High value-creation from operational risk management
Managing operational incidents
Identifying, reporting, and reviewing operational incidents from the business is one of the most basic and important tasks in operational risk management. It is a natural starting point for companies and organizations that want to implement sound operational risk management.
The Basel Committee on Banking Supervision (BCBS) states:
“The tracking of internal loss event data is an essential prerequisite to the development and functioning of a credible operational risk measurement and management system”
It is of crucial importance because it provides direct and observed input of operational failures and thereby gives valuable information as it exposes root causes, organizational, people, system, and process issues. It tells about loss types, levels, and frequencies.
The Incident reporting module consists of a single page that is facing every employee with 1-click access via the company intra-net. It allows employees easy registration of incidents and only the required information is captured - yet it is assured that all relevant information and regulatory requirements are adhered to. The registration makes it possible to break down and report operational failures across business dimensions like business lines, organizational units, and product types etc.
For registration of operational incidents to be successful with busy employees, it is of outmost importance that the incident capture process is as speedy and easy as possible. At AQRISK we understand and respect this, which is why registration in the capture form is pre-filled with employee information, dates, and other required information to smooth the registration process and make it a pleasant user experience.
Incidents review and approval
All incident reporting is easily available for review by Risk Management and others with an operational risk focus.
The incident review shows the entire reporting form. Added information is provided by the reviewing risk manager to ensure that regulatory required information, such as Basel loss and cause categories and the Basel business line structure, is captured for each incident.
The incident review form gives reviewers a real-time overview of incidents being reported by the business and allows for swift actions if serious systemic operational incidents arise. Furthermore, it gives Risk Management a standardized framework to review and validate the incidents reported. Misconceptions and errors may need to be straightened out with the reporting employee as part of the incident registration process.
When the registration is reviewed and in order, the incident registration can be approved.
Employees can follow the incidents they have reported.
Risk & Control Self-Assessments (RCSA)
The risk & control self-assessment (RCSA) module coupled with risk workshops contains all the functionality required for assessing large potential operational events. Large potential events drive the capital adequacy required for operational risks. It is required by law that the Board of Management and the Board of Directors have a clear understanding of these risks.
Assessing large potential events
Assessing potential operational events is not primarily driven by data, which is the case in market risk where data is in abundance, but to a high degree it depends on expert judgment, “soft” data and external loss experience.
To extract valuable input on operational weaknesses from the business, risk workshops should be run across the organization in a cyclical fashion. Risk workshops are facilitated and prepared by Risk Management in alignment with Management focus and priorities.
Workshops are open, honest, effective and stimulating conversations, where the business contributes actively in assessing potential events, mapping and estimating the effectiveness of the control environment and likelihoods of events materializing. Workshops are not about pointing fingers, passive participation, tabooed issues, silo and habit thinking.
At AQRISK, we have extensive experience with facilitating operational risk workshops and aid clients with all the necessary tools and methods that help perform effective workshops.
The potential events menu includes all information related to the potential events in a single page. The page holds for each potential event specific information about the potential event, risk owners, impacts and likelihoods, related controls and insurance schemes including their effectiveness and related causes, procedures, and contingency plans. It also includes Basel categorization on cause and loss categories.
The Control & Insurance Environment
Causes, controls, insurance schemes, events and impacts are important components in understanding potential operational events. Controls can be both preventive (reducing the likelihood of events occurring) and corrective (reducing impact if the events materialize).
The solution takes into account the consequences from both the preventive and corrective mitigation effectiveness when assessing the total portfolio risk and capital adequacy assessments from the operational risks. This allows banks to understand their total gross and net operational risks and help price (in terms of reduced risk and capital) the value of the controls/insurance environment.
Risk & Capital Adequacy Calculations
Much operational risk management concerns capturing individual incidents and identify large potential events. Performing risk calculations makes it possible to have complete portfolio assessments of the operational risks at hand and not just consider individual potential events and incidents.
The solution performs portfolio (VaR) risk and capital adequacy calculations with three input levels – incidents only, potential events only and a full calculation, including both incidents and potential events.
The calculations are performed using monte-carlo simulations, to account for loss distributions with fat-tail characteristics.
Calculated expected losses, risk and capital adequacy results are shown at bank or aggregated sublevels. Results are reflected both with and without mitigation from controls and insurance schemes and therefore quantifies the value of the mitigating environment. The results make it easy to identify the largest operational risk areas on an aggregated level.
The calculated capital consequences across model types and stress testing, makes it possible to perform a rigorous Internal Capital Adequacy Assessment Process (ICAAP) for operational risks.
Risk, Regulatory & Capital Reporting
The application includes a comprehensive reporting module that allows for full breakdown of operational risks across the business and many other dimensions. The reporting is highly flexible and dynamic regarding user preferences. All graphs are easily exported.
The operational risk reporting module help give the full picture of the total operational exposure - from incidents and potential large events. The reporting furthermore shows risk and capital adequacy measure and the required regulatory reporting.
The operational risk reporting module includes incidents reported from employees.
It shows the development in the number and impacts of incident across time and provides an extensive break down across the organizational units and across product types, products, business processes, impact, and effect types and also the Basel loss and cause categories.
The largest incidents are highlighted, including the resources tied up in solving them and whether they have been resolved.
The reporting is automatically updated daily, so results always give an up-to-date view.
The regulators require two operational risk reports on an annual basis. The reports are required to show a number of regulatory defined key-ratios across Basel loss categories and Basel business units.
One regulatory report focuses on financial impacts, while the other concerns the number of incidents experienced.
Both reports are automatically generated in the application and easily exported for regulatory reporting.
The potential events identified in the risk register - typically via risk workshops - are also available in the reporting. The reporting provides an overview of the potential events across the business and Basel loss and cause categories.
The largest potential losses are identified and shows where mitigating efforts are best spent.
Risk and capital measures
The reporting also shows all the different calculation results. Results such as expected loss, value-at-risk and economic capital measures across confidence levels are available and broken into various reporting dimensions.
Explore other solutions
Working with credit, risk, and capital analysis many complex analytical challenges arise. The AQANALYTICS solution is dedicated to support specialists in solving such analytical tasks/problems. It helps automate manual and ad-hoc tasks and perform them systematically and very fast - allowing for more efficient use of resources.
Optimizing Core Banking
The AQOPTIMIZER solution makes it easy to optimize the core banking business. The solution allows for much enhanced use of data, analytics, and modern technology. Bank advisors are supported in assessing and pricing clients optimally, while management and staff specialists can assure profitability targets are met.