Operational Risk Management - Assignment Example

Operational Risk Management Summary The cornerstone of risk management is the Basel I concept that was established in 1988. Thisconcept provided for the application of good practice for active banks, with the objective of ensuring that banks held enough capital to cover for risks. The nature of the risks addressed under this concept was Credit Risk, which focused on weighting of assets for capital determination and the market risks (VaR). However, the birth of operational risk management came in 1995, after the collapse of Barings Bank, resulting in a loss of £827m, and a loss of the bank’s trading capital twice. This resulted in the issuance of Basel II by the Basel Committee on Banking Supervision (BCBS), which was set by the governors of the G10 countries. In the attempt of Basel II to increase the amount of capital held by banks, the concept of operational risk was introduced for the first time. Following this move, the Capital Requirements Directive was introduced in the EU, and shortly after the ICAAP was developed. The provisions of Basel II included the setting of the minimum capital to be held by banks, the risk types covered, the winding down requirement for businesses and company’s disclosure requirements. The application of Basel II started with the banks and insurers and then Asset management firms and brokerages. The approach towards the application of the Basel II by these institutions was determined by both the complexity and the size of the institutions. Thus, since 2000, the subject of risk management started to grow, and different approaches to the concept started to developed. The requirements of risk management are risk appetite, defined as how much risk a firm is ready to accept, the risk assessment process, KRI’s-the metric showing when a risk is about to occur, error management, risk technology and risk governance. Between 2002 and 2010 the setting up of risk management departments continued, while negative organizational culture also emerged as a big operational risk. The rise of operational risks was marked by noughties frauds valued at $22.31bn, followed by John Rusnak Allied Irish Bank fraud 2002 and then the Peter Young Morgan Grenfell trading fraud 1997. The collapse of the Lehman Brothers in 2008 continued the rogue trading and risk operational activities, causing a regulatory reaction by the EU, which pushed the limits on fund management higher. Subsequently, the Basel III, CRD 2 and 3 Solvency II were also developed to push up the industry understanding of the risk management. This was followed by industry response in increasing operational risk management awareness through simplifying the Basel III model in the banking industry, as well as introducing risk training. Different types of risks have subsequently developed, with the FCA focusing more on risk behaviours involving ensuring that clients are placed first in the risk management efforts. Explain why the following operational risk scenarios should have no impact on the capital (Slide 32): Trading Error According to Basel Committee, operational risk is the risk that arises from inadequate or failed internal process, people or systems, as well as the risks arising from external events (SEI, 2012:7). Trading errors take a number of forms, ranging from dealer errors to errors of omission or commission that are done by the staff. The trading errors are the type of operational risks that are categorized as ‘business as usual risks’, which are common business errors that happens on a daily basis in any business (Hillson, 2008:1). These types of risks may not have a substantial effect on the capital, owing to the fact that they are the type of risks that will be addressed in the normal course of doing business. Further, trading errors are the type of risks that are uncertain within any given firm’s operation, owing to the fact that such risks have the chances of occurring or not occurring. For example, an error of omission by a staff within a company may occur during the course of the staff’s tenure in the company, or it may never occur at all. Similarly, the error of a dealer may or may not occur, mostly based on the level of complexity of the product that the company and the dealer are dealing in. Thus, despite the fact that such trading errors matter when they occur, they are normally provided for under every project, and the necessary standard operating procedures are designed towards addressing them (Hillson, 2008:1). In this respect, trading errors may not have an effect on the capital of a business. Market Downturn Market Downturn is a business risk that is prone to the whole industry or economy, as opposed to being prone to a specific business situation. On the other hand, different business and organizations operating in different sectors of the industry adopt different approaches and processes to mitigate the likelihood of the occurrence of such industry-wide or economy-wide risks (Prokopenko & Bondarenko, 2012:27). Thus, different companies will align their operational risks mitigation frameworks in very different ways. The fundamental of economic-wide or industry-wide risk mitigation approaches is the application of the responsibilities of the business in owning and managing their own operational risks for the areas they are highly prone to risks (Drury, 2009:62). Therefore, the extent to which the Market Downturn will affect an organization operating in any industry is simply based on how well the risk control programs are embedded within the organization, as well as the exact risks and tasks that such risks control programs are targeted to address. Therefore, an effective risk mitigation program requires addressing both the internal and the external risks that might be posed by external forces to the business. In this respect, the Market Downturn function will have less influence on the capital of a business, owing to the fact that the whole of the industry is affected by the occurrence of a market-wide decline (Prokopenko & Bondarenko, 2012:36). This would simply mean that; the rates at which the capital value of any business organization operating in a certain industry is affected, remains the same rate at which the industry capitalization is affected. This in turn means that the market-wide decline has no substantial influence on the capital of a business. 