scenario models and sensitivity analysis in operational risk
TRANSCRIPT
COMPG007:OperationalRiskMeasurementforFinancialInstitutions
Coursework
ScenarioModelsandSensitivityAnalysisinOperationalRisk
Lecturer:DrArianeChapelle
TeamMember:RuixinBao,YangLi,HanlinYue
2016.12
2
Content1.Introduction...........................................................................................................3
1.1ResearchObjective.........................................................................................31.2LiteratureReview...........................................................................................41.3ResearchProcedure.......................................................................................4
2.ScenariosGeneration.............................................................................................52.1ScenarioI–AssetMisappropriation...............................................................52.2ScenarioII–DatalossbyCyberAttack..........................................................92.3AggregatedScenario....................................................................................11
3.SensitivityAnalysis...............................................................................................143.1SensitivityanalysisforScenarioI..................................................................143.2SensitivityanalysisforScenarioII.................................................................213.3SensitivityAnalysisforAggregatedScenario................................................25
4.AlternativeAdjustmentonLossMeasureQuantile.............................................264.1IntroductiontoClusterAnalysis...................................................................264.2ApplicationonAdjustmentofScenarioResult.............................................274.3ImportantMeaningtoLossMeasureQuantile............................................27
5.Conclusion............................................................................................................285.1Discussionofstrategicoptions.....................................................................285.2LimitationandImprovement........................................................................29
6.Reference.............................................................................................................297.Appendix..............................................................................................................30
3
1.Introduction
Thepurposeofthispaperistocreate,analyseandgeneratereliablescenariodataforoperationalrisk(OR) events in a bank and to provide efficient strategies regarding the improvement ofoperationalriskmanagementinordertoassistinthepreventionoffuturerisks.Sincethescarceof the essential data in these eventswith ‘high severity and low frequency’when aggregatingbank’slosses,scenarioapproachismostappropriatemethodtobeabletofillthegapsofourtotallosses distribution, especially in the tail. Effective scenario modelling could help the financialinstitutionstounderstandhowaparticularoperationalriskeventhappened,whatcauseit,andwhat’sthepossibleimpactsofit.Scenariosensitivityanalysiscouldalsohelpthedecisionmakertofindthekeyfactorswhenthelossoccursandinspirethemtogeneratemostefficientcontrolstopreventtheirinstitutionsfromfuturelosses.
At this paper, we focus on modelling and sensitivity testing of two cases including assetmisappropriation and cyber-attack since these two events donate huge contributions in lossdistributionsinabank.Bothofthemhavecharacteristicslikehighseveritylowfrequency,whichare obviously main targets of scenario analysis. Moreover, sensitivity analysis for these twoscenarios and combined scenario also be used as the method to explore most sensitive andessential riskdrivers.Next, clustermethod isapplied toadjustquantilesbygroupingdata intosubsetsofdataregardingtheseverityofORlosses.Basedontheresultwehaveobtained;strategicoptionscanbeprovidedtomanagersinthefutureoperationalriskmanagementasforthesetwoORevents.
1.1ResearchObjective
Asfarasweknow,thereisstillnostandardmethodforscenariogenerationandaggregationsincetheexistenceofdifferencesinvariousOReventsandbusinessenvironment.Hence,it’smeaningfultoexplorethemoreefficientprocessandmethodologyatthissectionaimingtosupportdecisionmakers by showing the sensitive factors at scenario cases and estimating the sufficient andappropriatecapitalrequirementforpreventingthebankfromfuturerisks.Here,thisresearchistoapplyacademicconceptsandmethodologiesofoperationalriskmanagementandassessmentespeciallyscenarioapproachintotherealisticcaseinabank.Theresultofthisresearchcanbedirectly used in banks as the models to analyse their operational losses from assetmisappropriation and cyber-attack. Based on scenario approach and cluster method, theappropriatecapitalrequirementcanbecalculatedasoperationallossesinthefollowingyears.Ofcourse, some additional conditions should be considered every year regarding the changes ofexternalfinancialenvironmentandinternalbusinessstructure.Wedobelievethatthisresearchisapplicable in current global financial circumstance and it could contribute on robustness ofscenariomodelling throughsolidconsiderationsofdetails in thiseventandtargetorganisationconstruction.
4
1.2LiteratureReview
Academics and practitioners have proposed various multiple-scenario analyses to treatuncertaintiesinthefutureofbusinessorganizationssincethe1970s[14].Sincetheexternallocalandglobalenvironmentareladenwithuncertainchanges,itisdifficulttodetectpotentialtrends.Hence scenario analysis is worth by advocating the generations of alternative pictures of theexternal environment’s future[2]. There is no doubt that scenario analysis has increasingattractiveness tomanagers [3][4].Generatingscenarioshasvariousmethodologieswhichcanbefoundinliterature[4-10].
Forinstance,Ringland[10]illustratesthatmajorityofcompaniesshehassurveyedapplyapproachnamedasPierreWackIntuitiveLogics,whichcreatedbyformerShellgroupplannerPierreWack.This approach focuses on constructing a comprehensible and credible set of situations of theforthcomingtotestbusinessplansorprojectsasa‘windtunnel’bytheencouragementofpublicdebateorimprovementofcoherence.Duringthepastfewdecades,thethinkingthatShellusedtodealwithscenarioshasspreadouttootherorganizationsandinstitutionssuchasSRIandGBN[10].Later,thisShellapproachandGodet’sapproacharecomparedbyBarbieriMasiniandMedinaVasquez[13].
Ringland[10] also introduces other organizations and their methods constructing scenariosincluding ‘Battelle Institute (BASICS), the Copenhagen Institute for Future Studies (the futuresgame),theEuropeanCommission(theShapingFactors–ShapingActors),theFrenchSchool(Godetapproach:MICMAC), the Futures Group (the Fundamental PlanningMethod), Global BusinessNetwork (scenariodevelopmentbyusingPeterSchwartz’smethodology),NortheastConsultingResources(theFutureMappingMethod)andStanfordResearchInstitute(Scenario-BasedStrategyDevelopment)’.Inthispaper,scenarioprocessisadjustedbasedonbankstructure,targetevents,andallabovethepreviousscenarioapproachesexperiences.
1.3ResearchProcedureTheresearchprocessisbasedonthebasicscenarioprocessasfollowingsteps[2][11][12]:Step1:IdentifyfocalissuesforourbankStep2:Mainforcesinthelocalcircumstanceandinternalandexternalbusinessenvironment Step3:DrivingkeyriskdriversandforcesStep4:Rankingfactorsbyuncertaintyandimportance Step5:DrawingscenariosflowchartinreasonableandlogicalwayStep6:MaterializingthescenariosandaggregatingscenariosStep7:Sensitivityanalysis Step8:ClustermethodtogenerateStep9:ImplicationsforstrategyStep10:DiscussthestrategicoptionsStep11:Settletheimplementationplan
5
The objective is to observe and analyse sensitivities of scenario cases based on suitableassumptionssummarizedfromempiricalevidence.TheSwissCheeseModelcanbeusedtobuildscenario modelling after finding each events’ exposures, occurrences, and impacts. ThroughMontoCarlomethod,thelossdistributionscanbegeneratedduringayear,andcombinedscenariolossdistributioncanbeobtainedthroughaggregationtechniqueasthebenchmarkingofcapitalrequirement.
Inthispaper,twoindividualscenariosandonecombinedscenariodistributionsaregeneratedforOReventsassetmisappropriationanddatalossfromcyber-attack.Afterinputtingthenecessaryparametersbasedonbank’sinformationandexperts’opinions,MonteCarlossimulationisusedtogeneratetheVaRineachscenario.Next,VaRquantilescanbecorrectbyclustermethodologytoproducemoresuitableVaRquantilesbasedontheseverityofORlosses.Decisionmakerscancitethisresearchresultasreliableandessentialsuggestionsforoperationalriskmanagementfortheirbank.
2.ScenariosGeneration
2.1ScenarioI–AssetMisappropriation
2.1.1AssetMisappropriationdefinitionAssetmisappropriationfraudistheassetlostifpeoplewhoareentrustedtomanagetheassetsoforganizationstealfromit.Thisfraudbehaviorusuallyhappensduetothirdpartiesoremployeesin an organization abuse their position to obtain access for stealing cash, cash equivalents,companydataor intellectualproperty,whicharevital forbusinessrunningforanorganization.Hence,thistypeoperationalriskshouldbemodelledandanalysedappropriately,especiallyunderthecasethatextremelyscarceofrealdataduetoprivacyofthisissueandstigmaoforganizationandnegativeimpactofpublicimage.Thistypeofinternalfraudcanattributetocompanydirectors,or itsemployees,oranyoneelseentrusted toholdandmanage theassetsand interestsofanorganization.Modelling,analysing,anddiscoveringthemostefficientscenariomethodologyisthemainpurposeofthispaperinordertoobtainadeeperunderstandingofthiskindoffraudandproviderealisticsolvingmethodstoavoid,stopandremedythiskindofissues.
