LO 41.1: Describe the seven Basel II event risk categories and identify examples of

LO 41.1: Describe the seven Basel II event risk categories and identify examples of operational risk events in each category.
Basel II provides seven categories of level 1 loss events that most firms have adopted to meet their own operational risk (OpRisk) framework requirements. OpRisk models are concerned with identifying and mitigating operational risks of the firm that are a function of people, systems, and external events. The seven Basel II event risk categories are described in Figure 1 and are intended to capture all potential operational risks. Every loss event should be mapped to the risk event categories outlined in the firms operational risk management policies and procedures. Flowever, some loss events may fall under more than one category.
It is important to recognize that the severity and frequency of losses can vary dramatically among the categories. For example, loss events are small but occur very frequently in the E xecution, D elivery, a n d Process M a n a gem en t category. Whereas, losses are much less frequent but typically have a large dollar amount in the Clients, Products, a n d Business P ractices category as these loss events commonly arise from substantial litigation suits.
The modeling of loss event data differs for each category. Thus, it is important to make sure every event is placed in the appropriate group. When assigning loss events, consistency is more important than accuracy. Effective operational risk management requires that similar events are consistently categorized the same way. If mistakes are made classifying risks in past years it will impact the risk management control process and reporting to regulators. In order to properly classify risks, it is important for the firm to perform a comprehensive risk mapping exercise that details every major process of the firm. The process of identifying and classifying risks is commonly referred to as OpRisk taxonomy.
2018 Kaplan, Inc.
Page 43
Topic 41 Cross Reference to GARP Assigned Reading – Cruz, Chapter 2
Figure 1: Level 1 Categories of Operational Risk Events
Event Category
Execution, Delivery, and Process Management Clients, Products, and Business Practices
Business Disruption and System Failures Internal Fraud
External Fraud
Employment Practices and Workplace Safety
Damage to Physical Assets
Definition
Losses from failed transaction processing or process management from relations with trade counterparties and vendors. Losses arising from unintentional or negligent failures to meet a professional obligation to specific clients (including fiduciary and suitability requirements) or from the nature or design of a product. Losses arising from disruption of business or system failures.
Losses due to acts intended to defraud, misappropriate property, or circumvent regulations, the law, or company policy. Losses due to acts intended to defraud, misappropriate property, or circumvent the law, by a third party. Losses arising from acts inconsistent with employment, health, or safety laws or agreements, from payment of personal injury claims, or from diversity/discrimination events. Losses arising from loss or damage to physical assets from natural disaster or other events such as vandalism or terrorism.
Source: Basel Committee on Banking Supervision, Annex 9, Basel II: International Convergence o f Capital M easurement and Capital Standards: A Revised Framework, 2006.
Each of these seven level 1 categories identified in Figure 1 is then further broken down into a level 2 subcategory. As mentioned previously, the first two event types in Figure 1 have a higher frequency and severity of losses. Thus, it should not be surprising that there are more level 2 subcategories for these two event types. The level 2 categories help to further classify the type of loss event. Figure 2 identifies the six level 2 categories for the event type identified in level 1 as Execution, Delivery, and Process Management (EDPM).
For financial firms, the EDPM category typically has the highest frequency of occurrence compared to the other categories. Business units in financial firms often deal with large numbers and executions of transactions. Due to the large volume of transactions on a daily basis, miscommunications and data-entry errors are common. For example, in the futures market, FX transactions are typically very large in order to compensate for the low margins of this product line. Errors in finalizing a transaction even for a few days can result in large losses as counterparties will require compensation for the use of funds. Identifying where the errors occur and the number of occurrences is necessary for managing these OpRisks.
