The new BIS Capital Accord requires banks to reserve capital against operational risk. But what is operational risk and what does a financial intuition have to do to ensure compliance?
The operational risk requirements of Basel II (International Convergence of Capital Measurement and Capital Standards) place a heavy emphasis on the identification, assessment, monitoring and control of operational risk. The ultimate requirement for reserving capital against operational losses are closely linked to the actions that a bank needs to take to manage these risks. Keeping a banks capital allocation against Operational Risks is a hands-on business, based on controlling and mitigating risk.
Credit risk is well catered for in exceptional detail. Credit risks are clearly understood by all players, for credit is the reason why banks exist. In the current mad scramble to meet the Basel II requirements, credit risks have been getting the lion’s share of attention while far less attention has been given to the operational risk issues. Basel II is more than just reserving capital against credit and operational risk. Now for the first time, banks have to take into account the operational risk aspects as well.
To start with, Basel II provides a range of options for determining the capital requirements of credit and operational risks. This allows banks and bank supervisors the opportunity to select the most appropriate option for their operations and their financial market infrastructure. Additionally, allowance is made for a limited degree of national discretion in the way in which each of these options may be applied.
Based on the Basel II requirements, I summarize briefly what needs to be done to effectively implement the operational risk aspects of this important international standard.
The bank board
The starting point is the board of the bank and the creation of an appropriate “Risk Management Policy”. It should be remembered that bank boards generally do not have members with operations experience. Very often board members are drawn from business areas within the bank whose primary concern is revenue generation. Operational risk controls cost money and generally reduce profits – which means that they are not really a popular boardroom subject. Bank boards need to be educated and coaxed into the role they have to play in the mitigation of Operational Risk.
To effectively implement operational risk controls it is first necessary to identify the risks and then to establish appropriate written board policies and procedures to reduce these. These policies are the foundation for the development of risk control measures and need to be established for the whole range of operational issues including products, processing, IT & security and business continuity.
Risk mitigation can only be effective if a centralized risk management unit controls the whole risk reduction process. Most banks internal risk functions are fragmented and split over numerous areas (such as IT security, internal audit, physical security etc.) that tends to render a common risk policy ineffective. A critical element in the whole approach to operational risk control is the centralization of this function at a director level within the bank.
Risk Assessment
Once the appropriate policies are in place the next step is to undertake a risk assessment. Risk assessment is the process that identifies and evaluates the internal and external factors that could adversely affect the achievement of a banking organization’s operational, information and compliance objectives. In the full sense of the word this should cover all the risks such as credit, market, liquidity and operational risk. For our purposes we limit our focus on operational risk alone. Under Basel II operational risk is defined as “… the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This definition includes legal risk, but excludes strategic and reputational risk.
Basel II is specific on the actions that need to be taken in operational risk management. These actions are based on international risk containment standards, most of which have been developed through the Bank for International Settlements. There is a strong emphasis on detailed definitions and documentation relating to the use of the methods, the development of policies and their implementation. There is less focus on technology and more on doing.
Risk mitigation implementation
Once the Risk Assessment has been completed the previously defined risk reduction policies need to be implemented.
Implementing Basel II is not a once off operation. It is an ongoing process aimed at limiting a bank’s exposure to risks. In the operational area reducing and containing operational risks so as to control the amount of capital that will have to be reserved. This ongoing process can only be achieved through the following steps;
Mobile Manners
The mobile phone has become ubiquitous. It is the one hi-tech device that has become the universal calling card for humankind. Yet despite the privilege and the benefits that this instrument bestows it has turned many folk into rude bores bereft of any manners in their slavish obedience to this twenty-first century icon.Is the Financial Crisis Really Over?
To really fix the financial and banking system governments and regulators need to get to the core of the problems that led to the 2007-9 financial crisis. The evidence so far indicates that the current approach has failed and that throwing money at banks is not a part of the solution. Unless the authorities can get the “fix” right we are facing ongoing crisis as banks revert to their old ways with little regard for anyone but themselves.Mobile Payments & Remittances – Dangers Ahead
The use of the mobile phone for the transfer of workers’ remittances and for small payments holds much promise, especially in Africa. However two problematic issues threaten the mobile revolution. These are the attitude of the banks to their prospective clients and the attitude of bank regulators to non-bank participants.