Operational Risk - Complex event processing
Download
Report
Transcript Operational Risk - Complex event processing
Operational Risk
Event Processing Symposium
March 14 – 16
Hosted by
The IBM Academy of Technology
Hawthorne, N.Y.
FRS Confidential © 2005 FRS Belgium All rights reserved.
Basel Components Operational Risk Capital
Code of Ethics and Strong Governance Framework
Self Assessment & Forward Looking Risk Estimates Centered on
Risk and Control Element
• Goal Financial Transparency and Market Discipline
• Debt Ratings, Insurance Premiums, Market Capitalization
Capture and Analysis of Operational Losses – 3 years
Use of Advanced Analytical Methods to Calculate VaR – Capital
Scenario Analysis – Stress Testing
System of Back-testing to Validate Ongoing Capital
• Limit of capital savings to 75% of Baseline
• Hundreds of Millions Invested to Date
First two elements are not unrelated to major elements of Sarbanes-Oxley Requirements
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Basel II and The Emergence of ORM
Three Pillars:
I Capital Standards Based on More Risk Sensitive Measures
• Market
• Credit
• Operational
II Supervision
III Market Discipline
Many Argued that Operational Risk be Included as a
Discretionary Charge Under Pillar II
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Operational Risk
Definition:
Losses due to errors resulting from inadequate or
failed controls relating to people, systems and
processes, or due to external events.
• Clearly covers a lot of territory.
And while it covers only approximately 15 percent
of the Basel II Capital Charge, it represents most
of the risk events that threaten market
capitalizations!
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
What Is Different About Current Environment?
Extraordinary Focus on the Role of Governance and Senior Management
Top Down Focus on Connecting Enterprise Level Policies and Procedures to
Control Over Processes
•
Extraordinary Focus on Details of Operations
•
•
•
Controls over Risk and Financial Reporting
Transactional-Level Detail for Oversight
GLBA, AML, Patriot Act
Assignment of Responsibility Through Attestation and Performance
Hypersensitive Financial Markets – Market Capitalization
Growing Role of Third Party Rating, Investing and Insurance Entities
The Cost of Errors & Non-Compliance is Significant and Generally a
Multiple of the Direct Cost of the Event
The drive to market discipline makes errors, compliance or otherwise,
a market event and therefore a risk!
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Risk Management Elements
Identify Risk – Portfolio Composition relative to the market
• Model Market Forces and Their Effects on the Portfolio
• Construct the portfolio to yield a return giving explicit attention to
market dynamics and related risks to value
• Simulate the Portfolio to model extreme shocks – VaR
Maintain a Database of Past Portfolios and Shock
Scenarios – as a reference for future similar shocks
Develop/ Acquire IT Tools to Constantly Manage Exposures
Report on Performance Relative to Strategy
Self Correct and Go Forward
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Evidence of Harm
Losses Have Already Happened – Analysis is Essentially
Backward Looking
Corporate Finance
Trading & Sales
INTERNAL
FRAUD
EXTERNAL
FRAUD
EMPLOYMENT
PRACTICES &
WORKPLACE
SAFETY
CLIENTS,
PRODUCTS &
BUSINESS
PRACTICES
DAMAGE TO
PHYSICAL
ASSETS
EXECUTION,
DELIVERY &
PROCESS
MANAGEMENT
BUSINESS
DISRUPTION AND
SYSTEM
FAILURES
362
123
25
36
33
150
2
731
Mean
35,459
52,056
3,456
56,890
56,734
1,246
89,678
44,215
Standard Deviation
5,694
8,975
3,845
7,890
3,456
245
23,543
6,976
Number
Mean
Standard Deviation
50
53,189
8,541
4
78,084
13,463
35
5,184
5,768
50
85,335
11,835
46
85,101
5,184
210
1,869
368
3
134,517
35,315
398
66,322
10,464
Number
