Add to collection(s) Add to saved
  1. Business
  2. Finance

Modelling operational risk in Banking and Insurance using @RISK

advertisement 
Modelling operational risk in
Banking and Insurance using
@RISK
Palisade EMEA
2012 Risk Conference
London
Dr Madhu Acharyya
Lecturer in Risk Management
Bournemouth University
macharyya@bournemouth.ac.uk
1
Risks in Banking and Insurance
Main Banking Risks
 Market risk
 Credit risk
 Liquidity risk
 Operational risk
 Systemic risk
 Strategic risk
 Reputational risk
Main Insurance Risks
 Market risk
 Underwriting and pricing
risk
 Credit risk
 Liquidity (reserving) risks
 Operational risk
 Strategic risk
 Reputational risk
2
Business Units/lines in Banking and Insurance
Banking
 Credit department
 Banking book
 Derivative desk
 Fund management
 Others
Insurance
Underwriting department
Personal and commercial
Claims department
Reinsurance department
Finance and investment
department
 Others





3
Credit
department
Credit
department
Banking book
Banking book
Derivative
desk
Derivative
desk
……
……
Fund
management
Fund
management
Operational
risk
……….
Credit Risk
Business
units
Market Risk
Risk types
Interest Rate
Risk
Operational
risk
……….
Credit Risk
Market Risk
Business
units
Interest Rate
Risk
Risk types
4
Expected loss and Unexpected Loss
Unexpected loss
Expected loss
Expected loss
 The mean value of the probability distribution of future
losses.
 Not a significant risk and hedged by adding a suitable spread
to the interest rate charged on the loan
5
Unexpected Loss
The true risk i.e., the risk that the loss will prove greater
than originally estimated
• i.e., The variability of loss above the EL
The EL of a diversified portfolio is simply equal to the sum of
the expected losses on the individual loans in it
• The EL is reduced by diversifying the portfolio
The volatility of the total portfolio loss is generally lower
than the sum of the volatilities of the losses on individual
loans (provided that the correlations amongst the individual
losses are low)
where
represents the individual credit losses
6
VaR computation
Probability distribution of loss data
Probability = 5%
Minimum
$ Loss
Average
$ Loss
Maximum
$ Loss
7
Three methods of calculating VaR
1. Parametric (or analytical or deltanormal) method
2. Historical method
3. Monte Carlo Simulation method
8
Example: Computation of Value at Risk (VaR)
Year
1996
1997
Loss ($)
9223.41
9708.5
1998
1999
2000
11087.27
10059.5
8781.8
2001
2002
10106.58
11197.34
2003
2004
2005
2006
9892.56
9369.17
8842.99
10628.46
Minimum loss
$8,781.80
Maximum loss
$11,197.34
9
Mean
Standard deviation
$9,899.78
$826.76
Parametric approach
for the standard normal distribution,
z-statistic at 95% confidence
interval
VaR (95%)
1.645
$11,259.69
10
VaR computation
Probability distribution of loss data
Probability = 5%
Minimum
$ Loss
$0
Average
$ Loss
$9,899.78
$11,259.69
VaR 95%
Maximum $
Loss
$ size of the
portfolio
11
Interpretation of VaR Result
 Given the loss data the Bank or Insurance Company (or any of
its business line) can afford a loss of maximum of $11,259.69.
 The bank or insurance company is 95% confident that the
actual loss will remain within the boundary between $0 and
$11,259.69. However, there is a 5% probability that the actual
loss will go beyond $11,259.69.
 In other words, n every 1 in 20 occasions (or days/month/year)
the actual loss will go above $11,295.69
 If the actual loss goes above $11,295.69 then the bank or
insurance company will be insolvent.
12
What is operational Risk
Banking sector definition
In Basel II the common industry definition of operational
risk is –
“The risk of direct or indirect loss resulting from
inadequate or failed internal processes, people and
systems or from external events.“
The definition includes legal risk but strategic and
reputational risk is not included in this definition.
