Friday, April 5, 2019
Analysis of BAELL II Recommendations
Analysis of BAELL II RecommendationsCHAPTER 1 INTRODUCTION1.1. Introduction in operation(p) stake is be as the stake of passing play resulting from poor or failed internal processes, people and systems, or from international evets. Financial markets in the last both decades take a shit been utmostlighted by large-scale monetary failures due to incompetence and fraud, such(prenominal) as Barings, Daiwa, Allied Irish Banks, Orange County, Enron, along with man-made and inbred disasters, such as 9/11, Hurri poopes Andrew and Katrina. As a conchronological succession, operative pretend has been acknowledged to oerweigh the brilliance of credit and market encounterinesss.Since 2001, the Basel delegation for the Banking Supervision of the Bank of International Settlements has been requiring banks to set aside regulatory outstanding amount that would cover latent operable wrong. The capital amount moldiness be evaluated on a one-year aggregated foundation garment at a sufficiently high confidence direct. Statistical tools argon required to accu aimly esteem the frequency and severity distri simplyions.The presence of so-c tout ensemble tolded low frequency/ high severity casefuls poses problems for the modeling of operative run a chance of infection and calls for models capable of capturing excessive heavy-tailedness in the info. in operation(p) jeopardize is one of the important arms of the try worry triangle the early(a) two being Credit fortune and Market (Treasury) as enounce. Any organization, partitionicularly in the banking sector, is squ bely assailable to available fortuneinesss emanating within or outside the organization.Risk Management triangleCredit Risk Market (Treasury) Risk. in operation(p) risk practicable risk capital charge is a mandatory requirement in world(a) banking sector. This puts in a lot of stress and strain on a banks centering. available Risk is alike known as Transaction Risk in well- nigh countries. In ordain to expeditiously face this new challenge of operating(a) risk in risk wariness, the prerequisites for efficiently facing the working(a) risk ar enumerated as follows creation of risk culture enterprise wide operational risk aw arness. Proactive steps at all the levels of operation should operate as a safety valve and in the process, may in pervert facilitate lower risk capital charge.1.2. BackgroundRisk mapping is often mentioned both in describing various neargons to operational risk focusing and, in an audit context, in formulating the discern steps to control self- sound judgment, as the cornerstone of the risk appointment process. Yet in that respect is little published guidance on how to perform it effectively and on how to date that the resulting map is indeed get by and consistent. In some other words, although the term is widely use by bankers, auditors, regulators and consultants alike, and although all these professionalsmay e ven agree on what constitutes an acceptable final product, they go forthing closely likely pause widely divergent explanations on how to get such product, the resources wished and the costs involved.Risk mapping is rocky for a number of reasons, all of which shadower be summarized by reminding ourselves that the map is non the territory. No number how accurate and thorough our summary is, what really goes on in the business is never exactly what is pen in the manual. Here are just a few of the describe dimensionsPeople Processes are affected by people, and people, no matter how formalized the process is, adapt, interpret and improvise in response to circumstances. specialization Very few people really understand a specific business process and its interactions with other people and systems within the bank. When one of these people leaves or is just absent for a while, the potential for an operational failure appears.Processes Processes change all the time and whatsoe ver mapping becomes obsolete almost overnight aft(prenominal) being completed.In this research, I describe a methodology for the mapping of operational risk with the bearing of identifying the risks internal in the different steps of a business process, selecting the key risk indicators (KRIs) (Hoffman, 2002 Davis and Haubenstock, 2002) and designing the most appropriate control activities. In my approach, therefore, risk mapping is the basis for all the key components of operational risk focus identification, assessment, monitoring/reporting and control/mitigation as defined by the Basel Committee on Banking Supervision (2003).There is more(prenominal) than one way to map risks. The most common technique is credibly the mapping on a prob great power/severity chart (Figure 1) so as to identify the key priorities for care. The result in most cases helps to distinguish between high severity/low frequency and high frequency/ low severity losses, but which in general gives no indication as to what perplexity actions to take in order to change the existing risk profile. Another way is to map the risks to the phases of a business activity where they can arrive and identify the key risk factors and