Here is an essay on ‘Operational Risk’ for class 11 and 12. Find paragraphs, long and short essays on ‘Operational Risk’ especially written for school and banking students.
Essay on Operational Risk
- Essay on the Meaning of Operational Risk
- Essay on the Classification of Operational Risk
- Essay on the Management Practices of Operational Risk
- Essay on the Processes and Framework of Operational Risk
- Essay on the Risk Monitoring and Control Practices of Operational Risk
- Essay on the Operational Risk Quantification
- Essay on the Mitigation of Operational Risk
- Essay on the Scenario Analysis of Operational Risk
Essay # 1. Meaning of Operational Risk:
Operational risk is one area of risk that is faced by all organisations. More complex the organisation is, more exposed it would be to operational risk. Operational risk would arise due to deviations from normal and planned functioning of systems, procedures, technology and human failures of omission and commission.
Results of deviation from normal functioning are reflected in the revenues of the organisation, either by way of additional expenses or by way of loss of opportunities that would be otherwise feasible. Operational risk may also arise due to inherent faults in systems, procedures and technology, which also impacts revenues of an organisation adversely.
Basel Committee has defined ‘Operational Risk’ as follows:
“The risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events”.
Criticality of operational risk has been recognized in Basel II, which requires specific capital allocation accounting for operational risk. The criticality of operational risk in the functioning of banks has to be viewed in the context of changes that has taken place in the banking industry.
Since eighties in USA and Europe and since late nineties in India, we have witnessed sea changes in the functioning of banks. Driven by deregulation and need to become globally competitive, the banks have made tremendous technological advances, brought in a plethora of new financial products, and are catering to a very large volume of customers on several platforms.
The time tested systems and procedures in traditional banking were developed over several decades. In the process of perfecting the systems and procedures banks may have faced operational losses but as the changes were only few and far between, systems had time to stabilize. In the present context of fast changing environment and work practices, the time required to stabilize systems and procedures is not enough. So, as banks respond to the needs of competition, systems and procedures and human adaptation of the changes create operational risks inherent in the banking business. Accordingly, this risk needs to be factored into and taken into account in the banking business.
Therefore, proper management of operational risks is an imperative. If operational risks are managed well, the rewards are available by way of lesser risk capital and cost reductions in operations. Both have impact on competitive edge. Basic motivation for management of operational risk stems from it.
Essay # 2. Classification of Operational Risk:
Before we classify operational risk into various categories, we must understand the nature of the operational risk. Operational risk arises literally from all the activities undertaken and consequently it is everywhere in an organisation. Impact of various forms of operational risk on the organisation may vary in degree i.e., some risks may have more potential of causing damages while some may have less potential, some may occur more frequently while some may occur less frequently. As the activities of an organisation changes in response to market and competition, new and hitherto unknown factors may add to operational risks.
Nature of operational risk may be listed as:
i. Operational risk exists almost everywhere in the organisation.
ii. Operational risks vary in their components. Some are high occurrence low value risks, while some are low occurrence high value risks.
iii. Operational risks in the organisation continuously change especially when an organisation is undergoing changes.
The Second Consultative Paper of Basel II suggested classification of operational risks based on the ‘Causes’ and ‘Effects’. That is classifications based on causes that are responsible for operational risks or classifications based on effects of risks were suggested.
Classifications based on ‘Causes’ and ‘Effects’ are listed below:
1. People oriented causes – negligence, incompetence, insufficient training, integrity, key man.
2. Process oriented (Transaction based) causes – business volume fluctuation, organizational complexity, product complexity, and major changes.
3. Process oriented (Operational control based) causes – inadequate segregation of duties, lack of management supervision, inadequate procedures.
4. Technology oriented causes – poor technology and telecom, obsolete applications, lack of automation, information system complexity, poor design, development and testing.
5. External causes – natural disasters, operational failures of a third party, deteriorated social or political context.
b. Effect Based:
1. Legal liability
2. Regulatory, compliance and taxation penalties
3. Loss or damage to assets
5. Loss of recourse
However, the Third Consultative Paper recommended for event based classification.
