Printer Friendly

Effects of Operational risk Management on Financial institutions.

Byline: Muhammad imran Khan

Once is happenstance. Twice is coincidence. Three times is enemy action." Ian L. Fleming (1908-1964)

This article will open the new vision of the operational risk management (ORM) in the financial institutions (FI). It also identifies the conditions in which operational risk management can play a vital role for the development and enhancement of the (FI). The main idea is to identify the effects of operational risk management on financial institutions of developed and developing countries. Operational risk management usually ignored by the developing countries and considered it as not the essential part of risk management. Most of the personals in different financial institutions of developing countries do not manage ORM as according to the rules and regulations which are defined by the Basel II. There are various reasons of ignoring operational risk management due to which most of the financial institutions are suffering from the monetary losses.

This article will help the financial institutions to analyze the importance of operational risk management and how to enhance their existing system of operational risk management, so that they can meet the standard by which they can minimize their losses.

Keywords: Operational Risk Management, Advance Measurement Approach, Basel II, Internal and External Fraud, Scenario Analysis


Under Basel II (International Convergence of Capital Measurement and Capital Standards: A Revised Framework, June 2004[3], operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events."

According to Basel Committee on Banking Supervision, 2001[4], it is understood that Operational Risk Management (ORM) is one of the important Pillar, which can protect financial institutions of the world from the major risk related to the market, credit and operational. Since then most of the financial institutions of the world tried to implement the operational risk management framework in their respective financial institutions, especially those banks which belong to the developed countries because they learned from their previous mistakes which they had done by ignoring the importance of ORM.

ORM implementation is not easy for banking industry unless and until their supervisors take the responsibilities of monitoring, conducting and making a mechanism by which the policies, process and system can be assess for ORM. Root causes of risk in FI are always belonging to ORM. Strong control of internal and external governance are always required to handle the operational risk and this all can be happen by understanding the various forms of operational risk.

As the internal and external governance issues and challenges related to Operational Risk Management (ORM) cannot be encountered like the credit and market risk. So for handling such an issues and challenges financial Institutions required specially preparations for which ORM provides three types of approaches namely Basic Indicator approach, Standard Approach and Advanced Measurement Approach (AMA). These Approaches prepared the financial institutions how to avoid and take precautions from the operational risk which might be faced by the institutions. Most of the developed countries financial institutions adopt the AMA approach for encounter the operational risk because AMA is more risk sensitive then the rest of the approaches. The financial institutions of developing countries are unable to adopt AMA because of many reasons and one of the basic reasons is not to consider operational risk management as the essential part of its risk management.

Most of the developing countries FI are focusing mainly on market and credit risk management, such an ignorance used to be done by the developed countries FI before the losses which they have faced.

Till year 2014 there are huge technological development in the entire world due to which we considered world as a global village. So if this world is a village then how it is possible that one can move in another direction then the other, overall is this developing country financial institutions should learn from the mistakes which developed countries financial institutions have done in the domain of operational risk management.

Operational risk Management

There are two types of risk namely systematic risk and unsystematic risk. Risk which can be reduce or managed is known as systematic risk but such risk which cannot be reduce or handle is known as unsystematic risk. Operational Risk is considered as systematic risk, so for handling such type of risk ORM barrier can be placed in the protection of financial institutions.

As according to Basel II, June 2004 [3] operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events". As according to BCBS[3] Operational risk consists of seven types of risks which are Internal Fraud, External Fraud, Employee practices and workplace safety, Clients - products and business practices, damage to physical assets, Business disruption and system failure and execution, delivery and process management. The Internal and External factors which can cause a loss are Product development, System development, Regulatory requirements, Legal claims, Outsourcing and Joint ventures. For control or minimise the effects of operational risk losses following things should be considered like Policies and procedures, Trained personnel, Authorisation levels, Reporting, Decision making and Monitoring.

In my opinion operation risk management is the process and mechanism which protect the financial institutions from the internal failure of process, people, system and external events. As per Operational Risk- Supervisory Guidelines for the Advanced Measurement Approaches, June 2011 [44] for protecting the financial institutions (FI) it is important to build three line of defence.

1. Management of all business lines (identify and manage the risk)

2. Separate and Independent entity which will focus mainly on the function of (ORM). It is responsible for reporting to risk committees or board.

3. Separate and Independent entity which will review and monitor the internal governance, policy, procedure and system of the (FI). Such team should belong to the external parties, who should have proper qualification for performing such responsibilities.

These three lines of defence that should be integrated with the overall governance structure of risk management of the financial institutions. As according to Principles for the Sound Management of Operational Risk, June 2011[48] for increasing the Operational risk management performance there are certain basic rules which should be adopt by the heads/directors/board of (FI).

