1 / 30

Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Ameri

Advanced Risk Management Workshop Assessing, Managing and Supervising Financial Risk The World Bank, Washington D.C. Operational Risk and Scorecards. Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Americas 20 May 2004.

adriel
Download Presentation

Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Ameri

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Risk Management WorkshopAssessing, Managing and Supervising Financial RiskThe World Bank, Washington D.C. Operational Risk and Scorecards Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Americas 20 May 2004

  2. Overview • Definition of Operational Risk • Goals of Operational Risk Management • An Operational Risk Management Framework • Risk Map • Internal Loss Data • Control Self-Assessment • Methodology • Issue Tracking • Results • Corporate Governance • Summary

  3. Bank of Tokyo-Mitsubishi • BTM is the largest subsidiary of Mitsubishi Tokyo Financial Group, a bank holding company listed on the Tokyo, Osaka, New York and London stock exchanges. • Formed in 1996 from the merger between Bank of Tokyo and Mitsubishi Bank, BTM is a leading Japanese bank providing retail, commercial, and investment banking products and services. • BTM operates in 44 countries and territories with more than 350 offices located in all the major commercial centers of the world. • In the Americas region, BTM focuses on wholesale banking business with 11 branches/agencies, 10 subsidiaries, 2 loan production offices, and 4 representative offices. BTMHQA, the regional headquarters of BTM, manages one of the largest foreign-owned wholesale banking businesses in the Americas. • 6 Subsidiaries • 8 Branch/Agency • 2 Loan Production Offices • 2 Rep Offices • 4 Subsidiaries • 3 Branches • 4 Rep Offices

  4. Operational Risk • Definition “The risk of loss resulting from inadequate or failed internal processes, people, and systems or external events.” Bank for International Settlements, Basel Committee on Banking Supervision, September 2001 The definition is conceptually intuitive because the daily operations of running and supporting a business are not without risk.

  5. Framework Components Credit Risk Operational Risk Governance / Oversight • CRM Committee • Executive management membership • Approves policies • Reviews risk portfolio • Establishes risk appetite • Oversees risk taking • ORM Committee • Executive management membership • Approves policies • Reviews risk profile • Establishes risk appetite • Oversees risk taking Risk Assessment Subjective assessment Borrower financials Self assessment of risks Borrower ratings Operational risk rating Risk Quantification Capital & reserve Capital & reserve Collection of losses &Forecast of losses • Charge offs • Loss on loan sales • Reserves • Recoveries • Expected losses • Monetary, e.g. legal settlements, fines, etc. • Non-monetary, e.g. system failures • Non-economic, e.g. reputational • Credit approvals • Strong policies and procedures • Oversight by credit risk management function • Strong policies and procedures • Oversight by operational risk management function Control functions Operational Risk as a Risk Discipline

  6. The Goals of Operational Risk Management • Develop awareness throughout the firm of the nature of operational risk and the state of the firm’s risk management environment. • Improve understanding of specific incidents and issues that have affected the firm, and encourage staff to learn from past incidents. • Assign responsibility for oversight of each element of the operational risk management function. • Expect accountability for breakdowns in the risk management process. • Create tools that enable the firm to record and analyze the various facets of its operational risk environment. • Strengthen controls—both existing and new—to minimize operational risk incidents. • Establish a culture in which employees at all levels of the organization are mindful of operational risk in their daily activities, and are proactive in risk control efforts. • Enhance compliance with regulations that address operational risk management practices. • Reduce costs through prevention and mitigation of operational risk incidents.

  7. Operational Risk Management Framework A proactive management framework which is pervasive throughout a firm • Institutional objectives are defined • Executive management articulates the purpose, strategy, and goals of the firm. • Processes are implemented to achieve desired objectives • Business line managers implement processes to accomplish their stated objectives, then identify the associated risks and apply a control framework to realize the objectives. • Results are obtained • Qualitative and quantitative analyses are performed to provide insight into the firm’s risk exposure and monitor management’s response to the stated objectives.

