Operational Risk Management

1
Operational Risk Management
By A V Vedpuriswar
October 4, 2009
2
Introduction

• Globalization and deregulation of financial
  markets,combined with increased sophistication in
  financial technology, have made banking
  activities very complex.
• Events such as the September 11 terrorist
  attacks, rogue trading losses at Barings and the
  Y2K scare serve to highlight the importance of
  operational risk management.
• Operational risks faced by banks today include
  fraud, system failures, terrorism and employee
  compensation claims.

3
Typical Bank Org Structure
4
Front Office

• The more client-facing side of the business is
  known as the front office.
• These personnel typically include
• sales people who act as the main contact point
  between the bank and its clients.
• traders/market makers, who are responsible for
  executing trades with various counterparties.

5
Middle Office
6
Middle Office functions

• Initial trade verification
• The input of trades into relevant trading systems
  
• Investigation of any discrepancies in trade
  details
• Daily PL reporting
• Reconciliation and updating of trading positions
• Monitoring risk limits

7
Middle Office functions

• The middle office function attempts to bridge the
  gap between
• the front office
• the back office
• The middle office typically gets involved in
• risk management
• control aspects of trading.
• The middle office personnel are capable of
  independently
• valuing portfolios
• analyzing risk positions.

8
Back Office

• In performing its role, the operations area has a
  major responsibility to control operations risk.
• The back office should quickly detect errors and
  bring to the attention of dealers and management.
  
• Some key responsibilities of back office
  employees include
• capturing trade details in the settlement system
• validating trade details
• issuing settlement instructions
• ensuring that the trades settle on the value date
  
• making payments by electronic transfer mechanisms
  
• ensuring timely delivery of securities

9
More about the Back Office

• The term operations or back office describe
  those operational areas within the bank that
  deal with the result of trading by the front
  office.
• Following the execution of a trade and recording
  of the trade within the system, trade details are
  typically fed through an interface between the
  trading system and settlement system.
• The starting point for the settlement of trades
  and all subsequent activities is the capture of
  the trade details within the settlement system.
• The moment the details of a trade are captured
  within the settlement system, the trading
  position for both securities and cash, at a
  trading book level, must be updated.

10
The Trade Lifecycle
TradingActivities
Trade Execution
Trade Capture (Front office)
Trade Capture (Back Office)
Operational Activities
Trade Enrichment
Trade Validation
Trade Agreement
Transaction Reporting
Settlement Instructions
The Role of the Custodian
Pre Value Date Settlement Instruction Status
Settlement Failure
Trade Settlement
Reflecting Trade Settlement Internally
11
Trade skeleton

• The typical trade information fed by a trading
  system and captured by the settlement system
  could be described as the trade skeleton.
• These are the minimum details a trader or market
  maker must provide as these items are variable
  and cannot be guessed by the settlement
  department.

12
Recording details

• Though the basic details of a trade may appear
  very clear-cut, the inaccurate recording of the
  details can lead to unnecessary costs being
  incurred and risks being taken by the STO.
• In an attempt to prevent inaccurate information
  being sent to the outside world, the process of
  validating trade information is adopted by many
  banks.

13
Trade agreement/validation

• Failure of the bank and its counterparty to agree
  about the details of the trade, can result in
  monetary losses if the discrepancy remains
  unresolved at the value date.
• Consequently, it has become standard practice in
  many markets to strive for trade agreement as
  soon as possible after trade execution.
• In many securities marketplaces, individual
  trade details must be sent to the regulator by a
  specified deadline.

14
Settlement Exchanging Securities and Cash

• The exchange of securities and cash is known as
  settlement with the securities industry.
• The most efficient and risk-free method of
  settlement is known as Delivery versus Payment
  (DvP).
• DvP involves simultaneous exchange of securities
  and cash between buyer and seller (through their
  custodians).
• The seller is not required to deliver securities
  until the buyer pays the cash.
• The buyer is not required to pay cash until the
  seller delivers the securities.

15
Free of Payment

• The alternative to settling a DvP basis is to
  settle on a Free of Payment (FoP) basis.
• Parties will need to arrange delivery of
  securities or payment of cash prior to taking
  possession of the other asset.
• Due to the risks involved, most STOs avoid
  settling in this manner, whenever possible.

