Analysis of BAELL II Recommendations

Analysis of BAELL II RecommendationsCHAPTER 1 INTRODUCTION1.1. Introduction functional venture is delineate as the pretend of injustice resulting from inadequate or failed internal processes, people and dodgings, or from orthogonal events. Financial commercialises in the last two decades cast been lofty-pitchedlighted by large-mouthed-scale financial bankruptcys repayable to in make outnce and fraud, such as Barings, Daiwa, Allied Irish Banks, Orange County, Enron, along with man-made and natural disasters, such as 9/11, Hurricanes Andrew and Katrina. As a consequence, running(a) happen has been acknowledged to overweigh the importance of credit and market guesss.Since 2001, the Basel Committee for the Banking Supervision of the Bank of International Settlements has been requiring banks to set aside restrictive capital amount that would cover potential available loss. The capital amount must be evaluated on a one-year aggregated stem at a sufficiently high confi dence level. Statistical tools argon required to accurately assess the relative frequency and severeness distributions.The presence of so-c all(prenominal)ed low frequency/ high severity events poses problems for the pattern of operable luck and calls for models capable of capturing excessive heavy-tailedness in the info. in operation(p) hazard is one of the important blazon of the chance of exposure circumspection triangle the other two being Credit attempt and Market (Treasury) take a chanceiness. Any judicature, particularly in the banking sector, is squarely exposed to operative risks emanating within or outside the institution.Risk instruction TriangleCredit Risk Market (Treasury) Risk. useable riskoperating(a) risk capital charge is a compulsory requirement in global banking sector. This puts in a lot of stress and strain on a banks concern. useable Risk is also known as Transaction Risk in virtually countries. In order to expeditiously face this spic-an d-span challenge of operational risk in risk care, the prerequisites for efficiently facing the operational risk are enumerated as follows creation of risk culture enterprise wide operational risk awareness. Proactive whole tones at all the levels of operation should operate as a natural rubber valve and in the process, may in turn facilitate get finish up risk capital charge.1.2. place settingRisk partping is often mentioned both in describing various approaches to operational risk management and, in an audit context, in formulating the nominate steps to retain self-assessment, as the cornerstone of the risk appointment process. Yet there is little published guidance on how to perform it effectively and on how to ensure that the resulting map is indeed complete and consistent. In other words, although the term is widely used by bankers, auditors, regulators and consultants alike, and although all these professionalsmay even agree on what constitutes an acceptable t erminal output, they will most likely give widely different explanations on how to get such product, the resources needed and the costs involved.Risk role is arduous for a number of reasons, all of which can be summarized by reminding ourselves that the map is not the territory. No matter how accurate and thorough our analysis is, what really goes on in the transaction is never exactly what is written in the manual. Here are just a few of the key dimensionsPeople Processes are tincted by people, and people, no matter how formalized the process is, adapt, interpret and improvise in response to circumstances.Specialization Very few people really infer a item business process and its interactions with other people and systems within the bank. When one of these people leaves or is just absent for a while, the potential for an operational failure appears.Processes Processes change all the time and any mapping becomes obsolete almost overnight after being completed.In this research , I describe a methodology for the mapping of operational risk with the objective of identifying the risks inherent in the different steps of a business process, selecting the key risk indicators (KRIs) (Hoffman, 2002 Davis and Haubenstock, 2002) and designing the most let control activities. In my approach, therefore, risk mapping is the basis for all the key components of operational risk management identification, assessment, monitoring/reporting and control/mitigation as defined by the Basel Committee on Banking Supervision (2003).There is more than one way to map risks. The most common technique is probably the mapping on a prob strength/severity chart (Figure 1) so as to identify the key priorities for management. The result in most wooings helps to distinguish amidst high severity/low frequency and high frequency/ low severity losses, but which in general gives no denotation as to what management actions to turn over in order to change the existing risk profile. Anot her way is to map the risks to the descriptors of a business activity where they can occur and identify the key risk factors and drivers in the process. This leads to a somewhat more complex result, rich in qualitative