SlideShare una empresa de Scribd logo

IRM SIG Quantifying Operational Risk November 2015

S
Susan Young
1 de 11
Descargar para leer sin conexión
STRATEGY I INNOVATION I EXPERTISEPRIVATE & CONFIDENTIAL | WWW.RQIH.COM | 11TH NOVEMBER 2015 1IRM PRESENTATION NOVEMBER 2015 Susan Young Chief Risk Officer Randall & Quilter Investment Holdings Ltd. QUANTIFYING AND MODELLING OPERATIONAL RISK ERM IN INSURANCE SPECIAL INTEREST GROUP –NOVEMBER 2015
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 2 DISCLAIMER The thoughts and opinions expressed in this presentation are my own and do not represent those of my organisation
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 3 SESSION OUTLINE • The Context • The Problem • The Solution • Concluding Remarks • Questions
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 4 THE CONTEXT (1) Operational Risk – why bother? Isn’t Insurance Risk what really matters? • Operational risk is defined as the risk of loss resulting from inadequate of failed internal processes, people and systems or from external events. • Examples include (but are by no means limited to), the following;- - Product flaws (contractual or otherwise) - Software failures/systems architecture failings - Employee fraud - Money laundering - Failure to understand/respond to legal/regulatory changes - Business discontinuity event - SLA breaches etc. etc……… • The financial impact from some of these an often be difficult to quantify – so how do we manage it? Operational Risk is a “broad church” the glue that holds it all together – that’s why we bother
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • Identification and articulation via Risk Register development and maintenance • Appropriate mitigating internal controls • Scenario analysis – (more on this later) • Loss Event/Issues/Weaknesses/Near Misses reporting • Setting and monitoring of Operational Appetites and Tolerances • Key Risk Indicators Quantification and Modelling for capital setting – end of the “food chain” 5 THE CONTEXT (2) How is Operational Risk Managed
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • Lack of historical/empirical data – although subscription databases such as ORIC have helped to a point although these too have their drawbacks • Where data has been collated (either internally or via an external database), estimation of the financial impact often subjective and/or inconsistent, compromising any meaningful comparison (profitability/cash flow/”top line” etc.) • Near misses/weaknesses – any estimation can only ever be hypothetical – as it hasn’t happened!!!! • View that Operational Risk is “not material” anyway . • Use of Risk Registers as a “blunt proxy” for all things operational • “Blurred boundaries” - see next slide – most risks have an “operational” element to them – leading to potential double counting. The result? Operational Risk calculation often viewed as “too high” – although we don’t know why…. 6 THE PROBLEM (1) Operational Risk is hard to quantify and model. Why?
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | Insurance Risk • Errors made in reserve movement calculations due to failures in the reserving models • Errors in policy wordings result in inclusion of previously excluded events • Errors in reserving estimates Market Risk • Losses from failure to hedge appropriately against an unanticipated change in interest rates Credit Risk • Losses arising from the failure of security documentation associates with recoveries from a defaulting counterparty Other Risk Categories have Operational Risk elements to them 7 THE PROBLEM (2) Operational Risk pervades…..
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 8 THE SOLUTION ?(1) • Stratify and analyse the risks in the Risk Register;- • Risks which are modelled by means of other data (for example Credit Risk) should be removed – although this does not solve the issue of the operational risk elements included. • Risks which have a limited or negligible impact on the one year SCR – for example strategic risks • Hopefully, left with those risks which are purely operational. • These will be our core risk categories for scenario analysis. • Remaining Operational Risks can be quantified by means of Scenario Analysis;- • For each Operational Risk, identify potential scenarios • Identify a (small) number of potential probabilities/return periods/data points • Workshop with management – what scenarios are likely to occur with wat probability? • Pass results to Capital Modellers – so they can fit a “curve” to. A suggested approach…... Contd……
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 9 THE SOLUTION ?(1) A suggested approach (contd)…... • Manageable and meaningful correlation matrix with a smaller number of risks “XXXX fails to ensure that access to business premises and/or the infrastructure supporting the processing of business transactions is restricted to authorised staff” Simplistic – but goes some way to alleviating the identified pitfalls
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • This is and will be for the foreseeable future a subjective area. • Judgement calls will be inevitable until we have a greater body of historical data –even for scenario analysis. • Operational Risk elements to other risks – further analysis and granularity around the root causes/effects to enable segregation of these elements? • No substitute for experience – we should continue to harvest operational loss data and range of potential operational losses against which to model. • Difficulty in quantification does not mean impossibility. We should persevere – and we will get better at it! 10 CONCLUDING REMARKS
STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 11 Thank you for listening! Any Questions? AND FINALLY…….. Susan.young@rqih.com DD +44 (0) 20 7780 5882 www.rqih.com

Recomendados

Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Knowledge Group
 
Selling Safety In Hard Economic Times
Selling Safety In Hard Economic TimesSelling Safety In Hard Economic Times
Selling Safety In Hard Economic Timesladukepc
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core ConsultingCORE Consulting
 
