What is operational risk and how was it addressed?
Operational risk is all banking risk other than credit, interest rate, market, and liquidity risk. According to the Basel Committee, operational risk is “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems, or from external events.” With complex products and systems in today’s markets, the Basel Committee decided sophisticated methods were appropriate, and introduced new approaches to operational risk with Basel II in 2004.
The Global Financial Crisis saw a huge spike in operational risk losses, with banks paying out over $400 billion in fines for misconduct since 2012. By 2016, the Basel Committee determined that bank developed-models were too complex and not comparable across entities or jurisdictions, and came up with a new non-model based approach combining the simplicity of basic revenue calculations with some adjustments for risk.
How is operational risk categorised?
Basel II set out seven categories of operational risk:
- Internal Fraud
- External Fraud
- Employment Practices and Workplace Safety
- Clients, Products and Business Practices
- Damage to Physical Assets
- Business Disruption and System Failures
- Execution, Delivery, and Process Management
Basel II required banks to analyse eight business lines to create a risk matrix. These are commercial banking, retail banking, payments and settlement, agency services, trading and sales, corporate finance, asset management and retail brokerage.
How is operational risk mitigated?
Unlike the credit risk that emanates from lending or the market risk that emanates from trading, new operational risks are not acquired with a view to build revenue and profits. Operational risks can be more difficult to foresee and cannot be diversified, sold off, or hedged in the banking market. The only potential mitigation and pricing tool is insurance, which is only generally available in the form of property, business interruption, director and officer liability and employer liability insurance. Operational risk is a test of management and corporate governance. Focus is on internal processes, people, systems and external events.
What are Basel II's approaches to operational risk management?
Basel II allowed banks to use one of three approaches: the Basic Indicator Approach, the Standardised Approach and the Advanced Measurement Approach. Of all the approaches, the Advanced Measurement Approach required the most value judgment by the bank and therefore the most supervisory oversight, as it involved quantitative and qualitative inputs. Basel Committee guidance stated that in blending inputs banks must “avoid arbitrary decisions” and use a “logical and sound statistical methodology”. There was no one standard for AMA and capital allocation needed to be monitored and revised regularly.
Banks organised regular internal workshops to discuss operational risk, with managers completing risk scorecards by business line and event. Besides frequency and financial severity, factors such as reputation and employee retention and morale could be scored or assigned a “metric”. Risk management attempted to ensure it was asking the right people when calling for expert opinion. Depending on the bank’s culture, vested interest could bias and affect responses.
What is the next approach proposed by The Basel Committee?
In 2016, The Basel Committee proposed scrapping the existing approaches, replacing them with a new, single Standardised Measurement Approach. Basel complained about the “inherent complexity” of the old Advanced Measurement Approach, and its “lack of comparability from a wide range of internal models” which “exacerbated variability in risk-weighted asset calculations, and eroded confidence in risk-weighted capital ratios”.
The SMA is designed to “build on the simplicity and comparability of the standardised approach, and embodies the risk sensitivity of the advanced approach while promoting consistency and comparability.” The revised methodology combines a financial statement-based measure called the “Business Indicator” (BI) with each bank’s historical operational losses.
While the system-wide effect on capital requirements is largely neutral, some banks will have higher while others will have lower requirements. Some large banks will feel their investment in technology for, and expertise gained from, the old AMA approach is now wasted. Some medium and small banks may now need to spend more to collect historic operational loss data.