Page 44
2018 Kaplan, Inc.
Topic 41 Cross Reference to GARP Assigned Reading – Cruz, Chapter 2
Figure 2: Execution, Delivery, and Process Management (Level 1)
Level 2 Event Category
Examples
Transaction Capture, Execution, & Maintenance errors
Data entry, miscommunication, delivery failure, and accounting
Monitoring & Reporting Mandatory reporting failure, inaccurate external report of loss
incurred Missing client permissions, incomplete documents
Customer Intake & Documentation Customer/Client Account Management Trade Counterparties Vendors & Suppliers
Unapproved access, incorrect client records with loss incurred, negligent loss Non-client counterparty misperformance or disputes Outsourcing or vendor disputes
Source: Basel Committee on Banking Supervision, Annex 9, Basel II: International Convergence o f Capital M easurement and Capital Standards: A Revised Framework, 2006.
The second Basel II category listed in Figure 1 is Clients, Products, and Business Practices (CPBP). The most common type of loss events in this category arise from disagreements between clients and counterparties, as well as regulatory fines for negligent business practices and advisory fiduciary duties. Litigation cases are high in the United States and the severity of losses is very high even though the frequency of loss events is typically less than the EDPM category. Figure 3 provides the level 2 subcategories with examples for the CPBP category.
Figure 3: Clients, Products, and Business Practices (Level 1)
Level 2 Event Category Suitability, Disclosure, & Fiduciary Improper Business or Market Practices Product Flaws Selection, Sponsorship, & Exposure Advisory Activities
Examples
Fiduciary violations, disclosure issues, privacy violation, account churning Antitrust, improper trade or market practices, insider trading, market manipulation Product defects, model errors Client guidelines failure or excess client limits
Advisory performance disputes
Source: Basel Committee on Banking Supervision, Annex 9, Basel II: International Convergence o f Capital M easurement and Capital Standards: A Revised Framework, 2006.
The Business Disruption and System Failures (BDSF) category is far less common than the first two Basel II categories. A system crash will result in substantial losses for a firm, but most of these losses would be categorized under the EDPM category. The following example illustrates a type of BDSF loss. Suppose a banks funding system crashes early in the day and is not back online until after the money markets are already closed after 4:00 p.m. EST. Due to this system crash, the bank needs to fund an extra $30 billion for the days activities. To do so, the bank must make special arrangements with counterparties at a much higher cost than the daily average funding cost. Basel II defines failed activity examples leading to loss events in the BDSF category as hardware, software, telecommunications, and utility outage.
2018 Kaplan, Inc.
Page 45
Topic 41 Cross Reference to GARP Assigned Reading – Cruz, Chapter 2
The Basel II level 1 E xternal F raud category has only two sub categories: (1) theft and fraud and (2) systems security. Examples of activities that are classified under the theft and fraud subcategory are theft, forgery, and check kiting. Examples of activities that are classified under the systems security subcategory are hacking damage and theft of information with monetary losses.
The Basel II level 1 In tern a l F raud category also has only two subcategories: (1) unauthorized activity and (2) theft and fraud. Examples of activities that are classified under unauthorized activity are intentionally not reporting transactions, unauthorized transaction type, and the intentional mismarking of positions. Examples of activities that are classified under the theft and fraud subcategory are fraud, theft, extortion, embezzlement, misappropriation of assets, forgery, tax evasion, and bribes.
The Basel II level 1 E m ploym ent P ractices a n d W orkplace Safety {EPWS) category has three subcategories: (1) employee relations, (2) safe environment, and (3) diversity and discrimination. Examples of activities that can lead to losses in the employee relations subcategory are compensation, benefit, termination, and organized labor. Examples of activities in the safe environment category are generally liabilities from accidents, employee health and safety rules, and workers compensation. The last subcategory, diversity and discrimination, captures all activities related to discrimination issues.
The last Basel II level 1 category for Op Risk loss events is D am age to P hysical Assets (DPA). The only subcategory is disasters and other events. This category and subcategory captures all loss events related to natural disasters and human losses from external sources such as vandalism and terrorism.
C o l
l e c t i n g a n d R e p o r t i n g I n t e r n a l L o s s D a t a

Write a Comment