They are listed below:
c. Event Based:
1. Internal Fraud
2. External Fraud
3. Employment practices and workplace safety
4. Clients, products and business practices
5. Damage to physical assets
6. Business disruption and system failures
7. Execution, delivery and process management.
Classification of Operational Risk by Event Type:
Losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involve at least one internal party.
ii. External Fraud:
Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party.
iii. Employment Practices and Work Place Safety:
Losses arising from acts inconsistent with employment, health or safety laws or agreements from payment of personal injury claims, or from diversity/ discrimination events.
iv. Clients, Products and Business Practices:
Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product.
v. Damage to Physical Assets:
Losses arising from loss or damage to physical assets from natural disasters or other events.
vi. Business Disruption and System Failures:
Losses arising from disruption of business or system failures.
vii. Execution, Delivery and Process Management:
Losses from failed transaction processing or process management, from relations with trade counterparties and vendors.
Essay # 3. Management Practices of Operational Risk:
Basel II document provides a guideline in the matter of operational risk management practices by way of certain principles that should govern the process. This is called ‘Sound Practices for the Management of Operational Risks’. Seven of its 10 principles that are relevant at the organisation level are described below. Three more principles, two relating to regulators/supervisors and one related to disclosure requirements have not been reproduced.
These principles assume importance particularly in the context of banks, as adherence to standard practice is the qualitative requirement of Basel II. The prescribed capital treatments under Basel II are subject to adherence to achieving qualitative standards in controlling and managing operational risk. In fact, supervisors have necessary mandate to prescribe additional capital in case qualitative standards are not up to their satisfaction.
Board of directors’ should be aware of the major aspects of bank’s operational risk as a distinct risk category that should be managed, and it should approve and periodically review the bank’s ORM framework. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated.
The Board of Directors should ensure that the ORM framework is subject to effective and comprehensive internal audit by operationally independent and competent staff. The internal audit function should not be directly responsible for operational risk management.
Senior management should have responsibility for implementing ORM framework approved by board of directors. The framework should be consistently implemented throughout the whole banking organisation, and all levels of staff should understand their responsibilities with respect to ORM. Senior management should also have responsibility for developing policies, processes and procedures for managing operational risk in all of the bank’s material products, processes and systems.
Banks should identify and assess OR inherent in all material products, activities, processes and systems. Banks should also ensure that before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them is subject to adequate assessment procedures.
Banks should implement a process to regularly monitor operational risk profiles and material exposures to losses. There should be regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk.
Banks should have policies, processes and procedures to control/mitigate material operational risks. Banks should periodically review their risk limitation and control strategies and should adjust their operational risk profile accordingly using appropriate strategies, in light of their overall risk appetite and profile.
Banks should have in place contingency and business continuity plans to ensure their ability to operate on an ongoing basis and limit losses in the event of severe business disruption.
Operational Risk Management Practices should be based on a well laid out policy duly approved at the board level that describes the processes involved in controlling operational risks. It should meet the standards set in terms of the principles mentioned above. In addition, well laid down procedures in dealing with various products and activities should be in place. The policies and procedures should also be communicated across the organisation.
The policy should cover:
i. Operational risk management structure
ii. Role and responsibilities
iii. Operational risk management processes
iv. Operational risk assessment/measurement methodologies.
Management Overview and Organisational Structure of Operational Risk:
a. Role of Board:
The board of directors takes overall responsibility to manage and implement the operational risk framework. It should approve bank’s ORM framework and review it periodically. The framework should provide a firm-wide definition of operational risk and lay down the principles of how operational risk is to be identified, assessed, monitored, and controlled/mitigated.
The board of directors should put in place a comprehensive internal audit system for ORM framework. The board must delegate the responsibility of the day-to-day execution of the risk management policies effectively.
b. Role of Operational Risk Management Committee:
The operational risk management committee should identify the operational risks to which the bank is exposed to, formulate policies and procedures for operational risk management, set clear guidelines on risk assessment/measurement and ensure adequacy of risk mitigating controls.
