Radar by chenshu

VIEWS: 120 PAGES: 51

									Operational Risk                     June 2002

      Operational Risk on Everyone’s Desk
      – The RADAR System
 OR Clients & Services

                   Business Needs                            External Requirement

 Business Lines &                                                              Regulators &
     Internal                    Business OR            Group OR                 External
  Stakeholders                                                                 Stakeholders

Risk Strategy
       Business               Risk Advisory/         Risk Disclosure         Market Discipline
       Direction              Risk Appetite

 Management &                 Progress Tracking                                Supervisory
                                                    Guideline/Policy             Review
 Daily Decisions                & Escalation

   Information                  Risk Analysis &     Economic Capital        Regulatory Capital
    Provision                   Costing/Profiling     Methodology               Charge

                                                                                                 Page 1
   Control & Management Process

                                                     Mgt Actions &
                                      OR Committees
                                Risk Advisory

               Escalation &
Scenarios                                                                        Identification
                   OR Costing                      Profile
                                                                       Process Mapping

                  Reporting &                                     Self- Assessment
                                   KRI Reporting     Loss Data      Data
                                                      Collation    Collation

                                                                                                  Page 2
   Value Added Program

                Self-              OR                                                         Loss Data
                                                    Risk Advisory        KRI Reporting
             Assessment         Committees                                                    Collation

Proactive     Resource           Decision-              Project          Risk Costing /        Loss
              Planning          Making Body            Initiation         Risk Rating       Management

             Capital Budget     New Initiatives     Outsourcing        Scenarios         Corrective Action
             Aggregation        Risk Mitigation     E-Commerce         Issue Mngmt       Accountability
             Quality Scores     Project status      Risk Transfer      Early Warning     Risk Awareness
             Healthcheck        Risk-Priorities     Constraints        Trending          Corporate
             Grey Areas         Audit Issues        New Products       Escalation       Memory
                                                      Infra. Projects    Benchmarking      Analysis/Reports
                                                                          Best Practice     Risk Mapping
                                                                                             Automation

Reactive    Potential Loss     Audit Follow-Up      Project Sign-Off     Status Report     Data Repository

                                                                                              Data Intensity

                                                                                                                  Page 3
System Architecture

                            Business Data - RADAR                                       Economic
                                                                                      Capital Budget


                           Incident            Key Risk                                   Self
                           Capture            Indicators                               Assessment

                             RADAR Process Model

 Incident Capture Features                        KRI & Reporting Features              Self-Assessment Features
  - Loss categorisation                            - KRI measure/issue set up            - Detailed question sets
  - Web-based workflow                             - Product/process mapping             - Loss frequency/severity
  - Decentralised control                          - Decentralised submission            - Quality scoring/weighting
  - Tailored p+l calculations                      - Multiple reporting streams          - Aggregated loss estimates
  - Email notifications/alerts                     - Edit/report/read roleplay           - Assessor/approver roles
  - Digital certification/sign-off                 - Multi-dimension data capture        - Data views and security
  - GDS group-based security                       - Item or bulk upload capability      - Multi-entity/multi-lingual
  - Data drilldown & extract                       - Data drilldown/breakdown            - Standardised reporting
  - Multi-entity/multi-lingual                     - Comparatives/benchmarks
  - Fully Parameterisable                          - Issue tracking/management
  - User/system notes                              - Scorecard report-writer
  - Online help                                    - Web report distribution

                                                                                                                        Page 4
 Process Model

“We must have a consistent framework – the data model is the risk map”

                         Losses                                                                                         Category
                                                                                   Described by                         Org Unit
              Key Risk Indicators                                                    Activity
                                                      Risk Data
                                                                                    Attributes                             Process
                Self-Assessment                                                                                            System

                                                        Simplified Activity Buckets

                                                                                Exch Traded                  Equity OTC               IR OTC & Credit
Capital Mkts - Ldn             Cash Equities               Cash Bonds
                                                                                 Derivatives                 Derivatives               Derivativatives

                            BestConnect, DROM,
Order Receipt/Routing                                   Manual              Gatornet                      Manual                     DealViewer

                            Fidessa, Pirate, Colt,                          Trinitech, Liffe Connect,
Pricing & Execution                                     Bloomberg, e-Bond                                 CFD2, EqTrader             Kondor, Stars, Merlin
                            Spots, Reuters                                  Eurex, ORC

                            BestConnect, Fidessa,
                                                        Bloomberg, RIBS,    Pirate, Trinitech, Imagine,
Deal Capture & Risk Mgt     Pirate, Colt, Imagine,                                                        Murex, Equods, Imagine     Kondor, Stars, Merlin
                                                        Bondseye            GMI, Clearvision

