-
- Action tracking reporting, 250–253
- Advanced Measurement Approach (AMA), 208–221
- hybrid approach, 221
- loss distribution approach (LDA), 213–219
- quantitative requirements, 209–213
- scenario analysis approach, 219–221
- Agile, 73–74
- Audit, 63–64
-
- Banking scandals, 278–280
- Bank of International Settlements (BIS), 17–22, 183, 185, 199, 202, 275
- Basel Accords, 1–4, 6, 8, 10, 17–35
- Basel I, 23
- Basel II, 1–4, 6, 9–10, 23–28, 103–112, 126–128
- business line categories, 127
- capital modeling, 197–199, 202, 204, 205, 208, 213, 223, 232
- disclosure, 232
- European adoption of, 27
- limitations of, 29
- operational risk event categories, 104
- Pillar 1, 24–26
- Pillar 2, 10, 26–27, 259, 284, 311, 315
- Pillar 3, 27
- scenario analysis, 44
- Standardized Approach, 202–208
- U.S. adoption of, 27–28
- Basel III, 10, 34–35
- capital calculation, 11, 44, 223–235
- Standardized Approach, 223–235
- Basel Committee on Banking Supervision (BCBS), 20–22, 34–35, 48–51, 65–67, 82, 259–263
- “Basel III: Finalising post-crisis reforms” (2017), 65
- Basic Indicator Approach (BIA), 199–201
- Business continuity metrics, 159
- Business continuity planning (BCP), 60, 61
- Business indicator (BI), 225–226
- Business indicator component (BIC), 226–229
- Business line categories, 127
-
- Capital modeling, 197–199, 197–238, 202, 204, 205, 208, 213, 223, 232
- Advanced Measurement Approach (AMA), 208–221
- hybrid approach, 221
- loss distribution approach (LDA), 213–219
- quantitative requirements, 209–213
- scenario analysis approach, 219–221
- Basic Indicator Approach (BIA), 199–201
- disclosure, 232–235
- future of capital requirements, 223–235
- insurance, 221–223
- operational risk capital, 197–199
- Standardized Approach (TSA), 202–208
- alternative, 205–206
- business indicator (BI), 225–226
- business indicator component (BIC), 226–229
- disclosure, 232–235
- future of, 206–208
- internal loss multiplier (ILM), 230–232
- new guidance, 224–235
- Capital requirements, future of, 223–235
- Chief administrative officer (CAO), 56–57
- Chief compliance officer, 57–58
- Chief financial officer (CFO), 56–57
- Chief operating officer (COO), 56–57
- Chief risk officer (CRO), 53–56
- Citi, 4
- Climate risk, 311–312, 311–312
- Coe, Lord Sebastian, 6, 9
- Compliance metrics, 157
- “Core Principles for Effective Banking Supervision” (2012), 261
- “Core Principles for Effective Banking Supervision” (2019), 283
- Corporate Governance Principles for Banks (2015), 262–263, 266, 284
- COVID-19 pandemic, 5, 9, 10, 277, 310, 312–314
- Credit Suisse annual report (2011), 232–233
- Credit Suisse Archegos scandal (2021), 324–329, 343–344
- Culture and awareness, 71–84
- agile, 73–74
- marketing and communication, 72–73
- planning, 78–82
- major deliverables checklist, 76–82
- sample project milestones, 81
- success of framework, 71
- training, 75
- “use test,” 82–83
-
- Deliverables, checklist, 76–82
- Deutsche Bank, 3
- Deutsche Bank annual report (2011), 233–234
- Disclosure:
- Basel Accords, 232
- capital modeling, 232–235
- Standardized Approach, 232–235
- DNB Bank ASA anti-money laundering scandal (2019), 329–331, 345
- Dodd-Frank Act, 31–33
-
- Enterprise risk management (ERM), 12–13
- Exception monitoring, 151–152
- External loss data, 135–148
- challenges of, 139–147
- Société Générale and the external event that shook the operational risk world, 142–147
- external loss data, sources of, 136–139
- consortium data, 137–139
- subscription databases, 137
- external operational risk event data, 135–136
-
- “Finalizing Post-Crisis Reforms” (2017), 224
- Financial statement metrics, 160–161
- Fintech scandals, 281–282
- Fraud risk management, 309–310, 309–310
-
- Governance, risk, and compliance (GRC), 292–301
- assessment convergence, 293–298
- converged data, 296
- taxonomies, 296–297
- tools, 297–298
- convergence of metrics, 298–301
- Group of Twenty (G20), 29
-
- Information security, 61–62
- Insurance, 221–223
- “Interagency Guidance on the Advanced Measurement Approaches for Operational Risk” (2011), 31
- Internal loss multiplier (ILM), 230–232
- “International Convergence of Capital Measurement and Capital Standards, a Revised Framework,” 2–3, 24
-
- JPMorgan Chase, 3, 130
- annual report (2011), 234–235
- “whale” case study, 319–324
-
- Kerviel, Jerome, 142–145
- Key risk indicators (KRIs), 44, 149–161, 248–249
- challenges, 155
- exception monitoring, 151–153
- key control indicators (KCIs), 151
- key performance indicators (KPIs), 151