2.1.2ScenarioExplanationandAssumptions
Normally,assetmisappropriationfraudcanbethefraudulentbehaviorincluding: i. Embezzlementwhereaccountshavebeenfalsifiedorfakeinvoiceshavebeenmade.ii. Deceptionbyemployeesinsidebank,falseexpensestatementsiii. Payment frauds where payrolls have been fictive or diverted, or inexistent clients or
employeeshavebeencreated.iv. Datatheftv. Intellectualpropertystealing
6
Inthisscenario,thetargetobjectistheassetmisappropriationwithinamediumsizebankbranch.Basedonbank’sbasicinformationandstructure,somereasonableassumptionscanbeproposedatthisstageasfollows.
• Themostpossibleassetstypes inthisbankcanbestolencovercreditnotes,vouchers,companydataandintellectualproperty.
• Bankhas2000employees,andwecouldsimplifierallstaffinto5differenttypespositionsincludingheadofabankandvice-presidents(20)with10%,managersanddirectors(180)with10%,senioranalyst(600)with5%,junioranalyst(1200)with5%accordingtovalueofaccesstheyholdinabank.
• Generally, the average probability of internal fraud happens inside bankwhich is 5%.Basedonthe levelofprocessesand internalsystemsandcontrols, thisprobabilitycanmoveonordown.Itisslightlydifferentforcriminalprobabilityindifferentlevelssuchasthe head of a bank and vice-presidents with 10% criminal probability, managers anddirectorswith10%,senioranalystwith5%,junioranalystwith5%accordingtovalueofaccesstheyholdinabank.
• The amount of asset can be stolen are different with various positions and it can bemeasuredasarandomprocesswhichfollowsnormaldistributionswithdifferentmeanand(variance).Forinstance,headofabankandvice-presidentsstealaround1000-unitasset with variance (300), managers and directors may access about 100-unit withvariance(30),seniorassociatescancontrolnearly20-unitwithvariance (6),and junioranalystonlycouldobtainnear10-unititemswithvariance(3).
• If employees what to misappropriate bank’s asset under their authority, they coulddirectlyaccesscertainvolumesuchasheadofabankandvice-presidents(level4)couldaccess100%amountofasset,managersanddirectors(level3)cancontrol90%,senioranalyst(level2)couldapproach75%,andjunioranalyst(level1)canaccess50%accordingtonumberofentrancestheyholdinabank.
• ifanemployeewantstoembezzlebankassets,thisemployeeneedspermissionfromhisorhersuperiorstocompletethisfraudulentbehaviour.Accordingtoexpertswithinthisbank, thepossibilities that superiors are cheated successfully through fakedocumentswithprobability50%thatjunioranalystobtainspermitfromtheirmanagers,similarlywithprobability25%managersanddirectorscouldfraudsuccessfully,andwithprobability10%thatheadandvice-presidentsstealassetsfrombank.
• Regardingtothe levelofemployees,theseverityofthis issuecanbemeasuredwithabankandvice-presidents ×1,728,managersanddirectors ×1.44,senioranalyst ×1.2,andjunioranalyst ×1.
Oncethishappens,banksshouldadaptimmediatereactionsandreportitintoactionfraud.Sinceiffraudstersarenottackled,theseopportunisticone-offfraudscanbecomesystemicandspreadoutwithinbankandfraudstersmaythinktheirbehaviorsareacceptable,whichformsanegativecompanycultureoftheftandfraud.
2.1.3AssetMisappropriationFlowchart
7
Inthisscenario,themostpossiblemissedatourbankunderassetmisappropriationcanbedivideinto four types such as credit notes, vouchers, bank data and intellectual property. All assetmisappropriationcanattribute to two isolatedcases involvingexpense fiddlingoranemployeelyingabouthisorherqualificationstogetajob.Inthiscase,differenttypesofemployees’positionsareconsideredasdifferentoccurrenceswhichareeasytocalculatethetotallossbasedontheirlevelofaccessandvalueofassetstheycouldobtain.Attheend,theimpactcanbeusedtocalculatethetotallossasthefollowingformula.Here,wemeasurereputationlossbasedonseverityofthisevent.
𝑳𝒐𝒔𝒔 = 𝑽𝒍𝒐𝒔𝒔 ∗ 𝑽𝒂𝒎𝒐𝒖𝒏𝒕 ∗ 𝑺𝒆𝒗𝒆𝒓𝒊𝒕𝒚
Afteranalysingexposure,occurrenceandimpactofassetmisappropriation,wecouldusetheSwissCheeseModel(CumulativeActEffect)toapplypreventative(P),detective(D),andcorrective(C)controls to reduce the possibility of this issue happens, control the effect of this event, andmitigatetheconsequencesofthisevent. Here, different controls can be initialized as the quantitative values according to the expert’ssuggestionsandhistoricaldataasfollowing:
• P1:VetemployeesbyCVandreferencescouldreduceinitialcriminalprobability• P2-Implementawhistleblowingpolicy• P3-Imposeclearsegregationofduties• P4-Controlaccesstobuildingsandsystems• D1-Checkinginvoicesandrelateddocuments• D2:Internalauditcoulddetectthiseventwithprobability98%.• C1:Theinsuranceproportionsaredifferentforvariouslevelofemployeessuchasabank
andvice-presidents 0%,managersanddirectors 70%,senioranalyst 50%,andjunioranalyst 0%.
• C2:Tacklerelevantemployeescouldreducetheseverityofthisissue
Expusure
CreditNotes
Vouchers
BankData
Intellectualproperty
Occurrence
HeadandVice-
presidents
ManagersandDirectors
SeniorAssociate
JuniorAnalyst
Impact
Valueofloss
Amountofloss
Reputationloss
8
2.1.4Result
Let’sapplyMonteCarlotosimulatethisscenarioinordertoobtainreliabledatatoanalysethisevent.Formakingsuretheaccuracyoftheresult,thisprocessisrepeatedfor10000times,whichshowsmorereasonableandrealisticresultscomparedwith2000timesand5000times.InputtingalltheparametrisesandusingtheabovearithmetictogetthefollowingresultofVaR($):
Plot1:SimulationResultofScenarioI–AssetMisappropriation
Bytryingtoapplydifferentdistributiontypestofitourdata,wefindthatGeneralizedExtremeValuefitsdataverywell,anditmakessensessinceassetmisappropriationcanbetreatedastheextremeevents.ByExtremeValueTheorem(EVT),GeneralizedExtremeValue(GEV)distribution
P1:VetemployeesbyCVandreferences
P2:Implementawhistleblowing
policy
P3:Controlaccessto
buildingsandsystems
P4:Imposeclearsegregationof
duties
Scenario:AssetMisappropriation
D1:Checkinginvoicesand
relateddocuments
D2:InternalAudit
C1:Insuranceandbackup
C2:Tacklerelevant
employees
25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
9
isanormalwaytomeasuretailloss,especiallyforscenariocase.Fromthesimulationresult,wecanfindthattheoverallVaRdistributionisroughlyalognormaldistribution,whichmightfitreality.Wecantreatitasanacceptableresult.
EstimatevaluesforGEVdistribution’sparameters,mean,andvarianceasfollows:
Loglikelihood Mean Variance k sigma mu
-112685 44682.1 Inf 0.657664 11172.5 17407.7
Fromabovefigure,oneimportantcharacteristicofassetmisappropriationisthatonceithappensandwillcourselargelossforabank.Althoughthetrustbetweenbankandemployeesisessential,somestrategiesoughttobeadaptedtostopthiskindofissuesattheverybeginningtomakesureitwon’tmakeahugeimpactforbank.GeneralizedExtremeValueFittingisthemostappropriatefittingmethodinthiscase.Obviously,thisfigurescanbetreatedasLognormaldistribution,whichmakessenseinreallife.
