Corporate Stategy, Local Execution - PDF

Document Sample
Corporate Stategy, Local Execution - PDF Powered By Docstoc
					                        Measuring Capital
                      for Operational Risk:

                    A Scenario based AMA

Budapest, September 2003

•   Introduction
•   The Road to AMA
•   Overview of the AMA approach in Intesa
•   The Scenario-based Self Risk Assessment
    •   Background & definitions
    •   Principal phases
    •   Using the Results
    •   Model structure & assumptions
• Conclusions


Intesa wishes to extend its current Risk Management framework to also cover
Operational Risk with a view to risk integration and achieving a more comprehensive
management of its overall risk profile.

Intesa’s goal is to develop an integrated approach which qualifies for AMA by 2006.

The project will deliver an overall framework incorporating analysis, measurement and
management models and tools, the organisation and processes to support it, and an
aggressive change management & incentive programme.

                               Progetto ORIGIN : Goals & Objectives
                                                                      Promote & build ORM framework and

                                                                      Develop integrated methods &

                                                                      Collect OpRisk data

                                                                      Implement supporting processes & IT

                                                                      Provide management reports &
                                                                      decision support tools

                                            The Road to AMA

The ORIGIN Project is co-ordinated by a Steering Committee in the Corporate Centre and
impacts all operating units within Intesa Group
Each of the main operating units within the Group has an Operational Risk Manager who
is responsible for the local implementation of the OpRisk Framework and co-ordinates the
activities with the ORIGIN Project Manager as well as reporting status and progress to the
operating units Top Management
                                                              2001   2002   2003   2004   2005   2006
      Promote & build ORM framework and environment
                                     Organizational Model
                            Governance policy & procedures
                                     Change Management
      Develop integrated methods & models
                                      Quantitative Approach
                                       Qualitative Approach
                                             Risk Financing
      Collect OpRisk data
      Implement supporting processes & IT
                   Documentation Management & Pub lishing
                                   Loss Data Management
                                             Data Analysis
                                      Quantitative Analysis
                                     Self Risk Assessment
      Provide management reports & decision support tools
      Allocate Economic Capital for OpRisk
      Use Test

     Challenges in Practical Implementation

The information to consider when modelling Operational Risk should comprise Internal
loss data and risk indicators, External loss data, Potential Internal Losses, Quality of
Controls and Changes in the Business Environment, and the Risk Financing options.
The quality of the data is critical.

                      Main Issues                                                 Tools & Solutions
                                                           Org structure, IT, policy & procedure, model, training, culture,
     Internal Loss data collection & Categorization
                                                                                        help desk
         External Loss Data quality & relevance                   Industry recognized data pools, methods for use
        Data truncation / dispersion / limited data                Statistical solutions (EVT, Bayesian analysis..)
 Quality of scenario assessments (potential loss events)    SRA Methodology & model, training, policy & procedure, IT
                                                              Analysis of control quality versus internal best practice
                Presence of Hidden Risk
   Continuous changes in the Business Environment                       Expert opinion (collected during SRA)
                                                               Mapping of Insurance products to Loss Event Types,
       Determine the amount of Risk Transferred
                                                                               methodology & model, IT

     The OpRisk Management Model

                        ENVIRONMENT FRAMEWORK

                                             Group                                   Training
                                          Organizational           Governance
      Group                                   Model                 Processes           &
  Risk Committee
                                                 Risk Management

Centralized Function
                           Market              Credit          Operational          Portfolio
                            Risk                Risk              Risk             Management

                                    Foreign         Italian                  Corporate      Retail
                       Corporate                                Product
                                     Banks          Banks                    Center &      Division
                        Division                               Companies
                                    Division        Division                  Services
     Functions                            Local
                                     Risk Committee
                       Local OpRisk Controller or OpRisk Manager                OpRisk Business
                          And OpRisk Business Line Managers                      Line Managers

                     The OpRisk Process Model

                                      ENVIRONMENT FRAMEWORK

                                                        Group                          Training
                                                     Organizational     Governance        &
                                                         Model           Processes   Communication