information rather than in quantitative assessment, but bad very clear indications as to which parts of the process should be changed in order to make a difference to the overall risk exposure. It also allows for the identification of the KRIs that are more relevant to each risk exposure.Pursuing the application of KRIs to operational risk assessment is suggested by the need to inhibit the various issues we find with purely statistical approaches as well as the impact that managerial closings may have on the operational risk profile. In market and credit risk bill, the key managerial decisions are taken in deciding portfolio composition, thereby affecting the resulting risk profile directly and in a manner that touchstone models have no problem in capturing. In operational risk measurement, on the other hand, managerial decisions may affect the risk profile in a number of different ways ( finished changes in control procedures, systems, personnel, to name but a few), none of which any measurement model can capture in a simple and direct way. Statistical approaches in particular will be at a loss in taking into account such changes, as historical data will reflect a risk and control environment which by and large no longer exists. The requirement of the new Basel Accord (Basel Committee on Banking Supervision, 2004) to base risk assessment on 5 years of historical data if taken too literally will have banks generating risk capital charges on the basis of information largely unrelated to the current and, even less, the coming(prenominal) risk and control environment.1.3. Research QuestionThis work to start with will take a step back and ask the fundamental question of why do banks fail? Further the work shall research the recommendations of BASEL II and will try to seek the answer for Will the BASEL II requirements make the systematic goals of safety and stability more achievable for banks/FIs? If yes, how? If no, how?1.4. MotivationAppropriate Organizational structure is a precondition for orderly management of any activity/ group operative within the purview of organizational capabilities. operable risk management is all pervasive in terms of activities of an organization e.g. if people factor in operational management is poorly managed in a bank, other activities of the bank e.g. credit/market risk management, are likely to suffer . Similarly, legal aspects of any exertion/ function, if loosely dealt with, increases the likelihood of loss to the organization.Organizational structure for operational risk management needs to be compact and all-inclusive-based. The structure must be matched with -an organizations sizecomplexity of trading operations and area of operationsin tune with its risk appetite.The area of operational risk management is a matter of savvy which comes to a lower place(a) the purview of regulatory authorities/banks.Through my research I have tried out to make out a clear and crisp understanding of BASEL II accord for Banks/FIs in operational risk perspective. The work shall also try to suggest the suitable customization of BASEL II recommendations and implications of the same for effectively managing operational risk. It may also lead to forecasting the emerging trends in operational risk and ways to mitigate the same.1.5. Chapter SchemeThe chapter scheme of my dissertation is as followsChapter 2 This chapter describes the literature review and the findings.Chapter 3 This chapter describes research methodology and some of the variables included in data-based analysis.Chapter 4 This chapter provides the basis of qualitative research.Chapter 5 This chapter gives details of case studies analyzed for research purpose.Chapter 6 This chapter discuses the analysis and the findings.Chapter 7 This chapter includes the conclusion.CHAPTER 2 LITERATURE REVIEW2.1. IntroductionUntil very recently, it has been believed that banks are exposed to two main risks. In the order of importance they are credit risk (i.e., counterparty failure risk) and market risk (i.e., risk of loss due to changes in market indicators, such as equity sets, interest rates and exchange rates). Operational risk has been regarded as a mere part of other risks.Operational risk is not a new fantasy for banks operational losses have been reflected in banks balance sheets for more decades. They occur in the banking industry every day. Operational risk affects the soundness and operating efficiency of all banking activities and all business units. We begin our discussion with an explanation of the notion of risk.2.2. Risk and Risk ManagementIn the financial context, risk is the fundamental element that affects financial behavior. There is no unique or uniform definition of risk diff erent financial institutions may define risk slightly differently, depending on the specifics of their banking structure, operations and investment strategies. The definition of risk also depends on the context.In the economics literature, generally risk is not necessarily a negative concept, and is understood as uncertainty about future or the dispersion of actual from anticipate results. In the context of