- lagging indicators, 152, 153
- leading indicators, 152–153
- metric examples, 155–161
- business continuity, 159
- client, 159
- compliance, 157
- financial statement, 160–161
- people, 156
- technology and infrastructure, 158
- trade execution and process management, 160
- reporting, 248–249
- selecting, 153–154
- standards, 154–155
- thresholds, 154
- Knight Capital technology glitch, 331–332, 345–346
-
- Lagging indicators, 152, 153
- Leading indicators, 152–153
- Legal risk management, 307–308, 307–308
- LIBOR scandal, 278–280
- London Olympics (2012) case study, 5–9
- Loss data collection, 42–43
- Loss distribution approach (LDA), 213–219
-
- Marketing and communication, 72–73
- Markets in Financial Instruments Directive (MiFID), 13
- Measurement and modeling, 44
- Metrics examples, 155–161
- business continuity, 159
- client, 159
- compliance, 157
- financial statement, 160–161
- people, 156
- technology and infrastructure, 158
- trade execution and process management, 160
- Monte Carlo Simulation, 217–219
-
- New business/product approval, 63, 305–306
-
- Objectives and key results (OKRs), 149
- Office of the Comptroller of the Currency (OCC), 3, 316
- Operational risk:
- capital (see Capital modeling)
- and convergence, 291–303
- converged or GRC reporting, 301–302
- governance, risk, and compliance (GRC), 292–301
- operational risk as catalyst, 291–292
- coordinators, 59–61
- definition and drivers of, 1–14
- definition, 1–5
- drivers, 13–14
- management and measurement, 9–13
- 2012 London Olympics case study, 5–9
- framework, 39–48
- culture and awareness, 41
- governance, 40–41
- key risk indicators, 44
- loss data collection, 42–43
- measurement and modeling, 44
- overview of, 39–40
- policies and procedures, 41–42
- reporting, 44–45
- risk and control self-assessment, 43
- risk appetite, 45
- scenario analysis, 43–44
- governance, 47–70
- first line of defense, 50–51
- risk committees, 66–68
- role of, 47–50
- second line of defense, 51–63
- third line of defense, 63–65
- reputational risk and, 275–290
- Société Générale and the external event that shook the world of, 142–147
- Operational risk capital, 197–199
- Operational Riskdata eXchange Association (ORX), 124–125, 136–139, 146
- Operational risk event categories, 104
- Operational risk event data standards, minimum, 113–129
- amount, 115–121
- accounting adjustments or timing events, 120–121
- gains, near-misses, and opportunity costs, 119–120
- indirect costs, 118–119
- recoveries, 121
- Standardized Approach, 117–118, 120–122, 124
- boundary events identified, 128
- business line, criteria for allocation to, 126
- central and supporting functions, criteria for allocation to, 126, 128
- comprehensive, 113–114
- date, 121–124
- description and causes, 124–125
- impacted departments, 128
- nonfinancial impacts, 129
- threshold, 114–115
- Operational risk event loss data:
- external, 135–136
- internal, 99–134
- data collection, 129–131
- internal operational risk events, 100–103
- minimum operational risk event data standards, 113–129
- operational risk event data, 99
- risk event categories, 103–112
- “Operational Risk—Supervisory Guidelines for the Advanced Measurement Approaches” (2011), 82, 115–117
-
- Pandemic planning, 312–314, 312–314
- People metrics, 156
- People risk management, 308–309, 308–309
- Pillar 1 (Basel Accords), 24–26
- Pillar 2 (Basel Accords), 10, 26–27, 259, 284, 311, 315
- Pillar 3 (Basel Accords), 27
- Planning, 78–82
- Policies and procedures, 85–97
- best practices, 88
- operational risk policy, 88–95
- role of, 85–87
- documentation hierarchy, 87
- sample standards, procedures, and guidelines, 95–97
- extract from loss data procedures document, 96
- extract from loss data standards document, 95–96
- linkage between documents, 96–97
- Policy office, 63
- “Principles for Effective Risk Data Aggregation and Risk Reporting” (2013), 300–301
- “Principles for Enhancing Corporate Governance” (2010), 48–49, 54
- “Principles for the Sound Management of Operational Risk and the Role of Supervision” (2011), 260–261
-
- Quantitative requirements, of AMA, 209–213
-
- Regulatory push, 17–38
- Basel Accords, 17–35
- European adoption of Basel II, 27
- rules of, 22–27
- U.S. adoption of Basel II, 27–28
- Basel III, 34–35
- financial crisis, impact of, 29–33
- Basel II, limitations of, 29
- European response to, 30
- U.S. response to, 30–33
- Regulatory risk management, 308, 308
- Related risk management activities, best practices in, 305–317
- climate risk, 311–312