Rule 1: Established and Implement the strong operational risk management environment.

Rule 2: Develop and Implement the operational risk management frame work which should be integrated with the rest of the risk management.

Rule 3: Responsible of (FI) should monitor and review the policies, processes and system performance at all levels.

Rule 4: Responsible of (FI) should review and approve the risk appetite and tolerance level of operational risk management.

Rule 5: Responsible of (FI) should develop proper hierarchy of operation risk management governance who will responsible for the implementation and management of policies, processes and system performance of operational risk management.

Rule 6: Responsible of (FI) should create the mechanism by which the inherent risk can be properly understood by the management who is responsible for the implementation and management of policies, processes and system performance of operational risk management.

Rule 7: Two V's (Verification and Validation) should be adopted by the management before the approval of any activities which can cause operations risk.

Rule 8: Proper monitoring system should be implementing by the responsible of (FI), this monitoring system and team will responsible for monitoring the profiles and material exposure to losses.

Rule 9: (FI) should have backup and recovery plan in case of losses occurring due to operational risk.

The reasons of adopting Operational risk management policy and procedure by the financial institutions (FI) are to reduce the possibilities and errors, by which financial losses can be occurred. As per Cummins, Lewis and Wei in 2006[13] there are four theories related to the operational risk management.

1. Operational risk responsible for strong losses not for earning. Whereas operational risk can be manage till the border line of loss which appeared because of the events of operational loss.

2. The modern risk management theories consider that financial institutions can have earnings if they administrate the risks because of some factors as: convex form of taxes, financial costs and losses, asymmetric information or agents costs.

3. Froot, Scharfstein, and Stein (1993)[34] considered that the information asymmetry between institutions generates an external capital more expensive than the internal capital. This happens because the banks have more information about the portfolio quality than the investors and the insurers have more information regarding the exposure distribution and reserve aptness regarding losses than the investors.

4. If operational losses generate positive net present value to financial institutions because the internal capital is completely used, the shares price will follow more than the loss value. The operational risk events can generate a bad quality for the management and main control of the market for the reduction of the cash-flows future estimations.

According to the Basel Committee on Banking Supervision (2006)[5], (FI) should follow certain rules and regulation for controlling the operational risk. This rules and regulations can be divided into two criteria which are qualitative and quantitative.

Qualitative criteria:

1. Independent operational risk management function, responsible for the design and implementation of the operational risk management framework, including policies and procedures, measurement methodology, reporting system and operational risk management process.

2. ORM system that is closely integrated into the daily risk management processes of the bank.

3. Allocation of operational risk capital to major business lines.

4. Incentives to improve the management of operational risk.

5. Regular reporting of operational risk exposures and procedures for taking appropriate action.

6. Documented operational risk management process.

7. Routine for ensuring compliance with internal policies, controls and procedures.

8. Regular reviews of the ORM processes and measurement system by internal and external auditors.

9. Validation of the operational risk measurement system by supervisory bodies.

Quantitative criteria:

1. Risk measurement system aligned with the loss event types.

2. Regulatory capital calculated as the sun of expected losses and unexpected losses.

3. Measurement system, sufficiently granular to capture the tail losses.

4. Internal data reflecting the business environment and internal control systems.

5. Relevant external data reflecting the business environment and internal control systems.

6. Scenario analysis reflecting the business environment and internal control systems.

7. Credible, transparent and well documented and verifiable approaches for weighting fundamental elements and used to calculate a capital charge for operational risk.

According to the Institute of Operational Risk (2010)[22], the key risk indicators of operation risk is responsible for identifying the risk from external and internal factors which can cause a loss by matching with the Basel loss event types, so that it can be control by the internal control environment.

Operational risk Management in the light of its approaches


For the capital assessment of operational risk there are three broad approaches namely Basic Risk Indicator approach, Standard Approach and Advanced Measurement Approach (AMA) which can increase the sensitivity of risk. In this article I have discuss the overview of the early approaches but main focus will be on AMA because it is more reliable and risk sensitive approach then the earlier approaches of Operational Risk.

Basic indicator approach

As by name this approach can be understood that it is for specific or basic purpose. In such an approach the indicator is gross income, with each bank holding capital for operational risk equal to the amount of a fixed percentage, multiplied by its individual amount of gross income. This approach is implemented in all (FI) of the world but it is not highly recommended as such an approach cannot identify most of the operational risk in the (FI). So such a (FI) which are involve in the wide range of products and business activities they should adopt more sophisticated approach then the Basic Indicator Approach.