16
Settlement Department

• The STO must issue a settlement instruction to
  its custodian in order for settlement to occur.
• All pending incomes against securities must be
  carefully monitored.
• The first step in collection of the benefit is to
  become aware that the issuer is making a specific
  income payment.
• The bank must calculate whether it is in fact
  entitled to the income.
• If so, it must assess who will remit the income
  and monitor the receivable amount until full
  payment is received.
• Where it offers a safe custody service to
  clients, the STO is expected to collect income on
  behalf of its clients.

17
Static data

• Static data (sometimes referred to as standing
  data) describes data that changes occasionally,
  or not at all.
• The two principal components are
• Securities static data
• Counterparty static data.
• The data must be carefully maintained.
• If for instance, the coupon rate on a bond is
  not set up correctly, incorrect trade cash values
  will result.

18
Static Data

• Likewise, the setting up of an incorrect
  counterparty postal address could result in a
  client failing to receive a trade confirmation.
• Books and records must be accurate, up-to-date,
  complete and reflect reality.
• Reconciliation is achieved through the
  comparison of specific pieces of information
  within the banks books and records, and between
  the banks books and records and the outside
  world.

19
Compliance

• The compliance officers within a bank are
  responsible for ensuring conformity to the
  various rules and regulations, as laid down by
  the local regulatory authority.
• This includes ensuring that
• only qualified personnel execute trades on the
  banks behalf
• reporting of trade and positional information to
  the regulatory authorities is complete and
  effected within the stated deadlines
• methods of investigating trade disputes between
  the STO and its counterparties are carried out in
  a thorough and correct manner
• measures are taken to prevent unlawful
  activities within the STO, such as insider trading

20
Settlement failures

• Insufficient securities
• Insufficient cash
• Unmatched settlement instructions

21
Definition

• The Basel Committee defines operational risk
  as"The risk of loss resulting from inadequate
  or failed internal processes, people and systems
  or from external events."
• This definition includes legal risk, but excludes
  strategic and reputational risk.
• Banks can adopt their own definitions of
  operational risk, if the minimum elements in the
  Committee's definition are included.

22
Types of Operational Risk

• Internal fraud
• External fraud
• Employment practices and workplace safety
• Clients, products and business practices
• Damage to physical assets
• Business disruption and system failures
• Execution, delivery and process management

23
Internal Fraud

• Intentional misreporting of positions
• Unauthorized undertaking of transactions
• Deliberate mismarking of positions
• Insider trading (on an employee's own account)
• Malicious destruction of assets
• Theft/robbery/extortion/embezzlement
• Bribes/kickbacks
• Forgery
• Willful tax evasion

24
External Fraud

• Theft/robbery
• Forgery
• Computer hacking damage
• Theft of information
• Check kiting

25
Employment practices and workplace safety

• Employee compensation claims
• Wrongful termination
• Violation of health and safety rules
• Discrimination claims
• Harassment
• General liability

26
Clients, products and business practices

• Breaches of fiduciary duties
• Suitability/disclosure issues (KYC, and so on)
• Account churning
• Misuse of confidential client information
• Antitrust
• Money laundering
• Product defects
• Exceeding client exposure limits

27
Damage to physical assets

• Natural disasters (earthquakes, fires, floods,
  and so on)
• Terrorism
• Vandalism

28
Business disruption and system failures

• Hardware and software failures
• Telecommunication problems
• Utility outages/disruptions

29
Execution, delivery and process management

• Miscommunication
• Data entry errors
• Missed deadline or responsibility
• Model/system misoperation
• Accounting errors
• Mandatory reporting failures
• Missing or incomplete legal documentation
• Unapproved access given to client accounts
• Non-client counterparty disputes
• Vendor disputes
• Outsourcing

30
Qualitative assessment

• Environment
• Activities
• Supervision
• Disclosure

31
Risk Assessment

• Checklists
• Questionnaires
• Workshops
• Scorecards

32
Operational Risk Indicators

• Operational risk indicators attempt to identify
  potential losses before they happen.
• Some indicators are applicable to specific
  organizational units (for example, transaction
  volumes and processing errors).
• Others can be applied across the entire bank (for
  example, employee turnover, new hires and number
  of sick days).
• In practice, the most common risk indicators are
  lagging or ex-post measures.
• They provide information on events that have
  already taken place (eg, failed trades,
  settlement errors, and so on).

