FHTW Berlin MBA&E SS 2006
Proactive Risk Management: Minimize risk, maximize value Frank Romeike RiskNET – The Risk Management Network
Timetable
• Mo., 19.06.06,
08.00 – 18.45 Uhr,
Raum 07
• Tu.,
20.06.06,
08.00 – 18.45 Uhr,
Raum 07
• We., 21.06.06,
08.00 – 18.45 Uhr,
Raum 07
• Th.,
22.06.06,
08.00 – 18.45 Uhr,
Raum 07
• Fr.,
23.06.06,
08.00 – 18.45 Uhr,
Raum 07
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 2
Short introduction: •Name •Background •Why are you interested in Risk Management? •What are your expectations?
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 3
19.06.2006
Seite 4
Assessment
50 %
Abstract
50 %
Presentation
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Presentations
22/06/06
IT Risk Management (Selcuk Kocak) Megacities – Megarisks: Trends and challenges for risk management Impact of Basel II on the financial market Introduction into external Rating
22/06/06
Limitations of GBM Models in Risk Management Scenario Analysis in Risk Management (Kenneth Ko) Standards in Risk Management: AS/NZ4360, COSO etc. (Jenyu Wu) Credit risk: Portfolio models (Mark Flueteotte) Lessons learned: collapse of ENRON (Kerem Deveskel)
22/06/06
Value based management and risk management Risk landscape of the future Risk culture in companies (Girish Bene) Lessons learned: Barings Bank (Yogesh Bansal) Phantom risks (Emre Gul)
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 5
19.06.2006
Seite 6
Presentations
23/06/06
Risk aggregation with Monte Carlo simulation (Antti Kapanen) „Value at Risk“ and „Cash flow at Risk“ Risk Management and Natural catatsrophes(Samuel Sianturi)
23/06/06
Sarbanes Oxely Act (Tugrul Sahin) Risk perception (Pramod Dhage) Lessons learned: Parmalat (Raquel Choya) Lessons learned: Bhopal case (Chandramouli Ramapuram) Corporate Governance in Europe (Hyo Lee)
23/06/06
Risk Management in Projects (Davood Aghel) Dynamic Financial Analysis (Mehmet Ekren) Quantification of „Operational Risk“ Solvency II and the impact on the financial market
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
• Phillipe Jorion: Financial Risk Manager Handbook, w. CD-ROM 752 pages - John Wiley & Sons 2005, ISBN: 0471706299
• Joel Bessis: Risk Management in Banking 812 pages - John Wiley and Sons Ltd 2002, ISBN: 0471893366
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 7
19.06.2006
Seite 8
• Peter L. Bernstein: Against the Gods 383 pages - John Wiley & Sons 1998, ISBN: 0471295639
• James Lam: Enterprise Risk Management 336 pages - John Wiley & Sons Inc 2003, ISBN: 0471430005
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
• Erik Banks, Richard Dunn: Practical Risk Management 176 pages - John Wiley and Sons Ltd 2003, ISBN: 0470849673
• Prakash A. Shimpi: Integrating Corporate Risk Management 275 pages - W. W. Norton & Company 2001, ISBN: 158799061X
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Roland F. Erben, Frank Romeike: Allein auf stürmischer See Risikomanagement für Einsteiger, 220 Seiten, Wiley Verlag, Weinheim 2003, ISBN: 3527500731
Frank Romeike, Robert Finke: Erfolgsfaktor RisikoManagement. Chance für Industrie und Handel. Methoden, Beispiele, Checklisten (mit CD-ROM), 516 Seiten, Gabler Verlag, Wiesbaden 2003, ISBN: 3409122001.
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 9
Frank Romeike: Balanced Scorecard in Versicherungen - Strategien erfolgreich in der Praxis umsetzen, 178 Seiten, Gabler Verlag, Wiesbaden 2003, ISBN: 3409120823
19.06.2006
Seite 10
Frank Romeike: Lexikon Risiko-Management, 156 Seiten, Wiley Verlag, Weinheim 2004, ISBN: 3527501126
Werner Gleißner, Frank Romeike: Risikomanagement Umsetzung, Werkzeuge, Risikobewertung, 450 Seiten, Haufe Verlag, Freiburg i. Br. 2004, ISBN: 344806209X
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Frank Romeike / Matthias Müller-Reichart: Risikomanagement in Versicherungsunternehmen – Grundlagen, Methoden, Checklisten und Implementierung, 420 Seiten, Wiley Verlag, Weinheim 2004, ISBN: 3527501061 19.06.2006
Seite 11
Risk is the sugar and salt of life. What we do is risky. But it is also risky if we don’t do anything!
