Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7- Operational Risk (4. Operational risk management governance and…
Chapter 7- Operational Risk
1. Definition
originally defined as risk of everything other than market and credit risks
causal definition
Basel II- risk of loss resulting from inadequate or failed internal processes, people, system or from external event. This include legal risk. Excluding strategic and reputational risk
2. Causes of operational risk
processes
risk from faulty overall design and application of business process
system
risk of failure arising from deficiencies in the bank's infrastructure and information technology systems.
people
risk arises when ppl do not follow the org procedures, practices and /or rules
external events
risk associated with events outside the banking organization's control.
Event types
Employment practices and workplace safely
arising from human resource-related ops risk losses
Safe enviroment
Diversity and discrimination
Employee relations
Clients, products and business practices
unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product.
suitability, disclosure and fiduciary
defects in the nature or design of a product
External fraud
arises due to acts of a type intended to defraud, misappropriate property or circumvent
law
which involves at least one
third party.
theft and fraud
system security
Damage to physical assets
loss and damage to physical assets due to natural disasters or other events
natural disaster losses
human losses from external sources ,e.g. terrorism and vandalism
1.Internal fraud
arises due to acts of a type intended to defraud, misappropriate property or circumvent
regulations
, the law or company policy,
excluding
diversity/discrimination events, which involves at least one
internal party.
unauthorized activity
theft or fraud
Business disruption and systems failures
disruption of business or system failures
hardware and software
telecommunication and utility outrage or disruptions
Execution, delivery and process management
failed transaction process or process management and from relations with trade counter-parties and vendors.
customer/client account management
trade counterparts
customer intake and documentation
vendors and suppliers
monitoring and reporting
transaction capture, execution and maintenance
3. Operational risk consequences
i. probability of the ops risk loss occurring and
ii. severity of an operational risk loss event
The relationship between probability and severity can be jointly analysed to come up with different types of operational risk loss consequences
4. Operational risk management governance and process
Governance
BOD
establish strong risk management
culture
responsible for developing, implementing and maintaining an ops risk management
framework
which is fully integrated into bank's overall risk management process
approve and review a
risk appetite and tolerance
statement for ops risk
Senior management
develop clear, effective and robust
governance
structure
responsible for
implementing and maintaining
throughout the organization policies, processes and system for managing ops risk
responsible for
translating
the ops risk mgt framework established by BOD into specific p&p
Governance structure
3 lines of defense
2nd - independent corporate ops risk mgt function, and legal and compliance
complement the business line's ops risk mgt activities
3rd-independent review
review and challenge of the bank's operational risk mgt controls, processes and systems
1st-business line mgt(responsible for identying and managing risk inherent in the products,activities, processes and system
Op risk framework
policies, procedures and processes
systems used in identifying , measuring monitoring, controlling and mitigating ops risks
risk organizational and governance structure
ops risk measurement system
Ops risk mgt process
Monitoring and reporting
Monitoring- monitor ops risk profiles and material exposures to losses
Reporting-implements appropriate reporting mechanisms at the BOD, SM and Business line levels to support proactive mgt of ops risk
Control and mitigation
Banks should have a strong control environment that utilizes policies, processes and systems, appropriate internal controls and appropriate risk mitigation and /or transfer strategies
Identification and assessment
Assessment-allows to understand risk profile, allocate risk mgt resources and strategies most effectively
Identification-ops risk from products,activities, processes and system identified
Business Resiliency and continuity
BCP-ability to operate on an ongoing basis and limit losses in the event of severe business disruption
BCP should be resiliency against risks of disruptive events
Bank identify critical business operations, key internal and external dependencies and appropriate resilience levels
seems like 3 and 4 are same