                                                                                      Monitor &
 Operational Risk      Method,model       Measurement                                  Control
Planning & Stategy       and tool        of Risk Profile                             Operational
                                                                of mitigation
                       management                                                       Risk

                              Change Management


                               Data Management

  Overview of the AMA approach in Intesa

            Bayesian LDA
                 Quantitative        “Hidden”
                  Analysis             Risk
                                                           Mitigation     Net CaR
                  Qualitative        Validation
                   Analysis           Factor
            Scenario-based Self Risk Assessment

The Intesa Internal Model approach is designed to take into account all of the main
components and analysis methods, and also to allow for the fact that a method may
compliment or substitute another or be used as a supplement. The use of all the
components is key to ensuring a better understanding of the phenomenon

The Model principally relies on two "tracks": quantitative and qualitative analysis and is
designed to use both of them according to relevance and quality

               What is a Risk Assessment ?

The Industry has developed a variety of different definitions and tools to
describe and implement Self Risk Assessment techniques.

In general a Self Risk Assessment is a guided process of evaluating one’s
own exposure to risk thorough the analysis of robustness, vulnerability,
efficiency and coherence of the management process.

The definition of Self Risk Assessment in Intesa

A qualitative analysis tool based on the evaluation of relevant scenarios by the
business owners. It is aimed at identifying operational risks, measuring the risk
exposure, analysing the vulnerability, the quality of the controls and the eventual
mitigation plans.

Who uses Risk Assessments ?

        What tools are commonly used ?

•   Checklists
•   Questionnaires
•   Scorecards
•   Internal investigations
•   Process / Risk Mapping
•   Workshops

     Some implementation considerations

•   How often ?
•   How much time / how complex ?
•   How to validate the results?
•   Who should be involved?
•   Monitornig assessment and mitigation

          The Principal Phases of the SRA

The Intesa SRA is governed by the following macro process

     Preparation    Planning     Execution        &         Validation   Output

            The process is quite complex and requires a high-level of
              support and integration between the methodological,
                 organizational and IT elements of the process.

               The Preparation & Planning Phases

                                                                                                        Organizational Mapping

                              The exercise of SRA in Intesa Group is                                         Gruppo Intesa

                              carried out once a year typically between                         Unità di supporto

     Preparation   Planning   July and October. The Group ORM plans       Unità di Buisness 1   Unità di Business 2   Unità di Business 3   Unità di Business n

                              and coordinates the assessment Process
                              (facilitated or remote)

Appropriate scenarios are derived
from the Intesa Risk Class Model
(MIRO), matrix of critical resources
and states, workshops with the ORM
correspondents and other relevant
data :-
   Internal/External Loss Data
   KRI / Last years SRA
   Audit & security reports

Underlying Statistical Model
  Predefined severity /WC classes

                          The Execution Phase

                      The scenario forms             Each questionnaire refers to a part of
                      (questionnaires) are           the organisation based on the Intesa
      Execution       distributed by an Intranet     organisational mapping. The Head of
                      based (Java) assessment        each Division or department executes
                      tool (GAS) with on-line help   the assessment
The goal is to evaluate each BU’s
Risk profile: Risk is the combination
of magnitude and probability of
potential total loss over a given time
Potential total loss over a given time
horizon is described by the severity
of a single loss event and the
frequency of events
The evaluation form is divided in
sections (Risk Factors) We have
identified 9 risk factors (critical
resources which could be exposed to
 The Analysis, Checking & Validation Phase

   Cross                        The individual results for each question are subject to a
      &          Validation     rigorous process of analysis, checking (by the ORM
  Coherence                     department) and finally validation (by Internal Audit and
   Check                        the Security Office).