The committee has the responsibility for implementing ORM framework approved by board of directors. The framework should be consistently implemented throughout the whole banking organisation, and all levels of staff should understand their responsibilities with respect to ORM. The committee also has responsibility for developing polices processes and procedures for managing operational risk in all of the bank’s material products, processes and systems.
c. Role of Operational Risk Management Department:
The operational risk management department is the nodal department for identifying, managing and quantifying operational risks. ORMD, in conjunction with groups, lays down procedures for management of operational risks.
The department should identify and assess OR inherent in all material products, activities, processes and systems. It should also ensure that before new products, activities, processes and systems are introduced or undertaken, the operational risk inherent in them is subject to adequate assessment procedures.
Department has the responsibility of implementation of processes to regularly monitor operational risk profiles and material exposures to losses and regular reporting of pertinent information to senior management and the board of directors that supports the proactive management of operational risk.
d. Role of Internal Audit/Business Functions:
Roles and responsibilities relating to internal audit/business functions in the operational risk processes should be clearly defined. That should include comprehensive audit of the ORM framework as to its effectiveness. It should be operationally independent. The internal audit function should not be directly responsible for operational risk management.
Essay # 4. Processes and Framework of Operational Risk:
The processes and framework include the following:
i. Mapping of Processes and Identification of Risks/Control
ii. The key business processes in the bank must be mapped into sub-processes. This should be a joint exercise between the operational risk group and the business groups.
iii. Implementation of a Qualitative Approach to Aggregating and Assessing Operational Risks.
iv. A system to qualitatively analyse the operational risk profile using a scorecard approach is implemented. This would involve self-assessment by the business group and normalization/ collation by the operational risk management department.
v. Implementation of a Quantitative Approach to Assessing Operational Risks New Product Processes.
Essay # 5. Risk Monitoring and Control Practices of Operational Risk:
Risk Monitoring and Control Practices encompasses the following:
i. Collection of Operational Risk Data (incident reporting framework)
ii. Regular monitoring and feedback mechanism in place for monitoring any deterioration in operational risk profile
iii. Collation of incident reporting data to assess frequency and probability of occurrence of operational risk events
iv. Monitoring and control of management of large exposures. The modalities to be prescribed in the Loan Policy document.
Information System Infrastructure:
Information system infrastructure should be responsive to the ORM framework.
Essay # 6. Operational Risk Quantification:
This is by far the most difficult of all risk measurements. Behaviour pattern of operational risk does not follow the statistically normal distribution pattern and that makes it difficult to estimate the probability of an event resulting in losses. The historical loss distribution pattern, which may provide a method to estimate operating losses require a data set that has statistically acceptable numbers of loss. Related data may be captured only over a period. Basel II has recognised the difficulties in measurement of operational losses. Consequently, it has provided options in the measurement of operational risk for the purpose of capital allocation purposes.
i. The Basic Indicator Approach
ii. The Standardised Approach
iii. Advanced Measurement Approaches (AMA).
Of these, basic indicator approach and Standardised approach are based on income generated. The advance measurement approach is based on operational loss measurement. A brief description of the Basel II prescriptions under these approaches is given below. For details, it is advised that Basel II document may be consulted.
i. The Basic Indicator Approach:
Banks using the Basic Indicator Approach must hold capital for operational risk equal to the average over the previous three years of a fixed percentage (15%) of positive annual gross income. Figures for any year in which annual gross income is negative or zero should be excluded from both the numerator and denominator when calculating the average.
Gross income is defined as net interest income plus net non-interest income, gross of any provisions (e.g. for unpaid interest), gross of operating expenses, including fees paid to outsourcing service providers, exclude realised profits/losses from the sale of securities in the banking book; and exclude extraordinary or irregular items as well as income derived from insurance.
ii. The Standardised Approach:
In the Standardised Approach, banks’ activities are divided into eight business lines:
Corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency services, asset management, and retail brokerage.