Quelle: Romeike, Frank; Finke, Robert: Erfolgsfaktor Risikomanagement: Chance für Industrie und Handel, Lessons learned, Methoden, Checklisten und Implementierung (inkl. CD-ROM), Gabler Verlag, Wiesbaden 2003.
© Frank Romeike 2003 © 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 12
How do you define „risk“?
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 13
€
Risiken als mögliche Planabweichungen positive Abweichung
Chancen
lit ä
t:
pos
i
la b
hu n
g
Zukunft
Zielwert K on
Tra
erwartetes Jahresergebnis
R ea
h auc
Z ie tive
c w ei
G: n ur n ega tive Z ie la b w ei ch u ng
negative Abweichung
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Gefahren
Wahrscheinlichkeit
19.06.2006
Seite 14
In welches Unternehmen würden Sie investieren? Wahrscheinlichkeit
Verlustgrenze
Erwartungswert
Unternehmen A
Unternehmen B Verlustwahrscheinlichkeit Unternehmen B Verlustwahrscheinlichkeit Unternehmen A
Ertrag
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 15
Was ist Risiko? (1/3)
• Risiken bezeichnen Noch-Nicht-Ereignisse, die wir uns hier und jetzt vergegenwärtigen müssen, ohne sie jetzt bereits wirklich kennen zu können. Risiken lauern bösartigerweise in den Seitengängen einer Zukunft, die uns den "Blick um die Ecke" verweigert. Vorwort von Theodor M. Bardmann in: Kleinfellfonder, Birgit: Der Risikodiskurs, Zur gesellschaftlichen Inszenierung von Risiko, Opladen 1996.
• Die Besonderheit des Risikos könnte in seiner konstitutiv paradoxen Implikation liegen, dass man es zugleich haben und loswerden, steigern und minimieren möchte. Vorwort von Theodor M. Bardmann in: Kleinfellfonder, Birgit: Der Risikodiskurs, Zur gesellschaftlichen Inszenierung von Risiko, Opladen 1996.
• Das Risiko ist der verborgene Gott der modernen Gesellschaft: Man sucht es, man meidet es, man fürchtet es und weiss nie, wer wann zum Sünder wird. Dirk Baecker
• Risiko ist ein Konstrukt. Das Material, aus dem Risiken konstruiert werden, liefern uns die Sinne. Bayerische Rück
• Risk is the sugar and salt of life. Professor Gordon C. A. Dickson
• Das größte Risiko auf Erden laufen die Menschen, die nie das kleinste Risiko eingehen wollen. Bertrand Russell
• Risiko = ris(i)co (italienisch), die Klippe, die es zu umschiffen gilt. © 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 16
Was ist Risiko? (2/3)
• Risiko [it] das; -s –s u. …ken (österr. auch Risken): Wagnis; Gefahr, Verlustmöglichkeit bei einer unsicheren Unternehmung DUDEN, Das Fremdwörterbuch
• Risiko [italien.] das, I) allg.: Wagnis, Gefahr. 2) Wirtschaft: Bez. für Verlustgefahren, Unsicherheits- und Zufälligkeitsfaktoren, die mit jeder wirtschaftlichen Tätigkeit verbunden sind. Unterschieden werden natürliche Risiken (z. B. Sturmschäden), techn. Risiken (z. B. Produktmängel), soziale Risiken (z. B. Fluktuation), politische Risiken (z. B. Verstaatlichung) und bes. Marktrisiken (z. B. Konjunktureinbruch, Branchenkrise) Der Brockhaus in fünfzehn Bänden, Bd. 11
• risk /risk/ n 1 [C,U] (instance of) possibility or chance of meeting danger, suffering loss, injury, etc. Oxford Advanced Learner’s Dictionary of Current English
• Risiko ist die Abweichung eines Ergebnisses von seinem erwarteten Wert. Für die Einstufung eines bestimmten Ereignisses als "Risiko" kommt es also nicht darauf an, dass es ein "negatives", "unerfreuliches" Ereignis ist, sondern dass es nicht "erwartet" wurde http://www.moneyfruits.at/
• Risiko wird ... als das Informationsdefizit über die finale Bestimmtheit, d. h. die Ungewissheit über das Erreichen der gesteckten (geplanten) Ziele definiert. E. Helten, LMU München
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 17
Was ist Risiko? (3/3)
• Risiko = 1 – Zuverlässigkeit P. M. Pastors
• Risiko ist nichts weiter als der Gegensatz zwischen Realität und Möglichkeit J. Markowitz
• Risiko ist die vornehmste Quelle der Inspiration Hans Magnus Enzensberger
• Risk is defined as the product: Risk = (Value) x (Vulnerability) x (Hazard) UNESCO 1972
• Risiko ist die bedingte Wahrscheinlichkeit, dass eine zu einem bestimmten Zeitpunkt von einer bestimmten Krankheit nicht befallener Person danach innerhalb einer definierten Zeitspanne an ihr erkrankt Dr. J. Weitkamp, gefunden unter http://www. zm-online.de
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 18
What kind of risks do you know?