Cross reference & Coherence Checking involves verifying :
    Completeness of the answer to the scenario
    Coherence between the scenario, the answer,
     vulnerability and control quality
    Outliers (via benchmarking etc)
    Comparing with loss data and KRI

Validation :
     This activity involves assessing the quality of the answers given by the Risk Owner
     for each Risk Class and supplying a score which expresses the deviation from the
     original risk profile as perceived by the Audit or Security function


         The risk reporting structure is hierarchical (by BU, by risk class etc) and the
         target users are quite numerous due to the different uses of the information:
Output     Group Top Management & BU Directors
           HR & Audit Departments, IT and Legal Departments
         The output is fully integrated into the management decision processes

                                                                                Capitale Econom ico

                                                                                                                     OpVa R 2003
                                                                                                       B asic    Standardized       Modello Interno
                                             Gruppo Intesa                                           1.488.600    1.366.455            1.268.186

                                                                                                       B asic
                                                                                                                     OpVa R 2003
                                                                                                                 Standardized      M odello Interno (2)
                                                                                                                                                              Confronto con altri Indicatori Operativi
                                             Divisione Banche E stero (1)                                          131.683               91.789
                                                                                                                                              Inte sa CEE                 Dipe nde nti               Spo rte lli                       Ope ra ting           Ne t O pe ra ting        Ne t P/L       Cost/Incom e
                                             Intesa CEE                                                            96.079                77.146 pe ra ting
                                                                                                                                               O                                                                                           Costs                 Ma rgin              (ml n euro)      Ra tio (%)
                                                                                                                                            Indica tors 2002                                                                           (ml n euro)               (ml n euro)
                                             Privredna Banka Zagreb                                    41.447      38.389                13.594
                                                                                                                                                  CIB                           1350                       44                               97                        169                 43                57,5
                                             Vs eobcna Uverova B anka                                  31.586      31.444                21.296                                 3678                      200                               152                       276                 86                55,1
                                             Central E uropean International B ank (4)                 25.533      26.245                42.257 VUB                             4502                      247                               128                       189                 40                67,8

                                                                                                                                                 Re la z ione tra p e rdite e n. dip e nde nti                                               Re la z ione tra pe rdite e costi di e se rciz io

                                                                                                                                      V UB                                                                          V UB

                                                                                                                                      PBZ                                                                              PBZ

                             1. V alori in m igliaia di e uro                                                                          CIB                                                                                 CIB
                             2. E scluso S udam eris G ro up
                             3. Il Cap itale Econom ico è calco lato a l lordo de i rec upe ri assicurativi
                             4. Cfr. Analisi De scrittiva, pg. 11                                                                            0            10000         20000            30000            40000                   0               50            100            150             200          250     300
                                                                                                                                                           dipendenti   IF+TE&PM       SRA (Pe+Pr)                                                         Operating Cos ts /PE      Operating Cos ts /PA

                                                                                                                                                   Ne t Ope ra ting Ma rgin / Ca R                                                                          Re la z io ne tra Cost Incom e e
                                                                                                                                                                                                                                                                Pe rdite Atte se inte rne
                                                                                                                                      V UB

                                                                                                                                                                                                                  Cost Income

                                                                                                                                       CIB                                                                                      40,0
                                                                                                                                                                                                                                       0               5                10              15            20           25
                                                                                                                                             0        5           10        15            20         25                                                               Perdite A ttese interne


             Using Qualitative Information

Provides a benchmark for the loss data analysis
Supports the ORM function in the comprehension of the nature of the underlying risk,
highlights incompleteness in loss data collection and “gaps” in the OpRisk Culture
Integrates Quantitative analysis in the Capital at Risk computation
Supports management processes (use test)
    Mitigation intervention
    Capital Budgeting
    Risk Financing
Defines priorities in Audit plans
Business Continuity Planning

 The foundation of the SRA – Intesa Risk Model

A hierarchical risk model is used to develop a complete set of possible risk events
(potential losses)

   Other Risks
                   Operational Risk
                                       Risk Class
                                                       Risk Factor
                                                                        Risk Event