  8. Without well established rules and structure, thia meaaage ia aignificantly leaa eaay to underatand.

  9. Organizational Structure Event Trigger Loss Impact Detection Source Recovery Source ProcessPeopleRelationshipTechnologyExternal Internal / Risk ManagementAuditWhistle blowingOther Detection Source InsuranceLegal SettlementReturn of AssetsRepaymentOther Recovery Source Economic Monetary Non-monetary Non-economic Risk Map Risk Map

  10. Risk Map Internal Losses • Capture data on economic and non-economic operational risk loss events, and operational risk near misses for risk identification • Development of an operational risk capital allocation methodology

  11. Control Self-Assessment A risk management tool used by business managers to transparently assess risk and control strength and weakness against a Control Framework. The “self” assessment refers to the involvement of management and staff in the assessment process. Losses Risk Map

  12. Enhance Corporate Governance under CEO for the Americas The primary purpose of the CSA is to enhance corporate governance at BTM, building upon two major firm-wide initiatives: Improve Overall Control Environment at BTM Control Self-Assessment Objective 1. Balanced Scorecard (top-down approach to articulate strategy) and 2. CSA (bottom-up approach to manage risks) 1) Institutionalize Proactive Risk Management Culture: Equip business units with risk/control management techniques, and foster their sense of risk/control ownership. 2) Enhance Operational Risk Management Information Systems: Enhance risk management reporting mechanism that aggregates and analyzes individual CSA results. 3) Improve Overall Operating Framework: Based on the results of CSA, improve the overall operating framework, such as organization structure, functional responsibilities and incentive systems to foster inter-BU collaboration.

  13. Features of BTM’s CSA Methodology Linkage to BSC CEO Top-down Bottom-up Strategy Execution Financial Risk Assessment Control Assessment Objective Setting Performance Evaluation BSC CSA Customer Risk Assessment Control Assessment Objective Setting Performance Evaluation • Articulate strategies • Cascade down strategies • Align organization • Evaluate performance • Analyze processes • Assess risks • Assess controls • Indicate risks • Formulate action plans Internal Process Objective Setting Performance Evaluation Risk Assessment Control Assessment Human Capital Objective Setting Performance Evaluation Risk Assessment Control Assessment

  14. Features of BTM’s CSA Methodology ORCAFramework Objectives Risk Assessment Action Plans KeyIndicators Controls

  15. Features of BTM’s CSA Methodology Two-tiers: General Manager and Group-Levels GM-Level CSA 1)GM-Level CSADefine the universe of key objectives/ businesses processes from GM’s point of view and have groups conduct detailed group-level CSA. Select key objectives and business processes from GM’s point of view for Group-Level CSA Conduct detailed CSA on objectives and processes specified by GM; Report the findings to GM 2) Group-Level CSA Assess risks and controls for the key objectives / business processes identified by GM-Level CSA. Report to GMs the CSA results. Group-Level CSA Group-Level CSA Group-Level CSA Group-Level CSA

  16. 4) Group CSA Wrap-up 3) Group CSA (2nd Day) 1) GM CSA 2) Group CSA (1st Day) • Summarize CSA results • Report to GM • Time: 30 Min. • Assess controls • Assess residual risks • Formulate action plans • Assign key indicators • Time: 2-3 Hours • Analyze processes • Define the universe of objectives and processes • Assess and classify risks • Select objectives and processes for Group- Level CSA • Hypothesize “cause and effect chain • Evaluate inherent risks • Time: 2 Hours • Time: 2-3 Hours Features of BTM’s CSA Methodology Workshop Based CSA • CSA at BTM is conducted in a workshop format. All necessary risk management techniques and concepts such as process analysis, inherent and residual risks and key indicators are introduced during the workshop. • CSA facilitators, using the ORCA framework, promotes active communication and knowledge sharing among participants on risk / control management issues of the group.