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
… HR risks
19.06.2006
Seite 19
19.06.2006
Seite 20
Market risk
…
Brand name
Credit risk Liquidity Strategy regulation
reputation
Environmental risk
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Management
IT Infrastructure
Stay with the good risks!
Examples: • SmithKline Beecham totally revamped its decisionmaking on the funding of research and development projects using a risk managementbased approach that has allowed it to be more competitive and profitable in the cutthroat pharmaceutical business • Rockwell Collins has been using risk management in its software-intensive avionics projects. 17 % difference in the cost performance index • ... © 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 21
Evolutionsstufen im Risikomanagement
Risiko / Kapital Steuerung Shareholder Value Stufe 3: ERM
Stufe 2:
Strategische Steuerung Portfolio Management
Kapital Allokation
Risk and Return Stufe 1: Risiko Controlling Prävention
Risiko Identifikation
Konsistente Risikoquantifizierung
ier u n i nt Ko
Quelle: Hartmann/CoBa
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
s ze s o r er P h c li Evolutionsstufen im Risk Management
19.06.2006
Seite 22
Paradigmenwechsel: Risikokapital zur Unternehmenssteuerung
Erwartungswert
Frequenz
Standardabweichung
Regulatorisches Kapital
“Risk bearing” capacity
Höhe des “Ökonomischen Kapitals”
€ Erwartete Verluste
Statistische Verluste
“kalkuliert”
Extremereignisse
“Ökonomisches Kapital”
Absorbiert vom “Umsatz”
vom Kapital
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 23
Risk Management Cycle (1) Risk Management Cycle
Risk Identification
Risk Measurement
What are my risks? Where are my risks?
How large are my risks?
Risk Inventory
Probability and Severity of Risks
Risk Monitoring
1
2
4
3
What is the state of my risks? Is my mitigation effective? Position on Risk Landscape Risk Indicator Status Mitigation Action Status
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Risk Mitigation How can I manage my risks? How can I reduce my risks? Avoid & Reduce, Finance & Accept
19.06.2006
Seite 24
Risk Management Cycle (2) Risk Identification
Risk Measurement
Risk Inventory
Probability and Severity of Risks
Operational Risk 2,3
4
6
5
IT
7 7
Risk Monitoring
1
2
4
3
Probability
1
%
Risk Landscape
Risk Tree
Severity
Risk Mitigation
Position on Risk Landscape Risk Indicator Status Mitigation Action Status
Prevent & Reduce
Risk Mitigation Actions
IT Risk Landscape incl. Status
Avoid
High
%
Medium
Low
Overall Risk
High Low
Severity
Mitigation Action List
Reduce
Medium
Pr ob ab ili ty
Status
€
Finance Accept Identified Risk Not Identified Risk
€
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 25
19.06.2006
Seite 26
What kind of risk mitigation strategies do you know?
