Basel IIs Three Approaches To Operational Danger Management

The operational danger requirements of Basel II proposes three measurement Bank Risk Management for calculating the operational risk capital charges. These are the basic Indicator Method, the Standardized Method plus the Sophisticated Measurement Method.

Beneath the fundamental Indicator Approach banks have to hold capital for operational risk equal for the average more than the earlier 3 years of a fixed percentage (15% for this method) of optimistic annual gross revenue (figures in respect of any year in which annual gross earnings was negative or zero are excluded).

While no precise criteria are set out for use on the Standard Indicator Strategy, banks using this technique are encouraged to comply with the Committee's guidance on "Sound Practices for the Management and Supervision of Operational Risk" (BIS; February 2003). These principles call for:

oA hands on approach in the creation of an proper risk management atmosphere,

oPositive actions in the identification, assessment, monitoring and manage of operational threat,

oAdequate public disclosure.

Under the Standardized Approach a bank's activities are divided into eight enterprise lines. Inside each small business line, gross earnings is usually a broad indicator that serves as a stand-in for the degree of enterprise operations and hence the probable size of operational threat exposure inside each and every of these small business lines. The capital charge for each company line is calculated by multiplying gross earnings by a factor (called the "beta") assigned to that small business line. The beta serves as a substitute for the industry-wide partnership among the operational danger loss experience to get a given enterprise line plus the aggregate amount of gross income for that company line. The small business lines as well as the beta variables range from 12% for "retail banking", "asset management" and "retail brokerage"; 15% for "commercial banking" and "agency services" to 18% for "corporate finance", "trading & sales" and "payment & settlement".

The total capital charge is calculated as the three-year typical of your simple summation from the regulatory capital charges across every single with the business lines in each and every year. In any offered year, a unfavorable capital charges (as a result of unfavorable gross earnings) in any organization line may offset constructive capital charges in other business lines without limit.

At national supervisory level, the supervisor can choose to allow a bank to use the Alternative Standardized Method (ASA) provided the bank is able to satisfy its supervisor that this alternative strategy provides an improved basis for measurement of risks. Below the ASA, the operational danger capital charge/methodology is the same as for the Standardized Approach except that two small business lines - "retail banking" and "commercial banking" where a fixed element 'm' - replaces gross income as the exposure indicator and is related for the extent of loans granted in these areas.

Under the Sophisticated Measurement Approaches (AMA) the regulatory capital requirement equals the danger measure generated by the bank's internal operational threat measurement system employing certain quantitative and qualitative criteria. Use on the AMA is subject to supervisory approval.

Supervisory approval has to be conditional on the bank being able to show for the satisfaction from the supervisory authority that the allocation mechanism for these subsidiaries is acceptable and can be supported empirically. The quantitative standards that apply to internally generated operational danger measures for purposes of calculating the regulatory minimum capital charge are that any internal operational threat measurement system need to be consistent with the definition of operational risk and a range of defined loss event types (covering all operational aspects such as fraud, employee practices, workplace safety, small business practices, processing practices, business enterprise disruption and loss of physical assets).

To qualify for use from the Advanced Measurement Approaches (AMA), a bank ought to satisfy its supervisor that,

oThe banks board of directors and senior management, are actively involved in the oversight in the operational danger management framework;

oThe bank has an operational threat management system that is conceptually sound and which includes an independent operational risk management function that is responsible for the design and implementation in the bank's operational threat management framework;

oThe bank has It has sufficient resources to use this approach in the major business enterprise lines as well as the control and audit areas.

A bank making use of the AMA will be subject to a period of initial monitoring by its supervisor before it can be used for regulatory purposes. This period will allow the supervisor to determine if the approach is credible and appropriate. The bank's internal measurement system need to be able to reasonably estimate unexpected losses based on the combined use of internal and relevant external loss data, scenario analysis and bank-specific company environment and internal control components.

The bank's measurement system will have to also be capable of supporting an allocation of economic capital for operational danger across company lines in a manner that creates incentives to improve small business line operational risk management.