Analysis is Based Upon Results (Experienced Losses) Not Risks
• RAROC Attributions Not Yet Defined
Retail Banking
Number
TOTAL
45
4
32
45
42
189
3
360
Mean
47,870
70,276
4,666
76,802
76,591
1,682
121,065
59,690
Standard Deviation
7,687
12,116
5,191
10,652
4,666
331
31,783
9,417
Commercial Banking
Number
Mean
Standard Deviation
41
43,083
6,918
3
63,248
10,905
28
4,199
4,672
41
69,121
9,586
37
68,932
4,199
170
1,514
298
2
108,959
28,605
322
53,721
8,476
Payment & Settlements
Number
Internal and External Data is Not Reliable or Accurate
• Definitional issues
Agency Services
Insurance
Total
3
26
37
34
153
2
292
38,774
56,923
3,779
62,209
62,039
1,363
98,063
48,349
Standard Deviation
6,226
9,814
4,205
8,628
3,779
268
25,744
7,628
Number
Mean
Standard Deviation
44
46,529
7,472
4
68,308
11,777
31
4,535
5,045
44
74,651
10,353
40
74,446
4,535
184
1,635
321
2
117,675
30,893
349
58,018
9,154
Assumes a Stable Underlying Stochastic Process
• We know some institutions are better than others
Asset Management
Retail Brokerage
37
Mean
Number
40
3
28
40
36
165
2
314
Mean
41,876
61,477
4,081
67,186
67,002
1,472
105,908
52,217
Standard Deviation
6,725
10,599
4,541
9,318
4,081
289
27,804
8,238
Number
Mean
Standard Deviation
48
50,252
8069
4
73,773
12719
33
4,898
5449
48
80,623
11182
44
80,402
4898
198
1,766
347
3
127,090
33365
378
62,660
9886
Market Losses Due to Operational Errors Treated as Market
Losses for Capital Purposes
Number
43
4
30
43
39
179
2
340
Mean
45,226
66,395
4,408
72,561
72,362
1,589
114,381
56,394
Standard Deviation
7,262
11,447
4,904
10,063
4,408
312
30,028
8,897
Number
Mean
Standard Deviation
710
45,653
7,331
152
67,021
11,555
268
4,450
4,950
384
73,245
10,158
351
73,044
4,450
1,598
1,604
315
21
115,459
30,311
3,484
56,926
8,981
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
2004 LDCE Annualized Results
Employment Clients, Products
Damage to
External Fraud
Practices /
and Business
Physical Assets
Workplace Safety
Practices
Execution,
Delivery &
Process
Managent
Business
Disruption &
System Failure
No Event Type
Total
Severity
Internal Fraud
Corporate
Finance
0.30
0.20
2.30
32.00
0.00
0.00
4.30
0.60
39.70
Trading & Sales
9.60
130.00
4.90
271.60
0.30
4.40
241.40
12.90
675.10
Retail Banking
40.00
240.70
78.80
372.20
7.60
17.80
340.00
28.40
1125.50
0.60
60.20
3.50
72.90
0.10
0.20
25.30
3.70
166.50
7.10
12.00
2.40
0.90
0.20
2.40
21.20
4.10
50.30
2.00
0.20
0.90
6.10
1.00
1.10
79.90
0.00
91.20
0.00
1.60
2.70
246.70
0.00
0.80
31.00
0.50
283.30
Commercial
Banking
Payments &
Settlements
Agency Services
Asset
Management
Retail Brokerage
2.70
1.50
28.50
81.30
0.00
0.00
22.10
6.00
142.10
Insurance/No
Business
8.90
29.20
32.40
5861.90
1.60
0.30
85.10
4.40
6023.80
Total
71.20
475.60
156.40
6945.60
10.80
27.00
850.30
60.60
8597.50
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
A Conceptual Framework
Basel II Operational Context
Loss and Event
Assessment
Risk and Control Self Assessment
Predictions
Mitigation Efforts
Risk
Losses or Risk Realizations
Causal Factors
P1 E1 + N1
R1
C11 C12 C13 C14 C15
x1 x12 x13 x14
P2 E2 + N2
R2
C21 C22 C23 C24 C25
x21 x22 x23 x24
P3 E3 - N3
R3
C31 C32 C33 C34 C35
x31 x32 x33 x34
P4 E4 - N4
R4
C41 C42 C43 C44 C45
x41 x42 x43 x44
P5 E5 + N5
R5
C51 C52 C53 C54 C55
x51 x52 x53 x54
Ex Ante
State Control
Measures
GLOBAL RISK & REGULATORY COMPLIANCE
Risk Drivers
F
L
E
X
C
L
A
S
S
E
S
L1
L2
L3
Frequency
&
Severity
L4
L5
Ex Post
FRS Confidential © 2005 FRS Belgium All rights reserved.
ORM & Compliance – Integrated Vision
Workflow
Internal
Loss
Data
Process
Management
Reporting
Control Self-Assessment
ICMS
Governance
Auditing
Taxonomy
Records
Management
Legal
Policy
Loss Data
Capital
Calculations
&
Modeling
Email
Management
Leading
Indicators
(KRIs)
GLOBAL RISK & REGULATORY COMPLIANCE
Human
Resources
External
data
FRS Confidential © 2005 FRS Belgium All rights reserved.