                                                                            Imagine, Gerts, Grave,        POSTS, Imagine, Gerts,
Settlement & Reporting      Posts, Gerts, Grave         RIBS, GRR, TRMS                                                              AIMS, ANLOS, TRMS
                                                                            POSTS, GMI, Clearvision       Grave

                                                                                                                                                             Page 5

   “What is a loss ? There’s no debate once it is internally owned and authorised”

                                                 RADAR Workflow Principles
             Stage Name                                                                              Stage Name
                                        Errors & Loss Data
               Identify                                                                              KRI Setup
                                        Anyone in the bank can identify an incident                 & Maintain
                    Automated e-mail    Investigation requires specialist control groups
            Investigate &               3 managers as a minimum sign off each incident            Assign & Raise
               Control                                                                              Submissions
reject              Automated e-mail
                                        Email notification and senior management alerts
                                                                                                           Automated e-mail

               Owner                    Validation & routing managed by control groups              Data Entry
             Acceptance                                                                              & Locking
reject              Automated e-mail
                                                                                                           Automated e-mail
                                       Risk Indicators 
            Authorisation                                                                         Produce Reports
                                        Central KRI specifications, also some user defined
                                                                                                   Review & Edit
                    Automated e-mail
                                        Any department can establish its own reporting stream             Automated e-mail

             Validation                 Newspaper style workflow – reporters, editors, readers     Distribution
                                        Anyone can write an OR Report for their user rights

                                                                                                                          Page 6

“What is a loss ? We need a lot of descriptive fields around the basic categories”

                               Errors and Loss Data
                                fully parameterisable, multi-entity, multi-lingual, local views & naming
                                direct/indirect loss effect types, multi-select, entered by investigator
                                causal ‘reason codes’, primary/secondary, entered by error owner
                                causal process point, expected/unexpected, entered by error owner
                                recoveries, contributing parties, entered by authoriser
                                Basel event categories, mapped by system, checked by validator
                                error accounts, cost centres, control process, checked by validator
                                online help and support facility
      RADAR Parameters

                               Risk Indicators
                                shared parameters/categories with loss platform
                                volume, exception, risk exception, error measures
                                multiple measure types – count, value, duration, score …
                                mandatory/optional data fields, high/med/low criticality
                                control processes, function reported by and reported for
                                                                                                            Page 7

       “No-one uses a system unless there’s something in it for them”

Errors and Loss Data – Multi-Currency P+L Calculations 
 Cash Equity – buy/sell amount and price
 Cash Bonds – as above plus interest accruals
 Equity-Linked – as above plus conversion ratios
 Futures and Options – as above plus commission
 Interest Claims and Funding – rate/daycount/amount
 Freeform p+l – multiple effect types, user notes, attach file

Risk Indicators – Data Management 
 Product/Process/System Mapping – by KRI, org unit, location
 Multidimensional data entry and bulk data upload
 Data Locking and submission management
 Issues and action management

               RADAR User Tools
                                                                        Page 8

t’s all about risk awareness .. if we can just put Operational Risk on everyone’s des
  XX Division Trading Error Report - 2001
  YY Product
  1. High level losses by month

                                        2001 Tr ading error losses (€) b y Sub-Product                                                                     2001 Number of trading error s b y Process

                                                                                                AA                                                                                                          Order Receipt


                                                                                                                                                                                                            Limit Checks

                                                                                                                                                                                                            Order Routing

                                                                                                                                                                                                            Price Quote
                                                                                                                                                                                                                                               Errors & Loss Data
                                                                                                                                                                                                            Execution/Order Fill

                                                                                                                                                                                                                                               Incident Search and data feed facility
                                                                                                                                                                                                            Client Reporting
                                                                                                FF                                                                                                          Deal Capture

                                                                                                GG                                                                                                          Position Management

                                                                                                                                                                                                                                               League table reporting with incident drill down
                                        Monthly evolution of losses b y location (€k)                                                                           X Product corr ect ed fields
               900                                                                                                          200

               700                                                                                                          160                                                                                                Unidentified
                                                                                                                Number of errors

                                                                                                           BB                                                                                                                  Currency

                                                                                                                                                                                                                                               Advanced power user reporting and data extract
                                                                                                           CC                                                                                                                  Account
   Loss (€k)

               300                                                                                         FF
                                                                                                           HH                      40

                                                                                                                                                                                                                                               Simple graphing and data analysis via data extract
               100                                                                                         JJ                                                                                                                  Quantity

                                                                                                                                                                                                                               Whole T r
                      Jan   Feb   Mar      Apr    May     Jun    Jul    Aug    Sep       Oct   Nov   Dec
               -100                                                                                                                     Jan   Feb   Mar   Apr   May    Jun     Jul     Aug     Sep   Oct   Nov    Dec

  1. Trading errors peaked in February 2001, with a €XXXk loss on allocation to a client during the XY Z IPO. Aside from this, errors hav e f luctuated about the av erage of €YYY k per month.
  2. The majority of errors in 2001 were related to an incorrect price f ield, although the number of errors related to the whole t rade has increased steadily since May .