Source: Basel Committee on Banking Supervision, Consultative Document, Operational
Risk, January 2001, accessed at http://www.bis.org/publ/bcbsca07.pdf on 01st January, 2011
13
Insurance sector definition
The Solvency II definition of operational risk is –
“Operational risk means the risk of loss arising from
inadequate or failed internal processes, or from
personnel and systems, or from external events
(Article 13(29) of Level 1 text). Operational risk shall
include legal risks, and exclude risks arising from
strategic decisions, as well as reputation risks (Article
101 4(f)) of the Level 1 text).”
(Ref: CEIOPS Advice for Level 2 Implementing Measures on Solvency II: SCR
Standard Formula – Article III (f) Operational risk: former CP53)
14
Table: Detailed loss event type classification in Insurance Operational Risk by ORIC
Event categories
Level 1
Level 2
Unauthorised activities
Internal fraud
Theft and fraud
Level 3
1. Unauthorised used of
computer system to
defraud firm or customer
2. Unauthorised
transactions
3. Underreported
transactions
4. Over-reported
transactions
5. Falsifying personal details
1.
2.
3.
4.
5.
6.
Theft of assets
Destruction of assets
Forgery impersonation
Disclosure of confidential
information
Accounting irregularities
Misappropriation of
assets
15
4.
Theft of assets
Forgery impersonation
Fraudulent billing by
suppliers
Fraudulent claims
System security
1.
2.
3.
Hacking
Theft of information
Viruses
Employee relations
1.
2.
3.
4.
5.
Harassment
Terminations, including
tribunals
Industrial activity
Management
Loss of key personnel
Safe environment
1.
2.
3.
Health and safety
Public liability
Employee liability
Diversity and discrimination
1.
2.
Equal opportunities
Human rights
External fraud
1.
2.
3.
External fraud
Employment practice and
workplace safety
16
Suitability, disclosure and fiduciary
1.
2.
3.
4.
5.
Improper business or market practices
2.
3.
4.
Money laundering
Other improper market
practices
Insider dealing
Tax evasion
Anti trust
Product defects
(unauthorised, etc.)
Product literature defects
Product design
Unintentional guarantees
Selection, sponsorship, and exposure
1.
2.
Client fact-findings
Client exposure
Advisory activities
1.
Mis-selling due to mortgage
endowment
Mis-selling (other)
Clients, products and business
practices
Product flaws
1.
2.
Regulatory impact
Data protection act
Regulatory compliance of
appointed representatives
Customer complaints
Treating customers fairly
3.
4.
5.
1.
2.
17
Disasters and other
events
1. Natural disaster losses
2. Loses from external sources
(terrorism, vandalism)
3. Physical assets failure (not
systems)
Systems
1.
2.
3.
4.
5.
6.
Damage to physical
assets
Business disruption
and system failures
Hardware
Software
IT network
Telecommunication
Utility outage/disruption
External interference (excluding
fraudulent activity)
18
Transaction capture, execution and maintenance
1.
2.
3.
4.
Monitoring and reporting
1.
2.
Failed mandatory reporting
Inaccurate external
reporting
Customer intake and documentation
1.
Incomplete/ incorrect
application documents
Contract document
incorrect
Inappropriate underwriting
Inappropriate reinsurance
Missing documentation
Execution, delivery and process
management
Customer service failure
Data entry error
Transaction system error
Management information
error
5. Accounting error
6. Incorrect application of
charges
7. Incorrect unit pricing/
allocation
8. Management failure
9. Inadequate process
documentation
10. Training and competence
2.
3.
4.
5.
Source: ORIC at http://www.abioric.com/oric-standards/risk-event-categories.aspx as on 29
Dec 2010.