2.2ScenarioII–DatalossbyCyberAttack
2.2.1Significanceofexploringdatalossbycyberattack
Cyber-attacksareadvancedpersistentmenaces,whichtargetcompanysecretsinordertocancostcompaniesahugeamountofmoneylossandcouldevenputthemoutofbusiness.Therefore,it’svaluabletomodelandanalysethe losscausedbycyber-attacks.Normally,hackers infiltrateaninstitution’ssystemoutofoneoftwoaims:cyberespionageordatasabotage. Inthisscenario,datasabotageishighlightedespeciallydatalosscausedbyhacker’sinfiltrateatbank.Theemphasisof this scenario is to simulate how hackers insinuate into bank’s network system and destroyessentialdata,andwhatdetectionsabankcouldapplytoprotecttheirdataandminimizelosses.
2.2.2scenarioanalysisflowchart
Assumptions:• Thetotalvolumeofdataatthisbankis10000units• Therearethreefirewallsatthisbankwithdifferentsecuritylevels,dataallocations,anddata
significance.• There are only two types of data including client’s information (50%) and management
information(50%).Usually,bankhasbackupforallclients’information,butsometimestheymayforgettorecordsomeclients’informationbecauseofomittingoffulfillinbackupstorageor negligence of related staff.Majority ofmanagement informationmay not be copied atbackup.
• Networkengineerscheckthewholesystemonceanhour,however,frequencyofcheckingcanberecognizedastheabilityofengineers,whichmeansthatmorefrequentofcheckingmorestrongcapabilityofanengineeris.Athere,itcanbesupposedthathackersalmostsurelycanbefoundiftheyinfiltrateatthesametimethatengineerschecksystem.
10
2.2.3Scenarioprocess
Basedonassumptionsofthisscenario,MonteCarlotechniqueisappliedtosimulatecyber-attacksduringayearandgeneratedatainordertocomputeVaR(ValueatRisk)andfindthedistributionofloss.Formakingsuretheaccuracyofthismodel,MonteCarlowasrepeated10000times.
Let’sstartwithahackertriestoinfiltratebank’ssystemandhackerneedstopassthreefirewallswithdifferentsecuritylevels,datavalue,anddatadistributionsasfollows.
a. Hackersneedtospend5minutestoinfiltratethefirstfirewallandobtain5%datavalued10dollarsperunits,however,eachhackerscouldpassfirstfirewallwithprobability50%.
b. Hackersneedtospend15minutestoinfiltratethesecondfirewallandobtain10%datavalued20dollarsperunits,andeachhackercouldpassthesecondfirewallwithprobability25%.
c. Hackersneedtospend45minutestoinfiltratethethirdfirewallandobtain85%datavalued50dollarsperunits,howevereachhackercouldpassfirstfirewallwithprobability5%.
After passing three firewalls, a hacker could obtain 5%data perminute for downloading it ordestroying it. Once engineers check the system, hacker stops destroying data immediately.However,thedatahasbeendestroyedwhichcan’trecoverimmediately,whichwillcausedirectlossofbank.Hence,thelosscanbecalculatedbytimingtimetodetect(Time),datavalue(Vadata),anddatavolume(Voldata).
𝑳𝒐𝒔𝒔 = 𝑻𝒊𝒎𝒆×𝑽𝒂𝒅𝒂𝒕𝒂×𝑽𝒐𝒍𝒅𝒂𝒕𝒂
2.2.4Result
DatalossunderCyber-attacks
ExposureClient’sInformation
Managementinformation
Impact
PC.1Fire
wall1:5
0%
pass,5%datavol
Scenario:Cyber-attacks
D.C.1Engineers
Valueofdata
Volumeofdata
Timetodetect
PC.2Fire
wall2:2
5%
pass,10%
datavol
PC.3Fire
wall3:
5%pass,85%
data
D.C.2Backup
11
ByrunningMonteCarlomethodthroughMatLab,VaRvaluesarecomputedfordifferentquantiles,whichismeaningfultoprovidescenariodatainordertocombineitwithinternallossdata,externallossdatafordifferentbusinesslinesatbank.Thenbroadoperationallossatbankcanbecalculated.
Plot2:SimulationResultofScenarioII–datalossbycyberattack
After trying Lognormal, Generalized Lognormal, and Generalized Extreme Value (GEV)distributionstofitourdata,GEVperformswellinthiscyber-attackscenario.ThefollowingresultshowsthefittingofGEVdistributionforourscenario.
Fromthesimulationresult,wecanfindthattheoverallVaRdistributionisroughlya lognormaldistribution,whichmightfitreality.Wecantreatitasanacceptableresult.
FollowingsarethevalueforparametersforfittingGEVdistributions:Loglikelihood Mean Variance k sigma mu
-103520 32427.5 6.81508e+07 -0.0122104 6538.51 28731.5
2.3AggregatedScenario
2.3.1MeaningofCombinationofTwoScenarios
Applyingourscenariodatawithanaimatincorporationintocapital,aggregatinglossesofthesedifferentscenariosisthekeypartforobtainingbank’stotaloperationallosses.Ingeneral,all80(10eventtypesX8businesslines)operationalriskcategorieswouldbemeasured.Thefirststepistoconsiderdifferentcombinationsofvariousscenariosbyusingdependencygraphorscenariocorrelationmatrix.Atthispaper,theaggregationofthesetwoscenarios isconsideredbyusingvar-covmatrixmethodsinceassetmisappropriationandcyber-attackarethekeyoperationalrisk
25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
26932.00 31143.42 36216.00 48334.67 59349.45 76068.35
12
events. The objective is to explore the relationship between total loss distribution and twoindividual lossdistribution throughapplyingscenarioaggregationmethodology.By focusingonkeyriskexposuresandassessingthedependenciesbetweenscenarios,theregulatorycapitalofbotheventscanbecalculatedtomeetrequirementofpreventingourbankfromoperationalrisklosses.
2.3.2Dependencyanalysis
Theinteractionpartofthesetwoscenariosisthesameobjectbankdata.Consideringbankdatalostbycyber-attack,thismaybecausedbythebothexternalandinternalfraudsters.Forinstance,someinternalemployeesmaysellinternalaccessofessentialdatatoexternalfraudsterstostealcompany assets. As for specifically interacted terms, two pairs are found as highly includingdependentpotentialCriminalinScenario1withcheckingfrequencyinscenario2,andinsuranceandbackupinscenario1withbackupinscenario2.Asforotherelementsinbothscenarios,theycanbedealtasidenticallyindependent,sincethecorrelationsbetweenthemcanbeignoredoutoflowdependentorindependentrelationships.
Forouraggregatedscenario,theconnectionoftheindividualscenarioisthecorrelatedparameters.From the previous parameters discussed above, it shows that the correlated parameter isfollowing.
Scenario1 Scenario2 Correlation
A ProbabilityofPotential“Criminal”inP1 CheckingFrequency High
B InsuranceandbackupproportioninC1 BackupProportion Median
ForpairA,theprobabilityofpotentialcriminalreflectstheoverallqualityleveloftheemployees,whilecheckingfrequencyreflectsthetechnologyleveloftheengineer.Bothofthesereflectthequalityofinstitution’semployee.
ForpairB,theproportionofinsuranceandbackupinscenario1includethebackupofdata.Dataalsocouldbeimportantassetwhichneedstobeprotected.Sothebackupofdataisincludedinboth scenarios. Once the data in scenario 2 recover, part of C1 also should be recovered (orinsured).
2.3.3AggregationMethod
Fromaboveanalysis,twoscenarioscanbedealtwithcorrelationmatrixsincetheyhavesomemainfactorswhicharecorrelatedwitheachother.However,consideringtheseveralparametersusedintwoscenarios,onlyafewofthemarecorrelated.Thecorrelatedrelationshipisnotthatobvious.Herethecorrelatedparameteroftwoscenarioscanbesimplysettledas0.3.
Byvar-covmatrixmethod,thefollowingformulaisusedtocalculatetheaggregatedloss.
𝑋L ∙ Σ ∙ 𝑋
Where 𝑋 is the vector of the loss, Σ is the correlatedmatrix. Then, we adjust this for two-scenariossituation.Theformulaisintheformoffollowing.
13
𝐿PQPRS =𝑆U𝑆V
𝜌UU 𝜌UV𝜌VU 𝜌VV
𝑆U 𝑆V
UV
This formula is given in the ‘’MillimanResearchReport:AggregationofRisks andAllocationofCapital”.[15]
Where 𝑆U and 𝑆V arethelossfromScenario1andScenario2respectively,
and 𝜌UV = 𝜌VU = 0.3 resultingfromexperts’opinionsorhistoricallossdistributions.
𝜌UU = 𝜌VV = 1 whichisbecauseeveryrandomvariableiscompletelycorrelatedtoitself.
