Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 ·...

62
1 Operational Risk Management & Modelling กกก The Basel II AMA Framework Poomjai Nacaskul, Ph.D. Financial Institutions Policy Group, the Bank of Thailand FIPG Internal Seminar 28 November 15 December 2006 ก Basel II AMA . ก ก .

Transcript of Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 ·...

Page 1: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

1

Operational Risk Management & Modelling ก�����ก�����ก������� �!!"#�$%&'() �*�+,-.!�/.ก��

� The Basel II AMA Framework

� Poomjai Nacaskul, Ph.D. Financial Institutions Policy Group, the Bank of Thailand

� FIPG Internal Seminar

� 28 November ����15 December 2006

� ก��! Basel II AMA

� ��.JK$L� +�"&กM�&�)+N)!�)&O�!�+ก��% .+ P+�"���QR ,��%STUS)

� ก��&�$$+�V�)L+ &+&.

� WX JYT�.ก�)+ ����Z P�+#�"$ W[\]

Page 2: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

2

Presentation Outline

� I. Introduction� Slide 3 _ Slide 18

� II. Modelling Methodology� Slide 19 _ Slide 40

� III. Capital Adequacy Regulation� Slide 41 _ Slide 60

� Bibliography� Slide 61 _ Slide 62

Page 3: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

3

Part One

INTRODUCTION

Page 4: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

4

Risk & Risk Management

� Risk ≡≡≡≡ {POSSIBILITY; PROBABILITY; UTILITY}� Ask: which of these would be subject to adjustment/alteration/manipulation?

� Financial Risks : � Proxy for (monotonic w) utility measured/quoted in monies/monetary units,

� arisen from/rooted in financial market variables/institution factors,

� managed/mitigated by means of financial techniques/tools, and/or

� seen as/deemed to be intrinsic/integral to financial markets/institutions.

� Risk Management Processes : IDENTIFY/define ���� MEASURE/assess ���� MITIGATE/manage ���� REVIEW/report

Page 5: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

5

Utility Theory of Risk

� Risk has upside as well as downside, so why is it undesirable?

� Utility Theory [Neumann & Morgenstern (1947)]� Certainty Equivalence Principle/Probability/Prior :

� 100%Pr(1-./.) + 0%Pr(0-./.) ~ 1-./.⇒⇒⇒⇒ U(1-./.) = 1

� 90%Pr(1-./.) + 10%Pr(0-./.) ~ 0.5-./.⇒⇒⇒⇒ U(0.5-./.) = 0.9

� 1%Pr(1-./.) + 99%Pr(0-./.) ~ 10,000/.⇒⇒⇒⇒ U(10,000./.) = 0.01

� .02%Pr(1-./.) + 99.98%Pr(0-./.) ~ 400/.⇒⇒⇒⇒ U(400/.) = 0.0002

� 0%Pr(1-./.) + 100%Pr(0-./.) ~ 0-./.⇒⇒⇒⇒ U(0-./.) = 0

� Risk Appetite/Attitude/Aversion :� U(0.5-./.) = 0.9 > 0.5 = E[50%Pr(1-./.) + 50%Pr(0-./.)] ⇒⇒⇒⇒ risk averse

� U(10,000/.) = 0.01 = 0.01 = E[1%Pr(1-./.) + 99%Pr(0-./.)] ⇒⇒⇒⇒ risk neutral

� U(400/.) = 0.0002 < 0.0004 = E[.04%Pr(1-./.) + 99.96%Pr(0-./.)] ⇒⇒⇒⇒ risk seeking

Page 6: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

6

Defining Market & Credit Risks

� Market Risk ≡≡≡≡ opportunity/possibility & probability of financially relevant gains/losses due to movements in the financial-market and monetary-economic variables, namely interest/exchange rates, equity/commodity prices, etc.

� Credit Risk ≡≡≡≡ opportunity/possibility & probability of financially relevant losses (but occasionally gains) due to Credit Events : � For bank loans : obligor defaults (incl. counterparty/settlement),

recovery/collateral, drawdown risks, respectively ~ PD, LGD, EAD.� For defaultable bonds : default + (credit rating) downgrade risks.� For credit derivatives : single-obligor events (i.e. CDS & CLN pricing),

multi-obligor events (i.e. multi-name CDS & CDO pricing), etc.

Page 7: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

7

Defining Operational Risk

� Operational Risk ≡≡≡≡ opportunity/possibility & probability of financially relevant losses due to {failures, frauds, errors} as well as {random accidents, natural catastrophes, manmade disasters}, whence leading to {damages, disruptions, incursions}, thereby negatively impacting {financial conditions, business conduct, institutional integrity} overall.� According to the Basel Committee on Banking Supervision (BCBS)xs

New Capital Accord (Basel II) : risk of loss resulting from inadequate/failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic risk & reputational risk.

Page 8: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

8

Operational Risk Management (ORM)

1. ก��!ก�����ก��"#�$%&'() �*�+,-.!�/.ก�� (Operational Risk Management Framework)

2. ��!!#������!"#�$%&'() �*�+,-.!�/.ก�� (Operational Risk Measurement System)

3. ��%!')!#.P'����� �!!"#�$%&'() �*�+,-.!�/.ก�� (Operational Risk Modelling Methodology)

4. ,y���)z�!�!!����� "#�$%&'() �*�+,-.!�/.ก�� (Operational Risk Model Drivers)

Page 9: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

9

BCBS (2003), Sound Practices

� Introduction� PRINCIPLES ⇒⇒⇒⇒ FRAMEWORK for effective Management & Supervision� to be used by Banks & Supervisory Authorities when evaluating

Operational Risk Management (ORM) POLICIES & PRACTICES.

� Background� Deregulation/globalisation of financial services + growing sophistication of

financial technology ⇒⇒⇒⇒ more COMPLEX bank ACTIVITIES & RISKprofiles, e.g. automation, e-commerce, post-M&A integration, large-volume service provider, risk mitigation techniques, outsourcing

� Event TYPES: i. Internal Fraud, ii. External Fraud, iii. Employment/Safety,iv. Clients/Products/Business Practices, v. Physical-Asset Damages, vi. Disruption/Failure, vii. Execution/Delivery/Process Management

Page 10: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

10

BCBS (2003), Sound Practices (2)

� In the past, Banks relied on Internal Control/Audit Function; now there emerge STRUCTURES & PROCESSESto address OR as a distinct class.

