Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Modelling operational risk in
Banking and Insurance using
@RISK
Dr Madhu Acharyya
Lecturer in Risk Management
Bournemouth University
1
Palisade EMEA
2012 Risk Conference
London
Risks in Banking and Insurance
Main Banking Risks
Market risk
Credit risk
Liquidity risk
Operational risk
Systemic risk
Strategic risk
Reputational risk
Main Insurance Risks
Market risk
Underwriting and pricing
risk
Credit risk
Liquidity (reserving) risks
Operational risk
Strategic risk
Reputational risk
2
Business Units/lines in Banking and Insurance
Banking
Credit department
Banking book
Derivative desk
Fund management
Others
Insurance
Underwriting department
Personal and commercial
Claims department
Reinsurance department
Finance and investment
department
Others
3
4
Risk types
Inte
rest
Rat
e
Ris
k
Mar
ket
Ris
k
Cre
dit R
isk
……
….
Opera
tional
risk
Business
units
Credit
department
Banking book
Derivative
desk
……
Fund
management
Risk types
Inte
rest
Rat
e
Ris
k
Mar
ket
Ris
k
Cre
dit R
isk
……
….
Opera
tional
risk
Business
units
Credit
department
Banking book
Derivative
desk
……
Fund
management
Expected loss and Unexpected Loss
Expected loss
The mean value of the probability distribution of future
losses.
Not a significant risk and hedged by adding a suitable spread
to the interest rate charged on the loan
Unexpected loss
Expected loss
5
Unexpected Loss
The true risk i.e., the risk that the loss will prove greater
than originally estimated
• i.e., The variability of loss above the EL
The EL of a diversified portfolio is simply equal to the sum of
the expected losses on the individual loans in it
• The EL is reduced by diversifying the portfolio
The volatility of the total portfolio loss is generally lower
than the sum of the volatilities of the losses on individual
loans (provided that the correlations amongst the individual
losses are low) where
represents the individual credit losses
6
VaR computation
Probability distribution of loss data
Probability = 5%
7
Maximum
$ Loss Minimum
$ Loss Average
$ Loss
Three methods of calculating VaR
1. Parametric (or analytical or delta-
normal) method
2. Historical method
3. Monte Carlo Simulation method
8
Example: Computation of Value at Risk (VaR)
Year Loss ($)
1996 9223.41
1997 9708.5
1998 11087.27
1999 10059.5
2000 8781.8
2001 10106.58
2002 11197.34
2003 9892.56
2004 9369.17
2005 8842.99
2006 10628.46
Minimum loss $8,781.80
Maximum loss $11,197.34 9
for the standard normal distribution,
Mean $9,899.78
Standard deviation $826.76
Parametric approach
z-statistic at 95% confidence
interval 1.645
VaR (95%) $11,259.69
10
VaR computation
Probability distribution of loss data
Probability = 5%
11
Maximum $
Loss
$ size of the
portfolio
Minimum
$ Loss
$0
Average
$ Loss
$9,899.78 $11,259.69
VaR 95%
12
Interpretation of VaR Result
Given the loss data the Bank or Insurance Company (or any of
its business line) can afford a loss of maximum of $11,259.69.
The bank or insurance company is 95% confident that the
actual loss will remain within the boundary between $0 and
$11,259.69. However, there is a 5% probability that the actual
loss will go beyond $11,259.69.
In other words, n every 1 in 20 occasions (or days/month/year)
the actual loss will go above $11,295.69
If the actual loss goes above $11,295.69 then the bank or
insurance company will be insolvent.
What is operational Risk
Banking sector definition
In Basel II the common industry definition of operational
risk is –
“The risk of direct or indirect loss resulting from
inadequate or failed internal processes, people and
systems or from external events.“
The definition includes legal risk but strategic and
reputational risk is not included in this definition.
Source: Basel Committee on Banking Supervision, Consultative Document, Operational
Risk, January 2001, accessed at http://www.bis.org/publ/bcbsca07.pdf on 01st January, 2011 13
Insurance sector definition
The Solvency II definition of operational risk is –
“Operational risk means the risk of loss arising from
inadequate or failed internal processes, or from
personnel and systems, or from external events
(Article 13(29) of Level 1 text). Operational risk shall
include legal risks, and exclude risks arising from
strategic decisions, as well as reputation risks (Article
101 4(f)) of the Level 1 text).”
(Ref: CEIOPS Advice for Level 2 Implementing Measures on Solvency II: SCR
Standard Formula – Article III (f) Operational risk: former CP53)
14
Event categories
Level 1 Level 2 Level 3
Internal fraud
Unauthorised activities
1. Unauthorised used of
computer system to
defraud firm or customer
2. Unauthorised
transactions
3. Underreported
transactions
4. Over-reported
transactions
5. Falsifying personal details
Theft and fraud
1. Theft of assets
2. Destruction of assets
3. Forgery impersonation
4. Disclosure of confidential
information
5. Accounting irregularities
6. Misappropriation of
assets
Table: Detailed loss event type classification in Insurance Operational Risk by ORIC
15
External fraud
External fraud
1. Theft of assets
2. Forgery impersonation
3. Fraudulent billing by
suppliers
4. Fraudulent claims
System security 1. Hacking
2. Theft of information
3. Viruses
Employment practice and
workplace safety
Employee relations 1. Harassment
2. Terminations, including
tribunals
3. Industrial activity
4. Management
5. Loss of key personnel
Safe environment 1. Health and safety
2. Public liability
3. Employee liability
Diversity and discrimination 1. Equal opportunities
2. Human rights
16
Clients, products and business
practices
Suitability, disclosure and fiduciary 1. Regulatory impact
2. Data protection act
3. Regulatory compliance of
appointed representatives
4. Customer complaints
5. Treating customers fairly
Improper business or market practices 1. Money laundering
2. Other improper market
practices
3. Insider dealing
4. Tax evasion
5. Anti trust
Product flaws 1. Product defects
(unauthorised, etc.)