Standardised approach

As per Operational Risk- Supervisory Guidelines for the Advanced Measurement Approaches, June 2011[4] Standardised Approach consists of eight business lines. For the capital assessment the gross income were multiply with the beta factor of the business lines of which capital charge were calculate.

Business Line

Corporate finance Beta Factor


Trading and sales - 18%

Retail banking - 12%

Commercial banking - 15%

Payment and settlement - 18%

Agency services - 15%

Asset Management - 12%

Retail Brokerage - 12%

The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year.

Advanced Measurement approach

In such an approach (FI) can develop its own experimental model to calculate the required capital for operation risk. Such an approach can only be allowed to use after the approval of local regulators. Also, according to section 664 of original Basel Accord, in order to qualify for use of the AMA a bank must satisfy its supervisor that, at a minimum:

Its board of directors and senior management, as appropriate, are actively involved in the oversight of the operational risk management framework;

It has an operational risk management system that is conceptually sound and is implemented with integrity; and

It has sufficient resources in the use of the approach in the major business lines as well as the control and audit areas.

For the development, implementation and maintenance of the ORM framework as per the requirement of BASEL II, there are certain challenges which most of the (FI) are facing in the adoption of AMA approach. Besides the adoption issues, firstly (FI) should control its operational risk by controlling the internal governance and regularly monitoring the external and internal causes which can generate the event of operation risk losses.

Non-AMA (FI) have less frequency of internal losses than the AMA (FI), it is not because non AMA (FI) are more competent or risk sensitive as compare to the AMA (FI). One of the reasons is that mostly AMA (FI) is larger in size and having more ability, procedures and processes of collecting loss data. Non-AMA (FI) internal losses frequency is low but the amount of losses is larger than the AMA (FI).Whereas the operational risk capital to gross income of AMA (FI) is low (10.8%) as compare to the Non-AMA (FI) which is between (12% to 18%).

The data which usually collected by AMA (FI) is always of good quality because BASEL II does not approve any (FI) for AMA unless they follow the guideline of Basel II regarding the quality of the data collected for operational risk management. Operational risk data of AMA (FI) is divided in four sections: 1. Data related to internal controls, 2. Scenario data, 3.Internal loss data and 4. External loss data. Data which is collected for operational risks in AMA (FI) are used for multiple purposes like risk management, quantification, accounting and reporting.

The Basel II Framework states in paragraph 673, that an AMA bank must have an appropriate de minimis gross loss threshold for internal loss data collection, for example 010,000. The appropriate threshold may vary somewhat between banks and within a bank across business lines and/or event types. However, particular thresholds should be broadly consistent with those used by peer banks." Losses before recovery are known as gross loss whereas losses after recovery are known as Net loss. (FI) can use Gross loss amount except insurance as an input for AMA models whereas Net loss amount data cannot be use an input for AMA models. Threshold of internal loss data is depend on the impact of the losses on capital calculations, ideally threshold of internal loss data start from the impact of the losses.

Many (FI) keep their threshold on the higher level for avoiding the event to be observed which have impact on the losses; on the other hand some (FI) keep their threshold on lower level for gathering more and more information and data of the events which cause losses. Threshold of data should include operational loss event data too because it have impact on operational risk exposures. Now the important things which should be considered is to identify when internal loss data is maintain and what is the date of internal losses. Usually AMA (FI) have no issue which reference date is to be considered, for example discovery date, accounting date, contingent liability date or occurrence date but preference should be given to occurrence date for building the calculation dataset, if (FI) have limited observation period of five years. Losses can be grouped into single loss, if the losses belong to similar business line, type, date and have no impact on capital calculation.

For increasing the sensitivity for detecting the operational risk, various models have been used but the most important thing that AMA (FI) should considered before taking the decisions on the AMA model is that AMA model should support qualitative and quantitative analyses and also identify the operational risk in the (FI). AMA Model usually depends on scenario based analyses, so the (FI) should make sure that the model scenario analyses estimated the risk profile effectively to operational risk.

AMA uses four types of data element for calculating the operational risk capital charge: Internal loss data, external data, scenario analyses and business environment and internal control factors. The combination of these data elements in sufficient for estimating the operational risk but responsibility goes on the (FI) management to utilize these data elements with the right combinations to adequate with the level of risk to which it is exposed. As there are various issues which causes barrier in the implementation of AMA in (FI). As in case of Internal loss data which supposed to use in AMA model is usually expected that it come from the risk management practice which reflect the (FI) risk profile but if the validation of the internal loss data is not verifiable with respect to the data quality, which is required for AMA models, then the results have no worth regarding identification of operational risk.

Another data element which is required in AMA models is the external data which supposed to be collected from the external source. Such data element is use in the estimation and identification of loss severity beside it external data is also use as an input for scenario analysis. The authenticity and rating for such third part which is external source for collecting external data is very vital for the perfection of external data which supposed to be collected from them.

