This article includes a list of references, but its sources remain unclear because it has insufficient inline citations . (October 2007) (Learn how and when to remove this template message)
|Bank regulation and standards|
|Pillar 1: Regulatory capital|
|Pillar 2: Supervisory review|
|Pillar 3: Market disclosure|
|Business and Economics Portal|
Operational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". This definition, adopted by the European Solvency II Directive for insurers, is a variation from that adopted in the Basel II regulations for banks.In October 2014, the Basel Committee on Banking Supervision proposed a revision to its operational risk capital framework that sets out a new standardized approach to replace the basic indicator approach and the standardized approach for calculating operational risk capital.
Basel II is the second of the Basel Accords,, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.
It can also include other classes of risks, such as fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks.
In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law, a criminal law, or it may cause no loss of money, property or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements.
Basel II classified legal risk as a subset of operational risk in 2003. This conception is based on a business perspective, recognizing that there are threats entailed in the business operating environment. The idea is that businesses do not operate in a vacuum and that, in the exploitation of opportunities and their engagement with other businesses, their activities tend to become subjects of legal liabilities and obligations.
The study of operational risk is a broad discipline, close to good management and quality management.
Quality management ensures that an organization, product or service is consistent. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. What a customer wants and is willing to pay for it determines quality. It is written or unwritten commitment to a known or unknown consumer in the market. Thus, quality can be defined as fitness for intended use or, in other words, how well the product performs its intended function
In similar fashion, operational risks affect client satisfaction, reputation and shareholder value, all while increasing business volatility.
Contrary to other risks (e.g. credit risk, market risk, insurance risk) operational risks are usually not willingly incurred nor are they revenue driven. Moreover, they are not diversifiable and cannot be laid off. This means that as long as people, systems, and processes remain imperfect, operational risk cannot be fully eliminated.
A credit risk is the risk of default on a debt that may arise from a borrower failing to make required payments. In the first resort, the risk is that of the lender and includes lost principal and interest, disruption to cash flows, and increased collection costs. The loss may be complete or partial. In an efficient market, higher levels of credit risk will be associated with higher borrowing costs. Because of this, measures of borrowing costs such as yield spreads can be used to infer credit risk levels based on assessments by market participants.
Market risk is the risk of losses in positions arising from movements in market prices.:
Operational risk is, nonetheless, manageable as to keep losses within some level of risk tolerance (i.e. the amount of risk one is prepared to accept in pursuit of his objectives), determined by balancing the costs of improvement against the expected benefits.
Wider trends such as globalization, the expansion of the internet and the rise of social media, as well as the increasing demands for greater corporate accountability worldwide, reinforce the need for proper operational risk management.
Until Basel II reforms to banking supervision, operational risk was a residual category reserved for risks and uncertainties which were difficult to quantify and manage in traditional ways– the "other risks" basket.
Such regulations institutionalized operational risk as a category of regulatory and managerial attention and connected operational risk management with good corporate governance.
Of course, businesses in general, and other institutions such as the military, have been aware, for many years, of hazards arising from operational factors, internal or external. The primary goal of the military is to fight and win wars in quick and decisive fashion, and with minimal losses. For the military, and the businesses of the world alike, operational risk management is an effective process for preserving resources by anticipation.
Two decades (from 1980 to the early 2000s) of globalization and deregulation (e.g. Big Bang (financial markets)), combined with the increased sophistication of financial services around the world, have introduced additional complexities into the activities of banks, insurers and firms in general and therefore their risk profiles.
Globalization or globalisation is the process of interaction and integration among people, companies, and governments worldwide. As a complex and multifaceted phenomenon, globalization is considered by some as a form of capitalist expansion which entails the integration of local and national economies into a global, unregulated market economy. Globalization has grown due to advances in transportation and communication technology. With the increased global interactions comes the growth of international trade, ideas, and culture. Globalization is primarily an economic process of interaction and integration that's associated with social and cultural aspects. However, conflicts and diplomacy are also large parts of the history of globalization, and modern globalization.
Deregulation is the process of removing or reducing state regulations, typically in the economic sphere. It is the repeal of governmental regulation of the economy. It became common in advanced industrial economies in the 1970s and 1980s, as a result of new trends in economic thinking about the inefficiencies of government regulation, and the risk that regulatory agencies would be controlled by the regulated industry to its benefit, and thereby hurt consumers and the wider economy.
The phrase Big Bang, used in reference to the sudden deregulation of financial markets, was coined to describe measures, including abolition of fixed commission charges and of the distinction between stockjobbers and stockbrokers on the London Stock Exchange and change from open-outcry to electronic, screen-based trading, effected by Margaret Thatcher in 1986.
Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement, and management of both these forms of risk.
However, the near collapse of the U.S. financial system in September 2008is an indication that our ability to measure market and credit risk is far from perfect and eventually led to the introduction of new regulatory requirements worldwide, including Basel III regulations for banks and Solvency II regulations for insurers.
Events such as the September 11 terrorist attacks, rogue trading losses at Société Générale, Barings, AIB, UBS, and National Australia Bank serve to highlight the fact that the scope of risk management extends beyond merely market and credit risk.
These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.
The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism, and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.
The identification and measurement of operational risk is a real and live issue for modern-day banks, particularly since the decision by the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk as part of the new capital adequacy framework (Basel II).
The Basel II Committee defines operational risk as:[ citation needed ]
"The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."
However, the Basel Committee recognizes that operational risk is a term that has a variety of meanings and therefore, for internal purposes, banks are permitted to adopt their own definitions of operational risk, provided that the minimum elements in the Committee's definition are included.
The Basel II definition of operational risk excludes, for example, strategic risk – the risk of a loss arising from a poor strategic business decision.