2. Explain why the following operational risk scenarios that may affect the capital Third Party failure It is one thing for a business to handle its own risks, but it is a totally different thing for a business to address the risks posed by its third-party partners. The major problem however is associated with a firms requirement to outsource specialised professional services, which are ironically essential to enable a firm mitigate its own risks (SEI, 2012:18). The failure of the third parties offering support services to a business, most especially those associated with the mitigation of risks such as the auditing services has the effect of causing a major decline in the capital value of a business. Another example is the failure caused by a supplier of business technology tools that are meant to mitigate the business risks, for example the statistical analysis and forecasting tools, which might expose the business to major risks of failure. This is because; when such specialized support services do not take care of the risk factors that might lead to major loses for the business such as early detection of accounting and other financial frauds, the overall effect is a major reduction in the overall capital value of the business, when the fraud eventually takes effect. A financial fraud has the potential of degrading the financial and asset value of a business, which in turn degrades the business capital value markedly (Medova & Berg-Yuen, 2010:12). Thus, the failure of a third party may influence the capital of a business negatively. For example, the collapse of Lehman Brothers represents the huge capital value loss caused by third party failures. The failure of the mortgage borrowers to settle their mortgages during the subprime mortgage crisis contributed to the collapse of the giant institution. Data protection breach Data protection breach is a major risk factor that can affect the capital of a business markedly. Data protection systems are adapted by business organizations to help such organizations address the potential risks of fraud that might be committed through data breach. A good losses data capture is essential to detect any possible losses in the business, which might be caused by the manipulation of the organizational financial data (Drury, 2009:61). The detection of such data manipulation is an important risk governance structure for a business, which may help the business avoid incurring undetected losses over a long term, and then end up with a totally deflated financial capacity to continue with its operations. Nothing can be riskier for a business than a data protection breach, since it exposes the business to both high risk chances of fraud as well as direct financial loses. This can reduce the capital value of the business substantially. IT system failure IT systems are important components of the day-to-day operations of a business organization, owing to their potential to help the business safeguard against possible internal and external risks. System automation is a very powerful tool for mitigating organizational risks (SEI, 2012:15). The application of properly selected, programmed and managed IT systems have the potential of performing monitoring and control tasks that are highly repetitive at a very high speed, meaning that the whole organizational system remains monitored for any anomalies at all times (Prokopenko & Bondar, 2012:56). The greatest advantage is that such competent monitoring of the organizational processes occur throughout the whole twenty-four hours of the day without the need to take a break. However, poorly programmed, installed and managed IT systems have the potential of spewing major errors at superhuman speeds, thus exposing the organization to major risks of fraud and data manipulation that would then become very hard to trace (SEI, 2012:15). Thus, the failure of IT systems within an organization can cause an organization to experience major financial losses, which in turn degrades the organizations capital value markedly. The example of Knight Capital Group serves to indicate how IT system failure can cause huge capital losses, where the group of company experienced a software glitch that resulted in the loss of $460 million in losses in 2012 (Pfeifer, 2013:n.p.). Incorrect market literature The risk posed by incorrect market literature to a business organization is synonymous with the risk created by a splinter dropping a baton during the handing over stage of a relay splint, which then means that the whole team loses (SEI, 2012:15). Nothing is crucial than an effective flow of information from the market to the relevant departments within an organization, which addresses both the sequential and timely information needs for the organization. This systematic and effective flow of accurate market information enables the business organization to plan on its future operations through forecasting on the likely market changes, thus offering such an organization a competitive edge (Medova & Berg-Yuen, (2010:21). However, the gathering and delivery of incorrect market literature to an organization is equally detrimental, since it causes the organization to base its future strategies and information on incorrect market data, which then means major risks of financial losses and lack of competitiveness of the organization. The effect is a huge degradation of the organization’s capital value. 3. Explain what Key Risk Indicators that may be at least partially useful for protecting a company against the above scenarios Forwards looking: Forward looking indicators may be at least partially useful in helping an organization protect against the potential risks posed by scenarios such as third party breach and failure of IT systems. This is because; forward looking risk indicators do not only serve the purpose of assessing the possibility of an event occurring in the future, but also establishing the chances of such an occurrence happening. Thus, with the forward looking indicators, it becomes possible to forestall the likely future risks such as the failure of the third parties, through monitoring their conduct in advance, and cancelling the third party partnerships if necessary. Links to controls: Links to controls is yet another important risk indicator that can help an organization at least forestall future risks facing the organization, through connecting any possible risk detected to the control mechanisms, which are activated to prevent chances of fraud. Thus, for example, links to controls can be a very useful risk indicator for forestalling the risks posed by data protection breach, since the occurrence of any form of breach would cause the links to controls indicators to activate the protection mechanisms, for example management intervention. This helps in addressing the risks of such data breach in good time, thus avoiding the financial or data losses that would ensue. References Drury, N. (Winter 2009). Why has operational risk returned to the limelight? Markit magazine, 61-63. Hillson, D. (December 2008). Keeping the Business as usual Risks out of the Project Risks register. Risk Doctor Briefing, 1-2. Medova, A. & Berg-Yuen, P. (2010). Banking capital and operational risks: comparative analysis of regulatory approaches for a bank. Journal of Financial Transformation, 12-23. Pfeifer, S. (October 16, 2013). Knight Capitals massive trading error results in $12-million SEC fine. Los Angeles Times. Available at: , Prokopenko, Y. & Bondarenko, D. (September, 2012). Operational Risk Management: Best Practice Overview and Implementation. International Financial corporation, 1-182. SEI. (2012). Top 10 Operational Risks: A Survival Guide for Investment Management Firms. 1-49. Read More