- fraud risk management, 309–310
- legal risk management, 307–308
- new-product approval, 305–306
- pandemic planning, 312–314
- people risk management, 308–309
- regulatory risk management, 308
- strategic risk, 314–316
- supplier and third-party risk, 306–307
- technology risk management, 310
- Reporting, 44–45, 239–255
- action tracking, 250–253
- capital, 249–250
- consolidated view, 253, 254
- dashboards, 253
- key risk indicator (KRI), 248–249
- operational risk event, 241–247
- external, 247
- impact of gains on, 241, 243
- internal losses by risk category, 245, 246
- timeliness, 245, 247
- trends in internal losses, 243–244
- risk and control self-assessment, 247–248
- role of, 239–241
- scenario analysis, 249
- Reputational risk, 275–290
- definition of, 275–277
- impact, 277–283
- management framework, 284–289
- regulatory oversight of, 283–284
- “Revisions to the Principles for Sound Practices for the Management of Operational Risk” (2021), 49
- “Revisions to the Principles for the Sound Management of Operational Risk” (2021), 39, 100, 101, 263–264
- Risk and control self-assessment (RCSA), 43, 163–179, 247–248
- best practices, 173–178
- appropriate technology, implementing, 175
- backtesting or validating results, 178
- document results, 174–175
- existing assessments, leveraging, 177
- interviewing participants beforehand, 173
- mitigating actions, identifying, 175
- reporting, 247–248
- review of available background data from other functions, 173
- review of external events, 174
- review of internal loss data, 174
- review of past RCSAs and related RCSAs, 174
- scheduling appropriately, 177–178
- scoring methodology, 175
- selecting and training participants, 174
- taxonomies, ensuring completeness using, 175–176
- themes identified, 177
- methods, 166–169
- hybrid, 169
- questionnaire approach, 167–168
- workshop approach, 168–169
- role of assessments, 163–166
- control assessments, 165
- RCSAs, 166
- risk and control assessments, 165–166
- scoring methods, 169–173
- control effectiveness, 170–171
- probability or frequency, 171, 172
- risk impact, 171, 172
- risk severity, 172–173
- Risk appetite, 45, 257–273
- framework, implementing, 264–268
- firmwide, promoting, 267
- governance, 266–267
- monitoring, 267–268
- as strategic decision-making tool, 265–266
- monitoring, 268–272
- appetite, 269
- capacity, 269
- limits/indicators, 270–272
- tolerance, 269
- regulatory expectations, 259–264
- role of, 257–250
- Risk categories, 6–8
- Risk event categories, 103–112
- Business Disruption and System Failures, 110–111
- Clients, Products, and Business Practices, 108–109
- Damage to Physical Assets, 109–110
- Employment Practices and Workplace Safety, 107–108
- Execution, Delivery, and Process Management, 111–112
- External Fraud, 106–107
- Internal Fraud, 105–106
-
- Sarbanes-Oxley Act (SOX), 13–14, 62, 250, 251
- Scenario analysis, 43–44, 181–196, 249
- approaches, 183–192, 219–221
- appropriate representatives, 188
- background preparation, 185–187
- changes, process responsive to, 190
- clearly defined and repeatable process, 185
- documentation, 189–190
- independent challenge and oversight, 190
- mitigating biases, mechanisms for, 191–192
- modeling operational risk capital, 219–221
- qualified and experienced facilitators, 187–188
- structured process for selection of data, 188–189
- output, 193–195
- reporting, 249
- role of, 181–183
- Securities and Exchange Commission (SEC), amendments to net capital rule, 27
- Senior Supervisors Group (SSG), 262–265
- Société Générale, 135, 136, 142–147
- Solvency II, 13
- “Sound Practices for the Management and Supervision of Operational Risk” (2003), 259–260
- “Sound Practices for the Management and Supervision of Operational Risk” (2011), 66
- Standardized Approach (Basel Accords), 202–208
- Standardized Approach (TSA), 202–208
- alternative, 205–206
- business indicator (BI), 225–226
- business indicator component (BIC), 226–229
- disclosure, 232–235
- future of, 206–208
- internal loss multiplier (ILM), 230–232
- new guidance, 224–235
- Stock prices, reputational impact on, 282–283
- Strategic risk, 314–316, 314–316
- Supplier and third-party risk, 306–307, 306–307
-
- Technology and infrastructure metrics, 158
- Technology risk management, 310
- Tokyo Summer Olympics (2020), 5, 8
- Trade execution and process management metrics, 160
- Training, 75, 75
-
- UBS unauthorized trading scandal, 333–339, 346–349
- “Use test,” 82–83, 82–83
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.