Basel IIs Three Approaches To Operational Danger Management

Izvor: KiWi

The operational threat needs of Basel II proposes 3 measurement Bank Risk Management for calculating the operational threat capital charges. They are the fundamental Indicator Approach, the Standardized Approach as well as the Advanced Measurement Approach.

Beneath the basic Indicator Approach banks need to hold capital for operational risk equal towards the average more than the preceding 3 years of a fixed percentage (15% for this strategy) of good annual gross revenue (figures in respect of any year in which annual gross income was adverse or zero are excluded).

While no precise criteria are set out for use on the Basic Indicator Strategy, banks employing this method are encouraged to comply using the Committee's guidance on "Sound Practices for the Management and Supervision of Operational Risk" (BIS; February 2003). These principles demand:

oA hands on strategy within the creation of an appropriate threat management atmosphere,

oPositive actions inside the identification, assessment, monitoring and control of operational threat,

oAdequate public disclosure.

Under the Standardized Approach a bank's activities are divided into eight business lines. Inside every single organization line, gross earnings can be a broad indicator that serves as a stand-in for the amount of small business operations and thus the probable size of operational threat exposure within every of those organization lines. The capital charge for each and every business enterprise line is calculated by multiplying gross income by a element (known as the "beta") assigned to that enterprise line. The beta serves as a substitute for the industry-wide connection involving the operational risk loss expertise to get a provided enterprise line and also the aggregate level of gross income for that small business line. The business lines and the beta variables range from 12% for "retail banking", "asset management" and "retail brokerage"; 15% for "commercial banking" and "agency services" to 18% for "corporate finance", "trading & sales" and "payment & settlement".

The total capital charge is calculated as the three-year average of the simple summation in the regulatory capital charges across each on the small business lines in every single year. In any given year, a unfavorable capital charges (as a result of unfavorable gross earnings) in any organization line may offset optimistic capital charges in other business lines without limit.

At national supervisory level, the supervisor can choose to allow a bank to use the Alternative Standardized Strategy (ASA) provided the bank is able to satisfy its supervisor that this alternative strategy provides an improved basis for measurement of risks. Below the ASA, the operational danger capital charge/methodology is the same as for the Standardized Strategy except that two organization lines - "retail banking" and "commercial banking" where a fixed aspect 'm' - replaces gross revenue as the exposure indicator and is related to the extent of loans granted in these areas.

Under the Sophisticated Measurement Approaches (AMA) the regulatory capital requirement equals the risk measure generated by the bank's internal operational danger measurement system employing distinct quantitative and qualitative criteria. Use from the AMA is subject to supervisory approval.

Supervisory approval has to be conditional on the bank being able to show to the satisfaction from the supervisory authority that the allocation mechanism for these subsidiaries is appropriate and can be supported empirically. The quantitative standards that apply to internally generated operational danger measures for purposes of calculating the regulatory minimum capital charge are that any internal operational danger measurement system ought to be consistent with all the definition of operational danger and a variety of defined loss event types (covering all operational aspects such as fraud, employee practices, workplace safety, organization practices, processing practices, business enterprise disruption and loss of physical assets).

To qualify for use on the Sophisticated Measurement Approaches (AMA), a bank must satisfy its supervisor that,

oThe banks board of directors and senior management, are actively involved inside the oversight of the operational threat management framework;

oThe bank has an operational risk management system that is conceptually sound and which includes an independent operational danger management function that is responsible for the design and implementation in the bank's operational risk management framework;

oThe bank has It has sufficient resources to use this method within the major business lines as well as the handle and audit areas.

A bank utilizing the AMA will be subject to a period of initial monitoring by its supervisor before it can be used for regulatory purposes. This period will allow the supervisor to determine if the strategy is credible and suitable. The bank's internal measurement system need to be able to reasonably estimate unexpected losses based on the combined use of internal and relevant external loss data, scenario analysis and bank-specific company environment and internal control variables.

The bank's measurement system must also be capable of supporting an allocation of economic capital for operational risk across company lines in a manner that creates incentives to improve enterprise line operational risk management.