� Sound Practices� OR : not directly taken in return for an expected reward� ORM : Identification ���� Assessment ���� Monitoring ���� Control/Mitigation� BCBS structured the sound practice paper around 10 PRINCIPLES.

� Developing an Appropriate Risk Management Environment� Board & Senior Management to create ORGANISATIONAL CULTURE

that emphasises high standard of ETHICAL behaviour and establishes expectation of INTEGRITY for all.

Page 11: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

11

BCBS (2003), Sound Practices (3)

� Principle 1 : Board of Directors aware of "a distinct risk category"� Board to approve firm-wide Operational Risk Management Framework (ORMF).

� Appropriate DEFINITION of OR

� Board to establish management STRUCTURE.

� Board to REVIEW.

� Principle 2 : Board of Directors ensures ORMF subjected to Internal Audit� Board should have in place ADEQUATE Internal Audit coverage.

� Board to ensure INDEPENDENCE of the Audit Function.

Page 12: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

12

BCBS (2003), Sound Practices (4)

� Principle 3 : Senior Management responsible for IMPLEMENTING ORMF� Translate ORMF into specific POLICIES/PROCESSES/PROCEDURES

� Ensure QUALIFIED Staff & INDEPENDENT Compliance Units.

� Ensure OR Managers COMMUNICATE w Credit/Market Risk Managers.

� Ensure REMUNERATION policies consistent w bank's appetite for risk.

� Pay particular attention to the QUALITY of DOCUMATATION Controls& TRANSACTION-Handling Practices.

Page 13: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

13

BCBS (2003), Sound Practices (5)

� ORM: Identification, Assessment, Monitoring, and Control/Mitigation� Principle 4 : IDENTIFY & ASSESS

� Paramount step: consider both INTERNAL & EXTERNAL FACTORS.

� Identify not just most potentially adverse risks, but also VULNERABILITY to them.

� TOOLS for identifying & assessing OR: (1) Self Risk Assessment, (2) Risk Mapping, (3) Risk Indicators, (4) Measurement (e.g. Loss Data), etc.

Page 14: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

14

BCBS (2003), Sound Practices (6)

� Principle 5 : MONITOR� Essential: PROMPT detecting & addressing deficiencies

can reduce potential frequency and/or severity.

� Bank to develop forward-looking Key Risk/Early Warning Indicators.

� Monitoring FREQUENCY to reflect risks, frequency & nature of changes in the OPERATING ENVIRONMENT.

� Senior Management to receive regular REPORTS.

� Board to receive higher-level INFORMATION.

Page 15: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

15

BCBS (2003), Sound Practices (7)

� Principle 6 : CONTROL and/or MITIGATE� To control and/or mitigate, or to BEAR the risks?

Or to reduce or withdraw involvement in the activity?

� Board & Senior Management to establish strong Internal Control CULTURE.

� Requires segregation of duties and avoid CONFLICT OF INTEREST.

� Bank to ensure appropriate INTERNAL PRACTICE to control OR.

� OR pronounced where banks engage in NEW, UNFAMILIAR ACTIVITIES, especially outside their CORE BUSINESS STRATEGIES.

� There exists uncontrollable LOW-PROB HIGH-IMPACT OR, e.g. natural disasters.

� Risk Mitigation Tools = COMPLEMENT, not replacement for control.

Page 16: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

16

BCBS (2003), Sound Practices (8)

� Increased AUTOMATION could transform high-frequency, low-severity into low-frequency, high-severity.

� Bank to establish POLICIES for managing OUTSOURCING risks.

� Bank to understand potential impacts from VENDORS and other THIRD-PARTY/INTRA-GROUP service providers.

� Decision to self-insure risk to be TRANSPARENT within the organisation and CONSISTENT with overall business strategy & risk appetite.

� Principle 7 : CONTINGENCY & Business CONTINUITY plans� Bank to establish DISASTER RECOVERY & BUSINESS CONTINUITY plans.

� Bank to identify CRITICAL BUSINESS PROCESSES.

� Bank to conduct REVIEW.

Page 17: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

17

BCBS (2003), Sound Practices (9)

� Role of Supervisors� Principle 8 : REQUIRE banks to have in place�

� Supervisors to require banks to develop ORMF & encourage banks to develop better TECHNIQUES.

� Principle 9 : Conduct EVALUATION� Examples of independent evaluation: �� For FINANCIAL GROUPS, Supervisors to seek to ensure

appropriate & integrated ORM throughout.� Supervisors to address DEFICIENCIES IDENTIFITED

through a range of ACTIONS.� Supervisors to take ACTIVE ROLE in encouraging

ongoing internal development efforts �

Page 18: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

18

BCBS (2003), Sound Practices (10)

� Role of Disclosure� Principle 10 : "� sufficient public disclosure to allow market participants

to assess � [banks'] approach �"� BCBS recognises: timely & frequent PUBLIC DISCLOSURES

lead to enhanced market discipline, hence more effective ORM.

� BCBS believes: bank should disclose its ORMF, even if still undergoing development.

Page 19: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

19

Part Two

MODELLING METHODOLOGY

Page 20: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

20

Mathematical & Probabilistic Models

� A Mathematical Model : � Output = Function(Input; Parameter)� Specification vs. Estimation/Calibration tasks

� w.r.t. estimation, think historical volatility� w.r.t. calibration, think implied volatility� training vs. validating vs. testing data

� A Probabilistic Model : � Random Variable : X in {x}, X ~ Distribution(θθθθ), i.e. θθθθ is the parameter.

� Discrete vs. Continuous vs. Discrete-Continuous (Mixed) distributions

� Cumulative Distribution Function : F(x) = F(x;θθθθ) = Pr(X < x)� Probability Mass/Density Function (p.m.f./p.d.f.) : p(x) = Pr(X = x) & f(x) = dF(x)/dx

Page 21: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

21

Distributional Information

� Distributional Information extracted from/used to construct F(x) : � << � statistic x group>> : means µµµµ = 1st moment, mode, median, variance

σσσσ2 = 2nd central moment), std. deviation σσσσ, skewness (3rd), kurtosis (4th)� << � metric x group>> : inter-quartile range, m-Sigma distance from means,

the 100(1-αααα)% confidence interval (CI) ���� Value-at-Risk (VaR), the conditional mean exceedance (CME) ���� Expected Shortfall (ES)

� << � functional x group>> : modality (i.e.whether f(x) is unimodal, bimodal/multimodal), quantile function, limiting tail distribution

� The levels/types of information depends on application requirements.� This, in a sense, is how increasing model sophistication pays for itself.

