04.12.09
Operational losses, much more than a tail only!
- Image via Wikipedia
Introduction.
This article is about operational losses and how insight in these losses can be extremely valuable for any organization. It describes a best practice approach for the implementation of loss recording and reporting. It will not dive into the modelling of operational risk, because for that subject there is plenty of information available. For those less familiar with operational risk management, an operational loss represents (potential) financial or reputation damage as a result from a failing human, system, process or from external threats. Some examples for a bank:
bank robbery
delayed or not executed transactions
advice inconsistent with customers risk profile
documentation lost, incomplete contract
fraud
Background.
Most financial institutions collect operational loss data to model extreme operational risk events. These events are usually found in the tails as calculated by means of Monte Carlo simulations. The effort of collecting data and model operational risk is often driven by the goal to become Basel II compliant. The more advanced the operational risk program of a company is, the less regulatory capital needs to be set aside as a buffer against extreme events. The operational risk management requirements to become Basel II compliant are set by the BIS and require approval from the regulator. The objective of the Basel II accord is to stimulate development of advanced risk management methods. Banks have the economical need to keep the regulatory capital as low as possible and at the same time need to prove to investors and rating agencies they have robust risk management practices in place.
Although the focus on the extreme event or the reduction of capital is understandable, the side effect is also that an organization often forgets to fully leverage the power of insight in losses. This insight really can boost risk awareness and the self learning capacity of an organization and at the same time dramatically reduce costs resulting from failures.
Loss management for business as usual.
Who needs to record losses?
When setting up loss registration you first have to consider what type of organization you need to facilitate. There is a difference between an organization that offers low frequency, high value and tailor made financial products or an organization that offers high frequency, low value standardized and highly automated services.
In the first case you can assign the responsibility to register the losses to the ORM unit simply because the frequency is low and most losses will have a considerable impact and will require detailed and immediate analysis. In the latter the number of losses can be considerable and probably recurring. In this situation it is best to make the operational business units responsible for the registration of losses in the loss database. When you have to build up your loss management from ground up, there is one important other consideration. A big part of the information you need probably is already in your complaints management system. Consider extending your complaints management system with an interface to your operational risk management system to avoid manual duplication of readily available information.
Now there are different approaches in use to distinguish losses from other financial transactions. Some banks use the centralized approach to detect losses by validating general ledger entries to see if some need to be flagged as operational losses. I think this method has only one major advantage and many drawbacks. It usually requires limited effort to implement this, but has the drawback that it is very likely that many operational losses will remain undetected and information is incomplete. In other words, the advancement of insight in your organizations operational risk will remain limited.
The decentralized detection and recording approach demands much more effort from the ORM unit. It requires that almost every departments needs to understand what operational losses are and how to record them. However once it is in place you’re in business. The simple fact that the business is recognizing and recording operational losses is the best starting point to improve and sustain risk awareness and management at operational level. By ensuring you can aggregate these losses you will be able to present an operational risk heat map for your organization and manage operational risk at tactical (product) and strategic (company) levels. It is advised to combine the recording of losses with the financial booking of the loss. This way you add an additional quality and integrity layer to your loss recording process simply because financial accounting controls are put in place. It will help you to avoid discussions about the correctness of the loss data and also who is responsible for this correctness.
Now what about legal claims or potential regulator fines? These need to be recorded in your loss management system before a financial transaction, if any, will occur. Once it is clear if there will be any financial impact simply follow the regular procedure and make sure no double recordings can happen.
In all cases it should always remain the responsibility of the business, not the ORM unit, to record all losses timely, completely and correctly. Below you find a high level loss management process flow. I would like to put some emphasis on the third step. The assignment of the loss should be tied to acceptance by the loss bearing unit of the loss. This confirmation that the responsibility for the loss is accepted adds to the quality of information as well as to a sustained risk awareness at operational levels in your organization.
Who needs to pay the loss?
Losses should be accounted for per business line as prescribed by the BIS. The losses are input for capital calculations and subsequently capital is assigned to profit centres. However, you also want to make visible who is responsible for the losses that occur. In general it is best to assign the losses to the department that is causing them. Now the occurrence of some operational losses are acceptable as part of the design of a product or process. For instance losses that result from skimming a debit card carrying information on a magnetic stripe. These losses should be assigned to the product owner. Other losses result from wrongful execution of procedures. These losses should be assigned to the department that caused the non-adherence to the procedure. Sometimes losses are caused by service providers. It’s is best to assign these losses to the department who owns the contract with that service provider.
No matter what, when customers have to be paid it speaks for itself that the loss management process should never delay the payment.
What needs to be recorded?
All operational losses above a certain threshold need to be recorded. Although one can decide to minimize the administrative effort by increasing the threshold, it is better to start with a low threshold and optimize the threshold after a few years of experience. Working for a retail organization it is my experience that a threshold of 1000 Euro works well and I think this is a sensible threshold for any organization. The idea behind this is that most errors with a relatively low financial impact can also result in incidents with a high financial impact.
For modelling and benchmarking purposes an organization can become member from ORX or ORIC. These organizations work with thresholds of 20.000 dollar and £ 10.000 , so the threshold of 1000 Euro, pound of dollar will fit. When setting a loss threshold the thresholds from ORX or ORIC should not be considered as a guideline for an organization because the purpose is totally different as I will show later.
