Finance 590

1
Finance 590

• Enterprise Risk Management
• Operational Risk

MarkVonnahme Department of Finance University of
Illinois at Urbana-Champaign
2
ERM

• Why operational risk management
• Some perspectives on significance
• Major financial disasters have included
  operational risk issues as a main contributing
  factor
• Operational risks often interrelated with market
  and credit risk
• When operational risk is not managed centrally it
  leads to lack of consistency across an org

3
ERM

• Benefits of effective operational risk management
• Minimizes day to day losses and reduces potential
  for costly occurrences
• Improves companys ability to meet business
  objectives
• Strengthens overall enterprise risk management
  system

4
ERM

• Operational Risk
• a common definition
• Operational risk is the risk of direct or
  indirect loss resulting from inadequate or failed
  internal processes,people,and systems or from
  external events
• BBA,et al

5
ERM

• Operational risk
• The real definition varies by company based upon
  industry and other factors essentials include
• Process risk
• People risk
• System risk
• Event risk
• Business risk

6
ERM

• Process risk
• Risk occurs through ineffective or inefficient
  processes
• Ineffective fail to achieve objectives
• Inefficient-meet objectives but excessive costs
• What does this mean
• Examples

7
ERM

• People risk
• Result from
• Staff constraints
• Incompetence
• Dishonesty
• Cultures that do promote not risk awareness
• What does all this mean
• Examples

8
ERM

• System risk
• More and more common across business
• Technology keeping up with business
• My experiences
• Includes systems availability,data
  integrity,systems capacity,unauthorized access
  and use,and business recovery contingencies
• Programming errors
• Security
• Mergers and acquisitions
• My experiences

9
ERM

• Event risk
• Unlikely single events that have serious
  consequences
• Many examples
• Expect the unexpected
• Event risk may have ripple effect impacting other
  areas
• Market, credit, financial
• Other operational areas

10
ERM

• Business risk
• Risk of loss due to unexpected changes
• All kinds of risks including
• Strategy
• Client management
• Pricing
• Reputation and brand
• Many,many others

11
ERM

• Some key questions relate to
• Vulnerabilities in business strategy and plans
• Product diversification or sufficient business
• Appropriate operating leverage
• Wrong or changing business assumptions
• Fix or exit a business
• Exit strategy

12
ERM

• Operational Risk Management Process
• Risk policy and organization
• Risk identification and assessment
• Capital allocation and performance measurement
• Risk mitigation and control
• Risk transfer and finance

13
ERM

• Risk policy and organization
• Management principles for operational risk
• Definition and taxonomy for operational risk
• Objectives and goals
• Operational risk processes and tools
• Organizational structure
• Roles and responsibilities

14
ERM

• Risk identification and assessment
• A range of qualitative and quantitative tools to
  assess, measure and managethese include
• Loss incident database
• Control self-assessment
• Risk mapping
• Risk indicators and performance triggers

15
ERM

• Capital allocation and performance measurement
• Link risk to performance measurement through the
  capital allocation process
• No widely accepted model
• No one methodology or single solution a
  combination of approaches

16
ERM

• Capital allocation and performance measurement
  continued
• Top down models v bottom up models

17
ERM

• Top down models
• Implied capital model
• Income volatility model
• Economic pricing model
• Analog model

18
ERM

• Bottom up or loss distribution model
• Statistical analysis
• Scenario analysis

19
ERM

• Risk mitigation and control
• The ying is useless without the yang
• Assessing and measuring does no good without
  improving and controlling risk factors
• Once measurement is in place must implement
  processes that identify and reduce operational
  risk
• Involves people, training,changing or structure,
  etc.

20
ERM

• Risk transfer and finance
• Choices to address key operational risks
• Implement internal control v risk transfer
• Not mutually exclusive generally complementary
• Company should go through the ERM process
• Identify risk exposures and quantify
  probabilities,severities and economic capital
  requirements
• Integrate operational risk with other key risks
• Establish operational risk limits
• Implement internal controls and risk transfer
  finance strategies
• Evaluate alternative methods, providers, and
  structures including cost benefit analysis

21
ERM

• Best practices in operational risk management
• Operational risk may be most dangerous
• Wide range of industry practices
• Basic
• Standard
• Best

22
ERM

• Operational risk
• Basic practice-a company
• Recognized operational risk as key risk
• Definition of operational risk and sub categories
  is in place
• Operational risk manger is appointed to develop a
  program
• Operational risk committee with key reps is in
  place
• Tracking program for risk is in place
• Self assessment performed regularly
• Policy developed and approved
• Operational risk management group acts a
  consultant to sr. mgmt.
• Audit and compliance group acts as checker