2.3.4Results
ApplyingMonteCarlomethodology forabove-aggregatedscenario,VaRcanbegeneratedafterrunning10000timesM-Cmethods.Thealgorithmissimilartoscenario1;similarly,GEVfitsourdatawellinthissectionsinceit’sstillthecombinationofextremeeventlosses.
Plot3:SimulationResultofCombinedScenarios
Also,GEVperformswellinthisscenario.Parameters,mean,andvarianceforGEVdistributionareestimatedasfollows:
Loglikelihood Mean Variance k sigma mu
-114376 57520.1 4.59793e+09 0.423088 14972.3 38246.2
Our finding is the following. Comparing three histogram plot, to get the distribution ofaggregatedscenario,thedistributionofscenario1shifttorightalittlebybeingaffectedbythedistributionofscenario2.
25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
33734.71 43380.94 63110.38 140655.30 235615.27 333344.57
14
3.SensitivityAnalysisSomechangeonthenecessarycontrolanddifferentparametriccanbechangedtoobservetheimpactonVaR.ThentheimportanceofthesecontrolmethodsandparametriccanbeprioritiseddependingonassortedVaR,whichmighthelpthemanagertohaveagoodcontrolontheriskofrelativescenarios.Inordertohaveagoodversiontotherealsituationofloss,herewerecalculate25%VaR, 50%VaR, 75%VaR, 95%VaR, 99%VaR and 99.9%VaR to compare andmainly focus on50%VaR and 99.9%VaR This could help decision makers to understand the expected andunexpectedlosslevel.Ineachtable,thegraylinewouldbetheoriginalvaluessetting.
3.1SensitivityanalysisforScenarioI
3.1.1P1-VetemployeesbyCVandreferences
The“VetemployeesbyCVandreferences” isacontrolmethodduringtherecruitmentprocessandemployeetraining.Herewesetaprobabilitytorepresenttheprobabilityofeveryemployeemightwanttohavesuch“criminal”behavior.Combinedwiththeoverallstaffnumber,thenumberofpotential“criminal”arebinomialdistribution.Throughstrictrecruitmentandcareertraining,thepossibilityofpotential‘theft’coulddecrease.Hereweadjustthisvalueandgetthefollowingtable.
ProbabilityofPotential“Criminal” VaR
Analyst Associate DirectorsVice-
presidents25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
0.05 0.05 0.025 0.025 5331.20 9679.31 22463.20 74212.06 187905.30 251974.99
0.1 0.1 0.05 0.05 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.2 0.2 0.1 0.1 31358.74 47146.27 75410.93 182585.70 268775.28 432655.92
0.3 0.3 0.15 0.15 49975.73 73195.94 108119.85 227406.16 317244.38 432344.15
0.1 0.1 0.05 0.05 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.05 0.1 0.05 0.05 11915.89 20135.48 40328.27 124702.50 205327.38 267028.34
0.1 0.05 0.05 0.05 12742.31 21427.96 41775.47 117471.95 216375.04 288731.09
0.1 0.1 0.025 0.05 11695.91 19724.78 40345.43 122966.52 204077.74 347431.20
0.1 0.1 0.05 0.025 10769.72 15193.14 26137.63 72223.46 185688.72 272214.32
Fromthefirstsetof thetable,itcanbedetectedthathigherprobabilityofpotential“criminal”shouldleadtomoreloss.Forthesecondsetofthetable,followingplotcanillustratethechanges.
15
Ifonlyonelevelisstrictlycontrolled,thelossdecreasesinthedifferentdegree.Bothonexpectedlossandextremelosspointofview,theconclusionisobvious.Strictlycontrolthe“HeadandVice-presidents”levelfromassetmisappropriationisthemostefficientwaytocontroltheloss.
3.1.2P2-Implementawhistleblowingpolicy
In“Implementawhistleblowingpolicy”control,itcanbeassumedthatifthereisawhistleblowingpolicy,thewhistleblowingcouldonlyhappenwhentheemployeehasaccesstotherelativeasset.Thisshouldmakesensebecauseonlyotheremployeewhohavethesameaccesslevelcandisclosethe“criminal”.Tomakethemodelclear,settingthepossibilityofbeingdisclosedbythesamelevelemployee is 0.5. Once being disclosed, the loss should be 0. Then the loss can be comparedbetweenwithandwithoutthiscontrol.
Disclosed
probability25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
NoControl 19619.21 29618.54 53995.88 178867.91 246059.11 371722.37
0.25 16779.74 25913.66 47422.27 157204.22 231346.46 338667.38
0.5 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.75 10991.09 18582.81 36765.00 82775.73 179818.56 256146.46
Fromthetable,itisobviousthatthecorrelationbetweendisclosedprobabilityandlossisnegative.Thisalsomakessenseinmanagement,whichiswhistleblowingmore,losslower.
3.1.3P3-Imposeclearsegregationofduties
Incorporationmanagement,segregationofdutiesisalwaysnecessary.Consideringsecurityfactor,theemployeeinthecertaindepartmentshouldhavenoaccesstotheassetwhichhavenorelationtohisduty.Inthismodel,ifthis“Imposeclearsegregationofduties”exist,everyemployeeonlyhasaccessto80%ofalltheassetathisaccesslevel.However,thetoplevelisnotaffectedbythis
controlcondition.
NoLevelControl
ControlJuniorAnalyst
ControlSenior
Associate
ControlManagers&Directors
ControlHead&Vice-
presidents
99.9%VaR 302527.28 267028.34 288731.09 347431.20 272214.32
50%VaR 22268.45 20135.48 21427.96 19724.78 15193.14
0.00
80000.00
160000.00
240000.00
320000.00
400000.00
10000.00
13000.00
16000.00
19000.00
22000.00
25000.00
16
Trans-departmentAsset 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
0.4 12908.76 21278.66 41080.52 117088.34 210221.36 301523.66
0.6 13351.52 21782.61 41466.08 117592.98 210578.02 302022.50
0.8 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
No Control 14222.78 22704.57 42397.68 118984.80 211220.30 302998.81
Fromtheplot,havingcontrolontrans-departmentaccessisnotaneffectivewayforpreventhugeloss.Andithassomeeffectsoncontrollingtheexpectedloss.
3.1.4P4-Controlaccesstobuildingsandsystems
Controllingaccess isacommonwaybothforcorporationmanagementandsecurity inmodernbusinessmanagement.Inthismodel,allemployeescanbeseparatedinto4level.Thehigherlevelstaffhavemoreaccessandthevalueoftheassetheaccessestoishigher.High-levelstaff’saccesscoverslow-levelstaff’s.However,ifthepotential“criminal”stafftargetonthehigherlevelassetswhichhehasnoaccessto.Forexample,todothis,thestaffneedtogetthepermitorsignaturefromhigherlevel.Thereiscertainpossibilitytogethigheraccess.Consideringtheuniversalityofthiscontrol,here it is treatedasanecessaryway forprotectingassetandwillnotassumethiscontroldisappear.However,thepossibilitiesofgettinghigheraccessareadjustedtoseetheVaRchanging.
LowerAccessProbability VaR1->2 2->3 3->4 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
0.5 0.25 0.1 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.25 0.25 0.1 12751.61 21241.60 40958.12 117211.00 209653.17 301148.42
0.5 0.125 0.1 13332.93 21823.25 41435.27 117963.40 210747.79 302040.43
0.5 0.25 0.05 13672.26 22050.67 41792.86 118314.18 210907.22 302527.28
0.4 0.6 0.8 NoControl
99.9%VaR 301523.66 302022.50 302527.28 302998.81
50%VaR 21278.66 21782.61 22268.45 22704.57
300500.00
301000.00
301500.00
302000.00
302500.00
303000.00
303500.00
20500.00
21000.00
21500.00
22000.00
22500.00
23000.00
17
Fromtheplot,it iseasytoobservethatpartwhichshouldstrictlycontrolisbottomcross-level.Strictlycontrollingthiscouldbringdownthelosseffectively.Inotherwords,theprocessofcross-levelauthorizationshouldbedesignedwell,especiallyonthebottomlevel.Besides,authorizationtothetoplevelisnotthatimportantwhichcouldnotreducetoomuchloss.
2.1.5D1-Checkinginvoicesandrelateddocuments
Once asset misappropriation happens, checking invoices and related documents also couldprevent loss.Forexample,thedailyormomentaryreviewcouldfindouttheunusualsituation.Oncediscovery,therelativeaccountcanbelockedtopreventloss.Theassumptionismadethatassetmisappropriationforallcross-levelmisappropriationmightbechecked.Theprobabilityissetas 0.5 if assetmisappropriation could notbepreventeddue to “checking invoices and relateddocuments”control.Ifthiscontrolisnotbeingusedorfailure,theincreasingofVaRcanbeshowedinthiscase.
