Advanced measurement approach (AMA), 26–28
AMA. See Advanced measurement approach
AML. See Anti-money-laundering
Anti-money-laundering (AML)
documentation
cultural challenge, 90
global challenge, 93–94
management challenge, 90–92
philosophical challenge, 89–90
regulatory and reputational challenge, 92–93
going forward, 95–97
overview of, 81–83
risk assessment, 85–86
risk-based approach, 83–84
risk identification, 84
risk mitigation, 86–87
risk monitoring, 87–88
tentative conclusions, 94–95
Assisted build-out (ABO) approach, 116
Basel Committee for Banking Supervision, 39, 42
Basel II challenges
historical data and statistical information, 15–16
international markets, jurisdictions and models, 18–20
rating philosophies, 16–17
stress testing, 17–18
Binomial mortality risk, 193
Bond futures, 186
Build-operate-transfer (BOT) approach, 116
Business continuity risks, 125
Capability Maturity Model (CMM), 135
Career average revalued earnings (CARE) structure, 195
Chief Information Officer (CIO), 136–137
Chief Security Officer (CSO), 137
CIO. See Chief Information Officer
Client-facing attacks, 127
CMM. See Capability Maturity Model
COBIT. See Control Objectives
for IT
Commercial models, 99–100
Communication, 115–116
Companies Act, 141–142
Completeness level external loss, 58
Concentration risk, 9–12
Consistency level external loss, 58
Contract, in outsourcing, 114–115
Contractual outsourcing risk, 164–165
Control Objectives for IT (COBIT), 135
Convexity matching strategy, 186–187
Credit risk
model, 2
stress testing and, 67–68
CSO. See Chief Security Officer
Cultural challenge, 90
Data governance committees, 137
Data issues, 132–133
Data protection, 106
Data stewards, 137
Defined benefit (DB) pension scheme, 177–178
Defined contribution (DC) pension scheme, 177
Demographic risk
binomial mortality risk, 193
mortality projection risk, 193–195
other, 195
Dispute resolution process, 115
Due diligence, 110–111
Duration matching strategy, 186–187
EAD. See Exposure at default
EL. See Expected loss
Employment law, 107–108
Expected loss (EL), 3
Exposure at default (EAD), 2
External loss data
key factors, 57–59
using data, 59–60
Financial control
budget and, 147–149
internal controls, 149
non-specific issues, 149–150
responsibilities of, 140–143
risk issues within, 143–145
risk management within, 140
types of solutions, 147
Financial risks
interest rate mismatch, 181–192
bond futures, 186
convexity matching strategy, 186–187
duration matching strategy, 186–187
fixed/real mismatch, 181
LDI attribution analysis, 189–191
liability-driven investment, 182
short-term matching strategy, 183–185
six-bond matching strategy, 188–189
investment mismatch, 179–181
other type, 192–193
in outsourcing, 104–105
Financial Services and Markets Act (FSMA), 82
Financial Services Authority (FSA), 60, 142
Financial strength, 111
Fixed/real mismatch, 181
FMI. See Future margin income
Fortuitous profit, 50
FSA. See Financial Services Authority
FSMA. See Financial Services and Markets Act
Funding risk, 178–179
Future margin income (FMI), 6–7
Global challenge, 93–94
Governance, in outsourcing, 108
Granularity adjustment, 11
Groupthink, 69
Heat mapping, 66
IAS 39, 145–147
Information technology risks
business continuity risks, 125
control frameworks, 134–136
developmental state, 123
management and mitigation, 133–134
management roles and responsibilities, 136–137
operational state, 122–123
production rollout and sunsetting, 123
security and privacy risks, 125–127
system characteristics, 124
Insurance policy wording, 173
Insurance risk
definition of, 170–171
overview of, 169–170
profit paradigm, 173–176
World Trade Center and, 171–172
Intellectual property, 107
Interest rate mismatch, 181–192
Internal control factors, 61
Internal loss data, 45–46
Internal loss database
building, 46
gathering information, 52–53
information to record, 50–52
nature of losses, 49
relevance level losses, 48–49
sources of data, 56–57
threshold level losses, 47–48
using data, 53–56
Internal ratings-based (IRB) framework
building blocks of, 2
concentration risk, 9–12
correlation assumptions, 5–9
critical elements of, 4–5
description of, 1–2
economic losses, 3
Investment mismatch, 179–181
ISO 17799, 135
