by Ken Hartlage, Head of Corporate Development at Information Mosaic
“Operational risk is the common link between several headline events (e.g. UBS rogue trader, MF Global, Global Payments, LIBOR manipulation, HSBC AML events, JP Morgan synthetic credit transaction losses, Standard Chartered AML events, and Knight Capital). These events underscore the need for supervisors to increase focus on operational risk management.”
That quote is from the Financial Stability Board (FSB)’s November 2012 progress report to the G20. The Report focuses on operational risk, which is defined under Basel II as “the risk of loss resulting from inadequate or failed internal processes, people and systems, as well as from external events”. The FSB not only acknowledges the current challenge managing operational risk but emphasises that challenge will only become greater as banks expand their offerings in search of new revenue sources.
If the definition of operational risk seems like it covers a lot of ground, it does. As the FSB Report states: “Operational risk covers a myriad of risks across the enterprise, including people risk, outsourcing risk, internal and external fraud, money laundering, technology risk, etc.”; furthermore, it includes both the direct losses of an incident as well as the consequential losses, such as those arising from market exposure. Given the potential impact of operational risk, the FSB’s concern is not surprising. But just how large a problem is it?
To get a sense of scale we turn to findings published by the Operational Risk eXchange Association (ORX), the not-for-profit financial industry association dedicated to advancing the measurement and management of operational risk. ORX’s 65 member banks categorize and report operational risk losses in excess of €20,000, and its 2012 Report on Operational Risk Loss Data gives some insight into its pervasiveness.
For example, in 2011 member banks reported a total of 36,528 loss events with total gross losses of €25.1bn – an average of €687,430 per incident. Yet what is particularly revealing is the impact operational risk has to bank profitability: ORX reports that the 2011 gross loss amount per €100 of gross income was €2.84. That’s nearly 3% of bank income gone, due largely, as we shall see, to preventable situations.
WANT TO BUILD A FINANCIAL EMPIRE?
Subscribe to the Global Banking & Finance Review Newsletter for FREE Get Access to Exclusive Reports to Save Time & Money
By using this form you agree with the storage and handling of your data by this website. We Will Not Spam, Rent, or Sell Your Information.
So where did all these losses come from? According to the ORX Report, about 20% of gross losses fell into an event type called Execution, Delivery and Process Management, which covers losses due to incorrect reference data, missed deadlines, late or inaccurate regulatory reporting and a range of other activity based functions. However, the largest chunk of losses – nearly 65% – stemmed from the Clients, Products and Business Practices event type, which encompasses a range of issues from product suitability and disclosure to improper trading, insider trading, and market manipulation. In short, over €20Bn of 2011’s operational risk losses can be attributed to failed processes, procedures and controls.
Which leads us back to the FSB Report and its emphasis on enhancing operational risk management. The FSB doesn’t underestimate the scale of the challenge, and rightly recognises that operational risk management and supervision, as a whole, needs revisiting. Firstly, it acknowledges “the capital regime for operational risk is far less advanced compared to the regime for market risk and credit risk.” Moreover, the Report recognizes that capital reserves are a useless tool to remedy certain risk events, such as business continuity failure, and concludes that banks and supervisors should focus on the prevention and detection of operational risk. To that end the FSB has directed the Basel Committee on Banking Supervision to review and revise several of its seminal operational risk guidelines. The implications of that review will be explored in the next installment
(Ken has been with Information Mosaic since 2006. He is responsible for company strategy, marketing and new business initiatives. He has over 25 years experience in transaction banking and custody at major banking firms).