OPERATIONAL RISK

1
OPERATIONAL RISK MANAGEMENT experience
in building a Basle II compliant ORM software
ORBIT
2
Hightening Operations Risk

• Highly Automated Technology - if not properly
  controlled has the potential to transform risks
  from manual processing errors to system failure
  risks.
• Networked computers ATMs EDCs providing seamless
  movement of funds
• RTGS and cross country fund transfers
• Web based account operations

Shared ATM
Branch B
ATM R
Branch A
ATM R
Idbi bank
ATM R
ATM R
EDC at POS
ATM R
Branch C
Branch X
ATM R
3

• Emergence of e-commerce - risks not fully
  understood.

E Seller A
Clearing Agency
Bank X
Hacker
Bank M
Logistics Company
E Buyer
4

• Mergers, de-mergers and consolidation -test the
  viability of newly integrated systems.

Bank ABC Finacle K ITMS
Bank XYZ Bank Master IRIS CITI Sol
The Merged Bank How to integrate systems Migrate
Data Create new controls
5

• Emergence of banks acting as very large-volume
  service providers - needs maintenance of
  high-grade internal controls and back-up systems.
• Electronic collection of Telecom Bills for a
  client base of 1 million bill collection every
  month. 12 million transactions annually
• Dividend Payment mandate for Reliance 3.5 million
  share holders Instant credit of amount promised

6

• Outsourcing arrangements - may present
  significant other risks.
• Call centres to respond to customer clients Have
  a chat with your credit card care agency
• Clearing Upload and checking by contract agency
• Collection of cash/cheques from clients
  premises through security agencies
• Courier services for delivery of cards/PINs and
  statements

7
Developing an Appropriate Risk Management
Structure
Board of Directors
Risk Management Committee
Senior Mgt
Risk Mgt
Internal Auditors
Operations Personnel and Risk Takers
8
THE KEY DRIVER
The Committee has proposed that the Minimum
Regulatory Capital (MRC) be lowered from 20 of
minimum regulatory capital of 8 (i.e. 1.8 of
the total risk weighted assets) to 12 (ie
1.08 of the total risk weighted assets).
With AMA implementation this can be brought down
to 9 (0.72).
9
Definition
idbi bank has adopted Basels definition of
Operational Risk .. The risk of loss
resulting from inadequate or failed internal
processes, people and systems or from external
events.
External Events
10

• BASLE II has prescribed Three approaches
• Basic Approach
• Standardised Approach
• Advanced Management Approach - AMA
• Idbi bank has chosen to go by the AMA

11
BASIC INDICATOR APPROACH

• Banks using Basic Indicator Approach(BIA) have
  to hold capital for operational Risk equal to a
  fixed percentage (alpha) of a single indicator
  (Gross Income)
• K EI ?
• Where K Capital charge under BIA
• EI Gross Income
• ? a fixed percentage set by the Basle
  committee (LDCEs are conducted for this purpose.)

12
STANDARDISED APPROACH

• Banks activities are divided into 8 Business
  Lines.
• Each Business Line is measured by an Exposure
  Indicator which is Gross Income for that Business
  Line.
• Within each Business Line the capital charge is
  calculated by multiplying the said Business line
  Gross Income by a beta factor
• The sum of all Business Line Capital charge would
  be the Capital charge for the Bank.
• K E (EI ?)
• K is capital charge
• EI is Exposure Indicator Gross Income
• ? is the a fixed percentage for each Business
  line set by the Basle Committee.

13
ADVANCED MEASUREMENT APPROACH (AMA)

• The AMA gives banks incentive to collect
  internal loss data step by step. Under the AMA
  banks would be allowed to use the capital charge
  as per their internal measurement systems subject
  to Qualitative Quantitative standards set by
  the Committee.
• Among the most important of these quantitative
  standards is that the risk measurement system
  must be based on internal loss data that can be
  mapped into the Basle Committees specified
  Business Lines and Loss Event Types.