Scenario Analysis output is totally depending on the input which was given to the AMA models. It is an essential part for the building of Operational Risk Management Framework (ORMF). The calculation of uncertainty made by scenario analyses is challengeable because of the data biases or fake, so for the getting exact result it is being suggested that further research should be done before finalizing the decision on the bases of result abstracted from the scenario analyses. The last form of data element type is BEICF which is usually used as an indirect input in the AMA models as an ex post adjustment to the model output.

Before going toward the decision related to operational risk management following points should be considers.

1. Is that enough data is available for the statistical modelling

2. Validation, Verification and Quality of data.

3. Structure should be present for the calculation of expected losses of each types of risk.

4. Ability of take decision related to mitigate operational risk.

5. Threshold of calculating the losses events of operational risk should not be bias.

Operation risk Management in Developed countries

There are various examples which show the importance of operational risk management in the financial institutions (FI). Due to negligence or failure of operational risk management biggest financial losses have occurred in the history of financial world for example the cases of Daiwa Bank (1995), Barings (1995), Saloman Inc (1994-96) and the worst Societe Generale (2008) lost approximately US$ 7 billion due to lack of internal control.

As per Tomas Magnusson, Abha Prasad and Ian Storkey, March 2010[53] Due to operational risk management failure Fulham and Hammersmith council in the UK received the ruling against them in 1989 from the high court regarding the swap contracts of worth US$ 9.5 billion. The court decision causes losses to the British and foreign banks of worth US$1 billion in default of swap payments. Another case because of operational risk management failure was happen in the district of California namely Orange county, they losses US$1.6 billion. They declared bankruptcy which was the highest financial failure in the history of US local government. Besides it major causes of corruptions in the financial institutions is the weakness in the Operational Risk Management, it also included in the external fraud like hacking, forgery, and robbery. From the last over twenty years more than hundred operational losses exceeded to US$100 million in value each whereas few of them even exceeded to US$1 billion.

Such losses were not because of market or credit risk, the reason behind it was the operational risk which led the (FI) towards the bankruptcies and mergers.

One of the data element of AMA framework namely Business environment and Internal control factors, it is the fineness tool which help AMA approved (FI) in identifying and measuring the operational risk. According to the BCBS report of 2008[6] developed countries (FI) those are AMA approved mostly used Business environment and internal control factors as a tool of risk Management and Quantification. 98% of developed countries (FI) using BEICF tool namely Risk Control Self-Assessment, 90% use audit results and 81% use Key Risk Indicator and Key Performance Indicators for operational risk management. As many banks of developed countries are using more than thousand Key Risk Indicators and Key Performance Indicators as an input for the operational risk measurement.

It is essential for (FI) before becoming AMA approved institution they have to use Scenario Analysis as an input for operational risk measurement methodology, most of the (FI) of developed countries are using Scenario Analyses for more than three years. Ong (2007)[45] states that level of the risk should be determine so that the solution should be made accordingly. Unless and until the level of seriousness of risk is not determined till than the precautions or solutions cannot be affected.

Due to the serious consequences operational risk, (FI) have increase the level of awareness and doing research work in finding the ways of managing the operational risk in their institutions. Besides it BASEL II pushing the financial institutions, to focus on identifying, measuring, evaluating and managing their operational risk. Such steps increase the importance of Operational Risk Management in the (FI), due which it become the fastest growing risk castigation in the (FI).

As per Chartis Research operational,2012[23] risk management systems demand is increasing worldwide (FI) especially in the developed countries, by 2011 the total value reached to US$1.55 billion. Such a thing shows the great concerned of (FI) regarding the operational risk management. Besides it report finds that US and EU (FI) are replacing their 1st Generations ORM system and emerging regions like Middle East, Asia Pacific and South America are investing in the development of sophisticated system of Operational Risk Management. (FI) also replacing their approaches, processes, peoples, internal risk indicating system's and external risk indicating system for improving the risk sensitivity for operational risk. As summed up by a U.S. regulator, The advanced approaches of Basel II represent a sea change in how banks determine their minimum level of required capital for regulatory purposes. It intends to better align regulatory capital with inherent risks and banks' internal economic capital".

In old days most of the (FI) of developed countries never gave importance to the operational risk as compare to the credit and market risk, but since year 2008 when whole world were hit by the recession crises and the reason of such crises which world get it know was the ignorance and weakness of operational risk management.