Page 22: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

22

Descriptive Statistics

DESCRIPTIVE STATISTICS � MEANINGFUL DATA SUMMARY

Reporting sampled data via �an expensive long distance telephone call�

� MEASURES OF CENTRAL TENDENCY

(SAMPLE) MEAN ∑=

≡n

iix

nx

1

1

(SAMPLE) MEDIAN

Ι∈+=

Ι∈=

+

=+

+

mmnx

mmnxxx

n

nn

ileth

,12

,22

1

2

1

122%50

� MEASURES OF VARIATION or DISPERSION

MEAN ABSOLUTE ∑=

−n

ii xx

n 1

21 & MEAN SQUARED ( )∑

=

−n

ii xx

n 1

21

DEVIATIONS

VARIANCE ( )∑=

−−

≡n

ii xx

nS

1

22

1

1 & STANDARD DEVIATION

2SS =

RANGE minmax xx − & INTERQUARTILE RANGE ileile thth xx%25%75

� MEASURES OF ASYMMETRY

SKEWNESS

( )3

1

3

S

nxx

Skew

n

ii∑

=

−≡

For a positively (negatively) skewed distribution, the mean is greater (less) than the

median.

� MEASURES OF FAT-TAILEDNESS

KURTOSIS

( )4

1

4

S

nxxKurt

n

ii∑

=

−≡

A distribution with kurtosis less than/equal to/greater than the /benchmark1 value 3

is said to be a PLATYKURTIC/MESOKURTIC/LEPTOKURTIC distribution.

Page 23: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

23

Probability DistributionPROBABILITY � CONDITIONAL PROBABILITY & BAYES5 THEOREM

� CONDITIONAL PROBABILITY & BAYES� THEOREM:

)|Pr()|Pr(

)Pr(

)Pr(

)Pr()|Pr(

cABAB

BA

B

BABA

+

∩=

∩= (1)

� INDEPENDENT random variables:

)Pr()Pr(

)Pr()Pr()|Pr()Pr()Pr()Pr( A

B

BABABABA =

⋅=⇒⋅=∩ (2)

PROBABILITY � DISCRETE, CONTINUOUS, AND CUMULATIVE DISTRIBUTION

� CUMULATIVE DISTRIBUTION FUNCTION (c.d.f.):

1)()Pr()( =∞∋≤= FxXxF (3)

Note:

)()()Pr()Pr()Pr(

)(1)Pr()Pr()Pr(

aFbFaXbXbXa

xFxXSxX

−=≤−≤=≤<

−=≤−=≥ (4)

� PROBABILITY MASS FUNCTION (p.m.f.):

1)Pr()Pr()()Pr()( ==≤==∋== ∑∑≤ axa

aXaXxFxXxp (5)

� PROBABILITY DENSITY FUNCTION (p.d.f.):

1)()()()( =≤=∋ ∫∫∞

∞−∞−

dxxfdttfxFxfx

(6)

� Hence the FUNDAMENTAL THEOREM OF CALCULUS:

)()()()()(

)( aFbFxFdxxfdx

xdFxf

b

a

b

a

−==⇒= ∫ (7)

Page 24: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

24

Distributional MomentsPROBABILITY � EXPECTATION & MOMENTS OF DISTRIBUTION

� POPULATION (TRUE) MEAN, VARIANCE, STANDARD DEVIATION,

COVARIANCE, CORRELATION:

[ ]( )[ ]

[ ]( )

[ ]( )

[ ]( ) [ ]( )[ ]]1,1[

)()(

),(),(

),(

)()(

)(

)()(

)(

)(][)(

,

,

2

2

22

+−∈⋅

≡=

Ε−Ε−Ε≡=

≡=

Ε−

Ε−=Ε−Ε≡=

=Ε≡=

∑∫∑

∞−

∞−

YStdDevXStdDev

YXCovYXCorrel

YYXXYXCov

XVarXStdDev

dxxfXx

xpXxXXXVar

continuousXdxxfx

discreteXxpxXXMean

YX

YX

X

j jj

X

j jj

X

ρ

σσ

σ

µ

(1)

� In practice, it5s actually more computationally convenient to use an equivalent variance

formula:

[ ]( )[ ] [ ] [ ]222 XXXX Ε−Ε=Ε−Ε (2)

� Expected Value & Variance of a LINEARLY TRANSFORMED random variable:

)()(

][][2 XVabaXV

bXabaX

=+

+Ε=+Ε (3)

� Expected Value & Variance of a SUM of random variables:

),(2)()()(

][][][

YXCovYVXVYXV

YXYX

++=+

Ε+Ε=+Ε (4)

� For INDEPENDENT r.v.5s:

)()()(0),( YVXVYXVYXCov +=+⇒= (5)

Page 25: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

25

Distributions begets Distributions

� Additional distributions derived from F(x) : � Bayesian/Mixture Model : when θθθθ in F(x;θθθθ) is itself a random variate.

� e.g. Negative Binomial = λλλλ-Gamma mixture of Poisson(λλλλ)

� Convolution : F(x) = Gn*(x) = distribution of sum of n independent, generally identically distributed random variables (i.i.d.r.v.)� i.e. n too small to be using the Central Limits Theorem (C.L.T)

� Compound Distribution : distribution of sum of N independent, invariably identically distributed random variables, where N is itself a random variate.� e.g. sum of Gamma severity events occurring with Poisson frequency

� Copula : a functional creating a joint distribution function out of �hitherto marginal� distribution functions, whereupon FXY(x,y) = C(FX(x),FY(y))

Page 26: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

26

Unifying Structure for Financial Risk Models

� Toward a UNIFYING STRUCTURE for modelling financial risks : � S = S1 + N + SN� Si ~ Individual_Distributioni(θθθθi), i = 1,N,N

� where possibly N ~ Natural_Number_Distribution(ΘΘΘΘ)� where possibly θθθθi ~ Meta/Prior_Distribution(ΘΘΘΘi)

� S ~ Aggregate_Distribution(ΘΘΘΘ), ΘΘΘΘ = {θθθθ1,N,θθθθN} ∪∪∪∪ θθθθCopula

� To wit, respectively for market, credit, and operational risks : � Multivariate Normal Equity Portfolio� Bernoulli Mixture Loan Portfolio� Compound Poisson Subexponential Losses from failures/frauds/errors

Page 27: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

27

Market/Credit vs. OR Financial Risk Type

Market Risk

Credit Risk

Operational Risk

Probabilistic Model of Individual Event Arrivals

N/A N/A for periodic credit-rating upgrade-downgrade; Poisson, Negative Binomial for sporadic default arrivals.