Modeling and Maintaining Context
P1
Current Data
SP1
•
•
•
•
•
•
BASEL
Governance
Process
G/L accounts
Taxonomies
Policies
Root
Org
Process
/Sub-Process
SP2
SP3
BU1
SPn
D1
BU3
D2
Financial Line#1
Financial Line#2
Financial Line#3
Import infrastructure
Objectives
O1
R1
• Risk/Control
Matrix
• Testing
procedures
BU2
Business
Unit
Hierarchy
Import
documentation
& assessments
C1
R2
C2
R3
Risks
Controls
Action#1
Action#2
Action#3
Once the institutional framework is established,
roles are assigned to users that limits their access to either
Actions
O2
R1’
C1’
R4
R5
C3
Action#4
Action#5
Action#6
COSO Best
Practices
processes, business units or to risks and controls
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Library Risk Created in RiskResolve
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Required Controls Auto Populate
Unlocked populated
fields appear editable
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Loss & Event Screenshot
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
RiskResolve’s Closed Loop
Business Managers can track
their risks from the RiskResolve
Home Page.
Business Managers
receive periodic updates
of actual losses that are
being assigned to their
Business Unit, Risk, and
Failed Control(s).
They then take action to
reduce the loss amount.
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Dashboards
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Key Risk Indicators (KRI’s)
Data elements available culled from a variety of systems that are
thought to indicate a higher likelihood of a risk event taking place.
• Leading, lagging and coincident
• They are of doubtful causal use in analysis
• But useful for enhancing workflow and attention to growing risk
situations.
A Major FSI Trade Group, the Risk Managers Association, has
initiated a major effort to be the convening entity around an effort to
standardize the definition of KRI’s
• They have identified some 1,600 KRI’s in an effort to develop a peer
comparison movement around these measures.
Every institution expresses interest in how to use KRI’s
We currently use KRI’s through an ETL load into the application, very
infrequent updates.
Intent is to provide greater information risk managers at the point of
need; better risk management and forward looking risk assessments.
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Anti-Money Laundering - Mantas
We have a new partnership with Mantas a well known
vendor in the AML/ BSA Space.
• Offering pattern recognition software for the detection of
untoward patterns of money movement.
• They also offer securities industry “best execution” and fraud
detection solutions.
Non-Real Time Data with the indicators developed in batch
mode overnight and imported into RiskResolve.
• What is interesting is that this is a centralized function
providing “locally-unobservable” alerts to individual business
units.
• The calculations also tend to be multi-dimensional vis a vis
the usual KRI which is single valued but referenced to a
moving average or a key threshold value.
• Presentation is important
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
RiskResolve’s Closed Loop w/KRIs
Key Risk Indicator
Business Managers are notified
of High Risk activity in their
Business Units. Automatic Alerts:
Home Page is updated;
Email Notification sent to manager.
Business Managers
receive instant update
of suspicious activity
and potential loss is
automatically posted to
the Business Unit, Risk,
and Control(s).
B.M. can stop the loss
from being accrued.
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
What is Missing in Operational Risk
A Good “Systematic” View of Risk Exposure.
• A Sense of the “Institutional Vulnerability” at any Given Moment in
Time.
Need An Alignment of Exposures With Institutional Mitigants or
“Controls.
• Move ORM Activities from “Tactical” to “Strategic”
• Catalogues of Risks and Controls
Data Methodologies to Identify Broad Patterns of Vulnerability to
Focus Limited ORM Resources
• Score-carding may be too tactical to identify broad trends in operations
with strategic significance
Key Risk Indicators are figuring heavily in institutional demands for
better information.
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
The Future of Operational Risk
Current Focus was driven by the Actions of the Basel Committee on
Bank Supervision
• Market Forces, Consolidation, & Financial Innovation Raised Global
Financial Stability Concerns.
• Stipulations of Accord Argued Over for 5+ Years
Regulators Tend to Focus on Documentary Elements of Regulation
• Read this as a focus on Capital
• FSI’s Grow through use of excess capital
• Unintentional over-focus on calculating capital charges
Cause and Effect Elements of the Challenge – left behind
Enhanced Contextualization of Risk Management will happen with
better access to information some of which needs to be event based.
GLOBAL RISK & REGULATORY COMPLIANCE
FRS Confidential © 2005 FRS Belgium All rights reserved.
Thank You
FRS Confidential © 2005 FRS Belgium All rights reserved.