LO 42.1: Explain the motivations for using external operational loss data and common sources of external data.
One reason operational risk departments look at events outside the firm is to gain valuable insights and inputs into operational risk capital calculations. Furthermore, external data is a required element in the advanced measurement approach (AMA) capital calculation under Basel II.
External events can be useful in many areas of the firms operational risk framework, as these events provide information for risk self-assessment activities. They are key inputs in scenario analysis and can help in developing key risk indicators for monitoring the business environment.
Figure 1: External Loss Data in the Operational Risk Framework
Risk Measurement and Modeling / Risk Reporting
f Internal Loss Data Risk and Control Self-Assessment External Loss Data
Scenario Analysis Key Risk Indicators
(KRIs)
Risk Culture / Risk Policies and Procedures
Senior management should take an interest in external events because news headlines can provide useful information on operational risk. Examining events among industry peers and competitors helps management understand the importance of effective operational risk management and mitigation procedures. This is why external data is the key to developing a strong culture of operational risk awareness.
2018 Kaplan, Inc.
Page 61
Topic 42 Cross Reference to GARP Assigned Reading – Girling, Chapter 8
An example of a huge risk event that impacted industry discipline is the 4.9 billion trading scandal at Societe Generale in 2006. This internal loss for Societe Generale demonstrated to the financial services industry how operational risk can lead to large losses. In spite of the lessons learned from this experience, the financial industry saw another huge trading loss event at UBS in 2011, which led firms to reassess how they respond to external events and to ensure any lessons learned do not go unheeded.
Sources of External Loss Data
There are many sources of operational risk event data in the form of news articles, journals, and email services. Operational risk system vendors offer access to their database of events, and there are consortiums of operational risk losses as well. External events are a valuable source of information on individual events and also serve as a benchmarking tool for comparing internal loss patterns to external loss patterns. This process provides insight into whether firm losses are reflective of the industry.
Subscription Databases
Subscription databases include descriptions and analyses of operational risk events derived from legal and regulatory sources and news articles. This information allows firms to map events to the appropriate business lines, risk categories, and causes. The primary goal of external databases is to collect information on tail losses and examples of large risk events. An excerpt showing the total operational risk loss percentages to date by risk category in the IBM Algo FIRST database is shown in Figure 2.
Figure 2: Operational Risk Losses Recorded in IBM Algo FIRST (Q4 2012)
E vent Type
Business Disruption and System Failures Clients, Products, and Business Practices Damage to Physical Assets Employment Practices and Workplace Safety Execution, Delivery, and Process Management External Fraud Internal Fraud Total
% o f Losses 0.41% 48.25% 19.22% 0.88% 6.68% 3.94% 20.63% 100%
% o f E vents 1.54% 46.11% 3.18% 5.97% 7.28% 9.71% 26.20% 100%
Through these statistics, we can see some patterns in operational risk events. For example, 46% of all records fall into the category of Clients, Products, and Business Practices, accounting for 48% of dollar value losses. Internal Fraud is another large area of risk events, with 26% of records and 21% of losses. Damage to Physical Assets is the next most expensive category with 19% of losses but only 3% of events.
Page 62
2018 Kaplan, Inc.
Topic 42 Cross Reference to GARP Assigned Reading – Girling, Chapter 8
Figure 2 shows us that within an internal database such IBM Algo FIRST (FIRST), operational risk losses from Internal Fraud, Damage to Physical Assets, and Client, Products, and Business Practices are more significant than those from other categories. However, keep in mind that the FIRST database includes business lines that are not part of the Basel-specified business lines. This results in relatively high Damage to Physical Assets losses, as insurance company losses are included in that category.
In Figure 3, we see subsets of losses from the FIRST database. (Note that any losses not attributed to one of the Basel business lines have been removed.)
Figure 3: FIRST Losses by Business Line (Q4 2012)
Business L ine
Agency Services Asset Management Commercial Banking Corporate Finance Payment and Settlement Retail Banking Retail Brokerage Trading and Sales Total
% o f Losses 0.35% 14.40% 23.42% 17.56% 2.72% 23.67% 1.30% 16.58% 100%
% o f E vents
2.22% 16.37% 17.70% 9.00% 5.90% 20.79% 10.33% 17.70% 100%
Figure 3 shows about 10% of events occur in the Retail Brokerage business line, but these retail brokerage events account for only 1 % of losses because average losses in this business line are relatively small. Conversely, we see that Corporate Finance generated 9% of events but accounted for 18% of losses. Clearly, average losses in Corporate Finance tend to be more expensive.
We should keep in mind that this analysis is based on publicly available data for operational risk events, which is subject to reporting bias. The FIRST database is useful for financial services firms to compare their risk profiles to the industry by category and business line. FIRST provides insights into events that may not have occurred at a particular firm in the risk modeling process.
Consortium Data
Besides the FIRST approach to collecting data, there are also consortium-based risk event services that provide a central data repository. Operational Riskdata eXchange Association (ORX) is a provider of this data, which is gathered from members to provide benchmarking. ORX applies quality assurance standards to keep all receipt and delivery of data anonymous and to provide consistency in definitions of events.
Unlike subscription services, ORX data does not suffer from the availability bias that skews the FIRST data (which relies on public sources of information). With ORX, all events are entered anonymously into the database; however, the data relates only to a small subset of firms that are members of the consortium. ORX also uses different business lines than FIRST. For example, it splits retail banking into two groups: Retail Banking and Private
2018 Kaplan, Inc.
Page 63
Topic 42 Cross Reference to GARP Assigned Reading – Girling, Chapter 8
Banking. It also renames Payment and Settlement to Clearing. The ORX database has gathered nearly 30,000 events costing its members over 100 billion, which helps highlight the potential costs of operational risk.
ORX publishes reports that summarize the number and amount of losses for each business line and risk category. Regarding the reported contributions, the Retail Banking business area generates 38% of events; most of them in the External Fraud category. Trading and Sales and Commercial Banking follow with about 10% of total events each. Retail Banking has the biggest share of total costs at 46% of total losses. Execution, Delivery, and Process Management produce the largest number of events (36%), with 23% of total costs. Also, Clients, Products, and Business Practices accounts for about 17% of events but more than 50% of losses, which demonstrates that for members of ORX, these events tend to be large. Many firms use information from this category to conduct scenario analysis for potential fat tail events. Data representing dollar value losses of operational risk for each business line is shown in Figure 4.
Figure 4: Dollar Value Losses by Risk Category and Business Line
Clearing Corporate Items Private Banking Asset Management
I
Agency Services I Retail Brokerage I Corporate Finance |l Commercial Banking Trading and Sales Retail Banking $0
$15,000,000,000
$30,000,000,000
$45,000,000,000
$60,000,000,000
Internal Fraud Employment Practices and Workplace Safety Damage to Physical Assets Execution, Delivery, and Process Management
External Fraud Clients, Products, and Business Practices Business Disruption and System Failure
S u b s c r i p t
i o n v s . C o n s o r t
i u m D a t a b a s e s