                                                                                                                                                                                                                                                               RADAR Reporting

                                                                                                                                                                                                                                               Risk Indicators
                                                                                                                                                                                                                                               Report templates including ‘scorecard’ style
                                                                                                                                                                                                                                               Measure/issue selection incl. prior period/benchmarks
                                                                                                                                                                                                                                               Editable draft reports with OR commentary facility
                                                                                                                                                                                                                                               HTML & PDF reports, data trending/graphing/drilldown
                                                                                                                                                                                                                                               Integrated reporting of KRIs, loss data and self-assessment
                                                                                                                                                                                                                                                                                                         Page 9
Operational Risk                    June 2002

      Loss Data Appendix & Screenshots
Loss Categorisation

Causal Categories                                       Sample Loss Effects
                     Direct Cost                               Indirect Costs

                                                               Lost Clients/Deals, Damaged Reputation,
  Human Capital      Cost to Rehire/Lock-in                    Corporate Memory Loss, Failed Initiatives,
                                                               Staff Morale, Ongoing Ability to Rehire

  IT Applications    One-off Developer/Support Costs
                                                               Business Disruption, Damaged Reputation,
                                                               Opportunity Cost of Management Time/Focus
  Infrastructure     Asset/Facility Replacement Costs

   Management        Project Write-downs, Write-offs           Opportunity Cost of Management Time/Focus

                     Trading Errors
  Procedures &       Funding Costs                             Regulatory Risk, Reputational Damage
    Controls         Penalties/Fines

 External Services   Cost to Cover Supply Failure              Business Disruption, Regulatory/Reputation Risk

 External Damage     Asset/Facility Replacement Costs          Business Disruption, Damaged Reputation

                                                                                                            Page 11
 Loss Data Workflow

          Stage Name                 Stage Description                                   Stage Owner

                                     • Enter basic incident details                     • Form Originator at
             Identify                • Can be entered by any RADAR user                 Control Process Point
                                     • Details passed to central control group
                  Automated e-mail
                                                                                        Restricted Access: Control
                                     • Investigation & validation of incident details   by independent function:
          Investigate &              • Independent calculation of profit/loss impact    • Fin Control
             Control                 • Allocation of error to an Owner                  • Risk Control
                                                                                        • Ops Control
reject            Automated e-mail
                                     • Review incident details                          • Incident Owner: e.g.
            Owner                    • Explain causes of error                          trader, salesman,
          Acceptance                 • Accept & nominate authoriser                     officer
reject            Automated e-mail

                                     • Review incident details & comment                • Level 1:Desk Head
          Authorisation              • Sign off on validity of incident                 • Level 2: Head of Trading
                                     • No of authorisers dependent on size              • Level 3: Head of Business
                  Automated e-mail
                                                                                        • Restricted Access:
                                     • Validation of incident categorisation
           Validation                                                                   Investigator or other
                                     • Validate correct authorisation level             members of Control Group

                                                                                                                      Page 12
Main Menu

            Page 13
Online Help & Support

                        Page 14
Parameterisation – Control Groups

                                    Page 15
Parameterisation – Loss Categories

                                     Page 16

           Page 17
Investigate – Cash Equity

                            Page 18
Investigate – Interest Claim

                               Page 19
Investigate – Funding Details

                                Page 20
Investigate – Freeform P+L

                             Page 21
Owner Accept

               Page 22

            Page 23
Management Alerts

                    Page 24

           Page 25
Routing, Void, Reassign

                          Page 26

               Page 27

         Page 28
League Table Reporting

                         Page 29
Advanced Reporting

                     Page 30
Loss Data Reports

 Loss data can be analysed against any of the dimensions of the RADAR Process Model

 XX Division Trading Error Report - 2001
 YY Product
 1. High level losses by month

                                       2001 Trading error losses (€) by Sub-Product                                                                     2001 Number of trading errors by Process

                                                                                             AA                                                                                                        Order Receipt