drivers in the process. This leads to a around more complex result, rich in qualitative information rather than in quantitative assessment, but giving very top indications as to which parts of the process should be changed in order to drop a difference to the overall risk exposure. It also allows for the identification of the KRIs that are more relevant to each risk exposure.Pursuing the application of KRIs to operational risk assessment is suggested by the need to capture the various issues we find with purely statistical approaches as well as the impact that managerial decisions may have on the operational risk profile. In market and credit risk measurement, the key managerial decisions are taken in deciding portfolio composition, thereby affecting the res ulting risk profile straight and in a manner that measurement models have no problem in capturing. In operational risk measurement, on the other hand, managerial decisions may affect the risk profile in a number of different ways (through changes in control procedures, systems, personnel, to name but a few), none of which either measurement model can capture in a simple and direct way. Statistical approaches in particular will be at a loss in taking into account such changes, as historical data will reflect a risk and control environment which by and large no longer exists. The requirement of the new Basel Accord (Basel Committee on Banking Supervision, 2004) to base risk assessment on 5 years of historical data if taken too literally will have banks generating risk capital charges on the basis of information largely unrelated to the current and, even less, the future risk and control environment.1.3. Research QuestionThis lean to start with will take a step back and ask the fu ndamental question of why do banks fail? Further the work shall research the recommendations of BASEL II and will refine to seek the answer for Will the BASEL II requirements make the authoritative goals of safety and stability more achievable for banks/FIs? If yes, how? If no, how?1.4. MotivationAppropriate organizational structure is a condition for orderly circumspection of any(prenominal) activity/ group working within the purview of organizational capabilities. operative risk management is all pervasive in terms of activities of an organization e.g. if people factor in operational management is poorly managed in a bank, other activities of the bank e.g. credit/market risk management, are likely to suffer . Similarly, legal aspects of any transaction/ function, if loosely dealt with, increases the likelihood of loss to the organization.Organizational structure for operational risk management needs to be compact and broad-based. The structure must be compatible with -an o rganizations sizecomplexity of operations and theatre of operationsin tune with its risk appetite.The area of operational risk management is a matter of discretion which comes under the purview of regulatory governing/banks.Through my research I have tried out to make out a clear and concise understanding of BASEL II accord for Banks/FIs in operational risk perspective. The work shall also try to suggest the suitable customization of BASEL II recommendations and implications of the same for effectively managing operational risk. It may also lead to prognostication the emerging trends in operational risk and ways to mitigate the same.1.5. Chapter SchemeThe chapter scheme of my dissertation is as followsChapter 2 This chapter describes the literature review and the findings.Chapter 3 This chapter describes research methodology and some of the variables included in confirmable analysis.Chapter 4 This chapter provides the basis of qualitative research.Chapter 5 This chapter gives de tails of case studies analyzed for research purpose.Chapter 6 This chapter discuses the analysis and the findings.Chapter 7 This chapter includes the conclusion.CHAPTER 2 LITERATURE REVIEW2.1. IntroductionUntil very recently, it has been believed that banks are exposed to two important risks. In the order of importance they are credit risk (i.e., counterparty failure risk) and market risk (i.e., risk of loss due to changes in market indicators, such as equity prices, interest range and replace rates). Operational risk has been regarded as a mere part of other risks.Operational risk is not a new concept for banks operational losses have been reflected in banks balance sheets for many decades. They occur in the banking effort every day. Operational risk affects the soundness and operating efficiency of all banking activities and all business units. We begin our discussion with an explanation of the notion of risk.2.2. Risk and Risk ManagementIn the pecuniary context, risk is the fundamental element that affects pecuniary behavior. There is no unique or uniform rendering of risk different financial institutions may define risk slightly differently, depending on the specifics of their banking structure, operations and enthronisation strategies. The explanation of risk also depends on the context.In the economics literature, generally risk is not inevitably a negative concept, and is understood as uncertainty