Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1 1
Risk, Return and Capital
• Risk is related to amount of capital that the firm requires to achieve a sufficient level
of protection against adverse circumstances.
• Risk is used to adjust the returns from business activities to determine whether
activities are adding value to business.
2
Risk, Return and Capital
3
4
• Basel Committee view,
“It is clear that operational risk differs from other banking risks in that it is
typically not directly taken in return for an expected reward but exists in the
natural course of corporate activity and that this affects the risk management
process”.
5 5
Market Risk Credit Risk Operational Risk
Level of Observation Trading Desk-Treasury and Loan Portfolio- Credit Through out the Bank-
Market risk Department Business Lines
6 6
Operational Risk Measurement and Management: BLET
Matrix
7
Operational Risk Management Framework
8
Basel and RBI Consultation Process
10
Definition of Operational Risk (Basel II)
Operational risk is defined as “the risk of loss resulting from inadequate or failed internal
process, people and systems or from external events.” (BCBS, 644)
11 11
Causes & Consequences: We tend to only focus on the loss Events without giving
serious thought to their cause AND their consequences.
12 12
s
Loss Event Type Category (Annex-9)
Event Type Category Definition
Internal Fraud Losses due to acts of a type intended to defraud, misappropriate property or circumvent
regulations, the law or company policy, excluding diversity / discrimination events, which
involves at least one internal party.
External Fraud Losses due to acts of a type intended to defraud, misappropriate
property or circumvent the law, by a third party.
Employment Practices Losses arising from acts inconsistent with employment, health or safety laws or agreements,
and Workplace Safety from payment of personal injury claims, or from diversity / discrimination events.
Clients, Products & Losses arising from an unintentional or negligent failure to meet a professional obligation to
Business Practices specific clients (including fiduciary and suitability requirements), or from the nature or design of
a product.
Damage to Physical Losses arising from loss or damage to physical assets from
Assets natural disasters or other events
Business Disruption and Losses arising from disruption of business or system failures
system failures
Execution, delivery & Losses from failed transactions processing or process management, from relations with trade
Process Management counterparties and vendors
13 13
Examples: Event Classification
14
A loss event is an operational loss event is determined by the causes rather than
consequences of an event.
Absa Group Limited (Absa), hackers stole R530 000 by hacking 10 Absa clients' bank
accounts
The bank provides internet banking service and many of the bank’s clients have availed this.
Two months back, hackers sent emails to many of the bank’s client which contained type
of computer virus called a Trojan horse, which downloads automatically as soon as email
is opened. This resulted in giving away security cods such as passwords, account no. and
PINs to him and he managed to steal money from customer’s bank account.
15 15
Loss Event Type Category (Annex-9)
Event Type Category (Level-1) Categories (Level-2) Activity Example (Level – 3)
Internal Fraud Unauthorized Activity, Theft and Fraud Transaction not reported, Fraud, Bribe
External Fraud Theft and Fraud, System Security Theft/robbery, Hacking damage, theft of information
Employment Practices and Workplace Safety Employee Relation, safe environment Compensation, termination issue, workers
compensation
Clients, Products & Business Practices Suitability, Disclosure & Fiduciary, Improper Breach of privacy, failure to investigate client per
Market Practices guidelines, exceeding client exposure limits
Damage to Physical Assets Disaster & other Events Natural disaster losses, terrorism
Execution, delivery & Process Management Transaction Capture, Execution, Customer Data entry error, Failed mandatory reporting obligation,
Documentation, Vendor & Suppliers legal documents missing
16 16
Data Puddle: An Issue
• Data ‘puddles’ occur when the loss event being analysed can be correctly classified into
more than one risk category. Example:
- The Officer breached the control limits related to portfolio, sector or borrower unit. (Internal Fraud/
CPBP)
17 17
Taxonomy: From Definition to Causes
18
Taxonomy: To Loss Event Type Category
60
50
40
30
20
10
0
IF EF EPWS CPBP DPA BDSF EDPM
19
• The data breach of 2017 was the cyber attack on credit reporting
agency Equifax, which compromised personal information including
names, social security numbers, driving license numbers, credit card
numbers and personal documents, relating to an estimated 145
million individuals.
• SAS Software (From March 2011-13)
• Clients, products and business practices event leads to highest losses
(Amount)
21
Taxonomy: To effect types
• P&L Effect (in case of operational risk loss events).
• Reputation Damage
• Near Misses
22 22
• The teller paid a cheque of Rs. 1,00,000 with single signature in the account. In actual,
the operational instruction were joint. Later on, the branch official approached the
customer and requested the second signatory to sign the cheque and the issue was
solved.