In 1999, the Basel Committee for Banking Supervision (BCBS)[7] state that: informal survey that highlights the growing realisation of the significance of risks other than credit and market risks, such as operational risk, which have been at the heart of some important banking problems in recent years..." As Roger W. Ferguson, Vice Chairman of the Board of Governors of the Federal Reserve System [52], stated, In an increasingly technologically driven banking system, operational risks have become an even larger share of total risk. Frankly, at some banks, they are probably the dominant risk." HSBC Group (2004) [21] states that ...regulators are increasingly focusing on operational risk ... This extends to operational risk the principle of supporting credit and market risk with capital, since arguably it is operational risk that potentially poses the greatest risk."

Table 1: Examples of operational losses in the global financial industry in the last two decades.[47]

S.No Year###Name###Impact###Description

###Incompetence (Robert Citron,

###Orange###$1.7 bln,

###1.###1994###treasurer), lack of expert risk


###oversight and control.

###Internal fraud (Nick Leeson,

###Barings###$1 bln,

###2.###1995###trader), unauthorized trading, poor


###internal surveillance and control

###$1.1 bln, SandP###Internal fraud and illegal trading


###3.###1995###down grading###(Toshihide Iguchi, trader) and poor


###from A to BBB###internal surveillance and control

###"9/11"###Civilian and property

###4.###2001 Terrorist loss, business###Terrorism externally inflicted


###Allied###Fraudulent activities (John Rusnak,

###5.###2002 Irish###0.7 bln###trader)###and###poor###internal

###Banks###surveillance and control

Operational risk Management in Developing countries

The (FI) in developing countries is very different then the (FI) of developed countries. The problem facing by the developing countries in the introduction of Basel II are due to the less developed and uncontrollable infrastructure such as lack of credit rating agencies and non-authentic and bias data collection.

In Pakistan, Sri Lanka and India main problem of not adopting the complete features of Basel II are the small number of credit rating agencies and the very few numbers of agencies which are responsible for rating the financial institutions. As unrated entities are not entitle of doing any sort of business with the financial institutions because (FI) are handicapped under the rules of Basel II. In Sri Lanka as per Jayamaha, 2006[27] The firms which have low credit rating as per Standardized approach and have restrictions of lending as per Basel II, the (FI) authorities of Sri Lanka are allowing flexibility regarding lending the loans to such firms, overall (FI) of Sri lanka are doing what they are willing to do without considering any types of risk specially operational risk which will led them towards the market and credit risk and at the end financial loses.

Pakistani, Sri Lankan, Indian banks and many developing countries (FI) have not even started collecting the external loss data, which is very essential for implementing the AMA (Advanced Measurement Approach) for operational risk management.

As per survey by Benton Gup (University of Alabama)[14] those countries which are emerging market economies or poorer such as Brazil, Russia, Argentina, Botswana and Guinea-Bissau should improve and developed their infrastructure. After this introduce and reinforce 3rd pillar of Basel II. In the developing countries one thing is common among them and that is weakness in their internal control system. As previously discuss the main causes of operational risk are people, processing, internal and external factors. In most of the developing countries (FI) no one ever focus on these causes specially there is a lack of appropriate people for handling the operational risk.

Minimum 3 years of internal loss data is required for implementing and developing the AMA model but in most of the developing countries (FI) such a data collection is not even started, so how come the AMA can be adopted by them , as the most risk sensitive approach for identifying operational risk is AMA. In few countries external data is being collected by the agencies but the reliability of such data is questionable.The Basel Committee on Banking Supervision performed the Loss Data Collection Exercise 2008 (LDCE)[4] to collect information on all four data elements internal loss data, external loss data, scenario analysis, and business environment and internal control factors (BEICFs) used in Advanced Measurement Approach (AMA). Such a collection of data by BCBS is the sign of importance of operational risk management by the worldwide (FI), specially the (FI) belong to USA, UK, Japan and Australia.

These shows developing countries are far behind then their peers (FI) which belong to the developed countries, as they already adopt the AMA approach for handling the operational risk.

As per Andrew Cornford (2005)[1], (FI) of developing countries have no clear understanding regarding the operational risk and very few finance ministries have Business Continuity and Disaster Recovery Plan, so it is suggested before developing the infrastructure and designing the Operational Risk management and measurement framework, (FI) authorities should understand the operational risk. Such comments by IMF show the importance of operational risk in the eyes of (FI) of developing countries.

Framework of ORM cannot be successfully implemented unless the culture of risk awareness is not developed in (FI), once the culture being developed then the maintenance of Operational Risk Management required following steps to be followed by the (FI).