Now what attributes does a loss record have? You should take the minimal requirements from BIS and ORX or ORIC. I’ve outlined these requirements here, but I do not promise that they remain up to date.. Just check with ORX or ORIC.
• Reference ID number (Member generated)
• Business Line (Level 2) Code
• Event Category (Level 2) Code
• Country (ISO Code)
• Date of Occurrence
• Date of Discovery
• Date of Recognition
• Credit-related
• Gross Loss Amount
• Direct Recovery
• Indirect Recovery
• Related event Ref ID
This list is an excellent example to demonstrate why loss management has different purposes. When loss management is limited to these attributes it can only be used for benchmarking. When you want to use the information for internal analysis to reduce losses or review controls there is a variety of attributes missing. For internal analysis and reporting you also need to record:
Type of loss i.e. operational loss, operational loss component of a credit loss, (legal) claim.
A descriptive text outlining what has happened and why.
Which department needs to take this loss in its books.
Which department did cause this loss (more explanation later on).
Loss event category i.e. what event occurred (very easy to make fundamental mistakes here).
Loss cause category i.e. what caused the event that resulted in the loss.
Product or service like mortgages, credit card, loan etc.(usually requires more hierarchies).
Now this all sounds pretty straightforward, but there are generic issues that probably require some additional effort to ensure alignment with other supporting processes. It is recommended to align your product and services list with financial reporting and complaints management. This will allow you to incorporate more easily operational losses in your cost reporting and correlate operational losses with customer complaints. Furthermore you are advised to ensure for reporting purposes you will be able to aggregate losses at each hierarchical level in your organization and aggregate at product and product group level.
When you intend to apply for Basel II compliance it is mandatory to use standard loss categories. Unfortunately when you limit the loss recording to those categories your loss analysis and reporting capabilities will be severely impacted. The problem with these categories is that they are often to vague and when used in aggregated loss reporting do not allow a manager to set priority or take action. A potential solution is to connect these mandatory categories to your business defined categories, but not show them in the loss management process.
When do losses need to be recorded?
Losses should be recorded (and booked) within a short period after detection. The larger the loss the more difficult this will be, but a limit of 20 days should be do-able. For large (potential) losses you can decide to design a same-day emergency reporting process to inform senior management more quickly.
For operational losses that are part of a credit loss there is a difficulty. Most of these credit loss components, with the exception of fraud, usually emerge at the moment when a loan defaults. The best approach is to record at the earliest possible time i.e. just after detection.
Where do losses need to be recorded?
Preferably losses are recorded in a central loss database and off course in the general ledger. This way it is easy to report and to get central oversight of operational losses trends. Centralized storage is also beneficial for operational risk modelling, forecasting and Basel II compliance. It also allows you to analyze losses and determine where the concentrations of losses can be found.
What quality controls could be implemented?
One important control is a frequent sign off by management stating the full coverage, completeness and correctness of recorded losses. A review of the ORM department from the correct recording also should be considered, preferably combined with the analysis of the important losses. Ensuring the quality is important for modeling, reporting and analysis. Combining this review with the reconciliation of the loss database against the general ledger also adds to the quality and the trustworthiness of the information.
What to do with the loss information?
The added value of the operational loss information is already outlined in various places in this overview. One of the most important things you should do with losses is ensuring frequent (monthly) reporting at all levels of your organization. This way you enable management to develop risk awareness and manage actively operational risks or failing controls. You could also use loss information to create a set of Key Risk Indicators (KRI) or as input for a risk heat map.
Usually loss recording is required to model operational risk as part of a Basel II compliance application package. Using losses to measure the quality of execution in your organization by incorporating loss thresholds in performance contracts is taking it one step further. Losses are backward looking, but by analyzing losses in detail you can also develop operational risk indicators. Indicators that signal an increased level of risk which require management attention to avoid increase of losses. Loss information can also be used to review your insurance strategy.
I’ve outlined many examples to take advantage of operational loss information in a business as usual environment. But the best example is given by this citation of a senior manager from a large bank. Immediately after assuming a new position he asked for two things: “Show me the losses and show me the audit findings so I can see whether or not we are in control”.
Summarizing Key success factors for operational loss management.
- implement loss detection and registration process at the lowest level in your organization
- combine this process with the financial accounting of the operational loss
- provide clear guidance on how to allocate the loss
- make sure event categories are aligned with the business processes
- report monthly at operational, product and hierarchical levels. Report concentrations, trends and forecasts.
- incorporate loss frequency in the performance contracts
Summarizing key benefits of operational loss management.
- reduced regulatory capital
- reduction of costs
- sustained risk awareness at all levels in your organization
- transformation of incident driven management into risk/reward management
- improved insight in performance of recovery departments (legal, security, etc)
Conclusions.
This article outlined the added value of an operational loss management process in a business as usual context. The process will improve the learning capability of an organization. It also can be a very effective instrument to reduce costs. This practice has been developed for financial institutions, but should be considered for any medium to large organization.
A careful implementation of the process is required to leverage the potential to the full. It will require backing from senior management with the ambition to improve transparency. Following mandatory guidelines from BIS and regulators is as important as alignment with day-to-day business processes.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=5e429edf-ea2a-4062-a185-c4c51bfdba19)
03.10.09
Solvency II, dealing with Operational Risk
- Image via Wikipedia
About the authors
Dr. ing. Jürgen H.M. van Grinsven is director of Deloitte Enterprise Risk Services and author of the books Improving Operational Risk Management and Risk Management in Financial Institutions.