Poisson, Negative Binomial.

Probabilistic Model of Individual Event Severities

(Symmetric) Profit/Loss Distribution: Univariate Normal/Logistic for single-asset return.

(Skewed) Loss Distribution: Bernoulli for single-obligor default, Beta/Gamma for single-obligor loss.

(Heavy-tailed, skewed) Loss Distribution: Subexponential, Extreme Value.

Probabilistic Model of Aggregate Event Severities

Multivariate Normal for portfolio return.

Default Correlation via Bernoulli Mixture, Factor Model and/or Copula.

Independence assumption, hence convolution of probability mass/density functions.

Comments on total VaR calculation

Straightforward low-probability quantile of Multivariate Normal distributions.

Difficult, reliant on multiple-obligor loss distribution.

Difficult if reliant on convolved loss distribution; relatively easy if tail quantile approximation method is used.

Page 28: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

28

Modelling OR Probabilistically

� [Lewis (2004)] :� OR Indicators ≡≡≡≡ �random variables that are used to provide insight into

future OR events. For example, a rising number of trades that fail to settle � Loss due to the failure of a vendor to perform outsourced processing correctly and unauthorized transfers of money by employees � are examples of OR events for which we seek to find suitable OR indicators.�

� OR VaR ≡≡≡≡ �the operational risk capital sufficient, in most instances, to cover operational risk losses over a fixed time period at a given confidence level.�

Page 29: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

29

Modelling OR Frequency, Severity & Loss

1. Modelling individual OR event arrivals� Frequency generally has a Poisson or Negative Binomial distribution.

2. Modelling individual OR event severities� Loss probability measure has support [0,∞∞∞∞)� Distribution positively skewed, heavy-tailed, most likely subexponential� The use of Extreme Value Theory (EVT)

3. Modelling aggregate OR loss� independent and identically distributed (i.i.d.) random variables (r.v.)

4. Calculating OR VaR

Page 30: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

30

Empirical & Binomial DistributionsPROBABILITY � FAMILIAR DISCRETE DISTRIBUTIONS

� EMPIRICAL DISTRIBUTION (discrete r.v.): general term denoting p.m.f. not expressible

as a mathematical formulae, i.e. 1.0)5.5(,5.0)2(,4.0)1( ===− ppp , and zero

probability otw.

� BINOMIAL DISTRIBUTION (discrete r.v.):

∈−=

Ν∈=Ε

=

=−=

⇒ ∑=

]1,0[,)1()(

,][

)()(

,,0,)1()(

),(~ 0

ρρρρ

ρρ

ρ

nXV

nnX

ipxF

nxCxp

nBinX

x

i

xnxnx K

(1)

BERNOULLI DISTRIBUTION as a special case:

),1()( ρρ =⇔ nBinBernoulli .

As an example of the application of moment-generating function, consider the

derivation of the means of the binomial distribution:

[ ]( )( )( ) ρρρρ

ρρρρρ

ρρρρ

nnM

eentM

ThmBinomialbyeie

eCCeetM

n

tnt

nt

n

x

n

x

xnxtnx

xnxnx

txtX

=−+=

⋅−+⋅=

−+⋅=

−⋅=−=Ε=

= =

−−∑ ∑

1

1

0 0

1)0('

)(1)('

.)..()1()(

)1()()1()(

(2)

Page 31: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

31

Negative Binomial & Poisson Distributions

� NEGATIVE BINOMIAL DISTRIBUTION (discrete r.v.):

∈−

=

Ν∈=Ε

=

≥−=

∑=

−−−

]1,0[,)1(

)(

,][

)()(

,)1()(

),(~

2

11

ρρ

ρρ

ρρ

ρ

rXV

rr

X

ipxF

rxCxp

rNegBinX

x

ri

rxrxr

(1)

GEOMETRIC DISTRIBUTION as a special case:

),1()( ρρ =⇔ rNegBinGeometric .

� POISSON DISTRIBUTION (discrete r.v.):

=

>=Ε

=

==

⇒ ∑=

λλλ

λ

λ

λ

)(

0,][

)()(

,2,1,0,!

)(

)(~0

XV

X

ipxF

xx

exp

PoissonXx

i

x

K

(2)

Page 32: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

32

Exponential & Beta Distributions

PROBABILITY � FAMILIAR CONTINUOUS DISTRIBUTIONS

� EXPONENTIAL DISTRIBUTION (continuous r.v.):

=

>=Ε

−=

≥=

⇒−

2/1)(

0,/1][

1)(

0,)(

)(~

λλλ

λ

λλ

λ

XV

X

exF

xexf

ExpXx

x

(1)

� BETA DISTRIBUTION (continuous r.v.):

−−

−−

−=Β

+++=

+=Ε

∈=

∈Β

−=

1

0

11

2

0

11

)1(),(

)1()()(

][

]1,0[,)()(

]1,0[,),(

)1()(

),(~

dxxx

XV

X

xdttfxF

xxx

xf

BetaX

x

βα

βα

βα

βαβααβ

βαα

βα

βα

(2)

UNIFORM DISTRIBUTION as a special case: )1,1()( ==⇔ βαBetaUnif .

Page 33: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

33

Beta Distributions

00.

10.

2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Beta(

1,1)Beta(

4,4)Beta(

3,7)

-1

0

1

2

3

4

5

6

7

8

Beta (a,b) distribution

Page 34: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

34

Gamma Distributions� GAMMA DISTRIBUTION (continuous r.v.):

)!1()(

)(

0,/)(

0,/][

)()(

0,)(

)()(

),(~

0

1

2

0

1

−=Γ⇒Ν∈

>=

>=Ε

=

≥Γ

=

∞−−

−−

ααα

α

λλααλα

αλλ

λα

α

αλ

duue

XV

X

dttfxF

xxe

xf

GammaX

u

x

x

(1)

Where α is the SHAPE PARAMETER, and λβ /1≡ is the SCALE

PARAMETER.