Additionally,

oThe operational danger management function is responsible for documenting policies and procedures concerning operational risk management and controls, designing and implementing the bank's operational danger measurement methodology, designing and implementing a risk-reporting system for operational danger, and developing strategies to identify, measure, monitor and control/mitigate operational risk,

oThe bank's internal operational danger measurement system will have to be closely integrated into the day-to-day danger management processes of your bank and its output must be an integral part of the process of monitoring and controlling the bank's operational risk profile. This information will have to play a major role in threat reporting, management reporting, internal capital allocation, and danger analysis.

oOperational risk exposures and loss knowledge ought to be reported regularly to business unit management, senior management, and to the board of directors.

oThe bank's operational risk management system should be well documented and also the bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational threat management system, which must include policies for the treatment of noncompliance issues.

oInternal and/or external auditors should perform regular reviews of your operational danger management processes and measurement systems. This review should include both the activities from the business enterprise units and with the independent operational danger management function.

oThe validation in the operational threat measurement system by external auditors and/or supervisory authorities ought to include the verification that the internal validation processes are operating in a satisfactory manner; and making sure that data flows and processes associated using the threat measurement system are transparent and accessible. In particular, it is necessary that auditors and supervisory authorities are in a position to have easy access, whenever they judge it necessary and below acceptable procedures, for the system's specifications and parameters.

Because the analytical approaches for operational danger continue to evolve the strategy or distributional assumptions used to generate the operational risk measure for regulatory capital purposes is not being specified by the Basel Committee. A bank should however be able to show that its method captures potentially severe 'tail' loss events. Irrespective on the strategy is used, a bank ought to demonstrate that its operational risk measure meets a soundness standard comparable to that with the internal ratings-based approach for credit threat.

Based on this, bank supervisors will require the bank to calculate its regulatory capital requirement as the sum of expected loss (EL) and unexpected loss (UL), unless the bank can demonstrate that it is adequately capturing EL in its internal business practices (to base the minimum regulatory capital requirement on UL alone, the bank will have to be able to demonstrate towards the satisfaction of its national supervisor that it has measured and accounted for its EL exposure).

A bank needs to have a credible, transparent, well-documented and verifiable method for weighting these fundamental elements in its overall operational danger measurement system.

Internal loss data is critical to linking a bank's threat estimates to its actual loss experience. Such data is most relevant when it is clearly linked to a bank's current organization activities, technological processes and threat management procedures. To do this a bank must have documented procedures for assessing the on-going relevance of historical loss data, including those situations in which judgment overrides or other adjustments may be used, to what extent they may be used and who is authorized to make such decisions. Internally generated operational danger measures used for regulatory capital purposes have to be based on a minimum five-year observation period of internal loss data. However, when the bank first moves towards the AMA, a three-year historical data window is acceptable.

To qualify for regulatory capital purposes, a bank's internal loss collection processes need to be able to map its historical internal loss data into the relevant supervisory categories as are defined in detail in the Basel II Annexes. The bank should have documented objective criteria for allocating losses for the specified enterprise lines and event types. A bank's internal loss data must be comprehensive. It need to capture all material activities and exposures from all proper sub-systems and geographic locations. The bank should be able to justify that any excluded activities or exposures, both individually and in combination would not significantly impact the overall risk estimates. This should be based on an proper minimum gross loss threshold for internal loss data collection. Additionally, a bank should collect information relating the date on the event, any recoveries of loss amounts, as well as descriptive information about the drivers or causes on the loss event. The level of detail in any descriptive information should be proper to the size in the gross loss amount.

Operational threat losses that are related to credit threat and have traditionally been included in banks' credit danger databases (e.g. collateral management failures) need to continue to be treated as credit risk for the purposes of calculating minimum regulatory capital. It follows that such losses will not be subject to the operational threat capital charge. Nevertheless, for the purposes of internal operational danger management, banks should identify all material operational risk losses consistent with all the scope of the definition of operational risk plus the defined event types, including those related to credit threat.

A bank's operational threat measurement system should use pertinent external data (either public data and/or pooled business data), especially when there is any possibility to believe that the bank is potentially exposed to severe losses, however infrequent. Additionally a bank need to use scenario analysis of expert opinion in conjunction with external data to evaluate its exposure to high-severity events.