Prevent
probability25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
0.25 9323.02 14158.38 23769.44 100787.35 199441.42 293501.83
0.5 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.75 18213.83 30380.83 60060.16 144409.18 225844.52 323583.66
NoControl 22558.54 38510.17 78060.97 170365.08 250599.46 343463.46
Thepreventprobabilityhigher,thelosshigher.Itcanbedescribedashighersupervision, lowerloss.
Or,iflightercontrolistaken,whichmeansthatonlycheckcross-levelmisappropriationischecked,whichisfromhigherleveltolowerlevel,orfromlowertohigher.Tworesultscanbecomparedasfollows.
Base Control1->2 Control2->3 Control3->4
99.9%VaR 302527.28 301148.42 302040.43 302527.28
50%VaR 22268.45 21241.60 21823.25 22050.67
300000.00
300500.00
301000.00
301500.00
302000.00
302500.00
303000.00
20600.00
20800.00
21000.00
21200.00
21400.00
21600.00
21800.00
22000.00
22200.00
22400.00
18
Check
Direction25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
Both 19619.21 29618.54 53995.88 178867.91 246059.11 371722.37
Low->High 26331.34 45449.64 92723.68 201669.75 281214.65 397574.95
High->Low 22251.52 32529.17 56893.23 181279.66 248473.46 374311.24
Hereitcanbesawthatcheckinginvoiceswhichfromhighleveltolowlevelhasthesimilarlossamountwithcheckingbothdirection.Inotherwords,checkinghightolowismoreeffectiveandchecklowtohighisnotthatimportant.Thismightbecausemanylosshappenswhenthehighlevelstaffmisappropriatelowlevelasset.Employee
2.1.6D2-InternalAudit
Differentfromthepreviouscontrol,internalauditonlyoccursatfixedtimepoint.Sothiscontrolcannotpreventallthelosshappen.However, itcanpreventsomelosshappenorreducesomeloss.Heresettingthat2%oflosscanbereduced.
Prevent
Loss25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
NoControl 14064.39 22722.91 42805.75 120798.74 215211.45 308701.30
0.98 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.9 12657.95 20450.62 38525.18 108718.86 193690.30 277831.17
0.8 11251.51 18178.33 34244.60 96638.99 172169.16 246961.04
0.7 9845.07 15906.04 29964.03 84559.12 150648.01 216090.91
Thisisalsoabasicparameter.Thehigherdegreeofstrictforinternalauditleadtolowerloss.
2.1.7C1-Insuranceandbackup
Both Low->High High->Low
99.9%VaR 371722.37 397574.95 374311.24
50%VaR 29618.54 45449.64 32529.17
355000.00
360000.00
365000.00
370000.00
375000.00
380000.00
385000.00
390000.00
395000.00
400000.00
0.00
5000.00
10000.00
15000.00
20000.00
25000.00
30000.00
35000.00
40000.00
45000.00
50000.00
19
Oncelossfrommisappropriationhappens,insurancecouldbeagoodwaytocontroltheloss.Or,someassetsuchasimportantdatacanberecoveredifhavingbackup.Hereitcanbesettledthatonlyasset inthesecondandthird levelhave insurance intheproportionof70%and50%.Thebottom level asset has low value and are cost-efficient for insurance. The top level asset onlyassesses to top level staff and have high level of security. So still no insurance for this level.However,theproportionofinsurancecanbealteredtofindabetterwayforreducingVaR.
InsuranceProportion VaRLevel1 Level2 Level3 Level4 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
NoControl 23247.35 33175.01 52407.24 127692.78 221607.36 315079.68
0 0 0.7 0.5 15482.45 19981.17 29676.13 67843.51 114056.54 160163.33
0 0.7 0.5 0 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
0.7 0.5 0 0 16836.87 26886.46 46009.92 121173.33 215548.58 308304.32
0.3 0.3 0.3 0.3 16273.14 23222.51 36685.07 89384.95 155125.15 220555.78
Itoughttobeassumedthattheoverallpercentageofinsuranceisfixed.Bycomparingthedifferentfocuspointfortheinsurance,itshowsthattheexpectedlossislowwheninsurancefocusonthetoplevelasset.Thismakesensebecausetoplevelhasthehighestvalue.Andputtinginsuranceonaverageindifferentlevelshouldalsoeffectivelyreduceloss.
2.1.8C2-Tacklerelevantemployees
Afterassetmisappropriationoccurs,tacklerelevantemployees.Dismissalorfiringbillsmightbethemostcommonwaytodealwiththese.Onceneedtotacklerelevantemployeesanddismissalhim,thelossshouldsurpasstheonlyassetlosing.Plus,higherlevel’sdismissalshouldhavelargerimpact.Therefore,theseverityindexcanbesetfordifferentleveltoshowtheextraloss,suchaslossofvaluableemployees.
SeverityIndex VaR
NoControl InsureHigh InsureMedian InsureLow Average
Insure
99.9%VaR 315079.68 160163.33 302527.28 308304.32 220555.78
50%VaR 33175.01 19981.17 22268.45 26886.46 23222.51
0.00
50000.00
100000.00
150000.00
200000.00
250000.00
300000.00
350000.00
0.00
5000.00
10000.00
15000.00
20000.00
25000.00
30000.00
35000.00
20
Level1 Level2 Level3 Level4 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
1 1 1 1 10801.93 15835.07 27158.07 71314.39 125321.62 178246.62
1 1.2 1.44 1.728 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
1 1.4 1.96 2.744 17555.94 30718.59 62141.51 183129.61 330894.30 475413.99
1 1.6 2.56 4.096 22116.06 41355.50 88486.15 269109.48 489831.22 704930.20
Thisisalsocommonparameter.Moreimportantthestaffis,thehigherlossis.
2.1.9Whichisthebestcontrol?
Pickpartlydatafromallabovetables,wecanonlycomparetheVaRwithorwithoutcertaincontrol.Inthisway,thecontrolmethodcanbeconsideredasthebestefficiency.Astheessentialpartofourmodel,controlP1,P4andC2areretained,whicharealsounrealisticifdeleting.Hereisourresultofremovingcontrol.
Control 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
Origin 13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
NoP2 19619.21 29618.54 53995.88 178867.91 246059.11 371722.37
NoP3 14222.78 22704.57 42397.68 118984.80 211220.30 302998.81
NoD1 22558.54 38510.17 78060.97 170365.08 250599.46 343463.46
NoD2 14064.39 22722.91 42805.75 120798.74 215211.45 308701.30
NoC1 23247.35 33175.01 52407.24 127692.78 221607.36 315079.68
Onceremovingcertaincontrol,itindicatesthatsuchloss’increaseislarge.Thismeansthatsuchcontrol is effectively. From this plot, ’Checking invoices and related documents’ (D1) and‘Insuranceandbackup’(C1)arethemosteffectivecontroltoreducetheexpectedloss.‘Implementawhistleblowingpolicy’(P2)and‘Checkinginvoicesandrelateddocuments’(D1)areeffectivetoreducethemassloss.‘InternalAudit’(D2)and‘Imposeclearsegregationofduties’(P3)functionisnotthatobviousifanothercontrolisset.
Origin NoP2 NoP3 NoD1 NoD2 NoC1
99.9%VaR 302527.28 371722.37 302998.81 343463.46 308701.30 315079.68
50%VaR 22268.45 29618.54 22704.57 38510.17 22722.91 33175.01
80000.00
130000.00
180000.00
230000.00
280000.00
330000.00
380000.00
430000.00
10000.00
15000.00
20000.00
25000.00
30000.00
35000.00
40000.00
21
3.2SensitivityanalysisforScenarioIIIt’simportanttoexploreandanalysehowdifferentmethodscouldreduceandprotectbank’sdatafromcyber-attacks.Atthisscenario,threemainfactorscanberecognizedtoprotectourdataandrecoverlossdatasuchastheabilityofengineers,solidityofeachfirewalls,andbackupofdata.Thepurpose is to compareanddrawa reliable conclusion to seewhich is themost significantfactor,whichstrategycouldbeusedasmostefficientwaytoreactandpreventdatasabotage.
3.2.1Analyzingimportanceofabilityofengineers
Asstatedabove,frequencyofcheckingsystemisthewaywemeasurethecapabilityofengineersat this scenario. Since increasing frequency of checking could reduce average time to detectinfiltrating. Therefore,different resultsofVaRbyadjustingdifferent valuesof frequency couldshowushowsensitivebetweenabilityofengineersandfinallossdollars.