about future or the dispersion of essential from expected results. In the context of business investment, risk is the irritability of expected future cash-flows (measured, for example, by the exemplification deviation), and in the context of the Capital Asset Pricing Model (CAPM) is the risk of asset price volatility due to market-related factors and is captured by . Such definitions do not exclude the possibility of positive solvents. Hence, for the operational risk we need a different definition.1For the purposes of operational risk modeling an d analysis, the definitions from insurance are more appropriate, as the notion of risk in insurance has a negative meaning attached to it. Risk is perceived as the probability and impact of a negative deviation, the probability or potential of sustaining a loss, a condition in which there is a possibility of an adverse deviation from a desired outcome that is expected or hoped for 2, or an expression of the danger that the effective future outcome will diverge from the expected or planned outcome in a negative way 3. As the succeeding(a) step, we need to distinguish operational risk from other categories of financial risk.A comp cloth of risk management is applicable equally to all types of bank (Iqbal and Mirakhor, 2007). The process of risk management is a two (2) step process. The first is to identify the source of the risk, i.e. to identify the conduct variables causing the risk. The second is to devise methods to valuate the risk using mathematical models, in order to und erstand the risk profile of the instrument.Once a general framework of risk identification and management is developed, the techniques can be applied to different situations, products, instruments and institutions.It is pivotal for all banks to have comprehensive risk management framework as there is growing credit among IBs that sustainable growth critically depends on the maturation of a comprehensive risk management framework (Greuning and Iqbal, 2007).A robust risk management framework can help banks to reduce their exposure to risks, and evoke their ability to compete in the market (Iqbal and Mirakhor, 2007). A reduction in each institutions exposure will reduce the systemic risk as well. Hence, it is necessary that banks have in place a comprehensive risk management and reporting process to identify, measure, monitor, manage, report and control different categories of risks.2.2.1. Understanding Risk and Risk ManagementIt is important for staff of banking institutions to un derstand the aspect of risk in the banking operations and the risks that are inherent and exposed in their business operations. Better understanding of risk management is also necessary peculiarly in the financial intermediation activities where managing risk is one of the important activities. A determine conducted by capital of Massachusetts Consulting Group (2001) found that the sole determining success factors is not the technical development but the ability to understand risk strategically and also the ability to handle and control risk organizationally. Secondly, in order to realize a risk based management philosophy, the attitude and mindset of the employees need to be changed whereby they must be brought to understand that managing risk is crucial for success. This implies that there must be intensive training, clearly defined structures and responsibilities, as well as commitment to change. In addition, it was identified that banks in North America and Australia abide on risk management primarily to enhance their competitive positions. Meanwhile in Europe, Asia and particularly in South America, risk management is considered primary from the perspective of regulatory requirements.Then, Al-Tamimi and Al-Mazrooei (2007) found that the UAE banks staff have grave understanding of risk and risk management, which might give an indication about the ability of these banks to manage risks efficiently in the future. Moreover, understanding risk and risk management had positive effect on risk management practice although it is insignificant.2.2.2. Requirement for Risk ManagementRisk management framework is important for banks. The risk management strategy must be integrated with its overall corporate strategies (e.g. Froot and Stein, 2004). In conjunction with the underlying frameworks, prefatorial risk management process that is generally accepted is the practice of identifying, analysing, measuring, and defining the desired risk level through risk control and risk transfer. BCBS (2001) defines financial risk management as a sequence of four (4) processes (1) the identification of events into one or more broad categories of market, credit, operational and other risks into specific sub-categories (2) the assessment of risks using data and risk model (3) the monitoring and reporting of the risk assessments on a well timed(p) basis and (4) the control of these risks by elderly management. BCBS (2006), on risk management processes, require supervisors to be quenched that the banks and their banking groups have in place a comprehensive risk management process. This would include the Board and