Course Methodology
This course will cover a wide range of learning methods including explanatory slides, case studies, and detailed examination of Excel models in an interactive workshop style environment.
Course Objectives
By the end of the course, participants will be able to:
- Analyze the range of circumstances that can contribute to substantial operational losses.
- Develop and create Key Risk Indicators (KRI) for effective monitoring of operational risk.
- Apply various techniques to mitigate losses resulting from operational failures.
- Assess the impact of corporate culture on promoting best practices in operational risk management.
- Integrate digitization, FinTech, and blockchain into banks' business systems and procedures, taking into account their disruptive influence on the traditional business model.
- Evaluate and employ root cause analysis methodologies to diagnose and mitigate potential operational failures.
Target Audience
The course is valuable for those interested in operational risk modelling and those engaged in compliance with all applicable regulations regarding operational risk in financial institutions. This includes, but is not limited to, banking personnel in all areas of operational risk; asset allocators/portfolio strategists; risk managers/controllers; and senior personnel in the back office.
Target Competencies
- Operation risk modelling
- Damage assessments
- Diagnostic approaches
- Operations
- Operational risk management
Overview of Key Operational Risk Issues
- The impact of operational risk on the organization
- Regulatory focus on issues relating to misconduct of management and employees
- Systems of accountability, responsibilities bounded by safety thresholds, alerts, disciplinary guidelines, sanctions for violation
- Implementing an organizational structure
- Estimating probability of adverse outcome and loss to business
- Determining the direct and indirect effects of an adverse outcome
- Separation of risk compliance function from P&L targets
- Cyber risks – internal vulnerabilities, integrity of software systems, third party risk, outsourcing, cloud computing, phishing, etc.
Adverse Consequences from Operational Failures
- Reputational risk
- Legal risk
- Litigation risk, fines, and class action lawsuits
- Rogue trading – Soc Gen, UBS, ineffective back-office controls
- Avoiding overly complex instruments
Root Cause Analysis
- Identification of underlying causes for operational failures
- Forensic and systematic analysis of large-scale failures and near failures
- Data mining approaches and timeline sequences
- Transforming from a reactive approach to operational failure to a pro-active approach
- Prioritizing amongst multiple root causes
- Process mapping
- Establishing the relevant metrics for each root cause
- Checks to ensure that action plans would alleviate or mitigate symptoms arising from root causes
Addressing Cyber Risks and Vulnerabilities in Business Processes
- Core concepts in the architecture of enterprise software, especially systems integration and security issues
- Principal sources of cyber risk – internal and external
- Risks associated with introducing new business systems
- Risks associated with introducing new products
- Opportunities and challenges presented by new, disruptive technologies – blockchain, AI, Big Data analytics, machine learning
- The cultural divide between IT “tech” staff and senior management
- Business process re-engineering (BPR)
- Differentiation between prevention and managing negative outcomes.
- Cloud computing and outsourcing - Amazon Web Services
- Change management – implementing new requirements on privacy, GDPR etc.
Methodologies for Measuring and Modelling Operational Risks
- Loss Modelling Methods – contingency scenarios
- Templates for collecting loss data
- Using Scenario Based Analysis (SBA) for filling in gaps in data
- The role of Business Environment Internal Control Factors (BEICF’s)
- Scarcity of historical data in the outliers for operational losses
- Different distributions for modelling severity of losses
- Monte Carlo based loss scenarios
- Stress testing methodologies
- Data limitations involved in quantifying operational risks
- Segregating internal versus external software failures
Risk Control Self-Assessment (RCSA)
- Templates for collecting loss data
- Using Scenario Based Analysis for filling in gaps in empirical data
- Questionnaires – alerts to potential risk areas and points of failure
- Conducting an RCSA Workshop – role of facilitators, experts, back office
- Internal Reporting mechanisms - iterations, validation protocols
- Key Risk Indicators – developing new KRI’s and following peer groups.
- Reporting protocols
- The role of Business Environment Internal Control Factors (BEICF’s)
- Developing templates for Scorecard based risk assessment
- Discrete versus continuous data is used for the modelling
- Explanation of Poisson distribution for occurrences of operational losses
- Different distributions for modelling severity of losses
- Application of a lognormal distribution
Overview of Scenario Generation for Stress Testing
- How to generate and calibrate shocks and adverse scenarios
- Simulations – randomized market scenarios expressing risk factors
- Macro factors – establishing associations with broad macro-economic variables
- Expert judgment – qualitative and forward looking
- Identification of key risk factors
- Associating probabilities to risk factors – quantitative and qualitative approaches
- Mapping qualitative and descriptive data to numerical values
- Identification of worst-case scenarios
- Data deficiencies and estimation of outlier scenarios
- Fundamentals of Business Ethics
- Ethics as moral principles which govern good behaviour
- Distinguish between ethical issues and legal issues
- Business ethics and corporate social responsibility (CSR)
- A socially responsible firm should be an ethical firm and vice-versa
- Responsibility to all stakeholders and not just shareholders
- How do businesses ensure that directors, managers, and employees act ethically?
- Codes of conduct and best practice
- Environmental policy and actions
- Rules for personal and corporate integrity
- Is the corporation a moral agent?
Financial Crimes and Anti Money Laundering
- Surveillance of financial services sector by regulatory bodies
- Know Your Customer (KYC) and Anti-Money Laundering (AML) remediation
- International context for Anti-Money Laundering (AML)
- Focus on Counter Terrorist Financing (CTF)
- Legal, regulatory, and supervisory frameworks underpinning AML/CTF
- Money Laundering Reporting Officer (MLRO)
- Transaction Monitoring and Filtering Framework
- Suspicious Activity Reporting
- Senior Management Responsibility regarding AML/CTF
- Role of banking supervisors
- Sanctions provisions and “blacklisted” territories and individuals.
- Tax avoidance - FATCA
- Consumer protection focus - SEC, FCA, CFTC, EU Commission
Public Policy and the Role of Financial Regulators
- Balancing regulatory compliance and internal best practice
- Increasing focus on macro-prudential regulation – stress testing
- Role of political action groups and commercial lobbying
- Surveillance of financial services sector by regulatory bodies
- Focus on boundaries between financial crime and operational vulnerabilities.
- Examination of the robustness of procedures to avoid money laundering.
- Description of $10 billion fine to BNP Paribas for dealing with clients in countries on US “black list”
- Capital adequacy, Basel III, role of banking supervisors
- Miscellaneous risks arising from government/supra national actions
Basel Approaches for Operational Risks
- Basel Basic Indicator Approach (BIA) and Standard Approach (SA)
- Explanation of the Basel III Advanced Measurement Approach (AMA)
- Scenario Based Approach (SBA)
- Loss Distribution Approach (LDA)
- Business environment and internal control factors (BEICFs)