ERLANG DISTRIBUTION as a special case when the shape parameter is a whole

number.

Exponential distribution as a special case when the shape parameter is equal to one.

� GAMMA FUNCTION, denoted ℜ∈Γ αα ,)( according to the LEGENDRE

NOTATION, is a generalisation of the FACTORIAL FUNCTION beyond non-negative

whole numbers to the real number line (more generally to the complex plane):

}

{

( )

)!1()1()!1())1(())1(()1()(,

)3()3)(2)(1()2()2)(1(

)1()1()1(0lim

)1()()()(,

0

21

0

2

0

1

0

1

0

1

−=Γ−=−−Γ−−−=ΓΝ∈

−Γ−−−=−Γ−−=

−Γ−=−⋅+−−=

−⋅−−−===Γℜ∈

∫∫∫∞

−−−−

∞→

∞−−

∞−−

∞−−

∞−−

αααααααααααααααα

ααα

ααα

αα

αααα

L

L

dttete

dtteetdtetdtte

tt

t

tt

dv

t

u

t

(2)

Page 35: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

35

Extreme Value Theory

EXTENSION � EXTREME VALUE THEORY

� FISHER-TIPPET-GNEDENKO THEOREM:

Let { }n

iiX 1= be a sequence of i.i.d.r.v.5s, and define SAMPLE MAXIMA as the

maximum { }nn MMM ,,max 1 K≡ of such a sequence.

As the sample size gets large, ∞→n ,

( ) ( )xXxXxMxF nn ≤≤=≤≡ ,,PrPr)( 1 K , the c.d.f. for this sample maxima,

approaches the following three-parameter GENERALIZED EXTREME VALUE

(GEV) distribution:

[ ]

<

−+−

>

−+−

=

−−−

=

)(01exp

)(01exp

)(0expexp

)(

1

1

,,

WeibullTypeIIIx

FrechetTypeIIx

GumbelTypeIx

xF

ξσµ

ξ

ξσµ

ξ

ξσµ

ξ

ξξσµ (1)

Where the three parameters ξσµ ,, are known, respectively, as LOCATION

PARAMETER, SCALE PARAMETER, and TAIL INDEX PARAMETER.

� Method of BLOCK MAXIMA (BM):

Exploits the Fisher-Tippet-Gnedenko theorem to describe the upper percentile

description:

( )( )

=−−

>−−−=

0lnlnˆˆ

0)ln(1ˆˆ

ˆ)(

ˆ

ξασµ

ξαξ

σµ

αξ

OpVaR (2)

Page 36: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

36

Convolved Probability Functions

ANALYSIS OF SMALL AGGREGATE � CONVOLUTION, NOT LIMIT THEOREMS

� Distribution of a sum of two independent (though not required to be identically distributed)

random variables is given by the convolution of their probability mass/density functions:

Discrete case:

( )

( )

∗≡−=

∗≡−=

+=

==

==

∑)()()(

)()()(

)()()Pr(

)()Pr(

zppyzpyp

zppxzpxp

zp

YXZ

ypyY

xpxX

XYy

XY

YXx

YX

ZY

X

(1)

Continuous case:

( )

( )

∗≡−=

∗≡−=⇒

+=

=

=

∫∫

)()()(

)()()()()(

)(

)()(

zffdyyzfyf

zffdxxzfxfzf

YXZ

yfdy

ydF

xfdx

xdF

YXXY

YXYX

zYY

XX

(2)

Page 37: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

37

Convolution IntegralCONVOLUTION � DEFINITION & KEY THEOREM

� Given ℜ→Dgf :, , define CONVOLUTION thus:

( ) ( ) )()()()()()( xfgdttxftgdttxgtfxgf ∗≡−=−≡∗ ∫∫ ℜℜ (1)

Not only is convolution commutative, as seen above, it is also associative and

distributive:

( ) ( )( ) ( ) ( )gfgfhgf

hgfhgf

gfgf

∗+∗=+∗

∗∗=∗∗

∗=∗

(2)

Moreover:

( )

dz

zdgfg

dz

zdf

dz

zgfd )()()(∗=∗=

∗ (3)

For ℜ→Dfff :,, 321 , observe that:

( )( ) ( )( )

∫ ∫∫ ∫∫ ∫∫

ℜ ℜ

ℜ ℜ

ℜ ℜ

−−=

−−=

−−=

−∗=∗∗

121232211

122312211

223112211

223221321

)()()(

)()()(

)()()(

)()()(

dydyyyxfyfyf

dydyyxfyyfyf

dyyxfdyyyfyf

dyyxfyffxfff

(4)

Where the change in the ORDER OF INTEGRATION is justified, i.e. provided the

mapping )()()(),( 231221121 yxfyyfyfyy −−a is INTEGRABLE on 2ℜ ,

that is, Dx∈∀ .

Moreover, along the way there was a CHANGE OF VARIABLE 122 yyy −a ,

i.e. so that )()()()()()( 12322112312211 yyxfyfyfyxfyyfyf −−−− a .

� Given ℜ→Dff n :,,0 K , one can therefore write n-FOLD CONVOLUTION in terms of:

( ) ( )∫ ∫ ∑ℜ ℜ −

=−− −=∗∗ 01

1

011000 )()()( dydyyxfyfyfxff n

n

i innnn LLLL (5)

Page 38: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

38

Computational Techniques

� PanjerRs Algorithm� Works if severity distribution is discrete

and frequency distribution is of a certain form, i.e. Binomial, Negative Binomial, and Poisson distributions.

� Monte Carlo Simulation� Works almost universally, but computationally intensive,

convergence heuristically determined �

� OP VaR Approximation� Works if severity is subexponential �

Page 39: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

39

Compound Poisson Process Model

� Stochastic Loss Arrival/Convolution Approaches : � Compound Poisson Process/Cramer-Lundberg Model :

� Counting Register : Arrival is a Poisson Process (i.i.d. exponentially-distributed interarrival times), so that the number of arrivals is given by N ~ Poisson(λλλλ)

� Individual Risks : i.i.d.r.v. credit-event losses with skewed g(x), itself NOT subexponential or �tail-heavy enough� to employ limiting tail distributions.