senior management to identify, evaluate, monitor and control or mitigate all material risks and to assess their overall capital adequacy in relation to their risk profile. In addition, as suggested by Al-Tamimi (2002), in managing risk, commercial banks can follow comprehensive risk management process which includes eight (8) steps exposure identi fication data gathering and risk quantification management objectives product and control guidelines risk management evaluation strategy development implementation and performance evaluation (e.g. Baldoni, 2008 and Harrington and Niehaus, 2009).2.2.3. Risk IdentificationThere are few conceptual studies on risk identification of financial institutions (e.g. Kromschroder and Luck, 2008 Luck 2008 Pausenberger and Nassauer, 2000 Tchankova, 2002 Barton et al. 2002 ) and few empirical studies that include risk identification of banks (e.g. Al-Tamimi, 2002 Al-Tamimi and Al-Mazrooei, 2007). Risk identification is the first stage of risk management (Tchankova, 2002) and a very important step in risk management (Al-Tamimi and Al-Mazrooei, 2007). The first task of the risk management is to classify the corporate risks according to their different types (Pausenberger and Nassauer, 2000). The first step in organizing the implementation of the risk management function is to establish the crucial card areas inside and outside the corporation (Kromschroder and Luck, 2008). Then, the departments and the employees must be assigned with responsibilities to identify specific risks. For instance, interest rate risks or foreign exchange risks are the main domain of the financial department. It is important to ensure that the risk management function is established throughout the whole corporation i.e. apart from parent company, the subsidiaries too have to identify risks, analyze risks and so on.Pausenberger and Nassauer (2000) also state that it is advisable for most corporations to implement early process of monition systems. An early warning system is a special information system enabling the management carte to identify risks in time by observing the development of defined indicators (Luck, 2008). Other instruments that could be used to identify risks are checklists of practical disturbances or breakdowns, risk workshops, examination of corporate processes, internal inspect ions and interviews, loss balance, etcetera It is advisable to make use of the knowledge and skill of external experts, for instance, forecasts of banks about the development of interest rates or foreign exchange rates. There are many other approaches for risk identification, for instance, scenario analysis or risk mapping. An organization can identify the frequency and severity of the risks through risk mapping which could serve up the organization to stay away from high frequency and low severity risks and instead focus more on the low frequency and high severity risk. Risk identification process includes risk-ranking components where these ranking are usually based on impact, severity or dollar effects (Barton et al. 2002). According to him, the analysis helps to contour risk according to their importance and assists the management to develop risk management strategy to allocate resources efficiently.2.3. Operational RiskOperational Risk is one of the important arms of the ris k management triangle -the other two being Credit Risk and Market (Treasury) Risk. Any organization, particularly in the banking sector, is squarely exposed to operational risks emanating within or outside the organization (Levine and Hoffman, 2004).There was no precise definition of operational risk until Basel Accord II came into being in June 2004. Furthermore, for the first time in the history of global banking, operational in capital charge has been made a mandatory requirement in banking. This surely puts in a lot of stress and strain on a banks management.Operational Risk is also known as Transaction Risk in some countries in order to efficiently face this new challenge in risk management, the prerequisites are -creation of risk culture and enterprise wide operational risk awareness. Proactive steps at all the levels of operation will operate as a safety value and in the process, may facilitate lower risk capital charge (Bagchi, 2006).As it has been mentioned that until the release of Basel Accord II in June 2004, there was no universal definition of operational risk in banking (Anna et al., 2007) . It was generally believed that as risk would mean loss in any event or transaction, any risk other than credit risk and market risk would have to be reckoned as an operational risk, without the need of creating any separate identity for such risk. However this way of looking at operational risks is dangerously vague. Prof Hans Geiger, an international authority on risk management, has viewed operational risk from a direct angle and an indirect angle as underIndirect cant Operational risks are all those risks which cannot e classified as credit risk or market risk.Direct Angle Operational risk is an expression of the danger of unexpected direct or indirect losses resulting from inadequate or failed internal processes, people and systems and from external events.Basel Accord II has laid down the succeeding(a) definition for adoption by the countries and hen ce this should be treated as a standard definition of operational riskOperational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputation risk. (Bagchi, 2006)2.3.1. Reasons for Increasing Focus on Operational Risk Management* On going spate ( sudden trend flow) of financial deregulating procedures due to globalization.