23
ERM

• Operational risk
• Standard practice-a company builds on basic
• Developed full set of operational risk indicators
• Established goals and MAPs for the indicators
• Developed early warning signals
• Risk based maps developed to identify key
  exposures in operations
• Developed several years of risk losses and
  incidents
• Response plans and contingency plans developed
• Audit and operational risk management independent
  of each other
• Org learning programs are in place

24
ERM

• Operational risk
• Best practice a company continues to build
• Business risk and reputational risk included
• Advanced in their processes to assess and measure
  risk with qualitative and quantitative tools
• Allocate economic capital to underlying risks
  along with credit risk and market risk
• Initiate development of scenario based
  operational risk modeling to quantify potential
  loss
• Insurance function is fully integrated with
  operational risk function
• Risk transfer strategies based upon cost benefit
  analysis
• Evolved from just control function to one that
  supports better decisions on price, growth and
  profit

25
ERM

• Operational risk
• Where do you think most companies are in the
  cycle or phases of best practices

26
ERM

• Questions
• Discussion

27
Enterprise Risk ManagementBusiness Applications
Finance 590
MarkVonnahme Department of Finance University of
Illinois at Urbana-Champaign
28
ERM

• Business applications have followed the
  requirements and changes of business
• RM practices have evolved
• RM will continue to evolve and adjust to business
  conditions and change

29
ERM

• Business Applications
• Three major applications
• Stage I Minimizing the Downside (loss
  reduction)
• Stage II Managing Uncertainty
• Stage III Performance Optimization
• Combination of all three is Enterprise Risk
  Management

30
ERM

• Stage I Minimizing the Downside
• RM in the 1970s focused on protection against
  downside risks
• Establishing credit controls, investment and
  liquidity policies,audit procedures and insurance
  coverage
• Defensive RM practices looked at minimizing
  losses in credit risk, market risk and
  operational risk
• Found out it was not enough
• Demonstrating how RM can be positive in
  supporting profit and business growth lead to
  next stage

31
ERM

• Stage II Managing Uncertainty
• RM focuses on managing volatility around business
  and financial results
• A number of sources of volatility were catalysts
• 1970s fixed to floating exchange rates and
  wildly fluctuating oil prices
• 1980s double digit inflation, double digit
  interest rates(volatility) and lending crises
• 1990s derivative losses, volatile equity markets
  and beginnings of major economic shifts
• 2000-today economic changes, corporate
  scandals, new regulations - uncertainty
  continues

32
ERM

• Stage II continued
• With increased volatility RM practices evolved
• Credit scoring and migration models to develop
  more precise estimates default probabilities
• Advances in management of financial market risks
• Recognition of importance of operational risk
  management

33
ERM

• Stage II continued
• Risk transfer products increased in popularity
• Derivatives and sophisticated insurance products
• Recognition that additional products needed
• Derivatives and insurance not enough
• Alternative risk transfers
• Integration of risk management silos
• Transfer packages of risks
• Development of integrated internal models for
  risk
• A more holistic view of risk
• Spurred use of RM for performance optimization

34
ERM

• Stage III Performance Optimization
• RM characterized by integrated approach to all
  types of risk
• Move from partial integration in other stages to
  complete integration
• Risk and return are important component
• Not defensive
• Move to an offensive approach in dealing with
  credit , market risk and operational risk

35
ERM

• Further evolution of RM
• Changes in business environment will continue to
  impact the development of the practice
• Globalization
• Technology
• Changing market structures
• Restructuring
• Other changes we do not know about today

36
ERM

• Discussion
• Questions
• Next class

37
Finance 590Enterprise Risk Management

• Steve DArcyDepartment of Finance
• Lecture 5
• Strategic and Operational Risk Measurements
• April 19, 2005

38
Reference Material

• Chapter 14 Operational Risk Management in
  Enterprise Risk Management by James Lam
• Why COSO is Flawed by Ali Samad-Khan
• Burchett and Dowd presentation
• http//www.casact.org/affiliates/cagny/1101/basel1
  .ppt
• Reputation Risk Operational Risk
• CAS ERM Task Force presentation

39
Overview

• Strategic Risk
• Operational Risk
• Measures of Operational Risk
• Capital requirements for operational risk
• Market performance
• COSO Approach
• Critique of COSO Approach

40
Strategic Risk

• Difficulty in quantifying strategic risks
• Contrast with hazard and financial risks
• Lack of data
• Imprecision of measurements
• How do you measure the likelihood and impact of
• a competitors or regulators actions
• a technological innovation
• a political impediment

41
Operational Risk

• Loss from inadequate or failed
• Processes
• People
• Systems
• External events (generally covered under Hazard
  Risks)

42
Measures of Operational Risk

• Basel Accord
• Capital requirements
• Market performance
• Examine similar events for other companies