14
Organisation Structure
15
Framework
Bank has developed a framework called ORBIT
(Operational Risk Business Intelligence Tool) for
measuring, monitoring and controlling Operational
Risk, based on the guidelines set by Basel.
The main features of the framework of
Operational Risk developed by IDBI Bank are as
under KRI data gathering framework Control
Framework Incident Reporting Structure (IRS) data
gathering framework VaR Engine Query and
reporting Scenario analysis
16
KRI - Data Gathering Framework

• Key Risk Indicators (KRIs) are identified
  product wise.
• Each KRI is linked to a product and each product
  to a Business line.
• Business lines are defined as per Basel
  guidelines.
• For any new product introduced by the Bank ,
  KRIs are identified and gathered.

17
KRI - Data Gathering Framework

• (KRIs) framework pinpoints information from Core
  banking software for use in ORBIT
• Most of the KRIs are gathered using an automated
  data upload process by which specific KRI are
  sourced from various applications of the Bank
  viz. Finacle, Net Bkg, Phone bkg, ATM etc..
  Additionally, there are some KRIs which are
  sourced by means of manual feeds from branches /
  various functions.
• KRIs are gathered every month and stored in the
  KRI data base from which Analysis of Ops data
  is done
• 
  kri

18
Control Framework

• comprises of
• Branch operations performance rating
• Trigger reports module

19
Control Framework - Branch Performance Rating

• KRIs are rated on a five grade scale
• Excellent / Good / Satisfactory / Fair / Poor
• Ratings are done by attributing weights to
  certain critical KRIs.
• Rating parameters are classified into five
  categories Weight assigned to each category .
  
• People management
• Business management
• Security management
• Customer management
• Compliance with internal policy
• Operational quality of a branch is rated on a 5
  grade scale
• Well managed / Low risk / Medium risk / High
  Risk / very High Risk.
• Model

20
Control Framework - Trigger Reports

• This module consists of reports, which as the
  name suggests, are triggered whenever certain
  events occur viz.
• Brisk Triggers. A trigger report is generated
  for branches which have scored poor in any of
  the parameters used in Ops rating model for
  branch heads to take corrective action.
• Report also goes to controlling authority
  concerned for monitoring corrective action
  effectively.

21
IRS Structure

• An operational loss event is defined as one where
  the Bank suffers either an actual loss or a
  potential loss.
• Under the Advanced Measurement Approach,
  historical loss data forms the basis of VaR. The
  loss data is captured using an incident report
  framework. IRS is a loss incident gathering
  framework.
• An incident report is filed on the occurrence of
  an operational loss event.
• Loss event is categorised by Loss event
  category and Business line.
• Event

22
VaR Engine

• VaR Model facilitates computation of Economic
  Capital for Operational Risk.
• Idbi bank has classified its business lines. Loss
  event category and loss effect category as per
  the guidelines of BASEL.
• Under this approach idbi bank estimates the
  likely distribution of operational loss over one
  year horizon, for each business line and loss
  event type, at a confidence level of 99.9.

23
VaR Engine

Methodology

• Methodology for VaR Computation-
• Data collection capturing of Loss Data.
• Curve Fitting applying Statistical formulas on
  Loss Data.
• Simulation applying Monte Carlo Simulation
• VaR Estimation reading the final value using a
  99.9 Confidence Level.
• Perform the same iterations for each Business
  Line, Event type combination
• VaR Estimate for the Bank is the sum of all VaR
  estimates for all the Business Lines of the Bank.

24
Reports

• Query Reporting
• This module generates queries/reports
  branch-wise, region wise and product wise.
• Scenario Analysis
• What if analysis adds flexibility to the system
  to stimulate the impact of external loss/fraud
  event or any extreme values.

25

• Challenges for Indian banks
• Data availability integrity
• Data warehousing / mining
• Building up processes
• Strengthening skills
• Model validation requires greater collaboration
  with regulator
• Cost - investment in risk analytics and risk
  technology getting management buy-in
• Stress testing, scenario analysis building
  capabilities

26
Thank you!