CheckFreq 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
once70mins 27820.00 32642.00 38692.00 57662.00 70757.35 88987.40
once60mins 26932.00 31143.42 36216.00 48334.67 59349.45 76068.35
once50mins 25376.00 29248.00 33388.00 39912.00 44763.71 50326.59
once40mins 23306.00 26910.00 30740.00 36652.00 40856.00 46206.00
once30mins 20182.00 23512.00 27060.00 32304.00 36158.00 40582.00
Fromtheresultsshowedinthegraphabove,wefindthereisapositiverelationshipbetweenabilityof engineers and data loss. Especial, improving capability of engineers is more efficient byconsideringmorequantilesofvalueatrisk.Thereisbigchangebetweenonce70mins,once60minsandonce50mins,it’sefficientandworthytoimprovethelevelofnetworkengineersfromlevel(once60mins)tolevel(once50mins)byconsideringcostsofnetworkengineers.Ofcoursebankcouldchoosemostprofessionalengineerstoprotecttheirimportantdataiftheythinkit’s
10000.00
20000.00
30000.00
40000.00
50000.00
60000.00
70000.00
80000.00
90000.00
100000.00
20% 30% 40% 50% 60% 70% 80% 90% 100%
ImapctofTimetodetectonVaR
once70mins once60mins once50mins once40mins once30mins
22
necessary based on the importance of their data. The largest change is 70081.88 by changingfrequencyfromonce60minstoonce30mins.
3.2.2Analyzingsolidityofeachfirewall
Firewalls are most significant and usual method to prevent bank’s data from majority datasabotagebehaviors.Atthispart,wewanttoshowhowessentialofeachfirewallbydecreasingprobabilityofpassingeachfirewallasthestandardofimprovingitssecuritylevels.
50%VaR Firewall1 Firewall2 Firewall3
(50%,25%,5%) 31143.42 31143.42 31143.42
reducedby10% 27972.00 29394.00 31058.00
reducedby20% 24786.00 27640.00 30978.00
reducedby30% 21704.00 25772.00 30916.00
99.9%VaR Firewall1 Firewall2 Firewall3
(50%,25%,5%) 76068.35 76068.35 76068.35
reducedby10% 69854.40 74094.82 74053.13
reducedby20% 65736.68 70948.92 73887.35
reducedby30% 61185.86 65778.22 69987.35
10000.00
15000.00
20000.00
25000.00
30000.00
35000.00
(50%, 25% , 5%) reducedby10% reducedby20% reducedby30%
Improvingsecurityofeachfirewallswith50%VaR
Firewall1 Firewall2 Firewall3
23
Fromgraphsabove,itillustratesthatthesecuritylevelisverysensitivefortheresultofVaR,thelargestchangeis69987.35byimprovingsecurityleveloffirewall1.Therefore,conclusionismadethatfirewallsareessentialtoprotectbank’sdata.
3.2.3ImpactofpercentageoftotaldatainbackuponVaR
Normally,bankcouldrecovertheirlossdatafromtheirbackup,howevertheycouldn’tobtainalldatafromtheirdatabasebackupbasedonsomestaffmissoperations.Therefore,it’simportanttoensureabankhaveallessentialdatabackupinordertomakesurebusinessworkwellevenintheworstcasethattheylosesomeessentialdata.Atthispart,thepercentagesofdatainbackuparechangedinordertoshowchangesofVaRandfindamostefficientwaytorecoverourdataafterdatasabotage.
%ofdatainbackup 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
80% 26932.00 31143.42 36216.00 48334.67 59349.45 76068.35
85% 25785.00 29853.25 34705.25 46282.36 56996.67 73124.86
90% 24662.00 28537.00 33178.50 44241.33 54723.11 70181.37
95% 23544.25 27252.50 31671.00 42219.02 52339.19 67237.88
50000.00
55000.00
60000.00
65000.00
70000.00
75000.00
80000.00
(50%, 25% , 5%) reducedby10% reducedby20% reducedby30%
Improvingsecurityofeachfirewallswith99.9%VaR
Firewall1 Firewall2 Firewall3
24
From above chart, it shows a large changing if increasing percentage of backup of client’sinformation.Eventhoughonlythehalfofclient’sinformationcanbecopied,anditnormallycan’tmakebackupofmanagementinformationontime,itstillmakeshugeimpactonreducingVaRatdifferentquantilelevels.
3.2.4Impactofdifferentfirewalls
Changingthenumberoffirewallscanbeusedtofindabetterwayofbuildingfirewall.Aboveall,‘3firewalls’istheinitialconditionofbank.Whatifbankreducethenumberoffirewallsto2?Atthesametime,adjustingsomeparametersisnecessarytofitthedata.Comparingtheresultstofindstrategicoptionsforbank’snetworksystem.
Beforechanging 3FirewallsStructure Afterchanging 2FirewallsStructure
Timeofbreakthe
firework(min)
1stfirewall 5 1stfirewall 15
2ndfirewall 15 2ndfirewall 50
3rdfirewall 45
Probabilityof
breakthefirework
1stfirewall 0.5 1stfirewall 0.2
2ndfirewall 0.25 2ndfirewall 0.04
3rdfirewall 0.05
Datavolume
proportionbehind
thefirework
1stfirewall 0.05 1stfirewall 0.2
2ndfirewall 0.15 2ndfirewall 0.8
3rdfirewall 0.8
Datavaluebehind
thefirework(unit
value)($)
1stfirewall 10 1stfirewall 17.5
2ndfirewall 20 2ndfirewall 50
3rdfirewall 50
Afterusingthesamealgorithm,followingresultcanbeshowed.
25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
20000.00
30000.00
40000.00
50000.00
60000.00
70000.00
80000.00
20% 30% 40% 50% 60% 70% 80% 90% 100%
ImpactofPercentageofdatainbackuponVaR
80%Backup 85%Backup 90%Backup 95%Backup
25
3firewall 26876.00 31220.00 36354.65 48574.14 59106.87 74493.84
2firewall 26880.00 31817.38 37716.00 46984.00 54560.53 64589.95
From this plot, a clear phenomenon can be saw. For lower expected loss, 2 firewall system ifpreferable,whichhaslowervalueat50%VaR.Asforlowermassloss,3firewallsystemispreferred.
3.3SensitivityAnalysisforAggregatedScenarioBasedonaggregatedscenariogeneratedbefore,theonlyindependentparameteristhecorrelatedparameter.Thenthiscanbeadjustedtoexploretherelationshipbetweenthetotallossandtwoindividual losses. The following adjustments have been finished in this part on the correlatedparameterstoseethechangeofVaR.Inthefollowingtable,0meansthatnocorrelatedbetweentwoscenarios.Correlation 25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
0 30254.03 38285.72 55419.95 127869.93 219098.66 311947.77
0.3 33734.71 43380.94 63110.38 140655.30 235615.27 333344.57
0.7 37881.34 49363.13 72099.36 156081.73 255985.02 359899.80
1 40715.10 53411.87 78165.64 166717.43 270256.66 378595.63
20000.00
30000.00
40000.00
50000.00
60000.00
70000.00
80000.00
20% 30% 40% 50% 60% 70% 80% 90% 100%
ImpactofDifferentFirewallStructuresonVaR
2firewall 3firewall
26
Fromtheplot,itshowsthathigherstrongercorrelationgetshigherVaRbothinaspectofexpectedlossandextremeloss.Theexplanationmightbethis–onceoneofthescenariolosshappen,itmeans that the probability of risk factor is relatively high. In this way, as the existence ofcorrelation,higherriskfactoralsocausescauselossonanotherscenario.
4.AlternativeAdjustmentonLossMeasureQuantile
HNext,introducingclustermethodaimstoimprovetheresultofVaR,andthisapproachisworthyforgeneratingnewVaRquantilesbasedonseverity,whichenablesonetocombineexpertopinionscenarioswithquantitativeoperational riskdata.Thismethodologywas firstlyproposedbyDr.SovanMitrain2013byusingthekeyideafrommachinelearning.[12]
4.1IntroductiontoClusterAnalysis
Toachievescenarioadjustment,clusteringanalysiscanbeappliedtomatchseveritymagnitude.Clustering isamethodofgroupingdata intosubsetsofdata,whicharealsoknownasclusters.Moreover,K-meansclustersanalysisisonekindofunsupervisedlearning,whichisonesubjectofmachine learning.Unsupervised learning isaway toexplore thecommon featureofdatabyaparticularalgorithm.K-meansalgorithmisasimpleiterativeclusteringalgorithm.Itusesdistance(e.g.Euclideandistance)asthesimilarityindextofindagivendatasetofKclasses.Eachcentreofclassisobtainedbythemeanofallthevalueinsuchclass.Eachclassisdescribedastheclusteringcentre.