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Risk Mitigation actions 1. Avoid Æ Strategical
2. Reduce
Mitigation Action List
3. Finance Î Risk transfer Î Alternative risk financing Î Insurance Î Contract terms Î etc.
4. Accept Î Captives etc.
Not identified risks
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Remaining risk
Total risk
Î Personal Î Technical Î Organisational
Seite 27
Probability %
The Cockpit View Monitors the Actual Risk Exposure via Key Risk Indicators
Severity €
History
High Medium Low
Position
R
Reporting
Red / Amber / Green Risk Indicators
Risk Rating
Risk Indicator
Asset Management
B. Application Risk Assessment (dbRAM/ global BCQ)
Asset Management
AM NY
UK LON
DE FFT
SNG
AP SYD
TOK
AM NY
UK LON
DE FFT
SNG
AP SYD
TOK
High
Med
Low
Low
Med
Med
3,6
2,2
1,8
1,3
2,1
2,3
Min
4
2
1
1
3
1
High
4
4
4
3
30
High
Low
Min
Min
Med
B3
Security Design (dbRAM/ global SCS/RISC)
H
10
High
High
High
Med
High
B4
Business Continuity Testing
C
30
Min
Min
Med
B5
Disaster Recovery Testing
H
10
Min
Min
B2
C
Low
Min
2
1
4
4
1
1
3
1
1
Nov Dec Jan Feb Mar
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 28
%
The Risk Landscape Drill Down
Probability
Hypothetical Example
Severity
IT Project Failure
€
Severity
Hardware Failure
€
Severity
€
Software Failure
Severity
€
Data Failure
Probability
Probability
%
%
%
€
Probability
Probability
% Probability
% Probability
%
Severity
Severity
€
Network and Telco Failure
Severity
€
Facility Issue
Risk-Cockpit
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 29
19.06.2006
Seite 30
Regulatory requirements
Market Discipline Pillar III
Supervisory Review Process Pillar II
Minimum Capital Requirements Pillar I
OR Management
Sound Practices for the Management and Supervision of OR
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
Complexity
The continuum of approaches for operational risk
Advanced measurement approach Internal measurement approach Scorecard approach Loss distribution approach
Standardised approach Basic indicator approach Reduction of regulatory capital © 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 31
Main differences between simple versus advanced approaches Simple Approaches
Advanced Approaches
•
Low qualitative standards
•
High qualitative standards
•
Simple calculation formula for the regulatory capital
•
•
No recognition of operational risk transfer actions allowed
Regulatory capital is calculated by use of an internal model. Compliance to quantitative standards is required
•
Recognition of operational risk transfer allowed upto 20 percent of the gross operational risk regulatory capital
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 32
Qualitative standards for Advanced Measurement Approaches Risk Management
Risk Measurement
•
Independent OR function
• Gather operational loss data
•
Active Board involvement
•
Regular reporting on losses and exposures.
• Process for evaluation of OR-data from own mergers
•
Transparent and accessible processes
•
Integrated operational risk management process
•
Internal economic capital calculation
•
Scenario analysis
•
Control of compliance with internal OR guidelines and policies
• Management must explicitly indicate validity of data and quality of OR reports • Clear procedures for use of external data if any • Periodic review or OR methodology and data inputs • Validate EC figures for OR for given time horizon and given percentile • 5 years of historic loss data (3 years if AMA by 2008)
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 33
Regulatory requirements for the recognition of operational risk transfer (insurance) •
The “insurance provider” has a minimum claims paying ability rating of A (or equivalent).
•
The insurance policy must have an initial term of no less than one year. For policies with a residual term of less than one year, the bank must make appropriate haircuts reflecting the declining residual term of the policy, up to a full 100% haircut for policies with a residual term of 90 days or less.
•
The insurance policy has a minimum notice period for cancellation of 90 days.
•
The insurance policy has or, in the case of a failed bank, that preclude the bank, receiver or liquidator no exclusions or limitations triggered by supervisory actions from recovering for damages suffered or expenses incurred by the bank, except in respect of events occurring after the initiation of receivership or liquidation proceedings in respect of the bank, provided that the insurance policy may exclude any fine, penalty, or punitive damages resulting from supervisory actions.
•
The risk mitigation calculations must reflect the bank’s insurance coverage in a manner that is transparent in its relationship to, and consistent with, the actual likelihood and impact of loss used in the bank’s overall determination of its operational risk capital.
•
The insurance is provided by a third-party entity. In the case of insurance through captives and affiliates, the exposure has to be laid off to an independent third-party entity, for example through reinsurance, that meets the eligibility criteria.
•
The framework for recognising insurance is well reasoned and documented.
•
The bank discloses a description of its use of insurance for the purpose of mitigating operational risk.