business investment, risk is the excitableness of expected future cash-flows (measured, for example, by the standard deviation), and in the context of the Capital Asset Pricing Model (CAPM) is the risk of asset price volatility due to market-related factors and is captured by . Such definitions do not exclude the possibility of positive outcomes. Hence, for the operational risk we need a different definition.1For the purposes of operational risk modeling and analysis, the definitions from insurance are more appropriate, as the notion of risk in insurance has a negative meaning attached to it. Risk is perceived as the probability and impact of a negative deviation, the probability or potential of sustaining a loss, a condition in which there is a possibility of an untoward deviation from a desired outcome that is expected or hoped for 2, or an expression of the danger that the effective future outcome will deviate from the expected or planned outcome in a negative way 3. As the next step, we need to distinguish operational risk from other categories of financial risk.A comprehensive framework of risk management is applicable equally to all types of bank (Iqbal and Mirakhor, 2007). The process of risk management is a two (2) step process. The initiative is to identify the source of the risk, i.e. to identify the leading variables causing the risk. The second is to devise methods to quantify the risk using mathematical models, in order to understand the risk profile of the instrument.Once a general framework of risk identification and management is develop ed, the techniques can be applied to different situations, products, instruments and institutions.It is crucial for all banks to have comprehensive risk management framework as there is ontogenesis realization among IBs that sustainable growth critically depends on the breeding of a comprehensive risk management framework (Greuning and Iqbal, 2007).A robust risk management framework can help banks to reduce their exposure to risks, and enhance their ability to compete in the market (Iqbal and Mirakhor, 2007). A reduction in each institutions exposure will reduce the systemic risk as well. Hence, it is necessary that banks have in place a comprehensive risk management and reporting process to identify, measure, monitor, manage, report and control different categories of risks.2.2.1. Understanding Risk and Risk ManagementIt is important for staff of banking institutions to understand the aspect of risk in the banking operations and the risks that are inherent and exposed in their bu siness operations. Better understanding of risk management is also necessary especially in the financial intermediation activities where managing risk is one of the important activities. A study conducted by Boston Consulting mathematical group (2001) found that the sole determining success factors is not the technical development but the ability to understand risk strategicalally and also the ability to accost and control risk organizationally. Secondly, in order to realize a risk based management philosophy, the attitude and mindset of the employees need to be changed whereby they must be brought to understand that managing risk is crucial for success. This implies that there must be intensive training, cl archaean defined structures and responsibilities, as well as commitment to change. In addition, it was identify that banks in North America and Australia concentrate on risk management primarily to enhance their competitive positions. Meanwhile in Europe, Asia and particularl y in conspiracy America, risk management is considered primary from the perspective of regulatory requirements.Then, Al-Tamimi and Al-Mazrooei (2007) found that the UAE banks staff have good understanding of risk and risk management, which might give an indication about the ability of these banks to manage risks efficiently in the future. Moreover, understanding risk and risk management had positive effect on risk management get along although it is insignificant.2.2.2. Requirement for Risk ManagementRisk management framework is important for banks. The risk management strategy must be integrated with its overall corporate strategies (e.g. Froot and Stein, 2004). In conjunction with the underlying frameworks, basic risk management process that is generally accepted is the practice of identifying, analysing, measuring, and defining the desired risk level through risk control and risk transfer. BCBS (2001) defines financial risk management as a sequence of four (4) processes (1) th e identification of events into one or more broad categories of market, credit, operational and other risks into specific sub-categories (2) the assessment of risks using data and risk model (3) the monitoring and reporting of the risk assessments on a timely basis and (4) the control of these risks by senior management. BCBS (2006), on risk management processes, require supervisors to be satisfied that the banks and their banking groups have in place a comprehensive risk management process. This would include the Board and senior management to identify, evaluate, monitor and control or mitigate