� Aggregating Functional : N-fold convolution integral F(x) = GN*(x)

� Renewal Model : � Generalise arrival to a general Renewal Process (interarrival times still i.i.d.r.v. with finite means E[N], but no longer required to be exponentially-distributed, hence allowing for under/over-dispersion vs. the Poisson arrival frequency.

Page 40: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

40

Compound Poisson Process Model (2)

฿0฿250,000

฿500,000฿750,000

฿1,000,000

04

8

12

16

20

0%

2%

4%

6%

8%

10%

12%

Probability

Total Loss for each n (the n -fold Convolution of Bernoulli yields a

Binomial Distr.)

Event Count (Number of Defaults)

Toward a Cramer-Lundberg Loss Distribution with Bernoulli Severity

Page 41: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

41

Part Three

CAPITAL ADEQUACY REGULATION

Page 42: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

42

On regulation & supervision N

� Evolving modality of regulation & supervision : � 19th century : keeping the guilds in check.� 20th century : issuing a body of regulatory codes.� 21st century : stabilising dynamical, networked systems.

� Contemporary view of regulation & supervision : � Supervisory regulation : mandate-oriented

� Prudential/Stability vs. Efficiency/Competition vs. Fairness/Conduct (of Business)

� Regulatory supervision : risk-based� Financial Institutions = quanta & nodes of risks� Supervisory organisation & resource planning implications

Page 43: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

43

On capital adequacy framework N

� Foundation of capital adequacy framework : � Then Economic Capital : that which achieves an optimum balance

between maximising leverage and minimising cost of capitals.

� Then Regulatory Capital : w.r.t. deposit taking financial institutions, i.e. banks, economic welfare is on the whole improved if depositors donxt have to closely monitor the �credit risk� of their �loan portfolio� all by themselves.

� Now EC : that which duly covers, in a distributional sense, downside risks (losses), whence becomes a VaR-like risk measure of the bankxs assets.

� Now RC : regulation-based calculation of a stable, conservative, and transparent EC-like VaR-proxy established as a minimum capital margin.

Page 44: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

44

On capital adequacy framework (2) N

� Evolution of capital adequacy framework : � Basel 0 : Capital > 8% of Sum of Assets

� Basel I : Capital > 8% of Sum of Class-Weighted Assets

� Basel II : Capital > Market-risk RC + Credit-risk RC + Operational-risk RC� Market-risk RC : as per 1996-amended Basel 1

� Credit-risk RC : esp. Foundation/Advanced Internal Ratings-Based (FIRB/AIRB)

� Operational-risk RC : first time being introduced as a separate item altogether

� Basel III : Capital > Coupled Market-Credit Portfolio & Operational VaR

� Basel IV : Capital > Enterprise VaR + per-entity Systemic Risk contribution

Page 45: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

45

On capital adequacy framework (3) N

� Basel II Capital Measurement and Capital Standards : � The First Pillar _ Minimum Capital Requirements :

� Credit Risk : � The Standardised Approach (SA)� The Foundation/Advanced Internal Ratings-Based (F/AIRB) Approach� Securitisation Framework

� Operational Risk� The Basic Indicator Approach (BIA)� The Standardised Approach (SA-OR)

� The Advanced Measurement Approach (AMA)

� Market Risk

� The Second Pillar _ Supervisory Review Process� The Third Pillar _ Market Discipline

Page 46: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

46

Toward the BOTRs AMA Guidelines

� Other EMEAP countries (ex-Japan) : � %ก�Q�': S� Bank of Korea (BOK) $'ก��Q+���+�� AMA ��ก,��ก�TL�* � &.�+,� 2550 S�� +'�/�$ก��

&���#� EMEAP "��� Q�� &M� ($.". 49)� &. "N,��: S� Monetary Authority of Singapore (MAS) U�*ก�R�#L+ Consultation Paper �Proposals for the

Implementation of Basel II in Singapore _ Phase 1� (&.". 48) #R� �MAS will consult on the proposed rules and guidelines relating to this topic at a later date� �/Rก�$.U�*ก�R�#O� AMA /R�Q���z)�)"#�$%J.($%/.$L+�!�! �Phase 2� ($'.". 49) Q���L+�!�! �Phase 3� ($..). 49) S'(/�$$�

� +.#�'��+��: S� Reserve Bank of New Zealand (RBNZ) U�*��ก%ก��� �Basel II: Application requirements for New Zealand banks seeking accreditation to implement the Basel II internal model approaches from January 2008� ($'.". 49) �/R%+���Q�"R�+z*� ���ก�� %+�(� ��ก P+�"��S'(LQ�RS'(&M� 4 �QR z� ,��%ST (Westpac, ANZ National Bank, BNZ ��� ASB) /R� %,�+P+�"����&%/�%�') (U$Rก�%,�+&R#+Q+�( z� )

� ��&%/�%�'): S� Australian Prudential Regulation Authority (ARPA) U�*��ก�R� APRA Prudential Standard (APS) 115 �Capital Adequacy: Advanced Measurement Approaches to Operational Risk� (/.".49) (9 Q+*�) %,�+S'(%�')!�*�)��*# N�)�R� APS 115 +'� �*� ��)��%�')�/�$ APRA Guidance Note (AGN) �'กS�� Q$�&'(�!�!�*#)ก�+ (AGN 115.1 _ 115.4) ��( ��กก�R�#O� �General Requirements� (AGN 115.1 _ 6 Q+*�) �Quantitative Standards� (AGN 115.2 _ 19 Q+*�) �Allocating Group Operational Risk Capital� (AGN 115.3 _ )� U$R��ก%�)�J�R) ��� �Cross Border Guidance� (AGN 115.4 _ )� U$R��ก%�)�J�R) /�$�����!

Page 47: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

47

Toward the BOTRs AMA Guidelines (2)

� When it comes to introducing international standards locally, should we� adopt/adjust, adapt/compromise, map/reconcile, form union, or perform intersection?

� LetRs keep/expound : � Top-level Parameters, i.e. the 99.9% confidence level.� Formulating Guidelines as a set of Qualifying Criteria.� Formulating Qualifying Criteria as a set of Standards.� Four Key Elements as Operational Risk Model Drivers.

