Level 24 Level 26
101 words 0 ignored
Ready to learn Ready to review
Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.
Plan that is executed to handle an issue.
failure of process or controls-possibility that something goes wrong and don't have the money to function
Accordingly, operational risk management should combine both qualitative and quantitative techniques for assessing risks. For example, settlement errors in a trading operation's back office happen with sufficient regularity that they can be modeled statistically. O…
include: loss event reporting, management oversight, employee questionnaires, exit interviews, management of self assessment and internal audit
Basel II allows large banks to base operational risk capital requirements on their own internal models. This has spawned considerable independent research into methods for measuring operational risk. Techniques have been borrowed from fields …
Quantitative Techniques/Statistical Modeling
Statistical modeling requires data. For operational contingencies, two forms of data are useful: data on historical loss events, and data on risk indicators.
Categories of Loss Events
There are 3 categories: event, cause, consequence.
Mis-entered Trade (as example of event)
For example, an event might be a mis-entered trade. the cause might be inadequate training, a systems problem or employee fatigue. Consequences might include a market loss, fees paid to a counterparty, a lawsui…
Categories of Loss Events (according to Basel II)
Internal Fraud; External Fraud; Employment Practices and Workplace Safety; Clients, Products & Business Practice; Business Disruption & Systems Failures; Execution, Delivery & Process Management
Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity / discrimination events, which involves at least one internal party. (Rogue Trading)
Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity / discrimination events, which involves at least one internal party. (Theft, robbery, credit card fraud)
Employment Practices and Workplace Safety
Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination events. (Discrimination, Employee Relation: Compensation, benefit...)
Clients, Products & Business Practice
Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product. (e.g. improper business or ma…
Damage to Physical Assets
Losses arising from loss or damage to physical assets from natural disaster or other events (Terrorism: 9/11, natural disasters like Fukushima, Tsunami etc.)
Business Disruption & Systems Failures
Losses arising from disruption of business or system failures (Hardware Failure, SW Failure, Telecommunications...)
Execution, Delivery & Process Management
Transaction Capture, Execution & Maintenance (Miscommunication, Data Entry errors, Missed deadline etc.)
External Data Collection and Analysis
External data elements consist of gross operational loss amounts, dates, recoveries, and relevant causal information for operational loss events occurring at organizations other than the bank. External loss data can be compared with internal …
Why external Loss Data?
external loss data is needed for benchmarking and validating Internal loss data.
Data Consortia for external loss data
Global Operational Loss Database
Verband öffentlicher Banken
Database Italiano delle Perdite Operative
SAP: Upload of external loss data
System provides a mechanism to import external loss data based on XML templates
Internal Loss Event
Internal loss events may be viewed as actual loss, potential loss and "near miss" events experienced by an organisation.
Actual loss - an incident that has resulted in a negative financial impact for the business;
Potential loss - an incident that has been discovered, that may or may not ultimately result in a financial loss; and
Near miss - an incident discovered through means other than standard operating practices and through good fortune or focused management action which has resulted in nil or a positive financial impact (it should be n…
Internal Loss Data
Internal Loss Data Collection and Analysis: Internal operational loss data provides meaningful information for assessing a bank's exposure to operational risk and the effectiveness of internal controls. Analysis of loss events can provide insight …
Issues are problems a bank is facing. Operational Risk Management should be informed about issues, but it should not necessarily manage and control the issues. Issues could arise from risks, loss events, KRI´s, RCSA´s, Controls. See also Action Plan.
A Key Risk Indicator, also known as a KRI, is a measure used in management to indicate how risky an activity is.
Examples for KRI´s
Above Market Return for the risk of Price Modification.
From a modeling standpoint, the goal is to find relationships between specific risk indicators and corresponding rates of loss events. If such relationships can be identified, then risk indicators can be used to identify periods of elevated operational risk.
Manage operational risk
Once operational risks have been—qualitatively or quantitatively—assessed, the next step is to somehow manage them. Solutions may attempt to avoid certain risks, accept others, but attempt to mitigate their consequences, or simply accept some r…
Business Rules for KRI´s
Business rules could be defined to generate alerts when KRI values cross established threshold levels
KRI Aggregation Types
KRI aggregation can be performed using mean (standard) average or weighted average
Loss events are risks that became effective. Risks can either be already documented and its probability reaches 100% or can be an unknown risks.
Reasons for collection of internal loss data
It is a cornerstone for the quantification of operational risk.
Operational Risk Category
An Operational Risk Category (ORC) or unit of measure is the level (for example, organisational unit, operational loss event type, risk category, etc.) at which the bank's quantification model generates a separate distribution for estima…
The ORMF consists of a bank's:
Operational Risk management function
Risk Appetite and tolerance
Risk appetite is a high-level determination of how much risk a firm is willing to accept taking into account the …
Risk Control Self Assessment
RCSA-Key-Phases: Preparation, Planning, Performance and Monitoring, Aggregation
Risk control self assessment surveys are prepared using the standard GRC 10 "Question Library" and "Survey Library" functionality
o Risk control self assessment plans can be created with a matrix of organization units and risk categories
RCSA- Performance and Monitoring
o Risk control self assessment plans can be monitored with tracking of recipients status, response, and overall statistics
o Risk control self assessment results can be aggregated across organization units and risk categories similar to the KRI aggregation mechanisms
Scenario analysis is used to evaluate the exposure to (high-severity /what-if's) events and derive the need for internal process improvements
Scenario analysis and Risk Engine
Results from Scenario analysis could be provided to run Advanced Measurement Approach:
Seggregation of Duties
Separation of duties (SoD) is the concept of having more than one person required to complete a task. In business the separation by sharing of more than one individual in one single task shall pre…
Three Lines of Defence
One common governance model is the "three lines of defence" model, which is diagrammatically illustrated below. This model may assist franchisees by providing a basis to develop and document its risk governance framework.