all material risks and to assess their overall capital sufficiency in relation to their risk profile. In addition, as suggested by Al-Tamimi (2002), in managing risk, commercial banks can follow comprehensive risk management process which includes octet (8) steps exposure identification data gathering and risk quantification management objectives product and control guidelines risk managem ent evaluation strategy development executing and performance evaluation (e.g. Baldoni, 2008 and Harrington and Niehaus, 2009).2.2.3. Risk IdentificationThere are few conceptual studies on risk identification of financial institutions (e.g. Kromschroder and Luck, 2008 Luck 2008 Pausenberger and Nassauer, 2000 Tchankova, 2002 Barton et al. 2002 ) and few empirical studies that include risk identification of banks (e.g. Al-Tamimi, 2002 Al-Tamimi and Al-Mazrooei, 2007). Risk identification is the first stage of risk management (Tchankova, 2002) and a very important step in risk management (Al-Tamimi and Al-Mazrooei, 2007). The first task of the risk management is to classify the corporate risks according to their different types (Pausenberger and Nassauer, 2000). The first step in organizing the implementation of the risk management function is to establish the crucial observation areas inside and outside the mint (Kromschroder and Luck, 2008). Then, the departments and the employees must be assigned with responsibilities to identify specific risks. For instance, interest rate risks or foreign exchange risks are the main domain of the financial department. It is important to ensure that the risk management function is established throughout the whole corporation i.e. apart from parent company, the subsidiaries too have to identify risks, analyze risks and so on.Pausenberger and Nassauer (2000) also state that it is well(predicate) for most corporations to implement early warning systems. An early warning system is a special information system enabling the management board to identify risks in time by observing the development of defined indicators (Luck, 2008). Other instruments that could be used to identify risks are checklists of possible disturbances or breakdowns, risk workshops, examination of corporate processes, internal inspections and interviews, loss balance, etc. It is advisable to make use of the knowledge and skill of outdoor(a) experts, for ins tance, forecasts of banks about the development of interest rates or foreign exchange rates. There are many other approaches for risk identification, for instance, scenario analysis or risk mapping. An organization can identify the frequency and severity of the risks through risk mapping which could assist the organization to stay away from high frequency and low severity risks and instead focus more on the low frequency and high severity risk. Risk identification process includes risk-ranking components where these ranking are usually based on impact, severity or dollar effects (Barton et al. 2002). According to him, the analysis helps to sort risk according to their importance and assists the management to develop risk management strategy to allocate resources efficiently.2.3. Operational RiskOperational Risk is one of the important arms of the risk management triangle -the other two being Credit Risk and Market (Treasury) Risk. Any organization, particularly in the banking sector , is squarely exposed to operational risks emanating within or outside the organization (Levine and Hoffman, 2004).There was no precise definition of operational risk until Basel Accord II came into being in June 2004. Furthermore, for the first time in the history of global banking, operational in capital charge has been made a mandatory requirement in banking. This certainly puts in a lot of stress and strain on a banks management.Operational Risk is also known as Transaction Risk in some countries in order to efficiently face this new challenge in risk management, the prerequisites are -creation of risk culture and enterprise wide operational risk awareness. Proactive steps at all the levels of operation will operate as a safety value and in the process, may facilitate lower risk capital charge (Bagchi, 2006).As it has been mentioned that until the release of Basel Accord II in June 2004, there was no universal definition of operational risk in banking (Anna et al., 2007) . It wa s generally believed that as risk would mean loss in any event or transaction, any risk other than credit risk and market risk would have to be reckoned as an operational risk, without the need of creating any separate identity for such risk. However this way of looking at operational risks is dangerously vague. Prof Hans Geiger, an international authority on risk management, has viewed operational risk from a direct angle and an indirect angle as underIndirect Angle Operational risks are all those risks which cannot e classified as credit risk or market risk.Direct Angle Operational risk is an expression of the danger of unexpected direct or indirect losses resulting from inadequate or failed internal processes, people and systems and from external events.Basel Accord II has laid down the following definition for adoption by the countries and hence this should be treated as a standard definition of operational riskOperational risk is the risk of loss resulting from inadequate or fa iled internal processes, people and systems or from external events. This definition includes legal risk but excludes strategic and reputation risk. (Bagchi, 2006)2.3.1. Reasons for Increasing Focus on Operational Risk Management* On going spate ( sudden trend flow) of financial deregulation procedures due to globalization.