Drs. Remco Bloemkolk works at ING corporate risk management and has written this article in his personal capacity. Prior to ING he worked at Swiss Re and Ernst & Young.
Introduction.
Historically, insurers have focused on understanding and managing investment and underwriting risk. However, recent developments in operational risk management, guidelines by the rating agencies and the forthcoming Solvency II regime increase insurers’ focus on operational risk. Insurers consequently have to decide on their approach to managing operational risk.
The Solvency II framework consists of three pillars, each covering a different aspect of the economic risks facing insurers, see figure 1. This three-pillar approach aims to align risk measurement and risk management. The first pillar relates to the quantitative requirement for insurers to understand the nature of their risk exposure. As such, insurers need to hold sufficient regulatory capital to ensure that (with a 99.5% probability over a one-year period) they are protected against adverse events. The second pillar deals with the qualitative aspects and sets out requirements for the governance and risk management of insurers. The third pillar focuses on disclosure and transparency requirements by seeking to harmonise reporting and provide insight into insurers’ risk and return profiles.
Solvency II (SII) is the updated set of regulatory requirements for insurance companies operating in the European Union. It revises the existing capital adequacy regime and is expected to come into force in 2012. It has a number of expected benefits, both for insurers and consumers. Although the most obvious benefit seems to be preventing catastrophic losses, other less obvious benefits which are considered to be important are summarised in table 1.
Table 1.
These expected benefits make SII an increasingly important issue for insurers. Not surprisingly, solvency has evolved into an academic discipline of its own and much of its literature is aimed at the quantitative requirements. Yet, despite the progress made in SII, the next section indicates that insurers will also encounter a number of difficulties and challenges in operational risk before they can utilise these expected benefits.
The importance of operational risk in Solvency II.
Over the past few decades many insurers have capitalised on the market and have developed new business services for their clients. On the other hand, the operational risk that these insurers face have become more complex, more potentially devastating and more difficult to anticipate. Although operational risk is possibly the largest threat to the solvency of insurers, it is a relatively new risk category for them. It has been identified as a separate risk category in Solvency II. Operational risk is defined as the capital charge for ‘the risk of loss arising from inadequate or failed internal processes, people, systems or external events’. This definition is based on the underlying causes of such risks and seeks to identify why an operational risk loss happened, see figure 2. It also indicates that operational risk losses result from complex and non-linear interactions between risk and business processes.
Figure 2.
Several studies in different countries have attributed insurance company failure to under-reserving, under-pricing, under-supervised delegating of underwriting authority, rapid expansion into unfamiliar markets, reckless management, abuse of reinsurance, shortcomings in internal controls and a lack of segregation of duties. See the examples below. Unbundling operational risk from other risk types in risk management and risk measurement can help prevent future failures. This holds true for smaller and larger losses. Often, larger losses are the cumulative effect of a number of smaller losses. In other words, the result of the bad practices that flourish in excellent economic circumstances, when the main focus is on managing the business rather than operational risks.
Unbundling operational risk from the other types of risk involved in managing and measuring risk may help prevent future failures.
Examples of insurer company failure:
Insurance company failures in which operational risk played a significant role include:
- The near-collapse of Equitable Life Insurance Society in the UK, which resulted from of a culture of manipulation and concealment, where the insurer failed to communicate details of its finances to policyholders or regulators.
- The failure of HIH Insurance, which resulted from the dissemination of false information, money being obtained by false or misleading statements and intentional dishonesty).
- American International Group (AIG) and Marsh, where the CEOs were forced from office following allegations of bid-rigging. Bid rigging, which involves two or more competitors arranging non-competitive bids, is illegal in most countries.
- Delta Lloyd, Fortis ASR and Nationale Nederlanden (the Netherlands) agreed to compensate holders of unit-linked insurance policies for the lack of transparency in the product cost structures.
The above examples illustrate that such losses are not isolated incidents in the insurance industry, but instead occur with some regularity. The large loss events mentioned above can be drilled down into operational risk categories. Table 2 presents several examples of operational risk categories and insurer exposure.
Table 2.
Difficulties and challenges in insurers’ operational risk management.
Insurers have not historically gathered operational risk data across their range of activities. As a result, the major difficulties and challenges that insurers face are closely related to the identification and estimation of the level of exposure to operational risk. A distinction can be made between internal and external loss data, risk self-assessment, supporting techniques, tools and governance. See table 3 for an overview.
Table 3.
Loss data form the basis for measuring operational risk. Although internal loss data are considered the most important source of information, they are generally insufficient because of a lack and the often poor quality of such data. Insurers can overcome these problems by supplementing their internal loss data with external loss data from consortia such as ORX and ORIC. However, using external loss data raises a number of methodological issues, including the problems of reliability, consistency and aggregation. Insurers consequently need to develop documentation and improve the quality of their data and data-gathering techniques.