33
From lagging into leading indicators

• The challenge for risk managers is to transform
  lagging indicators into leading or predictive
  indicators.
• This can be done by changing the focus of the
  indicators that are tracked or by adding new
  information to these indicators.
• Thus the focus of the indicators could be
  changed to highlight issues that are still
  outstanding or remain open after a specified
  period of time (for example, 24 hours) has
  elapsed.
• In reality, however, it is not easy to transform
  lagging indicators into predictive indicators.

34
Statistical Approaches

• Statistical approaches to operational risk
  measurement generally involve the use of
  methodologies to quantify operational risk .
• The approaches involve the collection of actual
  loss data and the derivation of an empirical
  statistical distribution.
• An unexpected loss amount, against which banks
  must hold a capital buffer, can then be
  calculated from the distribution.
• In theory, the unexpected loss can be calculated
  to any desired target confidence level.
• In practice, many banks are working towards
  measuring operational risk to a 99.9 confidence
  level.

35
Legal risk

• The Basel Committee's definition of operational
  risk explicitly includes legal risk.
• Legal risk is the risk of disruption or adverse
  impact on the operations or condition of a bank
  due to
• unenforceable contracts
• lawsuits
• adverse judgments
• other legal proceedings
• It can arise due to a variety of issues, from
  broad legal or jurisdictional issues to something
  as simple as a missing provision in an otherwise
  valid agreement.

36
Master Agreements

• There are now master agreement forms for many
  financial products.
• These agreements
• create a common legal framework that can be
  understood by all market participants.
• cover most of the major legal points that should
  be agreed as part of documenting the
  transactions.
• Individual transactions are tied to master
  agreements with confirmation documents containing
  specific terms of each transaction.

37

• The master agreements should ideally be
  negotiated prior to any individual transaction
  being agreed.
• But, in many cases, the master agreement is only
  negotiated as a consequence of the first
  transaction.
• Master agreements cover how the parties will
  conduct themselves in case of the early
  termination of the contractual agreements due to
  credit default or other unforeseen events.
• The agreements specify how the exposures for
  more than one transaction under the master
  agreement will be netted against each other.

38
Reputation risk
39
Reputation Risk

• Negative public opinion regarding an
  institution's practices, whether true or not, may
  result in a decline in its customer base,
  expensive litigation and/or a fall in revenue.
• Reputational risk may cause liquidity
  difficulties, fall in share price and a
  significant reduction in market capitalization.
• In 1994, Bankers Trust was accused of having
  misled customers by selling them inappropriate
  derivatives positions.
• Its reputation was so badly damaged that it was
  forced into acquisition.

40
Strategic Risk
41
Strategic(Business) Risk

• It incorporates the risk arising from an adverse
  shift in the assumptions, goals and other
  features that underpin a strategy.
• Business Risk is a function of
• a bank's strategic goals
• the business strategies developed to achieve
  these goals
• the resources deployed in pursuit of these goals
• the quality of implementation of these resources
• Business risk, however, is difficult to assess in
  practice.
• It can be particularly difficult to separate from
  other forms of risk, such as market risk.

42
Model Risk
43
Model Risk

• Model risk arises out of the failure of a model
  to sufficiently match reality, or to otherwise
  deliver the required results.
• It can arise from a number of issues, including
• mathematical errors (for example, in determining
  the formulas for valuing more complex financial
  instruments)
• the lack of transparent market prices for some of
  the more illiquid market factors
• invalid assumptions
• inappropriate parameter specification
• incorrect programming

44
Dealing with model risk

• Companies must model the instruments and the
  portfolio carefully.
• Very large and unexpected moves may occur in
  market factors sometimes in conjunction with each
  other.
• Liquidity can suddenly vanish.
• Being based on assumptions, models are always a
  simplified representation of what happens under
  real-life conditions.
• If these assumptions break down, then the model
  is worthless.
• Therefore, modeling for disaster as well as for
  normal market conditions is highly desirable.
• This is why stress testing is important in
  addition to value at risk calculations.