ITIL. See IT Infrastructure Library
IT Infrastructure Library (ITIL), 135
IT programme managers, 137
JMLSG. See Joint Money Laundering Steering Group
Joint Money Laundering Steering Group (JMLSG), 82
LDI. See Liability-driven investment
LGD. See Loss given default
Liability-driven investment (LDI), 182
London Stock Exchange (LSE), 142
Loss given default (LGD), 2
Loss of control, 162
LSE. See London Stock Exchange
Management challenge, 90–92
Market risk, 69–70
Maturity, 2
Mortality projection risk, 193–195
Nature of losses, 49
Near miss, 49–50
Offshoring, 101
Open-source software (OSS) risks, 130–131
Operational loss events, 40–41
Operational risk
adding values, 31–33
advanced measurement approach, 26–28
characteristics of, 40–42
context dependency, 40–41
in current scenarios, 26–28
focus on, 30–31
growth of, 36–37
inputs, 29–30
overview of, 25–26
portfolio size, 41
regulatory requirements, 42–45
scarce and incomplete data, 41–42
simplicity, 28
specialism vs. generalism, 33–36
spurious precision, 28–29
stress testing, 65–67
Outsourcing
business issues, 157
commercial models, 99–100
current trends, 102–103
definition of, 151
drivers for, 154–155
early experiences, 153–154
evolution of, 151–153
financial issues, 156–157
future trends, 116–117
level of risk
country-specific, 108
data protection, 106
employment law, 107–108
financial, 104–105
intellectual property, 107
partner, 103–104
regulatory, 106
reputation, 105–106
strategic, 105
TUPE, 107
management issues, 158
offshoring, 101
processes, 102
reduction of risk
communication, 115–116
contract, 114–115
governance, 108
partner selection, 108–114
software development, 129–130
technology issues, 157–158
Outsourcing risks
contractual risk, 164–165
defining what to outsource, 159–160
loss of control, 162
misguided decision making, 158–159
model selection, 160–161
quality and continuous improvement risk, 166
regulatory risk, 162–164
security risk, 165–166
service-level agreements, 166–167
service providers, 161–162
Partner selection, in outsourcing, 108–114
PD. See Probability of default
Philosophical challenge, 89–90
Phishing, 127
Pillar 3, 12–15
Portfolio size, 41
Probability, 78
Probability of default (PD), 2
Proceeds of Crime Act, 81, 96
QRRE. See Qualifying revolving retail exposure
Qualifying revolving retail exposure (QRRE), 5
Quality and continuous improvement risk, 166
Rating philosophies, 16–17
Regulatory and reputational challenge, 92–93
Regulatory outsourcing risk, 106, 162–164
Regulatory requirements, 42–45
Relevance level external loss, 58
Relevance level internal loss, 48–49
Reputation, in outsourcing, 105–106
Request for information (RFI), 109
Request for proposal (RFP), 110
Reverse stress testing, 72–73
RFI. See See Request for information
RFP. See Request for proposal
Risk correlation, 70–72
Sarbanes-Oxley (SOX) Act, 134
Scaling level external loss, 58–59
Scenario analysis, 60–61, 67
Security administrators, 137
Security and privacy risks, 125–127
Security risk, 165–166
Senior management, 136
Sensitivity analysis, 71
Serious Organised Crime and Police Act, 81, 96
Service-level agreements (SLAs), 166–167
Short-term matching strategy, 183–185
Six-bond matching strategy,
188–189
SLAs. See Service-level agreements
Society for Worldwide Interbank Financial Telecommunication (SWIFT), 144
Software development outsourcing, 129–130
Specialism vs. generalism, 33–36
Standard chartered structure, 73
Strategic risk, in outsourcing, 105
Stress testing
Basel II challenges, 17–18
credit risk, 67–68
definition of, 65
market risk, 69–70
nature of, 76–77
operational loss, 60–61
operational risk, 65–67
preventable disasters, 69
probability and, 78
reasons for, 73–74
reverse, 72–73
risk correlation, 70–72
standard chartered structure, 73
time horizon of, 77
Stress-testing programme, 74–76
SWIFT. See Society for Worldwide Interbank Financial Telecommunication
System development risks, 128–129
System incapacitation, 126–127
System owners, 137
System replacement risks, 131–132
Taxation authorities, 143
Terrorism Act, 81
Third party management, 33
Threshold level internal loss, 47–48
Time horizon, 77
TUPE, 107
UL. See Unexpected loss
Unexpected loss (UL), 3
Wage inflation, 192
Web-jacking, 127
World Trade Center, 171–172