* Influence of technology and automation in managing business with other side effects.* Complex organizational structures arising out of re organization of business enterprises (e.g. merger/ de -merger etc.).* Opportunities for business process outsourcing.* Growing complexity of products/services, as banks now provide total business services and employ CRM (Customer Relationship Management) in their business activities.* With loosening and globalization, banks compete very hard with each other for business.* Capital allocat ion for operational risks is a bang requisite for todays business organizations.2.3.3. Operational Risk Vs trading operations RiskOperational Risk has a wider reporting wherein process, people, systems etc. of an organization are also considered. In general while operational risk is identical to operations risk, in the context of risk management, they are not alike as will be evident from the following tableTable 1 Distinction between Operational Risk and Operations RiskAccording to the Kenneth Swensen of Federal Reserve Bank of Chicago, there is a clear line of descent between operational risk and operations risk, from the viewpoint of relative risk contents.Operational risk should merit special attention for an organization so that its procedures become fully Basel Accord II compliant.He stimulation regarding Basel II is , under Basel II, if you are not moving forward, you are losing ground.The distinctions are clearly mentioned under Operational RiskOperations Risk1. Ope rational Risk encompasses enterprise wide risk of loss arising out of inadequate, failed internal processes, people system or from external events.1. Operations Risk encompasses risk by loss arising out of back top executive reconciling processes and does not generally cover front office functions.2. Integrated risk management is the watch dog of such risk management function in the organization2. Internal audit Department usually manages such risks. It is the first line of defense.3. Basel Accord II specifies capital charge computation based on trio approaches evolved for the purpose.3. There is no requirement for any specific capital charge.4. The organization must prepare and periodically update on operational risk policy mentioning, and should frame a computation method of measurement of operational risk capital.4. There is no need for any specific policy document since each organization is guided by its manual/ book of instruction.5. Regulatory Authority under pillar II has the responsibilities to review enterprise wide operational risk management of the organization.5. Regulatory Authorities do not have any Pillar II responsibility. They may review operation risk as an ingredient of operational risk.6. Corporate Governance study must take into account operational risk management of an organization especially the effect of any human misapprehension/skill deficiency aspects.6. Corporate Governance angle does no form part of operations risk.2.3.4. Distinction between Operational Risk and Operational CrisisOperational risk is an all comprehensive concept covering - intra -organizational ( internal ) risks such as those related to people, processes and systems external events such as natural calamities, terrorism etc.In case of extreme external events such as natural catastrophes, there is no real distinction between operational risk and operations risk since such an event requires crisis management initiative. But a subroutine operational risk manage ment dose requires operational crisis management to avert serious consequences.The points of distinction are enumerated as underOperational RiskOperational Crisis1. Operational Risk includes elements of Expected and unexpected (expected loss such as loss in process errors of say 0.1% of gross income).1. Operational Crises covers only unexpected loss.2. The continuity of business is not affected if some operational risk events do not have serious implications on organizations position (say, internal fraud of 0.1% of annual net profit).2. An organizations continuity may be seriously affected if the crisis event is catastrophic.3. Operational risk management dose not generally imply disaster recovery.3. Operational crisis management generally involves disaster recovery.4. Operational risk factors do not generally trigger off reputational risk (a minor processing error in a customers savings account may not effect the banks reputation).4. Crisis event may sometimes (e.g. product failur e, contamination etc., Union Carbide Gas leak incident in MP) triggers off reputational risk leading to fall in market share, equity share price etc.5. Operational risk management in generally