Within each business line, gross income is a broad indicator that serves as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by multiplying gross income by a factor (denoted beta) assigned to that business line (Beta Factors).
Business Lines Beta Factors:
Corporate finance – 18%
Trading and sales – 18%
Retail banking – 12%
Commercial banking – 15%
Payment and settlement – 18%
Agency services – 15%
Asset management – 12%
Retail brokerage – 12%
iii. Advanced Measurement Approach (AMA):
Under the AMA, the regulatory capital requirement will equal the risk measure generated by the bank’s internal operational risk measurement system using the quantitative and qualitative criteria for the AMA discussed below. Use of the AMA is subject to supervisory approval.
A Generic Measurement Approach:
The first step in measurement approach is operation profiling.
The steps involved OP Profiling are:
1. Identification and quantification of operational risks in terms of its components
2. Prioritisation of operational risks and identification of risk concentrations – hot spots resulting in lower exposure.
3. Formulation of bank’s strategy for operational risk management and risk based audit.
Estimated level of operational risk depends on:
i. Estimated probability of occurrence
ii. Estimated potential financial impact
iii. Estimated impact of internal controls.
Estimated Probability of Occurrence:
This will be based on historical frequency of occurrence and estimated likelihood of future occurrence.
Probability is mapped on a scale of 5 say where:
1. Implies negligible risk
2. Implies low risk
3. Implies medium risk
4. Implies high risk
5. Implies very high risk.
Estimated Potential Financial Impact:
This will be based on severity of historical impact and estimated severity of impact from unforeseen events. Probability is mapped on a scale of 5 as mentioned above.
Estimated Impact of Internal Controls:
This will be based on historical effectiveness of internal controls and estimated impact of internal controls on risks. This is estimated as fraction in relation to total control, which is valued at 100%.
Estimated level of operational risk = Estimated probability of occurrence x Estimated potential financial impact x Estimated impact of internal controls
In case of a hypothetical example where:
Probability of occurrence = 2 (Medium)
Potential financial impact = 4 (very high)
Impact of internal controls = 50%
Estimated level of operational risk = [(2 × 4 × (1 – 0.50] ᴧ 0.5 = 2.00 or ‘Low’
Essay # 7. Mitigation of Operational Risk:
The mitigation of operational risk basically lies in the qualitative approach in operational risk framework adopted and its implementation.
Insurance cover, where available, may provide mitigation of risks. Capital allowance under insurance is available only where AMA has adopted estimating capital for operational risk and is subject to certain conditions.
“Under the AMA, a bank will be allowed to recognise the risk mitigating impact of insurance in the measures of operational risk used for regulatory minimum capital requirements. The recognition of insurance mitigation will be limited to 20% of the total operational risk capital charge calculated under the AMA. A bank’s ability to take advantage of such risk mitigation will depend on compliance with the few criteria:”
Essay # 8. Scenario Analysis of Operational Risk:
Basel II guidelines on scenario analysis are as follows:
A bank must use scenario analysis based on expert opinion in conjunction with external data to evaluate its exposure to high-severity events. This approach draws on the knowledge of experienced business managers and risk management experts to derive reasoned assessments of plausible severe losses.
In addition, scenario analysis should be used to assess the impact of deviations from the correlation assumptions embedded in the bank’s operational risk measurement framework, in particular, to evaluate potential losses arising from multiple simultaneous operational risk loss events.
Over time, such assessments need to be validated and re-assessed through comparison to actual loss experience to ensure their reasonableness.
In addition to using loss data, whether actual or scenario-based, a bank’s firm-wide risk assessment methodology must capture key business environment and internal control factors that can change its operational risk profile.
These factors will make a bank’s risk assessments more forward-looking; more directly reflect the quality of the bank’s control and operating environments, help align capital assessments with risk management objectives, and recognise both improvements and deterioration in operational risk profiles in a more immediate fashion.