Risk self-assessment (scenario analysis) can be an extremely useful way to overcome the problems of internal and external loss data. It can be used in situations in which it is impossible to construct a probability distribution, whether for reasons of cost or because of technical difficulties, internal and external data issues, regulatory requirements or the uniqueness of a situation. It also enables insurers to capture risks that relate, for example, to new technology and products as these risks are not likely to be captured by historic loss data. However, current scenario analysis methods are often too complex, not used consistently throughout a group and do not take adequate account of the insurer’s strategic direction, business environment and appetite for risk.
The techniques and tools that insurers use to support risk self-assessments are often ineffective, inefficient and not successfully implemented. Research indicates that 19.5% of current practices are often not shared within the group, while 22% of respondents are dissatisfied and 11% very dissatisfied with the quality of their information technology support services. Another question that can be raised is the governance of risk management. How, for example, are the risk and actuarial departments aligned?
Operational risk may represent the greatest threat to insurers.
Conclusions.
In this article we discussed operational risk in the context of Solvency II. Operational risk is possibly the largest threat to insurers. This is because operational risk losses result from complex and non-linear interactions between risk and business processes. Unbundling operational risk from the other types of risk in risk management and risk measurement can help prevent future failures for insurers. SII is on track to put greater emphasis on the link between risk management and risk measurement of operational risk. We have addressed the most important difficulties and challenges in operational risk management: loss data, risk management, tools, techniques and governance. Those insurers able to ensure an effective response to these major difficulties and challenges are expected to achieve a significant competitive advantage.
Related articles by Zemanta
- Ex-AIG Chief Claims Insurance Giant Cheated Him (abcnews.go.com)
- As A.I.G.’s Losses Grow, Its Survival Options Shrink (nytimes.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=640fd761-880e-44eb-a74c-a6d2f193b81d)
03.04.09
Credit crisis, Wouter has spoken!
- Image via Wikipedia
Triggered by a speech of the Dutch Minister of Finance, Mr. Wouter Bos, I felt the urge to react on his confronting message to investors.
Today Wouter confronted shareholders with the fact that they have done nothing to prevent the crisis. He told the audience of investors that there is a big difference between short term gain and long term profit.
Well, there is a difference. Short term gain is much better than long term profit, because by now we know there will be no long term profit.
In the last two decades the speed of everything changed and this has also impacted human behavior. Thinking and planning long term is in many cases not for this century anymore. The speed of change is so intense that long term investing is by now much more speculative than short term dealing.
Just take a look at almost any industry and think back “long term” (say five years). Now question yourself to what extent investors could have anticipated developments and had done well when sticking to their 2003 investment?
Investors have the right to make mistakes, after all it is their own money and they are merely aiming for a good return. Looking at banks it is clear that the stock markets have not been as efficient as the economic scientists believed. So investors could not even rely on the fundamentals of a free market economy. The price setting of shares requires balance sheets that adequately and frequently report the risk exposure. The absence of clear insight in the risk exposure prevented proper price share setting.
I wonder if the current crisis would have been so dramatic when Basel II pillar III was properly implemented. Just take a look at the pillar III report from CBA (thanks ozrisk). When all banks would have been reporting their risk exposure this way, investors could have reacted much quicker.
There are still flaws in this type of reporting, but it is a good start. For price setting the transparency also requires standardization and regulators need to establish this world wide. Current reporting is still a little difficult to understand and insight in underlying scenario’s and parameters should also be clear.
Blaming investors is actually stating that stock exchanges do not function, because investors know how to price risk. This assumes however that risk exposures to a reasonable level are publicly known. Addressing this lack of insight should be on top of Wouter’s todo list.
Related articles by Zemanta
- Industrial Alliance Publishes its 2008 Management’s Discussion and Analysis and Financial Statements, and Discloses its Embedded Value (newswire.ca)
- How Financial Stocks Could Be the Market’s Bright Spot (time.com)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=0401b820-00ec-4e97-b7b2-589d0c92ef5a)
02.19.09
Supervision insights?
- Image via Wikipedia
A few days ago I criticized the effectiveness of the bank managers integrity watch as implemented by the De Nederlandsche Bank and worded by Mr. Nout Wellink. Yesterday I stumbled upon the latest speech from Mr. Wellink and this time I’m much more positive. In his speech Mr. Wellink more or less acknowledges the total failure of supervision and how this contributed to the current crisis.
I’m tracking the crisis since the beginning and one of the things I found unbelievable was the fact that supervision was in the US on a voluntary basis, at least for the big investment banks. It is clear that supervision was considered unnecessary by politicians who believe in the self cleansing capabilities of the free market and forgot that greed is also an important risk factor. The recent billion dollar fraud scandals (Kerviel, Madoff, Stanford) showed that the supervision can be fooled easily and questions the expertise of the people working for the governmental institutions. The risk manager of HBOS demonstrated another flaw in the governance of control functions within and around financial institutions. Supervisors simply cannot rely on the independence of internal control functions like Audit and Compliance although sound practice policies prescribe independence. Independence requires much more and being on the payroll of a company certainly doesn’t make it easy to overrule a CEO. A similar statement can be made about the independence of rating agencies and their risk assessments of companies and products.
So, what is there to bring me in a positive mood? Well, it is simply the fact that supervision practices are under review as well. I partly agree with the analysis of Mr. Wellink. At the same time I think there is too little focus on how to ensure independent and knowledgeable supervision. Supervision which has the power and the professional background to be able to challenge a board of directors and their experts.