MIRO – Modello Intesa Rischi Operativi

                           Driver delle Classi di Rischio
                           rispetto ai quali vengono
                           inviduati gli INDICATORI di      Fattori/Vulnerabilità interne che espongono l’azienda
                           RISCHIO (EI, KRI, KPI)           al concretizzarsi degli Eventi Rischiosi. Ad ogni fattore
                                                            sono associate specifiche Vulnerabilità

 Classi rispetto a cui si riclassificano i
 potenziali Eventi Rischio

Overview of the Scenario-based SRA approach
  Risk Model             Mathematical Engine           Indicators and reporting

                                                                                    Confronto con altri Indicatori Operativi
                                                                       Inte sa CEE              Dipe nde nti                Sportelli                         Opera ting          Net Opera ting          Ne t P/L       Cost/Income
                                                                        Ope rating                                                                                Costs              Ma rgin              (ml n eur o)     Ratio (%)
                                                                     Indica tors 2002                                                                         (mln euro)             ( mln euro)
                                                                           CIB                        1350                        44                               97                     169                 43                57,5
                                                                           PBZ                        3678                       200                               152                    276                 86                55,1
                                                                           VUB                        4502                       247                               128                    189                 40                67,8

                                                                         Re lazione tra perdite e n. dipende nti                                                    Relazione tra perdite e costi di e se rcizio

                                                          V UB                                                                            V UB

                                                          PBZ                                                                               PBZ

                                                           CIB                                                                                   CIB

                                                                 0              10000         20000            30000             40000                   0               50         100            150            200           250     300
                                                                                 dipendenti   IF+TE&PM       SRA (Pe+Pr )                                                     Oper ating Cos ts /PE      Oper ating Cos ts/PA

                                                                          Ne t Ope ra ting Ma rgin / Ca R                                                                         Relazione tra Cost Income e
                                                                                                                                                                                     Perdite Attese interne
                                                          V UB                                                                                         70,0

                                                                                                                                         Cost Income

                                                           CIB                                                                                         40,0
                                                                                                                                                              0               5            10               15            20           25
                                                                 0          5           10        15            20          25                                                          Per dite A ttes e interne


                     e   rity                 Ca s e

 Questionnaire                  Evaluation                                                                           Output

                                                                                  Expected loss

                                                                                 Capital at risk

                                                                                    Detailed Statistics

                                                                                        Coherence Analysis


                        Modelling Assumptions

  A good model for risk measurement must be consistent, robust and stable over
  time, so that economic capital results from changes in the underlying risk profile and
  not from changes in the model

               Assumptions about distributions
                        Severity: Gumbel, Weibull, Frechet               Historical
                                                                         Loss Data
                        Frequency: Poisson

               Estimation of parameters
                         The parameters are position and shape parameters of the
to Scenarios
                         severity distribution, and the average frequency.

                         Scenarios are aggregated assuming perfect correlation

  We compound severity distributions and frequency distributions into one overall
  aggregated potential loss distribution using a Monte-Carlo-Simulation.

Principles of the Intesa Scenario-based approach

The entire approach is designed in order to guarantee the following pre-requisites :

   Stability of the answers: the model uses estimates of ranges rather than point estimates.
   In addition the uncertainty implicit in subjective responses has been considered within the
   underlying statistical models.

   "user friendly": execution: the questions are clearly formulated in sufficient detail for the
   assessor to understand the scenario.

   Completeness & Relevance of the spectrum of the scenarios to be analysed. This is
   supported by the Intesa Risk Model (MIRO) and states matrix which is subject to CPI.

   Uniformity & Consistency during the SRA macro process via:
        A single Framework (the use of the same Model (calibrated), processes, rules and
        IT tools for all Business and Support Units within the Group)

   Uniformity & Consistency with the Quantitative Analysis approach via :
        Complete mapping between the Risk Model and the LET
        Consistent underlying methodologies

Benefits of the Intesa Scenario-based approach

 •   Focus
      •   Forward looking
      •   Identifies the major risks exposures
      •   Creates a link between controls, risks and vulnerabilities
      •   Business specific
      •   Supports the diffusion and progress of OpRisk culture
      •   Transparent
      •   Promotes Risk Ownership
      •   Incentivates pro-active risk management
 •   Reacts to changes in:
      •   organisational structure
      •   strategies and business
      •   external context
 •   Decision support tool