Optimizing Uncertainty In Complex Industry Environment
Optimizing Uncertainty In Complex Industry EnvironmentOptimizing Uncertainty In Complex Industry Environment
Optimizing Uncertainty In Complex Industry Environmentaradhanalaw
 
The importance of properly describing risks, presented by Peter Simon, 10th O...
The importance of properly describing risks, presented by Peter Simon, 10th O...The importance of properly describing risks, presented by Peter Simon, 10th O...
The importance of properly describing risks, presented by Peter Simon, 10th O...Association for Project Management
 
Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasTreat Risk
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 

Recomendados

Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Technology Risk Management Simulation - Mahesh
Technology Risk Management Simulation - Mahesh Knowledge Group
 
Selling Safety In Hard Economic Times
Selling Safety In Hard Economic TimesSelling Safety In Hard Economic Times
Selling Safety In Hard Economic Timesladukepc
 
Risk management models - Core Consulting
Risk management models - Core ConsultingRisk management models - Core Consulting
Risk management models - Core ConsultingCORE Consulting
 
Optimizing Uncertainty In Complex Industry Environment
Optimizing Uncertainty In Complex Industry EnvironmentOptimizing Uncertainty In Complex Industry Environment
Optimizing Uncertainty In Complex Industry Environmentaradhanalaw
 
The importance of properly describing risks, presented by Peter Simon, 10th O...
The importance of properly describing risks, presented by Peter Simon, 10th O...The importance of properly describing risks, presented by Peter Simon, 10th O...
The importance of properly describing risks, presented by Peter Simon, 10th O...Association for Project Management
 
Operational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasOperational Risk : Take a look at the raw canvas
Operational Risk : Take a look at the raw canvasTreat Risk
 
Enterprise risk management summary approach guide
Enterprise risk management summary approach guideEnterprise risk management summary approach guide
Enterprise risk management summary approach guideAstalapulosListestos
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiPraneet Surti
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfHimanshuMishra203021
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Risk management automation
Risk management automationRisk management automation
Risk management automationsheyam selvaraj
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easysheyam selvaraj
 
R1
R1R1
R1Mary Lewis
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslideZakaria Salah, Ph.D,MBA
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptBetshaTizazu2
 
Does IT Security Matter?
Does IT Security Matter?Does IT Security Matter?
Does IT Security Matter?Luke O'Connor
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Risk Management Institution of Australasia
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
project risk management
project risk managementproject risk management
project risk managementAshima Thakur
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
Nitish resume
Nitish resumeNitish resume
Nitish resumeNitish Sharma
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptavisha23
 
IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]Susan Young
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014Susan Young
 

Más contenido relacionado

Similar a IRM SIG Quantifying Operational Risk November 2015

Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiPraneet Surti
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfHimanshuMishra203021
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management Ersoy AKSOY
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...Susan Young
 
Risk management automation
Risk management automationRisk management automation
Risk management automationsheyam selvaraj
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easysheyam selvaraj
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptBetshaTizazu2
 
Does IT Security Matter?
Does IT Security Matter?Does IT Security Matter?
Does IT Security Matter?Luke O'Connor
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 
project risk management
project risk managementproject risk management
project risk managementAshima Thakur
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Nigel Tebbutt
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.pptavisha23
 

Similar a IRM SIG Quantifying Operational Risk November 2015 (20)

Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
The Role of Risk Appetite in embedding the ORSA and linking with Business Str...
 
Risk management automation
Risk management automationRisk management automation
Risk management automation
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
Risk managemet made easy
Risk managemet made easyRisk managemet made easy
Risk managemet made easy
 
R1
R1R1
R1
 
Key risk indicators shareslide
Key risk indicators shareslideKey risk indicators shareslide
Key risk indicators shareslide
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
project_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.pptproject_risk_mgmt_final 1.ppt
project_risk_mgmt_final 1.ppt
 
Does IT Security Matter?
Does IT Security Matter?Does IT Security Matter?
Does IT Security Matter?
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
 
project risk management
project risk managementproject risk management
project risk management
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]Abiliti Enterprise Governance 2010[Final]
Abiliti Enterprise Governance 2010[Final]
 
Nitish resume
Nitish resumeNitish resume
Nitish resume
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business Value
 
project_risk_mgmt_final.ppt
project_risk_mgmt_final.pptproject_risk_mgmt_final.ppt
project_risk_mgmt_final.ppt
 

Más de Susan Young

IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]Susan Young
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014Susan Young
 
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012Susan Young
 
IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013Susan Young
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013Susan Young
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Susan Young
 
BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008Susan Young
 

Más de Susan Young (7)

IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]IRM SIG Presentation October2016.pptx [Read-Only]
IRM SIG Presentation October2016.pptx [Read-Only]
 
IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014IRM SIG Embedding Risk - Group and Local Functions March 2014
IRM SIG Embedding Risk - Group and Local Functions March 2014
 
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
IRM SIG Avoiding the Pitfalls in ERM IT Solution Selection July 2012
 
IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013IACON Internal Audit Obligations under Solvency II June 2013
IACON Internal Audit Obligations under Solvency II June 2013
 
IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013IRM SIG What does the Second Line of Defence look like post SII July 2013
IRM SIG What does the Second Line of Defence look like post SII July 2013
 
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
Managing Risk and Capital in the Lloyd's and London Market - Ensuring Boards ...
 
BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008BCI Symposium Establishing a BCM Awareness Programmel 031008
BCI Symposium Establishing a BCM Awareness Programmel 031008
 

IRM SIG Quantifying Operational Risk November 2015

  • 1. STRATEGY I INNOVATION I EXPERTISEPRIVATE & CONFIDENTIAL | WWW.RQIH.COM | 11TH NOVEMBER 2015 1IRM PRESENTATION NOVEMBER 2015 Susan Young Chief Risk Officer Randall & Quilter Investment Holdings Ltd. QUANTIFYING AND MODELLING OPERATIONAL RISK ERM IN INSURANCE SPECIAL INTEREST GROUP –NOVEMBER 2015
  • 2. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 2 DISCLAIMER The thoughts and opinions expressed in this presentation are my own and do not represent those of my organisation
  • 3. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 3 SESSION OUTLINE • The Context • The Problem • The Solution • Concluding Remarks • Questions
  • 4. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 4 THE CONTEXT (1) Operational Risk – why bother? Isn’t Insurance Risk what really matters? • Operational risk is defined as the risk of loss resulting from inadequate of failed internal processes, people and systems or from external events. • Examples include (but are by no means limited to), the following;- - Product flaws (contractual or otherwise) - Software failures/systems architecture failings - Employee fraud - Money laundering - Failure to understand/respond to legal/regulatory changes - Business discontinuity event - SLA breaches etc. etc……… • The financial impact from some of these an often be difficult to quantify – so how do we manage it? Operational Risk is a “broad church” the glue that holds it all together – that’s why we bother
  • 5. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • Identification and articulation via Risk Register development and maintenance • Appropriate mitigating internal controls • Scenario analysis – (more on this later) • Loss Event/Issues/Weaknesses/Near Misses reporting • Setting and monitoring of Operational Appetites and Tolerances • Key Risk Indicators Quantification and Modelling for capital setting – end of the “food chain” 5 THE CONTEXT (2) How is Operational Risk Managed
  • 6. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • Lack of historical/empirical data – although subscription databases such as ORIC have helped to a point although these too have their drawbacks • Where data has been collated (either internally or via an external database), estimation of the financial impact often subjective and/or inconsistent, compromising any meaningful comparison (profitability/cash flow/”top line” etc.) • Near misses/weaknesses – any estimation can only ever be hypothetical – as it hasn’t happened!!!! • View that Operational Risk is “not material” anyway . • Use of Risk Registers as a “blunt proxy” for all things operational • “Blurred boundaries” - see next slide – most risks have an “operational” element to them – leading to potential double counting. The result? Operational Risk calculation often viewed as “too high” – although we don’t know why…. 6 THE PROBLEM (1) Operational Risk is hard to quantify and model. Why?
  • 7. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | Insurance Risk • Errors made in reserve movement calculations due to failures in the reserving models • Errors in policy wordings result in inclusion of previously excluded events • Errors in reserving estimates Market Risk • Losses from failure to hedge appropriately against an unanticipated change in interest rates Credit Risk • Losses arising from the failure of security documentation associates with recoveries from a defaulting counterparty Other Risk Categories have Operational Risk elements to them 7 THE PROBLEM (2) Operational Risk pervades…..
  • 8. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 8 THE SOLUTION ?(1) • Stratify and analyse the risks in the Risk Register;- • Risks which are modelled by means of other data (for example Credit Risk) should be removed – although this does not solve the issue of the operational risk elements included. • Risks which have a limited or negligible impact on the one year SCR – for example strategic risks • Hopefully, left with those risks which are purely operational. • These will be our core risk categories for scenario analysis. • Remaining Operational Risks can be quantified by means of Scenario Analysis;- • For each Operational Risk, identify potential scenarios • Identify a (small) number of potential probabilities/return periods/data points • Workshop with management – what scenarios are likely to occur with wat probability? • Pass results to Capital Modellers – so they can fit a “curve” to. A suggested approach…... Contd……
  • 9. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 9 THE SOLUTION ?(1) A suggested approach (contd)…... • Manageable and meaningful correlation matrix with a smaller number of risks “XXXX fails to ensure that access to business premises and/or the infrastructure supporting the processing of business transactions is restricted to authorised staff” Simplistic – but goes some way to alleviating the identified pitfalls
  • 10. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | • This is and will be for the foreseeable future a subjective area. • Judgement calls will be inevitable until we have a greater body of historical data –even for scenario analysis. • Operational Risk elements to other risks – further analysis and granularity around the root causes/effects to enable segregation of these elements? • No substitute for experience – we should continue to harvest operational loss data and range of potential operational losses against which to model. • Difficulty in quantification does not mean impossibility. We should persevere – and we will get better at it! 10 CONCLUDING REMARKS
  • 11. STRATEGY I INNOVATION I EXPERTISE | WWW.RQIH.COM | 11 Thank you for listening! Any Questions? AND FINALLY…….. Susan.young@rqih.com DD +44 (0) 20 7780 5882 www.rqih.com