There are more fundamental questions to be answered like are the risk management systems up to par with the trading systems? Most trading platforms are build upon state of the art real time technology which present trading opportunities in a rich graphical variety. Now compare that to most manual and excel based risk ‘platforms’. In many cases risk management is trailing trade weeks or months and why are supervisors accepting this?
Even more fundamental is why supervisors until now have ignored Basel II Pillar III, which is about transparency. Although some companies are trying to become risk transparent the reality is different. The way risk is measured and expressed is often way too complex and difficult to comprehend for investors and consumers. How to value off balance sheet S.I.V.’s in relation to a companies value and risk exposure? The assumption, also in theory, is that markets are efficient meaning that the pricing reflects expectations including risk adequately. Given the lack of transparency I doubt if this is true. Looking at how banks are priced should be enough to substantiate this point of view. Another good example is the American auto industry. How well was the risk of rising energy costs (a reasonably easy to predict event even before the crisis) incorporated in the stock price of these companies?
Mitigation of systemic risks is the core responsibility of supervisors. Questions like how large the exposure of a single company may grow, also in the context of the global financial system, need to be answered. Banks are used to managing concentration risk. On a world scale AIG and Lehman (but also Citigroup, ING etc.) can initiate a collapse of the financial system. Perhaps supervisors should manage systemic risks like credit risk managers are used to manage concentration risk in their portfolios.
Probably the most difficult challenge is to overcome the lack of cross-boundary supervisory alignment, policies, methodologies and tooling. Financial and technological innovation are developing at a speed that require innovation at supervisory level as well. It is likely that the first reaction will be to slow down financial innovation via regulation. This approach will definitely fail simply because nobody ever succeeded in halting human creativity. Even when the approach to slow down financial innovation works for a while, it certainly will not halt technological innovation. Financial, economical, political and environmental news travel with the speed of Internet around the world. How to create intelligent buffers to protect the financial systems against the impact of panic waves?
Hmm, what is there that makes me more positive? Well it is the acknowledgement that supervision failed and that there is need for improvement in a globalised environment. It is a starting point for progress and therefore Mr. Wellink’s speech deserves some credit.
Related articles by Zemanta
- Alan Greenspan Vouches for Nationalization (businesspundit.com)
- HBOS whistleblower Paul Moore: Evidence to House of Commons ‘Banking Crisis’ hearing (telegraph.co.uk)
- British Banking’s Wild West Days Are Over (blogs.harvardbusiness.org)
- Big banks face regulator’s levy doubling (telegraph.co.uk)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=3c7c1c2e-d030-44b0-938f-fd95af0e23d9)
02.18.09
Insurance sharks settling.
- Image by psmithson via Flickr
This is just a brief update in reference to a previous article providing an overview of settlements by Dutch insurance companies as a consequence of charging customers high and hidden costs.
More background information can be found here.
The score so far is:
- Delta Lloyd 300 million euro
- Nationale Nederlanden (ING subsidiary) 365 million euro
- Fortis ASR 780 million euro
Active negotiations working towards settlements:
Potential disputes due to refusal to work with Verliespolis and Woekerpolis :
- Generali
- Goudse
New developments will be incorporated in this overview.
Sources:
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=7e354e51-4652-4bf7-878f-7c0c6e1e2f1e)
02.16.09
Basel II and Mr. Wellink’s reflections on integrity.
- Image via Wikipedia
Referring to a key note from Mr. Nout Wellink (Chairman of the Basel Committee on Banking Supervision and President of the Nederlandse Bank, you can learn how supervision on banks will change the next year(s). It would be too easy to criticize this supervisor and focus on the fact that the Dutch government by now has invested almost 50 billion euro to stabilize the Dutch financial system.
No European supervisor understood the complexity and risks tied to the wide range of innovative financial products. The crisis started with the subprime mortgages. The packaged subprime mortgages incorporated a dangerous combination of operational, credit, market, counter party and supervisory risk. I’m not going to redo the credit crisis analysis again. In essence the problem started with business practices that are forbidden in most European countries but were and still are common in the US. Selling mortgages to people who cannot afford it and without any certainty with regard to underlying collateral’s is simply unethical. The innovation of packaging the credit risks of these mortgages and selling these risks is in itself a good concept. In the good old traditional insurance business this is common practice for decades now.
Once the system started to collapse all other problems emerged. Valuation issues, failing market risk models, liquidity issues, lost investments,failing rating agencies, troubled insurance companies, total supervisory failure and ultimately bankruptcy and lost savings.
In a speech Mr. Wellink explains how important it is to supervise the integrity of the financial institutions. Mr. Wellink also states how successful the Nederlandse Bank (DNB), the institution he is presiding, is in executing this role. This speech was held in October 2008.
By now the Dutch public is getting more and more frustrated with the behavior of these so called high moral bankers. Some local papers even initiate contests for the most innovative and appropriate punishment for these managers. Apparently supervising the integrity of these bankers isn’t that easy and probably shouldn’t halt after the initial screening and approval of the DNB.
The speech also mentions self-assessments as a tool to monitor integrity… this doesn’t sound as a very effective approach as these managers usually regard the actions and rewards they take as completely justified and appropriate. Validating the integrity of top management should be executed regulary and by independent institutions like the DNB. The effectiveness of the supervision on business ethics should also be questioned given the recent settlements made by Dutch financial institutions. These settlements covered several billion euro’s and became necessary after investigations showed that most financial institutions charged hidden and outrageous costs for various products.