� LetRs augment/supplement : � Vague (phenomenological) definition of operational risk, i.e. in favour of a precise (causal) definition.� Basic areas of expertise vis-à-vis Operational Risk Modelling Methodology, i.e. extreme value theory.� Scenario Analysis of Legal Risk, i.e. to include rent or mis-selling from TUVWVUXYZ[\Y]^ WX_`Wa-bcกecf_

� LetRs discard/discourage : � Group-wide Diversification Benefits & Insurance-based Mitigation Recognition� Distinction between initial vs. ongoing & qualitative vs. quantitative standards, but recognises, instead,

the distinction between system-process integrity versus theoretical-empirical soundness standards

Page 48: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

48

Toward the BOTRs AMA Guidelines (3)

� Where system-process integrity standards address various concerns in terms of : � consistency & achievability of objectives, coherence & completeness of design,

� quality & integration of components, independence & efforts of agents,

� transparency & relevancy of documentation, continuity & reliability of maintenance,

� availability & utilisation of resources, progress & interoperability of innovations, and so on.

� Where theoretical-empirical soundness standards address various concerns in terms of : � reasonableness & applicability of assumptions, testability & falsifiability of hypotheses,

� measurability & observability of parameters, feasibility & accuracy of calibrations,

� nonlinearity & stochasticity of dynamics, stationarity & identifiability of regimes,

� tractability & computability of calculations, validity & verifiability of outcomes, and so on.

Page 49: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

49

Toward the BOTRs AMA Guidelines (4)

� Structure of the Document : � Section 1 : Overview

� Section 1.1 : Scope

� Section 1.2 : Definition

� Section 2 : Qualifying Criteria� Section 2.1 : Operational Risk Management Framework

� Section 2.2 : Operational Risk Measurement System

� Section 2.3 : Operational Risk Modelling Methodology

� Section 2.4 : Operational Risk Model Drivers

� Section 3 : Enforcement Issues� Section 3.1 : AMA and the BIA/SA-OR frameworks

� Section 3.2 : Foreign Bank Branches and the Trans-national Banking Groups

Page 50: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

50

BOTRs AMA Guidelines h Re: ORMF

iThe whole of Operational Risk ManagementR

� Risk ≡≡≡≡ {POSSIBILITY; PROBABILITY; UTILITY}� Ask: which of these would be subject to adjustment/alteration/manipulation?

� Financial Risks : � Proxy for (monotonic w) utility measured/quoted in monies/monetary units,

� arisen from/rooted in financial market variables/institution factors,

� managed/mitigated by means of financial techniques/tools, and/or

� seen as/deemed to be intrinsic/integral to financial markets/institutions.

� An Operational Risk Management (ORM) Framework must address : � Actors : Board of Directors, Senior Management, Risk Management Function, Business Lines,

Internal/External Audit Functions, and Regulator/Supervisor.

� Processes : IDENTIFY/define ���� MEASURE/assess ���� MITIGATE/manage ���� REVIEW/report

Page 51: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

51

BOTRs AMA Guidelines h Re: ORMF (2)

� The Board of Directors : � must be fully responsible/accountable for the overall operational risk policy,� must have approved/signed off on the Operational Risk Management Framework in a fully informed

manner, and� must ensure independence/integrity of the Internal/External Audit Functions.

� The Senior Management : � must be charged with developing/implementing the overall operational risk policy,� must be fully responsible/accountable for the Operational Risk Management Framework,� must have approved/signed off on the Operational Risk Measurement System in a fully informed

manner,� must ensure independence/integrity of the Operational Risk Management Function, and� should be conscious of, as well as conscientious in minimising, various areas of conflicts of

interests, monetary or otherwise, that adds to operational risk or subtracts from the efficacy of the Operational Risk Management Framework, especially in terms of the effectiveness of the Operational Risk Management Function.

Page 52: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

52

BOTRs AMA Guidelines h Re: ORMF (3)

� The Risk Management Function : � must be charged with developing/implementing the Operational Risk Management Framework,

� must be fully responsible/accountable for the Operational Risk Measurement System,

� must have approved/signed off on the Operational Risk Modelling Methodology in a fully informed manner, and

� should be conscious of, as well as conscientious in minimising, unnecessary compliance costs, monetary or otherwise.

� The Business Line : � must be charged with developing/implementing their part in the Operational Risk Management

Framework, and

� must be fully responsible/accountable for their input to the Operational Risk Measurement System.

Page 53: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

53

BOTRs AMA Guidelines h Re: ORMF (4)

� The Internal/External Audit Functions : � should enjoy effective cooperation and efficient coordination from the Business Lines, the

Operational Risk Management Function, as well as the Senior Management of the AMA bank, and

� should be conscious of, as well as conscientious in minimising, unnecessary compliance costs, monetary or otherwise.

� The Regulator/Supervisor : � should enjoy effective cooperation and efficient coordination from the Business Lines, the

Operational Risk Management Function, the Senior Management, the Internal/External Audit Functions, as well as the Board of Directors of the AMA bank, and

� Should be conscious of, as well as conscientious in minimising, unnecessary compliance costs, monetary or otherwise.

Page 54: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

54

BOTRs AMA Guidelines h Re: ORMF (5)

� W.r.t. Identification, an AMA bank must have in place a sound process of : � identifying various sources of operational risk exposures,

� locating operational risk events by 7 event types, namely : i. internal fraud, ii. external fraud, iii. employment practices/workplace safety, iv. clients, products/business practices, v. damage to physical assets, vi. business disruption/system failures, vii. execution, delivery, and process management, as well as

� attributing operational risk losses to 8 business lines, namely : i. corporate finance, ii. Trading/sales, iii. retail banking, iv. commercial banking, v. payment/settlement, vi. agency services, vii. asset management, viii. retail brokerage.

Page 55: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

55

BOTRs AMA Guidelines h Re: ORMF (6)

� W.r.t. Measurement, an AMA bank must : � stipulate minimum reporting thresholds for operational risk losses, which may or may not vary

according to SA-OR-defined/compliant event types/business lines,

� relate its minimum operational risk capital charge calculation to a statistical level of confidence of 99.9%, as well as

� have developed and continue to improve the Operational Risk Measurement System, whose detailed standards are set out in Section 2.2 of the BOTxs AMA guidelines.