• A branch had given advance of Rs. 50,000 for cultivation purpose and the borrower
returned the amount as per agreed terms. Again the loan of Rs 50,000 was given against
collateral (land). Later the customer’s brother visited the branch and had inform the
officials that the collateral is joint property and gave the letter to branch stating that he
will not pay any liability.
23 23
A bank’s spokesman said the programming errors have caused the bank
accounts of 823 customers to be credited with $924,844,208.32 each.
Though the error was corrected and all funds were recovered. But this
considered to be the largest such error in banking history.
24
Profile of Losses on the basis of Basel Assets Class
• Under Basel II, risk weights vary depending upon Assets Class. The broad classification
is ‘Wholesale Banking’ and ‘Retail Banking’. RBI guidelines suggests that the
mapping of activities into business lines for operational risk capital purposes must be
consistent with the definitions of business lines used for regulatory capital calculations
in other risk categories, i.e. credit and market risk.
25
0
10
20
30
40
50
60
Corporate
Finance
Trading and
Sales
Retail
Banking
Commercial
Banking
Payment and
Frequency (%)
Settlement
Agency
Services
Severity (%)
Assets
Loss Data Collection Exercise, 2008
Management
Retail
Brokerage
Unallocated
26
• As per Basel II, how many types of business lines are identified in
BLET matrix?
• A: Seven
• B: Eight
• C: Six
• D: Four
• Recognition of insurance mitigation as percentage of operational risk
capital charge under Advanced approach i.e. AMA is limited to:
• A: 10 percent
• B: 15 percent
• C: 20 percent
• D: 12 percent
• Amount withdrawn from customer account through lost ATM card,
which was reportedly informed to ATM cell for hot listing, but not
done. This incidence will be classified as:
• A: EDPM
• B: EF
• C: CPBP
• D: IF
• Which among the following topped in the list in causing operational
risk to banks in the world as per survey of Risk professionals in 2019:
• A: People
• B: Process
• C: External Events
• D: System
It includes legal risk, but excludes strategic and reputation risk.
Legal Risk includes, but not limited to, the risk of loss resulting from failure to comply
with laws, prudent ethical standards and contractual obligation. It also includes the
exposure to litigation from all aspects of an institution's activities.
Strategic risk is the current and prospective impact on earnings or capital arising from
adverse business decisions, improper implementation of decisions, or lack of
responsiveness to industry changes.
31 31
• One bank official is held for fraud every four hours in a public sector bank (PSB),
an analysis of data compiled by The Times of India, based on a Reserve Bank of
India (RBI) report, revealed.
• Financial Stability Report, called frauds in banks and financial institutions as
“one of the emerging risks to the financial sector.”
34
•ICICI showed the highest number of fraud cases of 6,811, involving Rs 5,033.81 crore.
•SBI: 6,793 frauds of Rs 23,734.74 crore.
•HDFC: 2,497 cases of Rs 1,200.79 crore.
•Bank of Baroda: 2160 cases of Rs 12,962.96 crore.
•PNB: 2,047 frauds of Rs 28,700.74 crore.
•Axis Bank: 1,944 frauds involving RS 5,301.69 crore.
•Bank of India: 1,264 frauds of Rs 5978.96 crore.
•Standard Chartered Bank: 1,263 cases involving Rs 1221.41 crore.
•Canara Bank: 1,254 cases of Rs 5553.38 crore.
•Union Bank of India: 1,244 frauds of Rs 11,830.74 crore.
•Kotak Mahindra: 1,213 cases involving Rs 430.46 crore.
•Indian Overseas Bank: 1,115 frauds involving Rs 12,644.7 crore.
•Vijaya Bank: 639 cases involving Rs 1,748.9 crore.
•OBC: 1040 cases of Rs 5,598.23 crore.
•Yes Bank: 102 cases of Rs 311.96 crore
•United Bank of India: 944 cases of Rs 3052.34 crore.
•State Bank of Mysore: 395 cases of Rs 742.31 crore.
•State Bank of Patiala: 386 cases of Rs 1178.77 crore.
•Punjab and Sind Bank: 276 cases of Rs 1154.89 crore.
•UCO Bank: 1081 frauds of Rs 7104.77 crore.
•Tamilnad Mercantile Bank: 261 cases of Rs 493.92 crore.
•Lakshmi Vilas Bank: 259 frauds Rs 862.64 crore.
•State Bank of Travancore: 274 cases of Rs 694.61 crore.
•Jammu and Kashmir Bank: 142 cases of Rs 1639.9 crore.
•Industrial Finance Corp of India: 9 cases of Rs 671.66 crore.
•Dhanlakshmi Bank: 89 cases of Rs 410.93 crore. 35
Trends relating to GNPAs Ratio and Rate of Recovery for Banks in India
36