Supervision has it limitations and gaining insight in how senior management rewards itself is a real challenge. I think that legally enforced transparency on rewards and bonuses combined with personal and non-insurable liability on misrepresenting the facts is just one way to improve supervision and thus managerial integrity.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=5f49c775-c7ce-4812-a4fe-32e7d5387c87)
01.13.09
News from GTNEWS
Today I’ve added the RSS feed from gtnews to my collection of high quality risk related feeds. Although not all articles are risk related, the depth and the quality of their articles deserve the opportunity to show up in the daily news stream. Njoy!
11.11.08
Supporting Operational Risk Management using a Group Support System
Original article written by Dr. Jürgen H. M. van Grinsven & Ir. Henk de Vries.
Dr. Jürgen H. M. van Grinsven is the author of
Improving operational risk management, more info here
INTRODUCTION
Over the past years, various Group Support Systems (GSS) have been used to support Operational Risk Management (ORM) [1]. ORM supports decision-makers to make informed decisions based on a systematic assessment of operational risks [2] [3].
Financial Institutions (FI) often use loss data and expert judgment to estimate their exposure to operational risk [4]. Utilizing expert judgment is usually completed with more than one expert individually, often referred to as individual and self-assessments, or group-wise with more than one expert, often referred
to as group-facilitated self-assessments [5].
While individual self-assessments are currently the leading practice, the trend is more towards group-facilitated self-assessments. There is a need to support these group-facilitated assessments using Group Support Systems. In this article we discuss how Group Support Systems (GSS) can be used to support expert judgment activities to improve ORM. First we describe how a GSS can support multiple expert judgment activities. Secondly a case study will be presented describing the application of a specific GSS, GroupSystems to ORM.
BACKGROUND
Expert judgment is defined as the degree of belief a risk occurs, based on knowledge and experience that an expert makes in responding to certain questions about a subject [6] [7]. Expert judgment is increasingly advocated in FI’s for identifying and estimating the level of uncertainty about Operational Risk (OR) [5]. Moreover, expert judgment can be used to incorporateforward-looking activities in ORM.
Group Support Systems (GSS) can be used for the combined purposes of process improvement and knowledge sharing [8]. GSS can be seen as an electronic technology that supports a common collection of tasks in ORM such as idea generation, organization and communication. GSS aim to improve (collaborative)
group work [9] [10]. Effectiveness and efficiency gains can be achieved by applying GSS to structure multiple experts’ exchange of ideas, opinions and preferences. There are several GSS tools available to support multiple experts in collaborative group work [11]. Examples are: GroupSystems, Facilitate, WebIQ, Meetingworks and Grouputer. Grinsven [5] presents an overview of GSS tools, based on GroupSystems, that can be used for supporting experts in the ORM phases, see Table 1 for examples.
|
ORM phase |
General description |
Examples of GSS Tools |
|
Preparation |
Provides the framework for the experts, taking into account the most important activities prior to the identification, assessment, mitigation, and reporting of operational risks. |
Categorizer Electronic Brainstorming Group Outliner |
|
Risk identification |
Aims to provide a reliable information base to enable an accurate estimation of the frequency and impact of OR in the risk assessment phase. |
Electronic Brainstorming Group Outliner Vote
|
|
Risk assessment |
Aims for an accurate quantification of the frequency of occurrence and the impact |
Alternative Analysis Vote |
|
Risk mitigation |
Aims to mitigate those OR that, after assessment, still have an unacceptable level |
Alternative Analysis Topic Commenter |
|
Reporting |
Aims to provide the stakeholders such as the manager, initiator and experts with the relevant information regarding the ORM exercise. |
Group Outliner |
Table 1: Examples of GSS tools [5]
GSS SUPPORTING ORM: A CASE STUDY
- preparation
- risk identification
- risk assessment
- risk mitigation
- reporting phase
These phases can be viewed as an IPO model (Input, Processing, Output) resulting in an accurate estimate of exposure to OR as final output. In this section we present a case study describing the application of GroupSystems to each phase of the ORM process at a large Dutch FI [5].
The activities of the preparation phase can be divided in the sub activities:
- determine the context and objectives
- identifying, selecting and assess the experts
- choosing the method and tools
- tryout the ORM exercise
- train the experts [12] [5].
The activities of the risk identification phase can be divided in identifying the OR, categorize the OR and perform a gap analysis. One of the objectives of this phase is to arrive at a comprehensive and reliable identification of the OR to reduce the likelihood that an unidentified operational risk becomes a potential threat to the FI. Member status, internal politics, fear of reprisal and groupthink can make the outcome of the risk identification less reliable [5]. Electronic Brainstorming was used to identify the events. Then, the Categorizer was used to define the most important OR. For this, we used a group-facilitated workshop. Using Electronic Brainstorming combined with a Vote tool we supported the experts to perform a gap analysis. In the case study, the experts appreciated the possibility to identify OR events anonymously.
The activities of the risk assessment phase can be divided in the following sub activities:
- assess the OR and
- aggregating the results.