* Influence of technology and automation in managing business with other side effects.* Complex organizational structures arising out of re organization of business enterprises (e.g. merger/ de -merger etc.).* Opportunities for business process outsourcing.* Growing complexity of products/services, as banks now provide total business services and employ CRM (Customer Relationship Management) in their business activities.* With liberalization and globalization, banks compete very hard with each other for business.* Capital allocation for operational risks is a prime requisite for todays business organizations.2.3.3. Operational Risk Vs Operations RiskOperational Risk has a wider coverage wherein process, people, systems etc. of an organization are also considered. In general while operational risk is analogous to operations risk, in the context of risk management, they are not alike as will be evident from the following tableTable 1 trait between Operational Risk and Operations RiskAccording to the Kenneth Swensen of Federal Reserve Bank of Chicago, there is a clear demarcation between operational risk and operations risk, from the viewpoint of relative risk contents.Operational risk should deserve special attention for an organization so that its procedures become full Basel Accord II compliant.He remark regarding Basel II is , under Basel II, if you are not moving forward, you are losing ground.The distinctions are clearly mentioned below Operational RiskOperations Risk1. Operational Risk encompasses enterprise wide risk of loss arising out of inadequate, failed internal processes, people system or from external events.1. Operations Ris k encompasses risk by loss arising out of back office reconciling processes and does not generally cover front office functions.2. integrate risk management is the watch dog of such risk management function in the organization2. Internal audit Department usually manages such risks. It is the first line of defense.3. Basel Accord II specifies capital charge computation based on three approaches evolved for the purpose.3. There is no requirement for any specific capital charge.4. The organization must prepare and periodically update on operational risk policy mentioning, and should frame a computation method of measurement of operational risk capital.4. There is no need for any specific policy document since each organization is guided by its manual/ guard of instruction.5. Regulatory Authority under pillar II has the responsibilities to review enterprise wide operational risk management of the organization.5. Regulatory Authorities do not have any Pillar II responsibility. They ma y review operation risk as an ingredient of operational risk.6. Corporate disposal study must take into account operational risk management of an organization especially the effect of any human error/skill deficiency aspects.6. Corporate Governance angle does no form part of operations risk.2.3.4. Distinction between Operational Risk and Operational CrisisOperational risk is an all inclusive concept covering - intra -organizational ( internal ) risks such as those related to people, processes and systems external events such as natural calamities, terrorism etc.In case of extreme external events such as natural catastrophes, there is no real distinction between operational risk and operations risk since such an event requires crisis management initiative. But a routine operational risk management drug requires operational crisis management to avert serious consequences.The points of distinction are enumerated as underOperational RiskOperational Crisis1. Operational Risk includes elements of Expected and unexpected (expected loss such as loss in process errors of say 0.1% of common income).1. Operational Crises covers only unexpected loss.2. The continuity of business is not affected if some operational risk events do not have serious implications on organizations position (say, internal fraud of 0.1% of annual net profit).2. An organizations continuity may be seriously affected if the crisis event is catastrophic.3. Operational risk management dose not generally imply disaster recovery.3. Operational crisis management generally involves disaster recovery.4. Operational risk factors do not generally trigger off reputational risk (a minor processing error in a customers savings account may not effect the banks reputation).4. Crisis event may sometimes (e.g. product failure, contamination etc., Union Carbide Gas leak incident in MP) triggers off reputational risk leading to fall in market share, equity share price etc.5. Operational