First Line of Defence
Day to Day risk management & management control (responsible: ABC Board and Business Units)
Second Line of Defence
Risk Oversight, polica and methodologies (responsible: Risk Committee, CRO, Risk Management Function)
Third Line of Defence
Independent assurance (responsible: Audit Committee, internal and external audit)
Uncertainty about outcomes that can be either negative or positive
The process of making and implementing decisions that will minimize the adverse effects of accidental losses on an organization
Risk that is inherent to the operations of a particular organization, including the possibility of loss, no loss or gain
Risk from accidental loss, including the possibility of loss and no loss.
Any condition that presents a possibility of loss, whether or not an actual loss occurs.
Enterprise Risk Management
An approach to managing all of an organization's key business risks & opportunities with the intent of maximizing shareholder value.
Cost of Risk
The total cost incurred by an organization because of the possibility of accidental loss.
Risk Management Program
A system for planning, organizing, leading and controlling the resources and activities that an organization needs to protect itself from the adverse effects of accidental loss.
Risk Management Goals that should be in place even if no significant losses occur. (Such as Economy of Ops, Tolerable Uncertainty (reduced deterrence effects), Legaility, Social Responsibility.)
Risk Management Goals that should be in place in the event of a significant loss (such as: Survival, Continuity of ops, Profitability, Earnings Stability, Social Responsibility, Growth.)
Risk Management Policy Statement
A tool for communicating the goals of the risk management program and the roles that people thoroughout the organization have in achieving the organization's risk management goals.
Standards that focus on achievements regardless of the efforts they require.( measured in dollars, percentages, ratios or number of losses or claims.)
Standards that focus on activity undertaken to achieve a particular result regardless of the success of that activity. (such as number of calls fieled, site visits, classes taught, etc.)
Loss of exposure
Any situation or circumstances in which a loss is possible, regardless of whether a loss occurs. (also related to definition of risk)
the relative variation of actual loss from expected loss.
uncertainty based on a person's mental condition or state of mind
Impact of Subjective risk
Depends on the individual. High risk results in conservative behavior and low risk results in less conservative behavior.
Chance of loss
Probability that an event will occur. Can be identical for two different groups.
refers to the long-run relative frequency of an event assuming an infinite number of observations and no change in the underlying conditions
The individual's personal estimate of the chance of loss.
Factors that influence subjective probability
Cause for differences in estimation of loss
Amount of ambiguity in the in the way probability is perceived.
The cause of loss.
Common Perils that cause loss to property
Fire, Lightning, Windstorm, Hail, Tornado, earthquake, flood, burglary and theft.
Condition that creates or increased the frequency or severity of loss.
Major types of Hazard
Physical, moral, attitudinal (morale), legal
Physical condition that increases the frequency or severity of loss. Hazards arising from the material, structural, or operational features of the risk, apart from the persons owning or managing it.
the risk that one party to a transaction will engage in behavior that is undesirable from the other party's point of view
Control of moral hazard
Careful underwriting of applicants for insurance and by provisions (deductibles, waiting periods, exclusions, and riders).
Attitudinal Hazard (morale)
carelessness or indifference to a loss, which increases the frequency or severity of a loss.
Examples of Attitudinal Hazard
Leaving keys in car with unlocked doors. Changing lanes without signaling. Leaving doors unlocked for burglars.
Characteristics of the legal system or regulatory environment that increase the frequency or severity of loss.
Examples of Legal Hazard
Adverse jury verdicts or large damage awards in liability lawsuits, statutes that require insurance coverage for alcoholism
Classifications of Risk
Pure and speculative
Situation in which there are only the possibilities of loss or no loss. Only possible outcomes are adverse and neutral.
Situation in which either profit or loss is possible.
Type of risks that are appropriate for Risk Retention
High-frequency, low-severity risks where potential losses are relatively small. Not for catastrophic medical expenses, long-term disability or legal liability.
Technique for transferring the risk of unfavorable price fluctuations to a speculator by purchasing or selling futures contracts on an organized exchange.
Pooling of losses
The heart of insurance. Spreading of losses incurred by the few over the entire group, so that in the process, average loss is substituted for actual loss.
Primary purpose of pooling
To reduce the variation in possible outcomes as measured by the standard deviation or some other measure of dispersion, which reduces risk.
Definition of Insurance
insurance is the pooling of fortuitous losses by transfer of such risks to insurers, who agree to indemnify insureds for such losses, to provide other pecuniary benefits on their occurrence, or to render services connected with the risk
Requirements of an Insurable Risk
large number of exposure units that are roughly similar
Is the tendency for people with a greater than average exposure to loss to purchase insurance. ++Primary function of underwriting+
What is Risk Management
pre-loss arrangements for post-loss resources
Potential Risk Management Losses
property loss, liability, business income, human resources, crime, employee benefits, foreign, reputation and public image of the company.