Operational risk

Risk of accidental loss due to internal control defects

Collection

zero Useful+1

zero

Operational risk refers to information system or internal controls Risk of accidental loss caused by defects. Causes of operational risk include: Human error 、 computer system Faults, improper working procedures and internal control, etc.^[1]

Chinese name: Operational risk
Foreign name: operational risk
Category: Bank risk

Content: Earthquake, flood, fire, terrorist attack, etc
Contains: Legal risk
Not included: Strategic risk and reputation risk.
Define time: one thousand nine hundred and ninety-seven

catalog

six About the author
seven Bibliography

brief introduction

Announce

edit

Basel Committee on Banking Supervision The formal definition of operational risk is: operational risk refers to the risk of direct or indirect losses caused by imperfect or problematic internal operational processes, personnel, systems or external events.^[2] This definition includes Legal risk , but does not include strategic risks and Reputational risk 。

definition

Announce

edit

Operational risk

The British Banker Association (BBA, 1997) first gave the definition of operational risk Human error , incomplete program control , fraud and criminal activities, which are caused by technical defects and System crash Caused by. After extensive discussion and debate, in May 1998, IBM (UK) Establishment initiated by the company The first industry advanced thought management forum - Operational Risk Forum, in which operational risk is defined as: operational risk is the possibility of suffering potential losses, which is due to improper customer and design Control system Various risks caused by control system failure and uncontrollable events. Losses may come from internal or external events, macro trends and failure of the company decision-making body and internal controls System, information system, administrative organization Code of Ethics Or other major control means and standards. It does not include other existing risk categories such as market risk 、 credit risks and Decision risk 。 Through this meeting, the above conclusive definition began to be accepted by most banks. Basel Committee The definition of operational risk is also based on this.

According to《 New Basel Capital Accord 》, operational risk can be divided into personnel , systems, processes and external events, which can be divided into seven forms: internal fraud, external fraud, employee recruitment practices and Workplace Security, customers, products and business practices, Physical assets Damage, business interruption and system failure, delivery and Process management 。

Operational risk International Bank The industry attaches great importance to it. This is mainly because banking institutions are becoming larger and larger, and their products are becoming more diversified and complex, banking business High dependence on IT technology represented by computers, financial industry and financial market Of globalization As a result of this trend, some mistakes in "operation" may bring great or even extremely serious consequences. Over the past decade or two, there have been many painful lessons in this regard. Barings Bank The collapse of the company is a frightening example.

Risk Overview

Announce

edit

In many financial institutions, the losses caused by operational risk have been significantly greater than market risk and credit risk. Therefore, international Financial circles And regulatory organizations have begun to explore and build operational risk management technologies, methods and organizational frameworks, and have made significant progress. However, from the domestic banking Seen from the situation, the understanding and management of operational risk still remain at a relatively superficial level. The focus of the regulatory authorities has always been positioned in the field of credit risk, and the regulatory resources are excessively inclined to banks Non performing assets So that the bank's operational risk has continued in recent years Upward trend 。

Therefore, attention to operational risk has become an unavoidable topic for commercial banks in China banking The top priority of risk management is the unclear ownership of bank staff's operational rights, which is the root cause of operational risks. The integrated IT platform clearly defines the operational rights State-owned commercial bank The top priority of.

1、 Operational risk

Intensify reform

1. Establish perfect Corporate governance structure 。 China's commercial banks should establish standardized The general meeting of shareholders 、 Board of Directors 、 Board of Supervisors System, set up independent directors, and establish the power division between the general meeting of shareholders, the board of directors, the board of supervisors, and the president's management Checks and balances of power Effective structure, through advanced management layer Check and balance power, restrain "insider" control“ moral risk ”Occurrence of.

2. Promote the management structure and Business Process Reengineering And fundamentally solve the problem of operational risk control.

3. Reform the assessment and evaluation methods. Correctly guide branches to improve on the basis of structural adjustment and risk prevention Operating benefits To prevent focusing on scale over benefit. It is necessary to reasonably determine the task indicators Internal control management Incorporate it into the assessment system and practically strengthen and improve the bank Prudent operation And management to strictly prevent operational risks. It cannot be formulated, which may lead to deviation from the established Business objectives Or illegal operation excitation mechanism 。

Continuous improvement internal control system

While adhering to the effective internal control system in the past, commercial banks should grasp the situation, stick to the business, and constantly study new operational risks control point Improve the internal control system, timely and effectively assess and control possible operational risks, and eliminate various potential safety hazards in the bud.

At present, we should focus on the following seven aspects to improve the internal control system: first, establish a corresponding authorization system, and implement unified legal person management and legal person authorization; Second, establish necessary Separation of duties , and the system of horizontal and vertical mutual supervision and restriction; Third, it is clear Key positions Special post Incompatibility Position and control requirements; Fourth, continuous recording and Supervision and inspection ； Fifth, for products organization structure , process computer system The design process of control program ； Sixth, establish Information security management system , for hardware, operating system, and application program , data and Operating environment , as well as design, procurement, safety and use implementation control; Seventh, establish and maintain Emergency plan And procedures to ensure business continuity.

