Basel IIs 3 Approaches To Operational Danger Management

The operational risk specifications of Basel II proposes 3 measurement Bank Risk Management for calculating the operational threat capital charges. These are the fundamental Indicator Strategy, the Standardized Approach and the Advanced Measurement Approach.

Under the fundamental Indicator Method banks ought to hold capital for operational danger equal towards the typical over the previous 3 years of a fixed percentage (15% for this strategy) of optimistic annual gross earnings (figures in respect of any year in which annual gross earnings was adverse or zero are excluded).

Although no certain criteria are set out for use on the Standard Indicator Method, banks making use of this system are encouraged to comply with all the Committee's guidance on "Sound Practices for the Management and Supervision of Operational Risk" (BIS; February 2003). These principles require:

oA hands on strategy inside the creation of an appropriate risk management atmosphere,

oPositive actions inside the identification, assessment, monitoring and manage of operational threat,

oAdequate public disclosure.

Under the Standardized Approach a bank's activities are divided into eight organization lines. Inside every single business enterprise line, gross revenue can be a broad indicator that serves as a stand-in for the level of company operations and for that reason the probable size of operational danger exposure inside every of those organization lines. The capital charge for each organization line is calculated by multiplying gross earnings by a aspect (called the "beta") assigned to that organization line. The beta serves as a substitute for the industry-wide connection among the operational danger loss experience for any offered enterprise line along with the aggregate degree of gross earnings for that enterprise line. The business enterprise lines as well as the beta aspects variety from 12% for "retail banking", "asset management" and "retail brokerage"; 15% for "commercial banking" and "agency services" to 18% for "corporate finance", "trading & sales" and "payment & settlement".

The total capital charge is calculated as the three-year average from the simple summation with the regulatory capital charges across every single in the enterprise lines in each year. In any given year, a negative capital charges (as a result of damaging gross earnings) in any enterprise line may offset good capital charges in other small business lines without limit.

At national supervisory level, the supervisor can choose to allow a bank to use the Alternative Standardized Approach (ASA) provided the bank is able to satisfy its supervisor that this alternative approach provides an improved basis for measurement of risks. Under the ASA, the operational threat capital charge/methodology is the same as for the Standardized Method except that two company lines - "retail banking" and "commercial banking" where a fixed factor 'm' - replaces gross earnings as the exposure indicator and is related towards the extent of loans granted in these areas.

Beneath the Advanced Measurement Approaches (AMA) the regulatory capital requirement equals the risk measure generated by the bank's internal operational danger measurement system applying specific quantitative and qualitative criteria. Use of the AMA is subject to supervisory approval.

Supervisory approval has to be conditional on the bank being able to show for the satisfaction with the supervisory authority that the allocation mechanism for these subsidiaries is appropriate and can be supported empirically. The quantitative standards that apply to internally generated operational threat measures for purposes of calculating the regulatory minimum capital charge are that any internal operational risk measurement system need to be consistent with all the definition of operational danger and a variety of defined loss event types (covering all operational aspects such as fraud, employee practices, workplace safety, business practices, processing practices, organization disruption and loss of physical assets).

To qualify for use in the Advanced Measurement Approaches (AMA), a bank have to satisfy its supervisor that,

oThe banks board of directors and senior management, are actively involved within the oversight of your operational risk management framework;

oThe bank has an operational threat management system that is conceptually sound and which includes an independent operational risk management function that is responsible for the design and implementation of the bank's operational risk management framework;

oThe bank has It has sufficient resources to use this strategy inside the major business lines as well as the handle and audit areas.

A bank employing the AMA will be subject to a period of initial monitoring by its supervisor before it can be used for regulatory purposes. This period will allow the supervisor to determine if the method is credible and acceptable. The bank's internal measurement system have to be able to reasonably estimate unexpected losses based on the combined use of internal and relevant external loss data, scenario analysis and bank-specific enterprise atmosphere and internal control factors.

The bank's measurement system will have to also be capable of supporting an allocation of economic capital for operational threat across small business lines in a manner that creates incentives to improve enterprise line operational danger management.