                                                                                                                                                                                                       Limit Checks
                                                                                                                                                                                                       Order Routing
                                                                                                                                                                                                       Price Quote
                                                                                                                                                                                                       Execution/Order Fill
                                                                                                                                                                                                       Client Reporting
                                                                                             FF                                                                                                        Deal Capture

                                                                                             GG                                                                                                        Position Management

                                       Monthly evolution of losses by location (€k)                                                                          X Product corrected fields
              900                                                                                                       200

              700                                                                                                       160                                                                                               Unidentified

                                                                                                             Number of errors
                                                                                                        BB                                                                                                                Currency

                                                                                                        CC              120                                                                                               Account
  Loss (€k)

              300                                                                                       FF
                                                                                                        HH                      40
              100                                                                                       JJ                                                                                                                Quantity

                                                                                                                                                                                                                          Whole Trade
                     Jan   Feb   Mar      Apr    May    Jun    Jul    Aug    Sep      Oct   Nov   Dec
              -100                                                                                                                   Jan   Feb   Mar   Apr   May    Jun    Jul    Aug     Sep   Oct   Nov    Dec

 1. Trading errors peaked in February 2001, with a €XXXk loss on allocation to a client during the XYZ IPO. Aside from this, errors have fluctuated about the average of €YYYk per month.
 2. The majority of errors in 2001 were related to an incorrect price field, although the number of errors related to the whole trade has increased steadily since May.

                                                                                                                                                                                                                                         Page 31
Operational Risk                   June 2002

      KRI Appendix & Screenshots
KRI Categorisation

Causal Categories                          Sample Key Risk Indicators
                     Volume                       Exception                   Risk Exception

  Human Capital      Staff                        Key Leavers/Joiners         Disciplinary Cases

                     # Systems                    Helpdesk Calls              Downtime Duration
  IT Applications    Enhancement Requests         Change Releases             System Bugs
                     New/Deleted Accounts         Firewall Changes            Policy Breaches

   Infrastructure    # Servers                    System Dependencies         Firecalls
                     Premises Capacity            Occupancy Rate              Engineering Incidents

                     # Projects                   Milestones Missed           Scrapped Projects
   Management        Decisions Announced          Decisions Pending           Negative Media/Press
                     Audits Conducted             # Audit Issues              Overdue Issues

                     Trade Volumes                Current Breaks              Breaks >30 days
   Procedures &
                     Exposure Limits              Limit Breaches              Managed Positions
     Controls        # Stat/Reg Reports           Targets Missed              Restated Reports

 External Services   # Ext Suppliers              SLAs Outstanding            SLA Breaches

                     Firewall Traffic             Firewall Alerts             Virus/Hacker Attacks
 External Damage     Physical Exposure            BCP Invocations             Insurance Claims
                     Indemnity Exposure           Complaints/Investigations   Lawsuits

                                                                                                      Page 33
Risk Indicator Workflow

       Stage Name                Stage Description                               Access Rights

       KRI Setup                 • Define/set up new mandatory/optional KRIs
                                 • Classify measure or issue type and nature    • OR   Editors
       & Maintain                • Associate products, processes, org units

                                 • Define submissions for functions/locations
      Assign & Raise             • Assign KRI submissions to reporter groups    •OR Editors
       Submissions               • Raise/manage submissions for time periods
              Automated e-mail
                                 • Enter data individually or via bulk upload
       Data Entry                • Enter commentary/issues and criticality      • Reporter   Groups
       & Locking                 • Lock data submissions once complete
              Automated e-mail

                                 • Produce OR reports and scorecards
    Produce Reports              • Select optional data and issues              • Editor   Groups
     Review & Edit               • Add or edit OR commentary
              Automated e-mail

                                 • Receive/read reports
       Distribution                                                             • Reader    Groups
                                 • Query and drill down capability

                                                                                                      Page 34
KRI Set Up

             Page 35
Process Mapping

                  Page 36
KRI Submissions

                  Page 37
Submission Details

                     Page 38
KRI Data Entry

                 Page 39
Multi-Dimensional Data Entry

                               Page 40
Bulk Data Entry

                  Page 41
Issues & Actions

                   Page 42
Manage Submissions

                     Page 43
Report Templates

                   Page 44
Report Writing

                 Page 45
Measures Selection

                     Page 46
Review & Edit

                Page 47
KRI Reporting

                Page 48
Data Drilldown

                 Page 49
   Integrated Reporting

  Actual loss & risk indicator data validate self-assessment loss estimates & KRI benchmarks

KRI Benchmarks &
 Self Assessment
 Loss Estimates

                                                                                 Actual Monthly
                                                                                 RIsk Indicators
                                                                                  & Loss Data

                                                                                               Page 50

To top