Fully implement operational risk management responsibility system

First, it is necessary to sign responsibility contracts for operational risk prevention at all levels, so that risk-prevention Responsibility objectives With employees personal interests It is directly linked to form a pattern of major prevention work in which the heads of the banks at all levels take overall responsibility, the leaders in charge take direct responsibility, the relevant departments perform their respective duties and responsibilities, and front-line employees actively participate. Secondly, we should really implement Accountability 。 It is necessary to clarify the rights and responsibilities of managers at all levels and each operator in preventing operational risks, and publicize their responsibilities. In the future, in case of major bank cases, someone should be held accountable in a timely manner, and the person responsible for the incident should also be investigated in depth. Serious cases, important cases or ineffective measures shall be investigated strictly Executive And the person directly responsible, and the inspection department, audit department and personnel shall be held responsible for concealing the problems found in the inspection, reporting false information or ineffective inspection, supervision and rectification.

Effectively improve operational risk management

1. Constantly explore and gradually improve operational risks metering method 。 Although there is no perfect method for measuring operational risk Comprehensive risk management It is inevitable to accurately measure operational risks and accrue reserves Development trend 。

2. Strengthen the application of information technology. In the process of data centralization Business system operating platform Construction, find out the loopholes in the design comprehensively, and improve the system software.

3. Establish sound operation Risk identification and assessment System. It is necessary to draw on international advanced experience and use modern scientific and technological means to gradually establish a monitoring, evaluation and early warning system covering operational risks of all business categories, and identify and assess all current and future potential operational risks and their nature.

4. Establishment and improvement Internal information exchange System. For the frequently occurring management personnel, take the lead in implementing violations, force subordinates to operate in violation of regulations, and form cases and Capital risk Bank should establish and improve employees Reporting system Rely on and mobilize front-line employees, encourage the prosecution of violations, and resolutely curb all kinds of cases, especially major cases major crimes High momentum.

strengthen Personnel management

First, we should firmly establish a people-oriented Management ideology And fully mobilize and rely on the staff to do a good job in operational risk management.

Second, strengthen ideological and political education. We should carry out in-depth investigation and resolution of contradictions, disputes and unstable factors, and resolve contradictions, disputes and unstable factors within the unit and in the bud in many ways and at multiple levels.

Third, strengthen risk awareness Education. We should unremittingly carry out safety angle education, typical case education, rules and regulations education, and improve the staff of the whole bank Safety awareness And compliance Law-abiding concept 。

Fourth, we should timely and thoroughly understand the working and living conditions of personnel at important posts, grasp the dynamic changes in thinking and behavior Anomie of behavior The employees of, Serious circumstances We should deal with it seriously.

2、 Main reasons

1、 Corporate governance structure unsound. everything owner Inadequate supervision of agents. Second, internal Check and balance mechanism imperfect. The balance mechanism between the board of directors, the board of supervisors and the management has not been really established. Third, there is the phenomenon of "insider" control. Due to the vacancy of state-owned commercial bank owners, it is easy for bank executives to take advantage of Government property rights The weak control of the "insider" control in fact is formed to carry out illegal and disciplinary activities. Fourth internal controls The capability decays step by step. The "five level" linear management structure of state-owned commercial banks, due to the long internal management chain, Information exchange Asymmetrical. According to the principle of "transformer", the head office's control over the branches has declined layer by layer, and there are many management loopholes.

2、 Internal control system The construction is not complete. First, it is not systematic internal control system , inadequate control coexists with decentralized control, and business development and internal control system construction are lacking Synchronicity In particular, the development of new business lacks the necessary system guarantee, and the risk is relatively high. Second, the internal control system entirety Not enough. Inadequate control over affiliated branches and lack of effective supervision over decision-making management. For business Personnel supervision Much more, but less supervision and restriction on managers at all levels. Third, the authority of the internal control system is not strong. Low efficiency of audit resource allocation, audit Audit function The internal audit department did not fully play its role Error checking Functions of leakage prevention and operational risk control.

3. The risk management method is backward, and the application of information technology is seriously lagging behind.

4. Employees Team management Not up to standard. In their daily work, bank managers attach more importance to business development than team building; Paying more attention to the use of employees than the management of employees, not enough understanding of employees' ideological trends, and the imperfect reporting mechanism make it impossible to detect and stop the operational risks that could have been prevented in advance.