Grinsven [5] advises to ensure the experts assess the OR individually, to minimize inconsistency and bias, also see e.g. [6]. We used the Alternative Analysis tool from Group Systems to enable the experts to assess the OR individually and anonymously. Then, using the Multi Criteria tool, we calculated the results by aggregating the individual expert assessments. The standard deviation function helped us to structure the interactions between the experts. In this interaction the experts provided the rationales behind their assessments. We learned that the GSS tools helped us to prevent the results being influenced by groupthink and the fear of reprisal.
The activities of the risk mitigation phase can be divided in three sub activities: identify alternative control measures, re-assess the residual operational risk and aggregate the results. The methods and tools that can be used in this phase are almost similar to the risk assessment phase. However, a slightly more structured method was used to identify alternative control measures. At the Dutch FI we used the Topic Commenter tool to support this activity. Experts were enabled to elaborate / improve the existing control measures and provided examples for each of them. Then, we used the Alternative Analysis tool to anonymously
re-assess the frequency and impact of the OR. After this, we calculated and aggregated the results using the standard deviation function combined with a group facilitated session.
The activities of the reporting phase can be divided in the sub activities: documenting the results and providing feedback to the experts. Documenting the results needs to follow regulatory reporting standards. This was done by a person of the Dutch FI, using the output results from the GSS as an input for the report.
The intermediate results were presented to the experts immediately after the ORM sessions. Following Grinsven [5], a highly structured process was used to present these results thereby enabling the experts to leverage the experiences gained and to maintain business continuity. We facilitated a manual workshop to provide feedback to the experts. Moreover, at the Dutch FI we made sure the final report complied to the relevant regulatory reporting standards. Future research should investigate applying GSS to provide structured feedbacks.
CONCLUSIONS
Expert judgment is extremely important for ORM when loss data does not provide a sufficient, robust, satisfactory identification and estimation of the FI’s exposure to OR. The case study indicates that a GSS can be used to support expert judgment in every phase of the ORM process. GroupSystems can be used in each ORM phase to support experts in order to achieve more effective, efficient and satisfying results.
GSS can be used to help gathering and processing information about operational risk. Moreover, GSS has the potential to improve the ORM process by minimizing inconsistency and biases, reducing groupthink and gather and processing information. However,more research need to be done to find out which GSS packages besides GroupSystems are suitable to support the ORM process.
FUTURE RESEARCH
The case study indicates that GroupSystems can be used to support multiple experts in the ORM process. However, our case study indicates that research should be done in the possibility of applying GSS in the reporting phase to provide structured feedbacks. Furthermore, concerning the other GSS tools such as Facilitate, WebIQ, Meetingworks and Grouputer, it is yet unknown whether these packages can be used to support expert judgment in ORM. Therefore further research should be done to investigate the possibility of using these GSS packages to support ORM. This would also make comparisons possible.
REFERENCES
[1] Brink, G. J. v. d. (2002). Operational risk:
The new challenge for banks. New York, Palgrave.
[2] Cumming, C. & Hirtle B. (2001). The
challenges of risk management in diversified financial companies, Federal
Reserve Bank of New York Economic Policy Review.
[3] Brink, G. J. v. d. (2003). The implementation
of an advanced measurement approach within Dresdner Bank Group. IIR
Conference Basel II: Best practices in risk management and-measurement,
Amsterdam, Dresdner Bank Group.
[4] Cruz, M. (2002). Modeling, measuring and
hedging operational risk, Wiley Finance.
[5] Grinsven, J.H.M. v. (2007), Improving
operational risk management, Ph.D Dissertation Delft University of Technology, Faculty of Technology Policy and Management, the Netherlands, to be published.
[6] Clemen, R. T. & Winkler, R. L. (1999).
Combining probability distributions from experts in risk analysis. Risk
Analysis 19(2): 187-203.
[7] Cooke, R. M. & Goossens, L.H.J. (2004).
Expert judgement elicitation for risk assessments of critical infrastructures. Journal
of Risk Research 7(6): 643-156.
[8] Kock, N. & Davison, R. (2003), Can lean media
support knowledge sharing? Investigating a hidden advantage of process
improvement. IEEE Transactions on Engineering Management, 50(2), pp.
151-163.
[9] Vogel, D., J. F. Nunamaker, W.B. Martz, R.
Grohowkisk & C. McGoff (1990). Electronic meeting systems experience at IBM.”
Journal of Management InformationSystems 6(3): 25-43.
[10] Nunamaker, J. F., A. R.
Dennis, et al. (1991). “Electronic Meeting Systems to Support Group
Work.” Communications of the ACM 34(7): 40-61.
[11] Austin, T., N. Drakos, and J. Mann, (2006). Web
Conferencing Amplifies Dysfunctional Meeting Practices. Nr. G00138101,
Gartner, Inc.
[12] Goossens, L.H.J. & Cooke, R.M. (2001).
Expert Judgement Elicitation in Risk assessment. Assessment and Management of
Environmental Risks, Kluwer Academic Publishers.
09.29.08
Credit crisis bankparade interactive.