Page 56: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

56

BOTRs AMA Guidelines h Re: ORMF (7)

� W.r.t. Mitigation thru third-party insurance, an AMA bankxs recognition : � is limited to no more than 20% of the calculated pre-insured minimum operational risk capital charge,

and

� may be subjected to case-by-case approvals/consents by the BOT.

� [�]

� W.r.t. Mitigation thru diversification effect, an AMA bankxs recognition : � is subjected to case-by-case approvals/consents by the BOT.

� W.r.t. Mitigation thru improved control, an AMA bankxs recognition : � is subjected to case-by-case approvals/consents by the BOT.

Page 57: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

57

BOTRs AMA Guidelines h Re: ORMF (8)

� W.r.t. Review, an AMA bankxs Operational Risk Management Framework is to be subjected, at a minimum, to reviews/examinations: � by the Senior Management on an annual basis,� by the internal/external audit functions on an annual basis,� by the BOT on a bi-annual basis, and� by any/all of the above on a contingency basis, i.e. as circumstances warrant.

� W.r.t. Review, an AMA bankxs Operational Risk Measurement System is to be subjected, at a minimum, to reviews/examinations: � by the Operational Risk Management Function on a semi-annual basis,� by the Senior Management on an annual basis,� by the Internal/External Audit Functions on an annual basis,� by the BOT on a bi-annual basis, and� by any/all of the above on a contingency basis, i.e. as circumstances warrant.

Page 58: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

58

BOTRs AMA Guidelines h Re: ORMS

iThe head of the Operational Risk Management FrameworkR� Target measure :

� 1-Year Operational Risk Value-at-Risk (Op-VaR) at the 99.9% Confident Level, gross of Operational Risk Expected Loss (Op-Risk-EL).

� Advancement toward Operational Risk Conditional Mean Exceedance (Op-Risk-CME) encouraged.

� Minimum features : � A mix of quantitative judgements, qualitative techniques, computational heuristics.� Operational Risk Loss Database instituted and maintained� Threshold Reporting Loss determined and enforced� Extreme Value Losses captured and modelled� Ability to delineate : Operational Risk Exposures under partial control vs. wholly uncontrollable� Ability to delineate : Operational Risk Events that could be efficiently/effectively insurable vs. not;

those that are regular/infrequent/rare in occurrence, modest/high/extreme in impact.� Ability to delineate : Operational Risk Losses to be allocated to business lines vs. to be shared

Page 59: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

59

BOTRs AMA Guidelines h Re: ORMM

iThe heart of an Operational Risk Measurement SystemR� Minimum features :

� Modelling Operational Risk Event Arrivals� Poisson, Negative Binomial, Empirical distributions

� Modelling Operational Risk Event Severity� Gamma, Gumbel, Log-Normal, Pareto, Weibull distributions �� Fisher-Tippet-Gnedenko theorem // Generalised Extreme Value (GEV) distribution // sample maxima //

method of Block Maxima (BM)

� Picklands-Dalkema-de Hann theorem // Generalised Pareto Distribution (GPD) // sample exceedance over large threshold // Peak Over Threshold Modelling (POTM)

� Determining Aggregate Operational Risk Loss� Compound Poisson Process : Sum of N i.i.d. random Losses, where N is itself a Poisson r.v.

� PanjerRs Algorithm (only works if severity distribution is discrete and frequency distribution is of a certain form)� Monte Carlo Simulation (works almost universally, but computationally intensive, convergence not guaranteed)

� Böcker-Klüppelberg closed-form Op-VaR approximation (only works if severity subexponential)

Page 60: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

60

BOTRs AMA Guidelines h Re: ORMD

iThe soul of an Operational Risk Modelling MethodologyR

� Minimum features (corresponding to the so-called AMA Key Elements) : � Data Environment (Internal Data)

� Calibration Benchmark (External Data)

� Applicability/application of Scenario Analysis

� (Business Environment/Internal) Control Factors

Page 61: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

61

Bibliography

� BÖcker, K. & KlÜppelberg, C. (2005), /Operational VaR: A Closed-Form Approximation1,

available online via http://www.gloriamundi.org/picsresources/kbck.pdf.

� Brandimarte, Paolo (2001), Numerical Methods in Finance:

A MATLAB-Based Introduction, New York, NY: Wiley-Interscience.

� Embrechts, Klüppelberg, and Mikosch (1997), Modelling Extremal Events

for Insurance and Finance, Berlin: Springer.

� Glasserman, Paul (2004), Monte Carlo Methods in Financial Engineering

(Applications of Mathematics No. 53), New York, NY: Springer.

� Johnson, Kotz, Balakrishnan (1994), Continuous Univariate Distributions

Volume 1 (2nd ed.), New York: Wiley-Interscience Publication.

� Karatzas, I. & Shreve S.E. (1991), Brownian Motion and Stochastic Calculus

(2nd ed.), New York, NY: Springer.

� Lewis, Nigel Da Costa (2004), Operational Risk with Excel and VBA, Hoboken, NJ: John Wiley & Sons.

Page 62: Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙ ... · 2019-05-08 · 1 Operational Risk Management & Modelling ก ˘ˇˆก ˙˝˛ก ˘˚ ˝˜ ˙!!"#

62

Bibliography (2)

� McFadden, Daniel L. (1974), Applied Logistic Regression (2nd ed.), New York: Wiley.

� Meintanis, S.G. & Koutrouvelis, I.A. (1999). /Chi-Squared Tests of Fit

for Generalized Poisson Distributions Based on the Moment Generating Function1,

InterStat, May Issue, 1-19.

� Mikosch, Thomas (2004), Non-Life Insurance Mathematics:

An Introduction with Stochastic Processes (Universitext), Berlin: Springer.

� von Neumann, J. & Morgenstern, O. (1947), Theory of Games and Economic Behavior,

Princeton, NJ: Princeton University Press.

� Nelson, Roger B. (1999), An Introduction to Copulas

(Lecture Notes in Statistics No. 139), New York, NY: Springer.

� Panjer, H.H. (1981), /Recursive Evaluation of a Family of Compound Distribution1,

ASTIN Bulletin, 12 : 22-26.

� Pao, Yoh-Han (1989), Adaptive Pattern Recognition and Neural Networks,

New York, NY: Addison-Wesley.