2. Product literature defects
3. Product design
4. Unintentional guarantees
Selection, sponsorship, and exposure 1. Client fact-findings
2. Client exposure
Advisory activities 1. Mis-selling due to mortgage
endowment
2. Mis-selling (other)
17
Damage to physical
assets
Disasters and other
events
1. Natural disaster losses
2. Loses from external sources
(terrorism, vandalism)
3. Physical assets failure (not
systems)
Business disruption
and system failures
Systems 1. Hardware
2. Software
3. IT network
4. Telecommunication
5. Utility outage/disruption
6. External interference (excluding
fraudulent activity)
18
Execution, delivery and process
management
Transaction capture, execution and maintenance 1. Customer service failure
2. Data entry error
3. Transaction system error
4. Management information
error
5. Accounting error
6. Incorrect application of
charges
7. Incorrect unit pricing/
allocation
8. Management failure
9. Inadequate process
documentation
10. Training and competence
Monitoring and reporting 1. Failed mandatory reporting
2. Inaccurate external
reporting
Customer intake and documentation 1. Incomplete/ incorrect
application documents
2. Contract document
incorrect
3. Inappropriate underwriting
4. Inappropriate reinsurance
5. Missing documentation
Source: ORIC at http://www.abioric.com/oric-standards/risk-event-categories.aspx as on 29
Dec 2010. 19
Operational Risk Categories
Internal Fraud External Fraud Damage to
Physical Assets
Business
Disruptions &
System Failures
Execution,
Delivery &
Process
Management
No. of
events
per
Month
No. of
Month
Total
no. of
events
No. of
Month
Total
no. of
events
No. of
Month
Total
no. of
events
No. of
Month
Total
no. of
events
No. of
Month
Total
no. of
events
k n(k) n(k) n(k) n(k) n(k)
0 7 0 4 0 4 0 4 0 2 0
1 0 0 2 2 5 5 3 3 3 3
2 4 8 2 4 2 4 2 4 2 4
3 3 9 3 9 3 9 3 9 4 12
4 4 16 3 12 3 12 3 12 3 12
5 5 25 6 30 6 30 4 20 4 20
6 2 12 4 24 3 18 3 18 3 18
7 2 14 2 14 2 14 2 14 2 14
8 2 16 1 8 2 16 2 16 3 24
9 0 0 1 9 1 9 1 9 1 9
10 1 10 3 30 3 30 4 40 4 40
events 110 142 147 145 156
month 36 36 36 36 36
Average events
p/m (λ)
3.06 3.94 4.08 4.03 4.33
Table: Summary of Operational Loss Data (All data are hypothetical)
20
Table: Summary Statistics of Frequency Loss Data
Internal
Fraud
External
Fraud
Damage
to
Physical
Assets
Business
Disruptio
ns &
System
Failures
Execution,
Delivery
& Process
Managem
ent
Average
Minimum ($) 11,629.81 34,154.57 28,254.02 17,295.17 26,338.26
Maximum ($) 199,734.09 461,535.19 467,152.57 719,922.09 311,739.24
Mean ($) 108,165.98 55,881.49 76,977.50 139,744.89 69,203.62 89,994.70
Standard
deviation ($)
56,767.93 62,093.00 70,895.66 97,461.74 35,201.25 64,483.92
21
Internal
Fraud
External
Fraud
Damage
to
Physical
Assets
Business
Disruptio
ns &
System
Failures
Executio
n,
Delivery
& Process
Managem
ent
Averag
e
Minimum ($) 11,629.81 34,154.57 28,254.02 17,295.17 26,338.26
Maximum ($) 199,734.09 461,535.19 467,152.57 719,922.09 311,739.24
Mean ($) 108,165.98 55,881.49 76,977.50 139,744.89 69,203.62 89,994.7
0
Table: Descriptive Statistics of Severity Loss Data
22
Aggregated Operational Loss Parameters Distribution
Type
Frequency Mean=Variance 3.89 Poisson
Severity Mean ($) 89,994.70 Pareto
Standard deviation
($)
64,483.92
Table: Parameters of Loss Distributions from
Aggregated Observed Loss Data
23
Aggregated Operational Loss Data Summary for Monte Carlo
Simulation using @Risk
Frequency 4.00
Severity ($) 64,484.632979
Total Aggregated
Operational Loss ($)
257,938.53
Table: Parameters of Loss Distributions after Monte Carlo Simulation
24
Figure: Monte Carlo Simulation Output for Internal Fraud Category
25
Figure: Monte Carlo Simulation Output for External Fraud Category
26
Figure: Monte Carlo Simulation Output for Damage to Physical Asset Category
27
Figure: Monte Carlo Simulation Output for Business Disruption and System Failures Category
28
Figure: Monte Carlo Simulation Output for Execution, Delivery and Process Management Category
29
Figure: Monte Carlo Simulation Output for Integrated Operational Risk
30
Irrational Human Behaviour Causing Operational (and Strategic)
Failures
Agency problem
Principal-agent problem
Intentional fraud
Compensation culture
Examples: 2007 Financial Crisis
Lehman Brothers – over exposure on Securitised Products
Royal Bank of Scotland – M&A with ABN AMRO
Lloyd’s Banking Group – M&A with HBOS
AIG – exposure on CDOs
Many Others
31
32
Questions and Answers