OPERATIONAL RISK MANAGEMENT Banking is getting more and more complex and highly sophisticated.

Operational Risk Management is an important sector of sound risk management, and this forms a competitive edge in the Liberalized Banking Industry. Organizational structure, role and responsibility The responsibility of risk taking, related controls and mitigation of operational risk shall lie with respective vertical or Department Heads. Organizational Setup for the operational risk management of the bank,

Board of Directors

Risk management Committee of the board (RMC) Operational Risk Group(ORG) Operational Risk Cell(ORC) Support Group for Operational Risk management (SGORM) Board of Directors - Ensuring effective management of operational Risk
-

Responsible for establishing a management structure capable of implementing the Banks Operational Risk management framework.

- Articulate operational risk policy framework.

-

Ensure adequate internal audit coverage to satisfy itself that policies and procedures have been implemented effectively.

Risk management Committee of the Board (RMC)

-

Identify the major risk aspects and classify into distinct risk categories that should be managed.

Review profiles of Operational risk throughout the Organization

- Set and approve expression of risk appetite as recommended by ORG - Review the framework regularly to ensure that various changes in the environment is accommodated. Operational Risk Group
-

To monitor various aspects of Operational risk at the apex level, the bank should have a senior management level committee called the Operational Risk Group.

Receive and Review reports from business lines and other areas about their risk profiles and mitigation programme.

To recommend corrective measures for improvement in process. To continually promote Operational Risk awareness across all the business units.

Assure adequate are being assigned integrate risk as needed.

- To proactively review and manage potential risk due to regulatory changes. Operational Risk Cell
-

To collect and collate information on Operational Risk Profile of the bank and analyze it for identifying, measuring and monitoring operational risk.

- To hold ORG meetings and co-ordinate with various functional department. - To put quarterly reviews reports on OR to RMCS
-

To build a loss data base as per Basel II and to discuss losses occurring on account of systematic lapses.

To co-ordinate with internal audit department to plan assessments and concerns about risks in the bank.

SGORM All the vertical/department heads shall take ownership of the operational risks faced in the departments/ business and shall be responsible for implementing appropriate control mechanisms and adopt suitable risk mitigation measures. Identification, assessment and measurement of Operational Risks Identification of Operation Risks - Effective risk identification consider both internal and external factors that could adversely affect the achievement of banks objectives. - Operational Risk interact with them is identified clearly and subject to adequate assessment and mitigation procedure. Assessment of OR - Possible tools used for assessing operational risks are - Risk Control and Self Assessment - Key Risk Indicators. - Risk assessment and review of product/.

Measurement of Operation Risk Here the Risk is measured through a software ORBIT and there is a strong recommendation from the Basel Committee to have such system. - Key Risk indicators (KRI) data gathering framework. - Trigger reports modules. - Branch Operational Risks rating framework. (BRISK) - Incident Reporting system Quantification of Operational Risk Capital Basel Committee has outlined methodologies for estimation of Capital charges to cover Operational Risk and also RBI issued guidance note on this. 3 methods of measuring operational risks Basic Indicator Approach Bank must hold capital for Operational risk equal to the average over the previous three years of fixed percentage (denoted as ) of positive annual gross income. KBIA = [ (GI1n x )] / n KBIA ---- Capital Charge under basic indicator approach GI N ---- Annual Gross Income over the previous three years ---- Number of (previous 3 years) years for which the Gross income is positive

Easy to implement and universally applicable across banks to arrive at capital charge for Operational risks. Standardized Approach It differs from basic Indicator approach that on the basic premise that, the Banks activity are divided into number of Business units and business lines. As per RBI guidance note, in Standardized Approach, Banks activity are divided into 8 business lines,
-

Corporate Finance Commercial banking Trading and Sales Asset management Payment and Settlement Retail Brokerage Retail Banking Agency and Services

In Each business line, there is likely scale of Operational risk exposure within each of these lines. Total Capital coverage is calculated on the simple summation of the regulatory capital charges across each business line. KBIA = {1-3 years MAX [(GI1-8*1-8), O]} / 3

KTSA --- Capital Charge under Standardized approach GI 1-8 --- Annual Gross Income in a Year, for each business line 1-8 --- a fixed percentage, set by the committee, relating the level of required capital to the level of gross income for each of the business line. Value of is different for all different Activities like, - Corporate Finance - Trading and Sales - Retail banking - Commercial Banking - 18% - 18% - 12% - 15%

- Payment and Settlement - 18%

-

Agency Services

- 15% - 12% - 12%

- Asset management - Retail Brokerage

Advanced Measurement Approach

Under Advanced measurement approach, the regulatory capital requirement will equal the risk measure generated by the banks internal operational risks measurement system using the qualitative and quantitative criteria specified under Advanced measurement approach
-

General Standards

Qualitative Standards

- Quantitative standards

Use of External data

Scenario Analysis Business Environment and Internal Control factors. Controls or Mitigation of Operational Risk Risk Mitigation measure Risk Mitigation through Insurance Legal risk management policy People risk Business Continuity Plan Outsourcing policy Independent Evaluation of ORM framework Scope of Internal Audits Independent evaluation of OR framework by Internal Audits