Additionally,

oThe operational danger management function is responsible for documenting policies and procedures concerning operational threat management and controls, designing and implementing the bank's operational risk measurement methodology, designing and implementing a risk-reporting system for operational risk, and developing strategies to identify, measure, monitor and control/mitigate operational threat,

oThe bank's internal operational risk measurement system have to be closely integrated into the day-to-day danger management processes from the bank and its output should be an integral part of the process of monitoring and controlling the bank's operational danger profile. This information have to play a major role in danger reporting, management reporting, internal capital allocation, and risk analysis.

oOperational risk exposures and loss experience have to be reported regularly to small business unit management, senior management, and to the board of directors.

oThe bank's operational danger management system should be well documented plus the bank should have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational threat management system, which need to include policies for the treatment of noncompliance issues.

oInternal and/or external auditors have to perform regular reviews with the operational risk management processes and measurement systems. This review need to include both the activities with the small business units and with the independent operational danger management function.

oThe validation in the operational danger measurement system by external auditors and/or supervisory authorities need to include the verification that the internal validation processes are operating in a satisfactory manner; and making sure that data flows and processes associated together with the threat measurement system are transparent and accessible. In particular, it is necessary that auditors and supervisory authorities are in a position to have easy access, whenever they judge it necessary and below suitable procedures, to the system's specifications and parameters.

Because the analytical approaches for operational risk continue to evolve the method or distributional assumptions used to generate the operational risk measure for regulatory capital purposes is not being specified by the Basel Committee. A bank will have to however be able to show that its strategy captures potentially severe 'tail' loss events. Irrespective on the approach is used, a bank should demonstrate that its operational threat measure meets a soundness standard comparable to that with the internal ratings-based method for credit risk.

Based on this, bank supervisors will demand the bank to calculate its regulatory capital requirement as the sum of expected loss (EL) and unexpected loss (UL), unless the bank can demonstrate that it is adequately capturing EL in its internal enterprise practices (to base the minimum regulatory capital requirement on UL alone, the bank will have to be able to demonstrate for the satisfaction of its national supervisor that it has measured and accounted for its EL exposure).

A bank needs to have a credible, transparent, well-documented and verifiable method for weighting these fundamental elements in its overall operational danger measurement system.

Internal loss data is critical to linking a bank's threat estimates to its actual loss expertise. Such data is most relevant when it is clearly linked to a bank's current small business activities, technological processes and danger management procedures. To do this a bank need to have documented procedures for assessing the on-going relevance of historical loss data, including those situations in which judgment overrides or other adjustments may be used, to what extent they may be used and who is authorized to make such decisions. Internally generated operational threat measures used for regulatory capital purposes must be based on a minimum five-year observation period of internal loss data. However, when the bank first moves to the AMA, a three-year historical data window is acceptable.

To qualify for regulatory capital purposes, a bank's internal loss collection processes need to be able to map its historical internal loss data into the relevant supervisory categories as are defined in detail inside the Basel II Annexes. The bank need to have documented objective criteria for allocating losses for the specified enterprise lines and event types. A bank's internal loss data have to be comprehensive. It need to capture all material activities and exposures from all appropriate sub-systems and geographic locations. The bank need to be able to justify that any excluded activities or exposures, both individually and in combination would not significantly impact the overall risk estimates. This should be based on an acceptable minimum gross loss threshold for internal loss data collection. Additionally, a bank should collect information relating the date on the event, any recoveries of loss amounts, as well as descriptive information about the drivers or causes of your loss event. The degree of detail in any descriptive information should be acceptable towards the size of the gross loss amount.

Operational risk losses that are related to credit danger and have traditionally been included in banks' credit threat databases (e.g. collateral management failures) will have to continue to be treated as credit danger for the purposes of calculating minimum regulatory capital. It follows that such losses will not be subject for the operational danger capital charge. Nevertheless, for the purposes of internal operational danger management, banks ought to identify all material operational danger losses consistent with all the scope in the definition of operational risk plus the defined event types, including those related to credit risk.

A bank's operational danger measurement system need to use pertinent external data (either public data and/or pooled market data), especially when there is any possibility to believe that the bank is potentially exposed to severe losses, however infrequent. Additionally a bank should use scenario analysis of expert opinion in conjunction with external data to evaluate its exposure to high-severity events.