  17. Features of BTM’s CSA Methodology Process Mapping and Risk Scenario Thinking • Guided by facilitators, business processes are broken down into and mapped as 5-7 procedural units. • After analyzing business process, identified risks are organized and summarized as risk event scenarios (i.e. cause-event-effect chain). Process Map : Business Process Analysis Procedural unit 1 Procedural unit 4 Procedural unit 2 Procedural unit 5 Procedural unit 3 Risk? Risk? Risk? Risk? Risk? Risk Scenario : Hypothesis of cause-effect chain Identify all risks that reside in a business process, and formulate risk scenarios Cause A Risk Event A Cause B Effect (Loss) A Risk Event B Cause C Effect (Loss) B Risk Event C Cause D

  18. Features of BTM’s CSA Methodology Risk Assessment by Frequency & Severity • BTM evaluates magnitude of risks from two aspects:“Frequency” and “Severity” • BTM visualizes both “inherent risk” and “residual risk” by mapping the frequency and severity on a “heat map” Inherent Risk Residual Risk Frequency Severity

  19. Key Success Factors of BTM’s CSA Point 1 Comprehension of business processes by all business areas Point 6 Proactive utilization of CSA results by management 1. Identify business objectives and processes 8. Enhance the control framework 2. Analyze business processes Point 5 Objective assessment by internal auditors 7. Test controls 3. Identify and prioritize risks Point 4 Integrity of data collection Point 2 Proper and consistent application of “Risk & Control” evaluation method 6. Monitor risks 4. Assess controls 5. Determine risk profiles Point 3 Clear articulation of risk appetite

  20. Next Step: Enhancement of CSA Feedback Loop to CEO Internal Audit Confirmation CEO Verification of GM CSA Results ORM Committee GM CSA Escalation of CSA Results Internal Audit Group CSA Validation by Internal Audit

  21. Risk Map Issue Tracking • Monitor the firm’s progress in resolving issues detected during internal and external examinations • Identify institutional thematic issues to be raised to management Losses CSA

  22. Risk Map Operational Risk Management Framework Executive Management Losses Issues CSA

  23. Operational Risk Management Framework A proactive management framework which is pervasive throughout a firm

  24. Results • Qualitative • “Bottom-up” feedback to executive management to ascertain how successfully the organization accomplished its strategic vision • Identification of interdepartmental and thematic risks within the firm • Quantitative • Capital Allocation (derived from Loss Data) • CSA Metric Score • Inherent & Residual Risks Model • CSA Scenario Engine • Issue Resolution Metric

  25. Results: Value-at-Risk Example Calculated Capital

  26. Results: CSA Metric (cont.) Example Score: 4.76

  27. Results: Inherent & Residual Risks (cont.) Inherent & residual risks model provides a sense of the potential monetary impact before and after the implementation of controls. High Inherent Risk Residual Risk Risk 1 Risk 2 Frequency Risk 3 Risk 2 Risk 3 Risk 1 High Low Severity

  28. Corporate Governance The ORM framework presented is the foundation of a robust corporate governance structure. It enables the organization to inform executive management of the current state of the firm’s risk environment on an ongoing basis. Furthermore, the framework readily lends itself to Sarbanes-Oxley and BIS II compliance. The expected benefits of a strong corporate governance structure are

  29. Synopsis • The presented Operational Risk Management framework • Provides flexibility and dynamism to evolve with a changing firm • Allows a firm to manage risk from both the “top-down” and “bottom-up” perspectives • Is an integral component of a strong corporate governance structure

  30. Contact Information Gene Álvarez, Ph.D. Operational Risk Management Department The Bank of Tokyo-Mitsubishi, Ltd. Headquarters for the Americas 1251 Avenue of the Americas New York, New York 10020-1104 212-782-4429 galvarez@btmna.com

More Related