risk management in genera lly concerned with two phasesi. incidentii. recovery5. Operational crisis management generally involves three phasei. incidentii. recoveryiii. continuity6. Operational risk may not always turn out to be a danger.6. Operational crisis is generally of a moment of danger.2.3.5. Effective way of managing Operational RiskPoor operational risk management, especially in the banking sector, may generate serious financial losses caused by external/internal fraud, system failure, and other related operational lapses. Damage to a banks reputation, even if it is a private bank, may also be severe. Effective operational risk management provides boosts sale by taking care of the following It tends to minimize severity or frequency of operational risk loses. It creates a mechanism to optimize operational effectiveness throughout the bank. Various business portfolios are better managed if the processes, systems and procedures are sound, together with people strength. Strategic decision making by senior management is supported by a robust risk management system. It ensures business continuity, as there are high probabilities of unexpected operational events owing to changing trends and globalization. Capital allocation can be optimally utilized to the advantage of the bank.2.3.6. Traditional Vs Modern Approach of Operational Risk ManagementTraditional Operational Risk ManagementBanks were managing operational risks in a traditional manner, going by the belief that such risks are really residual risks that remain after the dominant risks of credit risk and market risk have been taken care of .Hence meager attention was protracted to managing operational risks.Under the traditional approach, routine operational controls in banking were mainly through internal checks, balancing of ledgers, careful recruiting process etc. Audit and ossification aspects. Insurance against risks was resorted to where necessary.Modern Operational Risk ManagementOperational risk management in bank ing took the shape of modern approach with the release of Basel Accord II ( recommendations on banking laws and regulations ) in June04.Modern approach of operational risk management aims at creating and maintaining an effective operational risk management strategy. This approach involves the following elements practical measurement framework on operational risk factors as against sole reliance on internal checks, auditors etc. Operational risk losses calculated and summarized on the basis of past loss data and estimate for the future forms the core of strategic decision making especially for developing a new product or for encouraging a new technology. Quantification of various operational risk factors facilitates optimal capital allocation. Staff skill development exercise on an regular basis enables better output with lesser probability of errors and losses.2.3.7. Operational Risk A Challenge to Financial Institutions and RegulatorsOperational Risk exhibits more severity than C redit Risk, Market Risk Liquidity Risk. Global Association of Risk Professionals (GARP) has also undertaken a number of new initiatives to educate the organizations about the Operational risk.Operational Risk is capable of eroding the complete organization and can cause huge loss on the reliability factor of the financial company. As per GARP, Operational risk shall be the single largest risk facing the financial industry the world over by the year 2010. The most difficult part in managing operational risk is the fact that the threats and challenges can originate and spread at the speed of thought in operations of a Bank.The financial industry is growing all over the world in spite of the poor economic indicators forcing stricter regulations, policies and thus prompts greater awareness of the various challenges faced by financial industry.Operational risk ( especially for financial industry )should be placed at the highest level of attention in order to ensure smooth functioning of the organization as it can hamper the organizations future growth.Regulators formulating the policies and regulations for effective management of operational risk are faced by the following challenges - Ever changing requirements of policies. Policies are expensive to start and implement at the workplace. They also hamper the normal functioning of financial organization and requires trainings across all verticals. Employee and customer participation is difficult to managed.2.3.8. Operational Risk and Financial OrganizationsAdvent of newer and convenient technology for various processes and tasks has made - our financial system has become more susceptible to attacks by hackers and viruses.The system needs to quarantined ( detained) for all possible leak holes and if found must be plugged immediately because of the following reasons - The financial system is the backbone of miserliness for any country or region. It is the system that makes the economy grow and maintain its track. It is of prime importance that the operational risk at this industry must be managed with utmost care.With increasing level of pilferage at the financial system,