. It ischaracterized by its cause (reason why the event occurs) and itsimpact (the loss that would not have been incurred had theevent not happened). All impacts stemming from the sameroot cause are considered to be part of the same event.

Franchise or deductible: amount of the loss insured which isborne by the insured.

Limit: maximum amount of the insured loss covered by theinsurance company. As a general rule, this limit may be ofdifferent types:

- Limit by occurrence: applies to each claim within thepolicy coverage.

- Aggregate limit: applies to the cumulative sum of claimscovered so that, if at the nth event the aggregate lossfrom events of the same type exceeds the limit, theinsurer is freed from the obligation to cover the excess.

Operational risk: risk of loss resulting from inadequate or failedinternal processes, people or systems or from external events.Usually includes legal and compliance risk, and excludesstrategic and reputational risk. The industry differentiatesbetween:

- Insurable risk: operational risk that may be insured andmay therefore be partially or fully transferred to anotherparty, usually in return for payment of a premium.Includes damage to company assets and damage tothird parties caused in the course of the businessactivity.

- Uninsurable risk: operational risk associated with processor system failure.

Policy: contract between the insurer and the insured wherebythe insurance terms are fixed.

- Direct policy: document by which the insured transfersthe risk to the insurer and the insurance conditions areestablished. The insurer, in turn, transfers the risk to thecaptive through what is called a "fronting agreement”.

Premium: amount the insured pays the insurer to underwritethe policy. It consists of:

- Pure premium: real cost of risk borne by the insurerbased on the expected loss.

- Surcharge or add-on: amounts that are added to thepure premium for administrative expenses, mark-up,administration expenses, etc.

Recovery: gross loss amount that is not ultimately lost by thecompany. Recovery is independent from the original loss. Twotypes of recoveries are usually considered in the industry:guarantees (amount of the loss covered by the asset producer)and insurance (amount of loss covered by the insurance,subject to the conditions of the previously subscribed policy).

Stop loss: a product that limits the captive’s total loss to aspecific amount.



48

References

49

Australian Government, Department of Foreign Affairs andTrade (16 January 2012). Great East Japan Earthquake: economicand trade impact.

Basel Committee on Banking Supervision, BCBS (January 2013).Principles for effective risk data aggregation and risk reporting.Basel: Bank for International Settlements, BIS.

Basel Committee on Banking Supervision, BCBS (June 2004).Basel II: International Convergence of Capital Measurement andCapital Standards: a Revised Framework. Basel: Bank forInternational Settlements, BIS.

Basel Committee on Banking Supervision, BCBS (BIS) (2010). Principles for Enhancing Corporate Governance. Basel: Bank forInternational Settlements, BIS.

British Petroleum, BP (2010). Summary review.

British Petroleum, BP (2010). Sustainability review.

Committee of Sponsoring Organizations of the TreadwayCommission, COSO, (September 2004). Enterprise RiskManagement -- Integrated Framework (COSO II).

European Bank Association, EBA (2011). Guidelines on InternalGovernance (GL-44).

European Commission, EC (25 November 2009). Directive2009/138/EC of the European Parliament and of the Council of 25November 2009 on the taking-up and pursuit of the business ofInsurance and Reinsurance (Solvency II).

European Commission (Liikanen), EC (2012). High-level ExpertGroup on reforming the structure of the EU banking sector.

European Securities and Markets Authority, ESMA / U.S.A.Market Infrastructure Regulation / Dodd–Frank Act.

Federation of European Risk Management Associations, FERMA(2003). Estándares de gerencia de riesgos.

Foro de reputación corporativa, FRC (Diciembre 2005).Introducción a la reputación corporativa.

Independent Commission on Banking, ICB (Walker) (2009-ongoing). A review of corporate governance in UK banks andother financial industry entities. London: The Walker reviewsecretariat.

International Organization for Standardization, ISO (2009). RiskManagement – Principles and guidelines. ISO 31000-2009.

International Organization for Standardization, ISO (2009). Guide73:2009, Risk management - Vocabulary complements ISO 31000.

International Organization for Standardization, ISO /International Electrotechnical Commission, IEC (2009). ISO/IEC31010:2009, Risk management – Risk assessment techniquesfocuses on risk assessment.

Institute of International Finance, IIF (2011). Implementingrobust risk appetite frameworks to strengthen financialinstitutions.

Government of Japan (August 2011), Economic Impact of theGreat East Japan Earthquake and Current Status of Recovery.

Government of Japan (March 2012), Japan’s Challenges TowardsRecovery.

Management Solutions (2014), Model Risk Management:Aspectos cuantitativos y cualitativos del riesgo de modelo.

Nathaniel C. Johnson, (29 January 2014). Atmospheric Science: Aboost in big El Niño. Online Publication: Nature Climate Change4, 90–91(2014) doi:10.1038/nclimate2108.

Prudential Regulation Authority, PRA (former Financial ServicesAuthority, FSA) (September 2012). Effective corporategovernance (Policy Statement, PS 10/15).

Prudential Regulation Authority, PRA (former Financial ServicesAuthority, FSA) (January 2010). Effective corporate governance(Significant influence controlled functions and the Walkerreview) (Consultation Paper, CP 10/3).

Senior Supervisors Group, (2010). Observations on Developmentsin Risk Appetite Frameworks and IT Infrastructures.

Senate and House of Representatives of the United States ofAmerica, (July 2002). Sarbanes-Oxley Act of 2002 - Public Law107–204 107th Congress.



50

Management Solutions is an international consulting servicescompany focused on consulting for business, risks, organizationand processes, in both their functional components and in theimplementation of their related technologies.

With its multi-disciplinary team (functional, mathematicians,technicians, etc.) of over 1,300 professionals, ManagementSolutions operates through 18 offices (9 in Europe, 8 in theAmericas and 1 in Asia).

To cover its clients' needs, Management Solutions has structuredits practices by sectors (Financial Institutions, Energy andTelecommunications) and by lines of activity (FCRC, RBC, NT),covering a broad range of skills -Strategy, CommercialManagement and Marketing, Organization and Processes, RiskManagement and Control, Management and FinancialInformation, and Applied Technologies.

In the Energy industry, Management Solutions provides servicesto all types of companies - electricity, gas, petrochemical, etc. -both in global corporations and in local enterprises and publicbodies.

David CocaManagement Solutions [email protected]

Raúl García de BlasManagement Solutions [email protected]

Carlos F. GallejonesManagement Solutions [email protected]

Ruben G MoralManagement Solutions [email protected]

Javier CalvoManager at Management [email protected]

Javier ÁlvarezManager at Management [email protected]

Álvaro del CantoManager at Management [email protected]

Our aim is to exceed our clients'expectations, and become their trusted

partners

Design and LayoutMarketing and Communication DepartmentManagement Solutions - Spain

© Management Solutions. 2014All rights reserved

Madrid Barcelona Bilbao London Frankfurt Warszawa Zürich Milano Lisboa BeijingNew York San Juan de Puerto Rico México D.F. Bogotá São Paulo Lima Santiago de Chile Buenos Aires

operational risk management in the energy industry

Documents