Page 56 - DCAP309_INFORMATION_SECURITY_AND

Page 56 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY

P. 56

Information Security and Privacy

Notes The second step involves doing a causal analysis to understand the exact cause for the
above events and estimate the actual loss as well as potential loss in case the events are
repeated. This analysis on cause of events can make the bank understand the level of
exposure and the op-risk management strategy it needs to adopt.
Once banks have developed an event database and done the causal analysis, they can start
risk mapping. Risk mapping is a tool wherein banks can map the above risk events and
losses to any specified set of business lines.

Basel has come out with eight set of business lines — corporate finance, trading and sales, retail
banking, commercial banking, payment and settlement, agency and custody services, asset
management and retail brokerage — to which the events collected by bank can be mapped.
Op-risk measurement is still evolving in terms of tools and techniques that can be used for
effective measurement and management. Banks can follow either or both of qualitative
risk measurement or quantitative risk measurement:
The generic ways of measuring op-risk include qualitative risk measurement techniques
such as critical assessment method, which involves questionnaire format and interviews
with all line managers to identify the op-risk events.
Another widely used approach, which is a combination of qualitative as well as quantitative
approaches, is the Key Risk Indicators (KRI) approach, which involves identifying indicators,
which convey good idea about the scope of business and thereby the risk involved.

For instance, portfolio size, volume of transactions traded, volume of deals routed through
payment and settlement systems, etc., form one set of predictive indicators. KRI is more a
predictive model than a cause-and-event approach.
A common quantitative approach used is Loss Distribution Approach (LDA), which
involves arriving at a right fit distribution of historical loss events and, thereby, at
quantitative results like expected loss and finally operational value at risk.
Another forward-looking scenario generation approach for op-risk measurement is Loss
Scenario Modelling, which involves generating simulations for loss scenarios based on
the events and losses captured in the first step.
Basel II norms suggest three approaches for measurement of op-risk. The simplest approach,
best suited for less sophisticated and small balance-sheet banks, is the Basic Indicator
Approach (BIA). BIA requires banks to allocate capital based on a single indicator of
operational risk, which in this case will be average gross income of past three years
multiplied by factor called alpha, which is set at 15 per cent.

The second approach is the Standardised Approach (SA), which involves mapping the
bank’s business lines to the set of eight business lines and use multiplier (Beta) of average
gross income to compute capital charge.
Also, there is the Alternative Standardised Approach (ASA), which uses loans and advances,
instead of gross income, for retail banking and commercial banking business lines
multiplied by fixed factor which results in capital charge to be set aside.
The most sophisticated approach suggested is advanced measurement approach (AMA).
Under the AMA, the regulatory capital requirement will equal the risk measures generated
by the bank’s internal operational risk measurement system using quantitative and
qualitative criteria for the AMA. Internal data used must be based on a minimum historical
observation period of five years. However, when a bank first moves to AMA, a three-year
period is acceptable.
Contd...

50 LOVELY PROFESSIONAL UNIVERSITY

51 52 53 54 55 56 57 58 59 60 61