Now credit crisis events are spreading to Europe an update of the extensive credit crisis overview was necessary. Follow this link to the guided analysis for an interactive experience or follow this link for a graphical view on the crisis. Investors assume that all problems are credit crisis related. The Fortis problems are however the result of a bad timed take-over of ABNAMRO, bad communication of capital ratio recovery actions and lack of trust in the capability of Fortis to obtain the required investments in time. From an operational perspective the bank claims it is a healthy business still generating revenues. The issues in England are different from those in Belgium and the Netherlands. The housing market in England is also deteriorating and combined with the lack of confidence in banks this has resulted in the take-over of several mortgage lenders. However, prudent banking is still there. Another company that participated in the ABNAMRO take-over has enough cash to roam the financial world for interesting bargains. Santander already showed after the take-over of ABNAMRO it is able to act swiftly, decisively and with success. As part of the take-over it acquired the Brazilian bank Banco Real and the Italian bank Antoveneta. It quickly sold Antoveneta to another Italian bank and now has the power to profit from the opportunities the credit crisis offers. Today it was announced Santander only had to pay 600 million euro for 21 billion euro in deposits and acquired also the branches of Bradford and Bingley. Earlier this year it obtained the European banking assets from General Electric. It shows the big differences between banks that joined the team that bought ABNAMRO one year ago.
09.16.08
Merrill take-over by BofA, an informed decision?
Yesterday I expressed my concerns regarding the rational behind the take-over of Merrill Lynch. Today several commentators are wondering why BofA is willing to pay much more than the market value. It seems obvious there is more to it than the public at this moment knows. What is in it for BofA? Maybe there is a reason to share this with BofA’s shareholders? The initial view of analysts is that it probably is a forced deal and I’m inclined to agree with this. One day after the “deal” the is a general concern whether or not BofA can absorb Merrill’s troubles. It is almost impossible to make an informed decision on such a short notice. What guarantees have been given to BofA to take this risky jump in the dark? Another interesting question is whether or not it is possible to manage two take-overs in a period that is causing serious problems for every company in the financial industry.
From a BofA perspective a Lehman take-over would have been much more transparent. Although the risk management of Lehman proved to be inadequate, the management of Lehman in general has a much better track record when you look at business ethics or management integrity.
In the past year Merrill has been accused of many things except high moral standards. I’m really curious how many billion dollar surprises will emerge once BofA really takes over control. Revisiting the credit crisis events show that a reduced level of management integrity proved to be a reliable key risk indicator of corporate failure in difficult economic times. To substantiate this I’ve included a list of Merrill events covering the last 12 months. This list was extracted from the Riskfriends guided analysis. BofA shareholder read and think again!
|
Date |
Event |
Detail |
|
2008-09-14 |
Take over |
Bank of America did take over Merrill although it was |
|
2008-08-21 |
Law suits |
Agreed to buy back $ 12 billion of ARS and pay a fine of $ |
|
2008-08-04 |
Integrity concerns |
Merrill suspected of colluding with UBS manipulating the |
|
2008-07-29 |
Capital ratio recovery |
Planning to raise another $ 8.5 billion |
|
2008-07-29 |
Investment lost |
Lone Star Funds buys CDO’s from |
|
2008-07-23 |
Law suits |
Los Angeles |
|
2008-07-18 |
Capital ratio recovery |
Sold Bloomberg part back to the company for $ 4.4 billion. |
|
2008-07-18 |
Write off |
Totaling $ 9.4 billion, 30 percent CDO, 30 percent credit |
|
2008-07-07 |
Capital ratio recovery |
Selling parts of Bloomberg and Blackrock to raise another $17 |
|
2008-06-26 |
Prediction |
$ 4.2 billion write off predicted for the second quarter |
|
2008-04-18 |
Law suits |
Pension fund CtW investment |
|
2008-04-18 |
Job cuts |
2900 jobs in reaction to write down |
|
2008-04-17 |
Write off |
$9.5 bllion |
|
2008-04-02 |
Capital ratio recovery |
$12.2 billion raised so far |
|
2008-03-18 |
Liquidity issues |
Wachovia states that the exposure of Merrill is 3.3 the |
|
2008-03-11 |
Integrity concerns |
Congress questions Stanley O’neal |
|
2008-03-06 |
Job cuts |
Merrill Lynch said that it would stop making subprime |
|
2008-02-27 |
Investment lost |
Auction rate securities from Merrill |
|
2008-02-26 |
Management leaves |
CEO O’Neal steps down |
|
2008-02-08 |
Investigation |
SEC received request for information from the federal |
|
2008-02-07 |
Integrity concerns |
Accused by Massachusetts of fraud |
|
2008-02-01 |
Investment lost |
Merrill buying back $ 14 million of CDO’s |
|
2008-01-16 |
Write off |
$ 9.8 billion loss, write down $14.1 |
|
2008-01-15 |
Capital ratio recovery |
$ 6.6 billion cash raised issueing |
|
2008-01-14 |
Integrity concerns |
Finra investigating possible |
|
2008-01-11 |
Portfolio deterioration |
$15 billion write down expected |
|
2008-01-04 |
Integrity concerns |
Accused from hiding losses while merger was pending |
|
2007-12-24 |
Capital ratio recovery |
$ 7.5 billion acquired selling shares 13% below market |
|
2007-11-08 |
Integrity concerns |
SEC starts investigation investments |
|
2007-11-07 |
Portfolio deterioration |
Expected write offs 4th quarter another $9.4 according to CreditSights |
|
2007-11-03 |
Integrity concerns |
Merril not aware of |
|
2007-10-31 |
Law suits |
Lawsuits by shareholders |