Additionally,

oThe operational danger management function is responsible for documenting policies and procedures concerning operational threat management and controls, designing and implementing the bank's operational threat measurement methodology, designing and implementing a risk-reporting system for operational danger, and developing strategies to identify, measure, monitor and control/mitigate operational risk,

oThe bank's internal operational danger measurement system ought to be closely integrated into the day-to-day threat management processes of the bank and its output must be an integral part in the process of monitoring and controlling the bank's operational danger profile. This information must play a major role in danger reporting, management reporting, internal capital allocation, and threat analysis.

oOperational threat exposures and loss knowledge ought to be reported regularly to business enterprise unit management, senior management, and to the board of directors.

oThe bank's operational risk management system have to be well documented along with the bank ought to have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational threat management system, which should include policies for the treatment of noncompliance issues.

oInternal and/or external auditors should perform regular reviews from the operational risk management processes and measurement systems. This review need to include both the activities on the small business units and on the independent operational danger management function.

oThe validation in the operational risk measurement system by external auditors and/or supervisory authorities need to include the verification that the internal validation processes are operating in a satisfactory manner; and making sure that data flows and processes associated together with the threat measurement system are transparent and accessible. In particular, it is necessary that auditors and supervisory authorities are in a position to have easy access, whenever they judge it necessary and under suitable procedures, to the system's specifications and parameters.

Because the analytical approaches for operational danger continue to evolve the method or distributional assumptions used to generate the operational danger measure for regulatory capital purposes is not being specified by the Basel Committee. A bank must however be able to show that its approach captures potentially severe 'tail' loss events. Irrespective from the method is used, a bank must demonstrate that its operational risk measure meets a soundness standard comparable to that from the internal ratings-based strategy for credit danger.

Based on this, bank supervisors will need the bank to calculate its regulatory capital requirement as the sum of expected loss (EL) and unexpected loss (UL), unless the bank can demonstrate that it is adequately capturing EL in its internal business enterprise practices (to base the minimum regulatory capital requirement on UL alone, the bank must be able to demonstrate for the satisfaction of its national supervisor that it has measured and accounted for its EL exposure).

A bank needs to have a credible, transparent, well-documented and verifiable method for weighting these basic elements in its overall operational danger measurement system.

Internal loss data is critical to linking a bank's danger estimates to its actual loss encounter. Such data is most relevant when it is clearly linked to a bank's current small business activities, technological processes and danger management procedures. To do this a bank have to have documented procedures for assessing the on-going relevance of historical loss data, including those situations in which judgment overrides or other adjustments may be used, to what extent they may be used and who is authorized to make such decisions. Internally generated operational threat measures used for regulatory capital purposes have to be based on a minimum five-year observation period of internal loss data. However, when the bank first moves to the AMA, a three-year historical data window is acceptable.

To qualify for regulatory capital purposes, a bank's internal loss collection processes have to be able to map its historical internal loss data into the relevant supervisory categories as are defined in detail within the Basel II Annexes. The bank will have to have documented objective criteria for allocating losses to the specified small business lines and event types. A bank's internal loss data ought to be comprehensive. It must capture all material activities and exposures from all appropriate sub-systems and geographic locations. The bank should be able to justify that any excluded activities or exposures, both individually and in combination would not significantly impact the overall danger estimates. This should be based on an acceptable minimum gross loss threshold for internal loss data collection. Additionally, a bank should collect information relating the date of your event, any recoveries of loss amounts, as well as descriptive information about the drivers or causes of your loss event. The amount of detail in any descriptive information should be appropriate to the size in the gross loss amount.

Operational risk losses that are related to credit risk and have traditionally been included in banks' credit threat databases (e.g. collateral management failures) need to continue to be treated as credit risk for the purposes of calculating minimum regulatory capital. It follows that such losses will not be subject towards the operational risk capital charge. Nevertheless, for the purposes of internal operational danger management, banks will have to identify all material operational threat losses consistent with all the scope with the definition of operational risk plus the defined event types, including those related to credit risk.

A bank's operational threat measurement system must use pertinent external data (either public data and/or pooled sector data), especially when there is any possibility to believe that the bank is potentially exposed to severe losses, however infrequent. Additionally a bank have to use scenario analysis of expert opinion in conjunction with external data to evaluate its exposure to high-severity events.