5. Assessment and incentive policies that conflict with risk control are easy to induce operational risk.

Related schematic diagram

6. Social transformation and banking reform are prone to operational risks. current public security The situation is still grim, and crimes such as robbery, fraud and theft against banks occur from time to time. From the inside of the bank, state-owned bank The ongoing share reform, accompanied by the withdrawal and merger of institutions, has also brought a large number of redundant personnel digestion problems, and led to the sharpening of various contradictions.

Type characteristics

Announce

edit

1、 Type:

Internal fraud

Fraud, misappropriation of assets, violation of laws and the company's Rules and regulations act.

External fraud

Fraud, misappropriation of assets and violation of laws by a third party.

Risk event

Claims for compensation due to non performance of the contract or non-compliance with labor health and safety regulations.

Events caused by customers, products and business behaviors

Books related to operational risk

Intentional or unintentional failure to meet the specific needs of a customer, or failure due to product nature and design problems.

Tangible assets Loss of

because Catastrophic event Or other events.

Business Disruption & System Failure

For example, software or hardware errors, communication problems, and equipment aging.

Related to execution, delivery and transaction process

For example, transaction failure, cooperation failure with partners, transaction data input Wrong and incomplete legal document Unauthorized access to customer accounts, and seller disputes.

2、 Features:

And credit risks 、 market risk In comparison, operational risk has the following characteristics:

(1) In operational risk risk factor A large proportion comes from the bank's business operations, which are endogenous risks within the bank's controllable range. Single operation There is no clear and definable quantitative relationship between risk factors and operational losses.

(2) From Coverage Look, operate risk management Almost covered the banks Operation management Different risks in all aspects. Including daily life with high frequency but relatively low loss operation flow Minor mistakes in handling also include those that occur with low frequency, but once they occur, they will cause great losses, or even endanger the survival of the bank natural disaster , large-scale fraud, etc. Therefore, it is almost impossible to try to cover all areas of operational risk in one way.

(3) For credit risk and market risk, there is a one-to-one mapping relationship between risk and reward, but this relationship is not necessarily applicable to operational risk.

(4) Large business scale Trading volume Business areas with large and rapid structural changes are most likely to be impacted by operational risk.

(5) Operational risk is a very broad category, and operational risk management involves almost all departments within the bank. Therefore, operational risk management is not only the risk management department and Internal Audit Department Things.

our country commercial bank Main characteristics of operational risk

Some people in China have carried out Empirical analysis 。 According to the research results, the main characteristics of operational risk of commercial banks in China can be summarized as follows:

(1) Loss events mainly focus on Commercial Banking and Retail Banking , which can be mainly attributed to internal fraud and external fraud. The largest proportion of loss events is internal fraud in commercial banking business.

(2) Single transaction amount of damages The mean value of is very different. When measuring operational risk, each Business Department And under each risk event combination Loss distribution situation.

(3) The number of loss events and the total number of bank Asset size become positive correlation , but the amount of loss and total assets No obvious relevance 。

(4) From the number of loss events and the regional distribution of loss amount, operational risk does not necessarily occur in economically developed branches, but it will certainly occur in weak management Risk Management An area of low consciousness.

Book information

Announce

edit

essential information

Operational risk

Title: Operational Risk

Author: Anna Chernoby (USA) Frank Faberz (USA)

press: Northeast University of Finance and Economics Press

Published in: January 2010

ISBN : 9787811229004

Format: 16

Price: 36.00 yuan

content validity

Operational Risk: Basel II Capital Requirements, Models and Analysis Guidelines content validity Although operational risk has always been regarded as a part of "other" risks - outside the field of credit risk and market risk - it has quickly occupied the forefront of the financial field. In fact, with New Basel Capital Accord As a result of the gradual implementation of, many financial experts, as well as other people preparing to enter the field, must now be familiar with many matters related to operational risk modeling and management.

The Operational Risk - A Guide to Capital Requirements, Models and Analysis of Basel II, written by an experienced team composed of Anna Chernoby, Svetloza Witff and Frank Faberz, will introduce you to the core concepts related to the Basel II. This comprehensive guide is famous for its profound insight, professional advice and innovative research. It not only presents readers with a lot of information about operational risks, but also provides many cases to deepen their understanding of the issues discussed.

The following topics are included:

Major challenges in the field of operational risk modeling

Various methods for building operational risk models

Value at risk and its operation Risk quantification And management

The Three Pillar Structure of the New Basel Capital Accord

About the author

Announce

edit

Anna Chernoby

Doctor, USA New York syracuse university Associate Professor of Finance, Martin Whitman School of Management. Its research focus is operational risk management.

Swett Loza ·Witff

Doctor, professor of economics and business engineering of Karlsruhe University in Germany, and professor of the University of California, Santa Barbara emeritus professor And FinAnalytica's Chief scientist 。

Frank Fabozzi

Doctor· Certified Financial Analyst ， Yale University Professor of the School of Management who teaches financial practice and editor in chief of the Journal of Portfolio Management.