0.00
50000.00
100000.00
150000.00
200000.00
250000.00
300000.00
350000.00
400000.00
20% 30% 40% 50% 60% 70% 80% 90% 100%
0 0.3 0.7 1
27
4.2ApplicationonAdjustmentofScenarioResult
ThefollowingisthebasicstepsofK-meanclustersalgorithm.
Step1:SelectKobjects in thedataspaceas the initialcentre.Eachobjectrepresentsaclustercentre.
Step2:Foreverydataobjectsinthesample,wecalculatetheEuclideandistancebetweenitandtheclustercentres.Thendifferentdataaregroupedaccordingtothenearestcriterionandaredividedintothecorrespondingclassesofnearestclustercentres.
Step3:Updatetheclustercentre-themeanvaluesofalltheobjectsineachcategoryaredealtastheclustercentreoftheclass.Thenthevalueoftheobjectivefunctioncanbecomputed.
Step4:Determiningwethertheclustercentreandthevalueofobjectivefunctionarechangedornot.Iftheybothstaythesame,outputtheresults;ifchanged,thenturnbacktostep2.
Usingtheabovealgorithm,theMCsimulationresultisusedasthesampleclass.TheVaRs’intervalsoftheclustercentreofeachintervalaremodified.Theresultsareshowedasfollowing.
Forscenario1-assetmisappropriation
Forscenario2-cyberattack
4.3ImportantMeaningtoLossMeasureQuantile
TheintervalpointofVaR(25%,50%,75%,95%,99%,99.5%)isbasedontheempiricaljudgement.In common situation, these quantiles are fixed as a standard for operational risk modelling.However,settingtheseintervalpointscannotclearlyreflectthefeatureofadifferentdistribution.Clustermethodintroducesaneffectivewaytoreflectthefeatureofdistributioninseveralintervalsandtheloss leveloneachintervalatthesametime.This isveryimportanttoimprovethelossmeasure quantile. In our result, although the fixed interval points have change, themodifiedoutcome can reflect average VaR level in 6 different intervals. It can also reflect relativerelationshipofindividualintervalamongtheoveralldistributionofloss.
Unmodified25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
13783.10 22268.45 41949.64 118382.76 210907.22 302527.28
Modified48.1% 76.3% 92.4% 96.5% 99.8% 100.0%
21335.32 43380.22 84397.50 151063.49 257611.43 429427.17
Unmodified25%VaR 50%VaR 75%VaR 95%VaR 99%VaR 99.9%VaR
26932.00 31143.42 36216.00 48334.67 59349.45 76068.35
Modified31.6% 66.6% 88.7% 97.1% 99.7% 100.0%
28136.00 34181.89 41909.31 52582.55 66845.03 90931.40
28
5.ConclusionInconclusion, the lossdistributionscanbegenerated for scenariosassetmisappropriationandcyber-attackandcombinedscenariosofbothofthem;basedonourscenariosanalysis,sensitivityanalysisofscenariosisusefultoassistustoderivemostessentialfactorsforoperationalrisksasthebasisofstrategicsuggestionstomanagers.
5.1Discussionofstrategicoptions
Atthispart,thespecificstrategiesarediscussedseparatelyforassetmisappropriation(scenario1)andcyber-attack(scenario2)forourbank.
In scenario 1, firstly, it illuminates that internal fraudsters within bank regarding assetmisappropriationarefromtoptwolevelsemployeeswithinbankcoveringtheheadofabankandvice-presidents,managersordirectors.Outoftheabuseoftheirauthority,theycouldeasilyaccessandoccupybank’s assetwithout supervision.Once this events happened, it almost surelywillcausehugelossesforbank.Therefore,westronglysuggestourbanktoinvokethirdpartyasspecialfair assetmanagementplatform to recordandcheck thehigh-levelemployees’ applicationsoftheirauthorityespeciallyforassetsofbank.Next,whistleblowingisalsoahighlyefficientcontroltoreduceORlossesinscenario1.Basedonourscenariodata, itshowswhistleblowingschemewithinsamelevelemployeesorbetweendifferentlevelsemployeesdonateshugecontributionofoperational risk management under this circumstance compared with other controls. Hence,whistleblowingshouldbespreadoutwithcertainbonustohelpbanktocreatethisschemeandformemployeewhistleblowingawareness.
Inscenario2,cyber-attackisnormallycausedbyexternalintendedattacktobank’sinformationnetworksystem.Hence,wecanthinkthisasthebattlebetweenourinformationsecurityengineersandhackers.It’sefficientifwedecreasedetectiongaptimeofengineersfromonce70minutestoonce50minutes;however,ithasloweffectifwetrytoreducefurtherfrom50minuteswithhighexpenses. It may be caused ability of engineers from 50minutes has exceeded the ability ofmajority hackers. As for firewalls, more firewalls can reduce the data losses of essentialinformationandcausemorelossesofnonessentialdata.Sincewemeasurethesamelevelofourfirewalls,weassumethatfirewallswillhavestrongerabilitytopreventournetworkfromhackers’attacks.Then,resultsshowthatwemaylosemorecoreinformationinourbankandlesslossofnormaldataunderlessnumberoffirewallscomparedwithmulti-complexfirewalls.Basedthetypeof informationthatbankwanttoprotect,managerscanchangetheirstrategiesandadjust it ifnecessary.
From dependency analysis in our combined scenario, the result proves that the quality ofemployeesiskeyriskdriversofbothscenarios;hence,it’snecessarytoimprovebank’srecruitmentprocedureandvetCVaswellasreferences.
29
5.2LimitationandImprovementInthispaper,someessentialparametersofourscenarios,wesimplyusetheexpert’sopinionsandhistorical loss distributions which may result in cognition biases from the real market andpredictionscausedbytheuncertaintiesoffuturebusinessenvironment.Hence,theparametersinourscenariosshouldbeassumedbasedonbothinternalandexternalexpertsaswellasreasonableassumptionsoffuturechangesforlocalandglobalcircumstances.Ifnecessarily,weoughttobeconservative on parameter assumptions for some sensitive factors.Moreover, it can bemoreflexible on changes of parameters; for instances, hackers’ ability should be adjusted morerandomlyandmoreunpredictedforsimulatingrealisticcases.Theadvanceddependencystructurecanbeappliedheretoattributedifferentriskdriverstoscenarios.Inthisway,moreappropriatecorrelationandvariancematrixcanbegeneratedtocombinetwoscenarios.
6.Reference[1] K.vanderHeijden,Scenarios:TheArtofStrategicConversation,Wiley,Chichester,1996.
[2] T.J.PostmaandF.Liebl,Howtoimprovescenarioanalysisasastrategicmanagementtool,TechnologicalForecasting&SocialChange72(2005)161–173
[3] P.J.H.Schoemaker,C.A.J.M.vanderHeijden,IntegratingscenariosintostrategicplanningatRoyalDutch/Shell,Plann. Rev.20(3)(1992)41–48.
[4] K.vanderHeijden,Scenarios:TheArtofStrategicConversation,Wiley,Chichester,1996.
[5] M.Godet,ScenariosandStrategicManagement,Butterworth,London,1987.
[6] W.R.Huss,Amovetowardscenarioanalysis,Int.J.Forecast.4(1988)377–388.
[7] M.E. Porter, Competitive Advantage—Creating and Sustaining Superior Performance,FreePress,NewYork,1985.
[8] P.Schwartz,TheArtof theLongView:Planning for theFuture inanUncertainWorld,DoubledayCurrency,NewYork, 1991.
[9] U.vonReibnitz,ScenarioTechniques,McGraw-Hill,Hamburg,1988.
[10] G.Ringland,ScenarioPlanning:ManagingfortheFuture,Wiley,Chichester,1998.
[11] R.P.Bood,Th.J.B.M.Postma,Strategiclearningwithscenarios,Eur.Manag.J.15(6)(1997)633–647.
[12] S. Mitar, Scenario Generation for Operational Risk,Intelligent Systems In Accounting,FinanceAndManagement,20(2013),163–187.
30
[13] E. Barbieri Masini, J. Medina Vasquez, Scenarios as seen from a human and socialperspective,Technol.Forecast.Soc.Change65(1)(2000)49–66.
[14] K.vanderHeijden,R.Bradfield,G.Burt,G.Cairns,G.Wright,TheSixthSense:AcceleratingOrganizationalLearningwithScenarios,Wiley,Chichester,2002.