Other risk terms are seen as potential consequences of operational risk events. For example, reputational risk (damage to an organization through loss of its reputation or standing) can arise as a consequence (or impact) of operational failures – as well as from other events.
The following lists the seven official Basel II event types with some examples for each category:
It is relatively straightforward for an organization to set and observe specific, measurable levels of market risk and credit risk because models exist which attempt to predict the potential impact of market movements, or changes in the cost of credit. These models are only as good as the underlying assumptions, and a large part of the recent financial crisis arose because the valuations generated by these models for particular types of investments were based on incorrect assumptions.
By contrast, it is relatively difficult to identify or assess levels of operational risk and its many sources. Historically organizations have accepted operational risk as an unavoidable cost of doing business. Many now though collect data on operational losses – for example through system failure or fraud – and are using this data to model operational risk and to calculate a capital reserve against future operational losses. In addition to the Basel II requirement for banks, this is now a requirement for European insurance firms who are in the process of implementing Solvency II, the equivalent of Basel II for the insurance sector.
Basel II and various supervisory bodies of the countries have prescribed various soundness standards for operational risk management for banks and similar financial institutions. To complement these standards, Basel II has given guidance to 3 broad methods of capital calculation for operational risk:
The operational risk management framework should include identification, measurement, monitoring, reporting, control and mitigation frameworks for operational risk.
There are a number of methodologies to choose from when modeling operational risk, each with its advantages and target applications. The ultimate choice of the methodology/methodologies to use in your institution depends on a number of factors, including:
In finance, systemic risk is the risk of collapse of an entire financial system or entire market, as opposed to risk associated with any one individual entity, group or component of a system, that can be contained therein without harming the entire system. It can be defined as "financial system instability, potentially catastrophic, caused or exacerbated by idiosyncratic events or conditions in financial intermediaries". It refers to the risks imposed by interlinkages and interdependencies in a system or market, where the failure of a single entity or cluster of entities can cause a cascading failure, which could potentially bankrupt or bring down the entire system or market. It is also sometimes erroneously referred to as "systematic risk".
Bank regulation is a form of government regulation which subjects banks to certain requirements, restrictions and guidelines, designed to create market transparency between banking institutions and the individuals and corporations with whom they conduct business, among other things. As regulation focusing on key actors in the financial markets, it forms one of the three components of financial law, the other two being case law and self-regulating market practices.
The term operational risk management (ORM) is defined as a continual cyclic process which includes risk assessment, risk decision making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events. Unlike other type of risks operational risk had rarely been considered strategically significant by senior management.
Advanced measurement approaches (AMA) is one of three possible operational risk methods that can be used under Basel II by a bank or other financial institution. The other two are the Basic Indicator Approach and the Standardised Approach. The methods increase in sophistication and risk sensitivity with AMA being the most advanced of the three.
The term Advanced IRB or A-IRB is an abbreviation of advanced internal ratings-based approach, and it refers to a set of credit risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions.
The term Foundation IRB or F-IRB is an abbreviation of foundation internal ratings-based approach, and it refers to a set of credit risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions.
Probability of default (PD) is a financial term describing the likelihood of a default over a particular time horizon. It provides an estimate of the likelihood that a borrower will be unable to meet its debt obligations.
In the context of operational risk, the standardized approach or standardised approach is a set of operational risk measurement techniques proposed under Basel II capital adequacy rules for banking institutions.
Loss given default or LGD is the share of an asset that is lost if a borrower defaults.
Exposure at default or (EAD) is a parameter used in the calculation of economic capital or regulatory capital under Basel II for a banking institution. It can be defined as the gross exposure under a facility upon default of an obligor.
Initially pioneered by financial institutions during the 1970s as interest rates became increasingly volatile, asset and liability management is the practice of managing risks that arise due to mismatches between the assets and liabilities.
The Capital Requirements Directives (CRD) for the financial services industry have introduced a supervisory framework in the European Union which reflects the Basel II and Basel III rules on capital measurement and capital standards.
The Solvency II Directive is a Directive in European Union law that codifies and harmonises the EU insurance regulation. Primarily this concerns the amount of capital that EU insurance companies must hold to reduce the risk of insolvency.
Basel III is a global, voluntary regulatory framework on bank capital adequacy, stress testing, and market liquidity risk. This third installment of the Basel Accords was developed in response to the deficiencies in financial regulation revealed by the financial crisis of 2007–08. It is intended to strengthen bank capital requirements by increasing bank liquidity and decreasing bank leverage.
The ORRF Risk Research Forum a forum on risk research organised by the ORRF, a recognised internationally as a leading risk research foundation. It was established, in April 1999, as an independent think tank, with tacit support from the Financial Services Authority (FSA) and the Science Research Council.
Under the Basel II guidelines, banks are allowed to use their own estimated risk parameters for the purpose of calculating regulatory capital. This is known as the internal ratings-based (IRB) approach to capital requirements for credit risk. Only banks meeting certain minimum conditions, disclosure requirements and approval from their national supervisor are allowed to use this approach in estimating capital for various exposures.
At the heart of the prudential Solvency II directive, the own risk and solvency assessment (ORSA) is defined as a set of processes constituting a tool for decision-making and strategic analysis. It aims to assess, in a continuous and prospective way, the overall solvency needs related to the specific risk profile of the insurance company. Risk Management and own risk and solvency assessment is a similar regulation that has been enacted in the US by the NAIC. Other jurisdictions are enacting similar regulations to comply with the Insurance Core Principle 16 enacted by the IAIS.
The Capital Requirements Regulation(EU) No. 575/2013 is an EU law that aims to decrease the likelihood that banks go insolvent. With the Credit Institutions Directive 2013 the Capital Requirements Regulation 2013 reflects Basel III rules on capital measurement and capital standards.