1. Identification and measurement of risks

2. Design and develop the strategies of risk management

3. Implementation of risk management policies.

4. Monitoring and compliance the performance of policies.

5. Continuous improvement of Operational Risk Management models and framework.

The following Basel II implementation Schedule for top tier banks in Asian countries show that Singapore and China are ahead in adopting the advanced approach of operational risk management as compare to the others Asian countries but as a group still they are far behind from the developed countries of US and EU.

table 2: Basel II Implementation Schedule for Top Tier Banks

As per ARMI research[28] there are five major issues and challenges which create hurdles for the developing countries in adopting the AMA and operational risk management programs which are as follows:

1. Lack of Appropriate and Highly skilled personal related to risk management.

2. Unable to change the management for implementing the new policies, systems and procedures related to risk management.

3. Lack of authentic data which is required for the implementation of Basel II framework.

4. Lack of reporting and disclosure at (FI) of internal and external risk.

5. Lack of strategy and execution of ERM among the (FI).

Following graphs shows the efforts of developed countries toward the handling of Non-Performing Loan (NPL) and on the other hand developing countries are suffering from the highest rates of NPL. The only reason is the weakness of internal control and ignorance towards the operational risk management.

One of the main reason of accounting errors and financial fraud is due to the weakness in the internal control system. As per Doyle, Ge, and McVay (2006)[29] companies with Internal Control Weakness have lower-quality financial statements and that this relation is driven by overall company-level controls, as opposed to account-specific weaknesses. According to Ashbaugh-Skaife, Collins, Kinney, and LaFond (2008)[2] firms with Internal Control Weakness have higher idiosyncratic risk, systematic risk, and cost of equity. As per Moody's (2004)[40], Internal Control Weakness especially those broader in scope, can have a direct effect on credit ratings. Overall is that Internal Control Weakness or lack of operational risk management gave rise to the various risks which ultimately convert into a major financial loss and end with the bankruptcy or merger of (FI).

Merger of two (FI) also increase operational risk. As in the merger of Bank of America and Merrill Lynch all the employee of Merrill Lynch do not stay with the Bank after the merger. Actually when merger of two (FI) happen basically it demoralize the employees and which as a result push them to fly toward the new destination. Internal fraud usually happen while during the merger because during the merger process internal control system become weaker and gives a chance to internal fraud. Another example is of Lloyds TSb bank when it acquired Halifax Bank of Scotland in 2008, one of the main issues which were raised was how to hold the employees. So merger is not the solution for protecting the (FI) from the operational risk.

Above given examples is from the developed countries (FI) those are much far forward in operational risk management than the developing countries (FI), but they also faced the operational risk due to the lack of internal control weakness and operational risk management, so it is suggested developing countries (FI) should learn a lessons from the mistakes of developed countries (FI) because currently developing countries (FI) are doing the same which have been done before by the developed countries (FI).

Operational risk Management ignorance in Developing countries

In developing countries (FI) mostly they don't considered operational risk management as the essential part of the risk management. Mainly they focus on credit and market risk, but there is certain thing of which developing countries (FI) should focus before it's too late. As scenario analysis is very essential for forward looking of operational risk exposures, before using such scenario analyses supervisors required certain elements for scenario framework which are as follows and not adopted by the developing countries (FI).

1. Process should be clearly defined.

2. Highly skilled personals related to operational risk management.

3. Well-developed structure for the validation and verification of data.

4. Well defined structure for the development of scenario estimates.

5. High quality documentation which can support the scenario output.

6. Mechanism which can eliminate the elements of bias data.

There are certain factors which ignored by the developing countries (FI) due to which major losses have been occurred. Such factors are as follows:

Increase in the cost of Operational Risk Management compliance.

Unable to access the effective information related to the risk among the peers (FI).

Unavailability of Loss database, which is very essential for implementing AMA. Initially required at least 3 years and finally 5 years data for the implementation of AMA.

Lack of system which can measure the operational risk as per Basel II quantification requirements.

Unable to implement the operational risk management system due to the various reasons but mainly authorities are unable to understand the importance of operational risk management.

Quality of decision related to risk can be taken, when the decision taker is able to understand the risks properly. Strong operational risk management framework can be made by considering the following core components.

Good governance on identification, strategy, structure and execution of operational risk management.

Clear strategy on risk appetite, processes, policies and tolerance.

Monitoring of policies implementation at all level.

Review of inside and outside strategic policies.

Well defined hierarchical structure of operational risk management.


In this article, there is lots of evidence that have been discussed which causes major losses in the financial institution of the world. As in 1991, BCCI Bank was collapsed due to its involvement in money laundering whereas in 1995 Daiwa Bank crisis was happened due to the weakness of governance and internal control at New York branch. Merger of Lloyds TSB bank with Halifax Bank and in the merger of ABN AMRO bank with Royal Bank of Scotland, all of these examples is of the massive failures. These all failures were happen because of operational risk not because of credit or market risk. After a long list of failures of financial institutions of developed countries they understand the reasons behind their failures and that was their ignorance towards the operational risk management. Developed countries (FI) continuously upgrading themselves by implementing advance approaches and also continuously monitoring their system for enhancement and upgrading as per the requirement.