[15] J.Corriganetal,MillimanReserchReport:AggregationofRisksandAllocationofCapital,2009.
7.Appendix1. CodesforScenarioIbasedonMatlabclear;close all;clc
rand('state',0); % fix random number, good for sensitivity randn('seed',0); % fix random number H=2000; % total employees Hlevel=[1200 600 180 20]; % employees level number ptheft=[.1 .1 .05 .05]; % criminal probability muthe=[10 20 100 1000]; % asset mu sigmathe=[3 6 30 300]; % asset sigma percentage=[.5 .75 .9]; % volume of asset in different level itemrange=[15 35 65 100]; % level setting whithe=0.5; % whistleblowing probability segthe=0.2; % cross-deppartment probability minuamou=0.8; % proportion of access to cross-asset pplevel=[.5 .25 .1]; % cross-level probability severi=[1 1.2 1.44 1.728]; % severity Sevinteadu=0.98; % internal audit insran=[0 .7 .5 0]; % insurance proportion N=10000; for i=1:N % P1 - Vet employees by CV and references ntheft(1)=binornd(Hlevel(1),ptheft(1),1,1); ntheft(2)=binornd(Hlevel(2),ptheft(2),1,1); ntheft(3)=binornd(Hlevel(3),ptheft(3),1,1); ntheft(4)=binornd(Hlevel(4),ptheft(4),1,1); for ii=1:4 sumtiWU(ii)=0;sumtiP2(ii)=0;sumtiD1(ii)=0;sumtiQU(ii)=0; if ntheft(ii)==0 % amou(ii)=0; jthe(ii)=0; sxx(ii)=0;
ppp(ii)=0;
break;
31
end for j=1:ntheft(ii) % decide amount amou(ii)=ceil(normrnd(muthe(ii),sigmathe(ii))); % decide values xx=rand(); if xx<=percentage(1) sxx(ii)=rand()*10; elseif xx<=percentage(2) sxx(ii)=rand()*20+10; elseif xx<=percentage(3) sxx(ii)=rand()*30+30; else sxx(ii)=rand()*40+60; end % decide levels if sxx(ii)<=itemrange(1) jthe(ii)=1; elseif sxx(ii)<=itemrange(2) jthe(ii)=2; elseif sxx(ii)<=itemrange(3) jthe(ii)=3; else jthe(ii)=4; end QUQU=1; % P2 - Implement a whistleblowing policy if (ii==jthe(ii)) && (rand()<=whithe) QUQU=0; end % P3 - Impose clear segregation of duties if (ii~=4)&&(rand()<=segthe)
amou(ii)=ceil(amou(ii)*minuamou); end % P4 - Control access to buildings and systems if sxx(ii)<=itemrange(1) ppp(ii)=1; elseif sxx(ii)<=itemrange(2)
ppp(ii)=1*(ii>=2)+(ii==1)*(rand()<pplevel(1)); elseif sxx(ii)<=itemrange(3)
ppp(ii)=1*(ii>=3)+(ii==1)*(rand()<pplevel(1))*(rand()<pplevel(2))+(
ii==2)*(rand()<pplevel(2)); else
ppp(ii)=(ii==4)+(ii==1)*(rand()<pplevel(1))*(rand()<pplevel(2))*(ra
nd()<pplevel(3))+(ii==2)*(rand()<pplevel(2))*(rand()<pplevel(3))+(i
i==3)*(rand()<pplevel(3)); end DDD=1; % D1 - Checking invoices and related documents if ii~=jthe(ii) DDD=0.5; end % C1 - Insurance + C2 - Tackle relevant employees
sumtiQU(ii)=sumtiQU(ii)+amou(ii)*sxx(ii)*ppp(ii)*severi(ii)*(1-
insran(ii))*DDD*QUQU;
32
end %D2 - Internal Audit sumtheQU(i)=sum(sumtiQU)*Sevinteadu; end end hist(sumtheQU,1000); % percentile selection of the convoluted distributions VARQU=prctile(sumtheQU,[25, 50, 75, 95, 99, 99.9]2. CodesforScenarioIIbasedonMatlabrand('state',0); randn('seed',0); H=100; % possible attack Efrequency=60; % Engineers check system once an hour amoutdata=10000; % assume there are 10000 nits of data fiwotime=[5 15 45]; % time used by hackers to pass each firewalls probattk=[.5 .25 .05];% probability of hackers pass each firewalls perdata=[.05 .1 .85]; % percentage of data hackers pass each firewall valdata=[10 20 50]; % dollars per unit of data percentpermin=.05; % data loss rate when hackers pass third firewall percentdata=.5; %the proportion of clients’ data backupdata=.8; % back up 80% of clients' data percentage=[.6 .9 .95 .975 .99]; N=10000; % times that Monte Carlo runs for ii=1:N vnlost(ii)=0; for i=1:H restime=rand()*Efrequency; if restime<fiwotime(1) srr=0;svv=0; elseif restime<fiwotime(2)
srr=(rand()<probattk(1))*perdata(1); svv=srr*valdata(1); elseif restime<fiwotime(3)
srr=(rand()<probattk(1))*(perdata(1)+(rand()<probattk(2))*perdata(2
)); svv=srr*valdata(1)+(srr>perdata(1))*(srr-
perdata(1))*(valdata(2)-valdata(1)); else
srr=(rand()<probattk(1))*(perdata(1)+(rand()<probattk(2))*(perdata(
2)+(rand()<probattk(3))*(restime-fiwotime(3))*percentpermin)); svv=srr*valdata(1)+(srr>perdata(1))*(srr-
perdata(1))*(valdata(2)-
33
valdata(1))+(srr>(perdata(1)+perdata(2)))*(srr-perdata(1)-
perdata(2))*(valdata(3)-valdata(2)); end vlost(i)=svv*amoutdata; %backup of loss data in clients information %vlosta are divided into 100 units, 50% client 50% management
client's infor with 80%back up veachlost(i)=vlost(i)/100; for j=1:100 vback(j)=(rand()<percentdata)*backupdata*veachlost(i); vlost(i)=vlost(i)-vback(j); end vnlost(ii)=vnlost(ii)+vlost(i); end end hist(vlost,1000);
% plot of the results VAR=prctile(vlost,[25, 50, 75, 95, 99, 99.9]) % percentile selection of the convoluted distributions3. CodesforAggregatedScenariobasedonMatlabX1=sort(vnlost); X2=sort(sumtheQU); corr=[0 .3 .7 1]; % correlation output=[] for j=1:4 ROU=[1 corr(j);corr(j) 1]; % correlation matrix for i=1:N X=[X1(i) X2(i)]; XBOTH(i)=sqrt(X*ROU*X'); end
VARboth=prctile(XBOTH,[25, 50, 75, 95, 99, 99.9])
plot([25, 50, 75, 95, 99, 99.9],VARboth)
output=[output;VARboth]
hold on, end
output
4. K-meanclusteralgorithmbasedonMatlab
34
Q=VARQU; %VAR n=X2; % LOSS PEC=[25 50 75 95 99 99.9]; % PERCENTAGE k=[0 0 0 0 0 0]; % LOCATION SUI1=[0 0 0 0 0 0]; % AMOUNT OF EACH GROUP SUM1=Q; SUM2=Q; %n=gamrnd(2,20000,10000,1); subplot(1,2,1) hist(n,1000); subplot(1,2,2); %plot([25, 50, 75, 95, 99, 99.9],SUM1,'-O'); while 1 SUM1=[0 0 0 0 0 0]; % grouping for j=1:10000 for i=1:6 k(i)=abs(SUM2(i)-n(j)); end m=min(k); [xx]=find(k==m); SUM1(xx)=SUM1(xx)+n(j); SUI1(xx)=SUI1(xx)+1; end % K-means K=6 SUL(1)=0; for i=1:6 SUM1(i)=SUM1(i)/SUI1(i); SUL(i+1)=SUL(i)+SUI1(i); end for i=1:6 SULL(i)=SUL(i+1); SSS(i)=n(SULL(i)); end %disp(SULL); %disp(SUM1); SUI1=[0 0 0 0 0 0]; % convergence condition
35
if max(abs(SUM1-SUM2)./SUM2)<=0.05 break; end SDASSDA=6; SUM2=SUM1; hold on, plot(SULL(1:SDASSDA)/100,SSS(1:SDASSDA)); end hhhh=[SULL;SSS;PEC*100;Q] hold on, plot(SULL(1:SDASSDA)/100,SSS(1:SDASSDA),'LineWidth',3); hold on, plot(PEC(1:SDASSDA),Q(1:SDASSDA),'-O');