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 34
Which data needs to be collected to implement the mentioned approaches? Approach BIA STA
ASA
LDA Scen based LDA
Gross income
RWA
entity wide per standard business line
-
per standard business line per standard business line per standard business line
Loss data internal external -
Self-assessment
KRI
-
-
X
-
X
recommended
for some standard business lines
X
-
X
recommended
-
X
X
X
recommended
-
X
X
X
recommended
¾ Gross income is used as a reference in case of partial use of AMA ¾ KRI are only mentioned as examples in the Sound Practices document (therefore „recommended“). If modelling is based on Bayesian statistics, key risk indicators are required
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Which data have to be collected for quantification purposes?
Internal loss data
Basel II requirements: ORX/Fitch
- Internal loss data
- External loss data
–
Basis for risk management (lessons learned)
–
Basis for quantification (LDA)
–
Losses with third parties caused by internal and external events Basis for risk management (lessons learned) Basis for quantification (LDA)
–
•
- Business Environment Factors
Losses caused by internal and external events
–
External loss data
- Internal Control Factors
–
Seite 35
Assessment of the risk potential including the internal control und business environment factors –
Basis for risk management (which processes are mostly exposed to operational risk?)
–
Risk indicators show changes in the internal control factors und business factors Basis for risk management (Avoidance of risk events/damages)
Self-assessment data
–
Risk indicators
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 36
Data collection: internal loss data Definition
¾ Losses are all expenses and financial liabilities caused by an operational risk event. Gains caused by an operational risk are seen as losses with a positive sign.
Targets
¾ Compliance with regulatory requirements ¾ Basis for the risk capital calculation ¾ Support operational risk management by indicating weak spots
Process Identify
Challenges
Open
Investigate
Complete
Approve
Close
¾ Completenes of loss data collection can hardly be proven ¾ Precise classification is not always possible ¾ Grouping of losses caused by the same event is required
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 37
Data collection: external loss data Definition
¾ Losses are all expenses and financial liabilities caused by an operational risk event. Gains caused by an operational risk are seen as losses with a positive sign.
Targets
¾ Compliance with regulatory requirements ¾ Basis for the risk capital calculation ¾ Benchmarking
Process Set relevance
Challenges
Mapping
Scaling
FXConversion
Documentation
Parametrisation
¾ Scaling based on limited information ¾ Completeness of external data ¾ Avoidance of double counting
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 38
Data collection: self-assessment Definition
¾ A structural asessment of risk potential based on a predefined questionnaire, which is executed by process owners by use of interviews or workshops.
Targets
¾ Compliance with regulatory requirements ¾ Basis for the risk capital calculation (scenario data/qualitative adjustments) ¾ Basis for the qualitative risk requirements
Process
Challenges
Analysis existing risk profile
Selfassessment preparation
SelfAssessment execution
Analysis
Action Implementation
New Assessment
¾ Traceable assessment of risk potentials ¾ Complete assessment of risk potentials ¾ Analysis of qualitative data
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 39
Data collection: key risk indicators Definition
¾ Key risk indicators are defined as parameters resulting from business processes or areas and are assumed to be predictive for changes in the operational risk profile of these processes or areas
Targets
¾ Prevent losses caused by operational risk events ¾ Detect unfavourable trends ¾ Compliance with Sound Practices (identification, day-to-day management)
Process
Challenges
Identify risk categories to be monitored
Identify the risk drivers
Transform risk drivers in measures
Define measure as KRI
Collect & analyse data
Follow up
¾ Measurability ¾ Risk sensitivity ¾ Discrimination
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 40
Risk capital model Severity Severity Distribution Distribution Aggregated Aggregated Potential Potential Loss Loss Distribution Distribution Internal loss data
P Parameterisation
ORX/Fitch CORDS
Monte Monte Carlo Carlo Simulation Simulation taking taking into into account account correlations correlations
Frequency Frequency Distribution Distribution
External loss data Qualitative Adjustment SOX Control Assessments Self-assessment data
Risk indicators Risk mitigating actions OR-action data
© 2006 RiskNET / Frank Romeike. All Rights Reserved. RiskNET - The Risk Management Network - www.risknet.de
19.06.2006
Seite 41
Reasons for transfer of operational risk
Low correlations
+
exp loss
•
Regulatoy capital is a measure established at 99,9% quantile
•
The correlations among the various business line-/event type-combinations are low
•
Low correlations cause the effect that operational risk management actions are mainly focussing on the body of the tail, without significant influence on the tail
•
The only way to reduce the risk quantile is therefore risk transfer
quantile