19
Table: Summary of Operational Loss Data (All data are hypothetical)
Internal Fraud
Operational Risk Categories
External Fraud
Damage to
Business
Physical Assets
Disruptions &
System Failures
No. of No. of
Total
No. of
Total
No. of
Total
No. of
Total
events Month no. of
Month no. of
Month no. of
Month no. of
per
events
events
events
events
Month
k
n(k)
n(k)
n(k)
n(k)
0
7
0
4
0
4
0
4
0
1
0
0
2
2
5
5
3
3
2
4
8
2
4
2
4
2
4
3
3
9
3
9
3
9
3
9
4
4
16
3
12
3
12
3
12
5
5
25
6
30
6
30
4
20
6
2
12
4
24
3
18
3
18
7
2
14
2
14
2
14
2
14
8
2
16
1
8
2
16
2
16
9
0
0
1
9
1
9
1
9
10
1
10
3
30
3
30
4
40
events
110
142
147
145
month
36
36
36
36
Average events
3.06
3.94
4.08
4.03
p/m (λ)
Execution,
Delivery &
Process
Management
No. of
Total
Month no. of
events
n(k)
2
3
2
4
3
4
3
2
3
1
4
0
3
4
12
12
20
18
14
24
9
40
156
36
4.33
20
Table: Summary Statistics of Frequency Loss Data
Internal
Fraud
Minimum ($)
Maximum ($)
Mean ($)
Standard
deviation ($)
External
Fraud
Damage
to
Physical
Assets
Business
Disruptio
ns &
System
Failures
Execution, Average
Delivery
& Process
Managem
ent
11,629.81
199,734.09
108,165.98
34,154.57
461,535.19
55,881.49
28,254.02
467,152.57
76,977.50
17,295.17
719,922.09
139,744.89
26,338.26
311,739.24
69,203.62 89,994.70
56,767.93
62,093.00
70,895.66
97,461.74
35,201.25 64,483.92
21
Table: Descriptive Statistics of Severity Loss Data
Internal
Fraud
Minimum ($)
Maximum ($)
Mean ($)
11,629.81
199,734.09
108,165.98
External
Fraud
Damage
to
Physical
Assets
Business
Disruptio
ns &
System
Failures
Executio Averag
n,
e
Delivery
& Process
Managem
ent
34,154.57 28,254.02 17,295.17 26,338.26
461,535.19 467,152.57 719,922.09 311,739.24
55,881.49 76,977.50 139,744.89 69,203.62 89,994.7
0
22
Table: Parameters of Loss Distributions from
Aggregated Observed Loss Data
Aggregated Operational Loss Parameters Distribution
Type
Frequency
Mean=Variance
3.89 Poisson
Severity
Mean ($)
89,994.70 Pareto
Standard deviation 64,483.92
($)
23
Table: Parameters of Loss Distributions after Monte Carlo Simulation
Aggregated Operational Loss Data Summary for Monte Carlo
Simulation using @Risk
Frequency
4.00
Severity ($)
64,484.632979
Total Aggregated
257,938.53
Operational Loss ($)
24
Figure: Monte Carlo Simulation Output for Internal Fraud Category
25
Figure: Monte Carlo Simulation Output for External Fraud Category
26
Figure: Monte Carlo Simulation Output for Damage to Physical Asset Category
27
Figure: Monte Carlo Simulation Output for Business Disruption and System Failures Category
28
Figure: Monte Carlo Simulation Output for Execution, Delivery and Process Management Category
29
Figure: Monte Carlo Simulation Output for Integrated Operational Risk
30
Irrational Human Behaviour Causing Operational (and Strategic)
Failures
Agency problem
Principal-agent problem
 Intentional fraud
 Compensation culture
Examples: 2007 Financial Crisis
Lehman Brothers – over exposure on Securitised Products
Royal Bank of Scotland – M&A with ABN AMRO
Lloyd’s Banking Group – M&A with HBOS
AIG – exposure on CDOs
Many Others
31
Questions and Answers
32
Related documents
Statistics 405 - University of Missouri
Statistics 405 - University of Missouri
Module Descriptor 2012/13 School of Computer Science and
Module Descriptor 2012/13 School of Computer Science and
Monte Carlo Simulations
Monte Carlo Simulations
Using CommonKADS Method to Build Prototype System in
Using CommonKADS Method to Build Prototype System in
SIT ST2004 Module Descriptor 2012 13
SIT ST2004 Module Descriptor 2012 13
Download
advertisement