                              Critical Success Factors

The entire approach is focused on the development of a risk based capital model and
management toolset. The principle critical success factors are listed below:

 Top Management
       Sponsorship            Committed to achieving the goals of the ORIGIN project (RM,IA,CFO, CTO, HR&ORG)
       Communication          Delivers clear messages of commitment to all levels
       Application            Uses OpVar in decision processes (Capital Budgeting, Capital Allocation, BCP, Audit Plans…)
 ORM Team
       Project Management     Develops and delivers the "Solution" throughout the Group
       Collaboration          Partcipates in Industry working groups in order to share experience
       Starts Simple          Increases in sophistication as understanding improves
       Transparent            Provides a clear understanding of the contributing elements
       Robust Model           Becomes more meaningful over time (learning process)
       Comprenhensive         Uses all the "knowledge" avaliable
       Uniform & Consistent   Applied homogeneously across all operating units within the group
       Ownership              Clearly identifies responsability for managing operational risk
       Involvement            Receives regular updates on the project progress and ORM strategy

                          AMA Maturity Model
                                                                                                                     Level 5
                                                                                       Level 4
                                                          Level 3
                                Level 2
     Level 1

  Traditional                Awareness                   Quantify                     Monitor                       Improve
•Internal Controls          •Operational Risk         •Governance Structure        •Active operational risk   •Fully integrated
                            Manager                                                committee                  methodology and tools
•Reliance on Internal                                               goals,
                                                      •ORM Vision & goals,
Audit                       •Identify ORM staff in    model refinement             •Comprehensive loss         Cross-
                                                                                                              •Cross-function risk
                            the BU                                                 databases & limits         analysis
•Individual Mitigation                                •Begin indicator
programmes                  •Definition & Policy,
                                          Policy,     collection                   •Model integration         •Correlation between
                            model development                                                                 indicators & losses
•Reliance on quality of                               •Basic escalation                              Risk-
                                                                                   •2nd generation Risk-
people and culture          •Self Risk Assessment     processes                    based economic models •Insurance linked with
                                                                                                            risk analysis & capital
                            •Begin data collection    •Consolidated reporting      •dedicated staff in some
                                                                                   of the main BU’s
                                                                                               BU’          •RAR linked to
                            •Training                  part-
                                                      •part-time staff in the BU
                                                                                                            employee compensation
                                                                                   •New Insurance Stategy
                            •Scenario-based                             Risk-
                                                      •First generation Risk-
                                                                                   & Model
                            economic capital models   based economic models

                   Reference Material

• Basel Committee on Banking Supervision – “The New Capital Accord –
  Consultative Paper 3” - (April 2003)
• Basel Committee on Banking Supervision – “Working Paper on the
  Treatment of Operational Risk” - (September 2001)
• Basel Committee on Banking Supervision – “Sound Practices for the
  Management and Supervision of Operational Risk” - (December 2001)
• M. Balfan, P. Gledhill, M. Haubenstock – “Self–Assessment of
  Operational Risk” – The Risk Management Alert Journal February 2002
• S. Jung, F. Topper – “Risk and Control Self-Assessment at stanford: The
  next plateau” – College and University Auditor Magazine, August 2000
• G. Sampson, D. Kumar, D. Lau – “Firm-wide Issues for Financial
  Institutions: Risk Model Selection” – Advances in Operational Risk,
  Risk Books 2001
• R. Kennett – “How to Introduce an Effective Operational Risk
  Management Framework” - Advances in Operational Risk, Risk Books


     Dott.ssa Maria-Louise Arscott
   Group Operational Risk Manager
               Banca Intesa
             Piazza Ferrari, 10
               20121 Milano
            Tel : (02) 8793 7725
           Fax : (02) 8793 7333
Email :


Shared By:
Description: Corporate Stategy, Local Execution document sample