43
New Basel Capital Accord

• Focus is on banks
• Convergence of regulation will expand application
  to insurers and other industries
• Minimum capital requirement
• Capital Ratio Total Capital/(Credit Risk
  Market Risk
• Operational Risk)
• Minimum Capital Ratio 8

44
Top Down vs. Bottom Up Capital Allocation

• Top Down
• Start with aggregate capital for the industry
• Allocate this to each risk source
• Allocate result to individual financial
  institutions
• Bottom Up
• Identify each source of risk
• Develop a method for measuring the magnitude
• Derive capital from this measure

45
Proposed Capital Approaches

• Basic Indicator
• Standardized
• Internal Measurement
• Loss Distribution

46
Basic Indicator Approach

• KBIA EI?
• KBIA the capital charge under the Basic
  Indicator Approach
• EI the level of an exposure indicator
  for the whole institution, provisionally gross
  income
• ? a fixed percentage relating the
  industry-wide level of required capital to the
  industry-wide level of the indicator

47
Standardized Approach

• KTSA ?(EI1-8?1-8)

KTSA the capital charge under the Standardized
Approach EI1-8 the level of an exposure
indicator for each of the 8 business
lines ?1-8 a fixed percentage relating the
level of required capital to the level of the
gross income for each of the 8 business
lines (Corporate Finance, Trading and Sales,
Retail Banking, Commercial Banking Payment and
Settlements, Agency Services and Custody, Retail
Brokerage, Asset Management)
48
Internal Measurement Approach

• KIMA ?(EIijPEijLGEij?ij)
• KIMA the capital charge under the Internal
  Measurement Approach
• EIij the level of an exposure indicator for
  each business line and event type
  combination
• PEij the probability of an event given one
  unit of exposure, for each business line
  and event type combination
• LGEij the average size of a loss given an
  event for each business line and event type
  combination
• ?ij the ratio of capital to expected loss for
  each business line and event type
  combination

49
Loss Distribution Approach

• Similar to Hazard Risk analysis

50
Market Performance Approach

• Gather information regarding publicly traded peer
  companies that have experienced significant
  distress events negatively affecting stock price
  relative to market indexes.
• For each company, evaluate historical stock price
  relative to the SP 500 or industry related stock
  price index during the pre-event period.
• Using the relationship to one or more indexes,
  project future stock price movements for the
  individual company stock on a pro-forma basis for
  the post-event period.
• Compare the pro-forma stock price to the actual
  stock price in the post-event period, to estimate
  the hypothetical percentage loss in market
  valuation for each day.

51
Market Performance Approach (2)

• Project cumulative average market valuation
  movements beyond the latest available post-event
  data point for individual companies based on the
  cumulative average percentage movement in market
  valuation for the remaining companies in the
  sample data, up to one year beyond the event.
• Derive a rough model for the number of trading
  days before stock price recovers to the
  pro-forma projected level.

52
Schering-Plough Corp.
EVENT Schering-Plough has problems with FDA
manufacturing regulations, leading to a delay in
approval for its allergy blockbuster successor,
Clarinex.

• Market Cap Loss
• 15.3 Billion or 22
• (2/15/01 3/8/01)

• Recovery Period to Date
• None

2/01 FDA halts review on SGPs Clarinex, due to
separate manufacturing concerns

• 2/01 Class action lawsuit filed against
  directors and officers

53
Schering-Plough
Pro-forma stock price movements modeled relative
to the SP 500 Pharmaceutical index.
54
McKesson Corporation
EVENT McKesson improperly reports its software
revenue from newly acquired HBOC, resulting in
loss of investor confidence.

• Market Cap Loss
• 9.1 Billion or 50
• (4/27/99 4/29/99)

• Recovery Period to Date
• None

4/99 MCK reduces earnings by 4.4 after
restating financials
1/99 Acquired HBOC

• 4/99 Class action lawsuit filed against
  directors and officers
• 6/99 McKesson downgraded by SP and
  Moodys

55
McKesson
Pro-forma stock price movements modeled relative
to the SP 500 Healthcare Services index.
56
(No Transcript)
57
Why COSO is Flawed

• Resource intensive approach
• Identification, definition and assessment of risk
• Performed by business managers
• Results in huge catalogue of risks
• Likelihood-impact method
• Risk Likelihood x Impact

58
Actuarial Approach

• Individual loss events
• Risk matrix for loss data
• Loss distributions
• Frequency
• Severity
• VaR Calculation
• Total loss distribution

59
Conclusion

• Quantifying strategic and operational risk is the
  latest challenge for ERM
• Variety of approaches proposed
• Eventual standard likely to follow the approaches
  used for hazard and financial risk
• Lots of work remains to be done in this area