concerned with two phasesi. incidentii. recovery5. Operational crisis management generally involves three phasei. incidentii. recoveryiii. continuity6. Operational risk may not always turn out to be a danger.6. Operational crisis is generally of a moment of danger.2.3.5. Effective way of managing Operational RiskPoor operational risk management, especially in the banking sector, may generate serious financial losses caused by external/internal fraud, system failure, and other related operational lapses. Damage to a banks reputation, even if it is a private bank, may also be severe. Effective operational risk management provides boosts sale by taking care of the following It tends to minimize severity or frequency of operational risk loses. It creates a mechanism to optimize operational effec tiveness throughout the bank. Various business portfolios are better managed if the processes, systems and procedures are sound, together with people strength. Strategic decision making by senior management is supported by a robust risk management system. It ensures business continuity, as there are high probabilities of unexpected operational events owing to changing trends and globalization. Capital allocation can be optimumly utilized to the advantage of the bank.2.3.6. Traditional Vs Modern Approach of Operational Risk ManagementTraditional Operational Risk ManagementBanks were managing operational risks in a traditional manner, going by the belief that such risks are really residual risks that remain after the dominant risks of credit risk and market risk have been taken care of .Hence meager attention was extended to managing operational risks.Under the traditional approach, routine operational controls in banking were mainly through internal checks, balancing of ledgers, care ful recruiting process etc. size up and compliance aspects. Insurance against risks was resorted to where necessary.Modern Operational Risk ManagementOperational risk management in banking took the shape of modern approach with the release of Basel Accord II ( recommendations on banking laws and regulations ) in June04.Modern approach of operational risk management aims at creating and maintaining an effective operational risk management strategy. This approach involves the following elements Realistic measurement framework on operational risk factors as against sole reliance on internal checks, auditors etc. Operational risk losses calculated and summarized on the basis of past loss data and estimate for the future forms the core of strategic decision making especially for developing a new product or for encouraging a new technology. Quantification of various operational risk factors facilitates optimal capital allocation. Staff skill development exercise on an regular basis enabl es better return with lesser probability of errors and losses.2.3.7. Operational Risk A Challenge to Financial Institutions and RegulatorsOperational Risk exhibits more severity than Credit Risk, Market Risk Liquidity Risk. Global Association of Risk Professionals (GARP) has also undertaken a number of new initiatives to educate the organizations about the Operational risk.Operational Risk is capable of eroding the complete organization and can cause huge loss on the reliability factor of the financial company. As per GARP, Operational risk shall be the single largest risk facing the financial exertion the world over by the year 2010. The most difficult part in managing operational risk is the fact that the threats and challenges can originate and spread at the speed of thought in operations of a Bank.The financial industry is growing all over the world in spite of the poor economic indicators forcing stricter regulations, policies and thus prompts greater awareness of the variou s challenges faced by financial industry.Operational risk ( especially for financial industry )should be placed at the highest level of attention in order to ensure smooth work of the organization as it can hamper the organizations future growth.Regulators formulating the policies and regulations for effective management of operational risk are faced by the following challenges - Ever changing requirements of policies. Policies are expensive to start and implement at the workplace. They also hamper the normal functioning of financial organization and requires trainings across all verticals. Employee and customer affair is difficult to managed.2.3.8. Operational Risk and Financial OrganizationsAdvent of newer and convenient technology for various processes and tasks has made - our financial system has become more susceptible to attacks by hackers and viruses.The system needs to quarantined ( detained) for all possible leak holes and if found must be plugged immediately because of t he following reasons - The financial system is the mother wit of economy for any country or region. It is the system that makes the economy grow and maintain its track. It is of prime importance that the operational risk at this industry must be managed with utmost care.With increasing level of pilferage at the financial system,
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.