Developed countries (FI) implement such system, processes and procedures which eliminate their internal control weakness and helping them in scenario analyzing which foreseen them forward operational risk exposures.

On the other side of the world mean developing countries financial institutions till to date haven't taken any steps which can protect them from operational risk. Till to date they are analyzing their operational risk by using basic approaches for example Basic Indicator Approach and Standard Approach. These approaches are not that much risk sensitive then the Advance Measurement Approach (AMA). For implementing AMA there are certain steps that should be taken and the first step is to maintain the database of internal loss data for at least 3 years. So most of the developing countries (FI) does not have such types of database and above all there are very few rating agencies which can provide the external data, the data which provided by the rating agencies of developing countries are usually bias or not having such a quality which can be used in the operational risk models.

Most of the authorities of developing countries (FI) are not following the rules and regulations of Basel II due to which major financial failures are facing by them.


Andrew Cornford (2005),Revising Basel 2:the impact of the financial crisis and implications for developing countries

Ashbaugh-Skaife, Collins, Kinney, and LaFond(2008): The Effect of SOX Internal Control Deficiencies on Firm Risk and Cost of Equity.10 June 2008

Basel Committee on Banking Supervision. 2004. International Convergence of Capital Measurement and Capital Standards- A Revised Framework. June,2004.

Basel Committee on Banking Supervision, 2001. Consultative Document, Operation-al Risk, Basel: Bank of International Settlement. Available from: [Accessed 24Feburary, 2014,[2100 PST]

Basel Committee on Banking Supervision, International Convergence of Capital Measurement and Capital Standards - A Revised Framework Comprehensive Version, June 2006

BCBS (2008). Principles for Sound Liquidity Risk Management and Supervision. Basel, Bank for International Settlements. September.2008.

BCBS (1999). Capital Requirements and Bank Behaviour: The Impact of the Basle Accord, Basel Committee on Banking Supervision Working Paper No.1. Basel, Bank for International Settlements. April.1999.

Brunnermeier M, Crocket A, Goodhart C, Persaud AD and Shin HS (2009). The Fundamental Principles of Financial Regulation. Geneva Reports on the World Economy, 11. Preliminary Conference Draft. Geneva, International Centre for Monetary and Banking Studies, and London, Centre for Economic policy Research. January.2009

Butler C (2009). Accounting for Financial Instruments. Chichester, John Wiley.

Carney M (2009). Reforming the global financial system. Remarks by the Governor of the Bank of Canada at a Rendez-vous avec L'AutoritACopyright des marches financiers. Quebec, 26 October.

Cecchetti S, Gyntelberg J and Hollanders M (2009). Central counterparties for over-the-counter derivatives. BIS Quarterly Review. September.2009

Committee on the Global Financial System (2009). The role of valuation and leverage in procyclicality. CGFS Papers No. 34. Basel, Bank for International Settlements. April.2009

Cummins, J. D., Lewis, C. M., and Wei, R. 2006. The Market Value Impact of Operational Loss Events for US Banks and Insurers.

David Keefe (2005),Banks Fear Basel II Effects on Developing Countries, ABA Journal of Banking and Finance, Vol. XX, No. 1, 2005

Dale R (1992). International Banking Deregulation. The Great Banking Experiment. Oxford, United Kingdom and Cambridge, MA, Blackwell Publishers.

Delhaise PF (1998). Asia in Crisis. The Implosion of the Banking and Finance Systems. Singapore, John Wiley and Sons (Asia).

Davies H and Green D (2008). Global Financial Regulation: The Essential Guide, Cambridge, United Kingdom, Polity Press.

Financial Stability Institute (2006). Implementation of the New Capital Adequacy Framework in non-Basel Committee Member Countries.

Financial Stability Institute (2004). Implementation of the new capital adequacy framework in non-Basel Committee member countries. Occasional Paper No. 4. Basel, Bank for International Settlements. July.2004

FSF (2009). Report of the Financial Stability Forum on Addressing Procyclicality in the Financial System. 2 April.2009

HSBC Operational Risk Consultancy group, 1990

Institute of Operational Risk. 2010. Operational Risk Sound Practice Guidance: Key Risk Indicators. November 2010.

IBM Vendor Highlights - RiskTech100 2012,Operational Risk Management (ORM) Framework in Banks and Financial Institutions, [http://chartis /search /results /d95eb9c496bc450a3230629dff594951 ] access that[ 25/02/2014][2200 PST]

IASB (2009). IASB completes first phase of financial instruments accounting reform. Press Release. 12 November.2009

International Accounting Standards Board (IASB) (2009). IASB publishes proposals on the impairment of financial assets. Press Release. 5 November.2009

International Monetary Fund, Global Financial Stability Report, September 2006

Jayamaha (2006). Basel II a roadmap for Sri Lankan banking system with international comparisons. Opening remarks at an event of lecture series organized by the Association of Professional Bankers. Colombo. 18 December 2006.

James Lam (2007), Enterprise Risk Management at Asian Banks: FROM CHALLENGES TO STRATEGIES. January 2007

Jeffrey Doyle, Weili Ge, Sarah McVay (2006), Determinants of weaknesses in internal control over financial reporting, October 2006

Jarrow, R. A.; R. L. Bennett; M. C. Fu; D. A. Nuxoll; and H. Zhang. A General Martingale Approach to Measuring and Valuing the Risk to the FDIC Deposit Insurance Funds." Working Paper, FDIC (2003).

Jarrow, R. A., and S. M. Turnbull. Pricing Derivatives on Financial Securities Subject to Credit Risk." Journal of Finance, 50 (1995), 5385.

Jin, L., and S. C. Myers. R2 Around the World: New Theory and New Tests." Journal of Financial Economics, 79 (2006), 257292

Jarrow, R. A., and F. Yu. Counterparty and the Pricing of Defaultable Securities." Journal of Finance, 56 (2001), 17651799.

Kenneth A. Froot, David S. Scharfstein, Jeremy C. Stein, 1993. Risk Management: Coordinating Corporate Investment and Financing Policies.

Kalyvas, L., I. Akkizidis, I. Zourka and Bouchereau, V. 2006. Integrating Market, Credit and Operational Risk. In A Complete Guide for Bankers and Risk Professionals. London: Risk Books.

Kuhn, R. and Neu, P. 2005. Functional Correlation Approach to Operational Risk in Banking Organizations. Working Paper, Dresdner Bank AG.

Laker, John. F. 2006. The Evolution of Risk and Risk Management A Prudential Regulator 's Perspective. Chairman's Speech, Australian Prudential Regulatory Authority. September.2006

Lopez, J. A. 2002. What is Operational Risk Economic Letter, Federal Reserve Bank of San Francisco.

Laviada, Ana Ferna'ndez. 2007. Internal audit function role in operational risk management. Journal of Financial Regulation and Compliance, 2007

Moody's(2004),Risk Management Assessments: 2004

Marshall, Rosalie. 2008. Firms need to broaden risk outlook. IT Week, Feb 2008

Medova, E. A. and Kyriacou, M. N. 2001. Extremes in Operational Risk Management. Unpublished paper, University of Cambridge.

Neslehova, J., Embrechts P., and CHAVES-DEMOULIN, V. (2006). Infinite mean models and the LDA for operational risk." Journal of Operational Risk V. 1, N. 1, 3-25. 2006

Operational Risk- Supervisory Guidelines for the Advanced Measurement Approaches, June 2011

Ong, M. 2007. The Basel Handbook: A guide for financial practitioners. 2nd Edition. Published by Risk Books Incisive Financial Publishing Ltd. London.

Operational Risk Management Systems 2008 - Market Analysis, April 2008, [http://chartis /search /results /d95eb9c496bc450a3230629dff594951] access that[25/02/2014][1800 PST]

P. De Fontnouvelle, V. DeJesus-Rueff, J. Jordan, and E. Rosengren. Using Loss Data to Quantify Operational Risk. Technical report, Federal Reserve Bank of Boston, 2003.

Principles for the Sound Management of Operational Risk, June 2011

Perry, J., and P. de Fontnouvelle. Measuring Reputational Risk: The Market Reaction to Operational Loss Announcements." Working Paper, Federal Reserve Bank of Boston (2005).

Povel, P.; R. Singh; and A. Winton. Booms, Busts, and Fraud." Review of Financial Studies, (2007).

Petersen, M. A. Estimating Standard Errors in Finance Panel Data Sets: Comparing Approaches." Review of Financial Studies, (2009)

The New Basel Capital Accord Proposal, Hearing before the Committee on Banking, Housing and Urban Affairs, United States Senate, 2003

Tomas Magnusson, Abha Prasad and Ian Storkey: Guidance for Operational Risk Management in Government Debt Management, March 2010
COPYRIGHT 2015 Asianet-Pakistan
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2015 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Journal of Business Strategies (Karachi)
Date:Jun 30, 2015
Previous Article:Brand trust, customer satisfaction and Brand Loyalty-a cross Examination.
Next Article:Editorial Note.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters