SlideShare uma empresa Scribd logo

2. op risk and aml

C
crmbasel

This document discusses using key risk indicators (KRIs) to measure operational risk in wealth management services. It recommends starting with simple KRIs like the number of investment products, number of staff selling products, and number of new customers. More specific KRIs could include the number of high-risk products or inexperienced staff. The document outlines analyzing KRIs over time and across branches to identify trends or outliers. It also discusses setting trigger limits and using KRIs to assess risk mitigation effectiveness. Overall, the document promotes adopting a KRI program to systematically monitor operational risk levels and satisfy regulatory requirements.

1 de 10
Managing Operational Risk with Key Risk Indicators Dr. LAM Yat-fai (林日辉博士林日辉博士林日辉博士林日辉博士) Doctor of Business Administration (Finance) CFA, CAIA, FRM, PRM, MCSE, MCNE PRMIA Award of Merit 2005 E-mail: quanrisk@gmail.com 2 Agenda Measuring operational risk with KRIs Implementing a KRI program 3 4
5 6 7 Case: The lessons from selling Lehman Brothers’ investment products Do you know how many investment products you are selling? Do you know how many Lehman Brothers-related transactions are processed in the past 3 months? Do you know how many customers you have? Do you know how many new customers you have in the last quarter? Do you know whether your marketing staff have mis-communicated with your clients? Do you know whether your investment product documents are compliant with the SFC’s regulatory requirements? Do you know how many marketing staff have undergone proper product training? 8 Basel III classification on operational failures 1. Internal Fraud 2. External Fraud 3. Employment Practices and Workplace Safety 4. Clients, Products, & Business Practice 5. Damage to Physical Assets 6. Business Disruption & Systems Failures 7. Execution, Delivery, & Process Management
9 Your questions on wealth management services Return How much profit to be generated from wealth management services? Risk What are the major operational failures (high frequency and/or serious loss) associated with wealth management? How do you measure this risk? What are the current risk level? 10 Wealth management services: questions on operational risk Is the operational risk level acceptable, too high or too low? Is the operational risk level increasing or decreasing during the last 12 months? Which branch and/or investment product contributes the most operational risk? If the operational risk level is too high, how to plan for the mitigation actions? How to assess whether a mitigation action is effective? How to set limits for operational risk level? 10 11 Think realistically… There is no perfect indicator You should look for some indicators that are associated with operational failures There is no single right indicator Your audit department and the bank regulator simply ask whether your know the operational risk and how you measure it. It is hard for them to prove whether you are right or wrong 11 12 Operational risk measurement Qualitative Low, medium, high Subjective Difficult to compare Quantitative Numerical Objective Relatively easy to compare
13 What is key risk indicator (KRI)? Indicator Quantifiable Risk Sensitive to risk Key Only a few Definition from the HKMA: KRIs are primarily a selection from a pool of operations or control indicators identified and being tracked by various functions of a bank… 14 KRI report for settlement operations of a major bank in London 15 What regulators expect on KRIs? KRIs may be early warning signals KRIs help predict risk KRIs help the management know where the risks are KRIs help the management know the current risk and its recent trends KRIs help the management set risk limits and action plans 16 How do you benefit from KRIs? To measure operational risk in numbers To compare operational risk among business units To exhibit trend of operational risk To analyze level of operational risk To measure effectiveness of operational risk mitigation actions To communicate operational risk level bottom up
17 Incentives for a corporate deployment of KRIs For audit department Help identifying high risk areas and outliers Thus focusing audits on the weakest link For business department An objective and on-going risk monitor system put in place Justify less audit if you are not an outlier 18 Characteristics of good KRIs Intuitive and simple Easy to observe and measure Recorded automatically Several KRIs on a single risk dimension No contradiction Less overlapping 19 Answer: Possible KRIs for wealth management services No. of investment products No. of regulatory guidelines on selling investment products No. of staff selling investment products No. of customers acquired investment products Monthly sales target of investment products 20 More specific KRIs for wealth management services No. of high risk investment products No. of regulatory guidelines issued last year on selling investment products No. of staff selling investment products with experience less than one year No. of customers acquired investment products with mis-matched risk level Residual sales target of investment products
21 How to analyze KRIs? Peer analysis Which branch is the most risky? Which branch is the least risky? Trend analysis Is the operational risk increasing? Is the operational risk reducing? Threshold analysis At which level has material operational failure started to emerge? At which level has even minor operational failure never observed? Statistical analysis What is the average risk level? What is the distribution of risk level? 22 Peer analysis Monthly no. of transactions per teller - 500 1,000 1,500 2,000 2,500 3,000 3,500 A verage Sha Tin Eastern K w un Tong Yuen Long K w aiTsing Tuen M un W ong TaiSin SaiK ungSham ShuiP oK ow loon C ity TaiPo Tsuen W an High risk trigger level Inefficient trigger level 23 Trend analysis Monthly no. of transactions per teller (Shatin branch) - 500 1,000 1,500 2,000 2,500 3,000 3,500 Jan-2010 Feb-2010 Mar-2010 Apr-2010 May-2010 Jun-2010 Jul-2010 Aug-2010 Sep-2010 Oct-2010 Nov-2010 Dec-2010 High risk trigger level 24 Effectiveness of mitigation plan Monthly no. of transactions per teller (Shatin branch, with two tellers re-deployed from Tai Po in 2011) - 500 1,000 1,500 2,000 2,500 3,000 3,500 Apr-2010 May-2010 Jun-2010 Jul-2010 Aug-2010 Sep-2010 Oct-2010 Nov-2010 Dec-2010 Jan-2011 Feb-2011 Mar-2011 High risk trigger level
25 Setting trigger limits High risk trigger level The level of KRI at which material operational failure starts to emerge Inefficient trigger level The level of KRI at which even minor operational failure never occurred, an indication of inefficiency Trigger limits could only be set after a relevant KRI system is in place for a sufficient long history, e.g. one business cycle Some trigger examples 90th percentile Mean + 1.67 SD The KRI level 3 month before a failure occur 26 Your benefits (again) To satisfy regulatory requirements To minimize audit findings To demonstrate a high standard of OPM compatible with major international banks To prevent potential operational failures To justify additional resources To disclaim liabilities in case of request on additional resources disapproved 27 Disadvantages of KRIs Cost of do business Backward looking No standard KRIs Long data history to build KRI database Unclear causal relationship between operational loss and KRIs 28 Agenda Measuring operational risk with KRIs Implementing a KRI program
29 Who design the KRIs? You design your own KRIs Only you know which KRIs are the best Not compliance department They specify more KRIs to satisfy regulators Not external auditors They specify more KRIs to justify their audit fee Not external consultants They specify useless KRIs to charge more 30 Number of KRIs KRIs must be key Preparation of KRIs is costly Less then no. of productive staff in your department Inconsistency among KRIs are difficult to explain More KRIs trigger more questions from management, auditors and regulators Rule of thumb for a simple business line Between 5 to 7 At least 3 At most 12 31 Common KRIs Annual gross revenue No. of critical operational failures per year No. of customers per staff per month No. of transactions per staff per month Transaction amount per staff per month Time required to process one transaction No. of low, medium, high audit findings Results from control self-assessment … 32 Roll out strategy Start with each business line Then product and branch Start with simple numbers No. of customers No. of low, medium and high risk customers No. of mis-match selling Start with quarterly measures Conduct annual review
33 Preparing management reports Peer analysis e.g. by branch Trend analysis e.g. from last 12 months Threshold analysis e.g. did outliers experienced material failures? Statistical analysis e.g. mean, standard deviation, relationship with material operational failures 34 Common misunderstandings The more KRIs, the better OPM Limit KRIs only to a few KEY Assign “Low”, “Medium”, “High” value to a KRI Use numeric as much as possible External consultants can design KRIs They charge you by copying Bank A’s KRIs to your bank They charge Bank B by copying your bank’s KRIs to Bank B KRIs are forward looking KRIs only tell you as they are Plan to roll out a perfect KRI system You cannot improve your KRI system next year KRI is the most important task You are paid because of creating revenue KRI is only one of the few major OPM methods 35 Use of external consultants Bring in experiences from regulators and other banks Put in place the skeleton of an KRI framework Introduce a culture of KRIs Conduct training on KRIs Design MIS systems and reports But, external consultants can never design KRIs for your 36 Final advice Start your KRI system tomorrow Start with simple and easy KRIs
37 Your exercise List three major business lines in your department List three KRIs for each business line Specify how to collect the KRIs Your opinions http://sites.google.com/site/quanrisk

Recomendados

KRI Consulting Solutions LLC
KRI Consulting Solutions LLCKRI Consulting Solutions LLC
KRI Consulting Solutions LLCkrh96011
 
Introducing KRI model know your customers
Introducing KRI model know your customersIntroducing KRI model know your customers
Introducing KRI model know your customersBaby Sirota
 
Keys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleKeys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleGrant Thornton LLP
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...Benoit Grenier
 
Risk indicators
Risk indicatorsRisk indicators
Risk indicatorsSravani Varma
 
Operational Risk Management System with Statistical Control
Operational Risk Management System with Statistical ControlOperational Risk Management System with Statistical Control
Operational Risk Management System with Statistical ControlAlex Liang
 

Recomendados

KRI Consulting Solutions LLC
KRI Consulting Solutions LLCKRI Consulting Solutions LLC
KRI Consulting Solutions LLCkrh96011
 
Introducing KRI model know your customers
Introducing KRI model know your customersIntroducing KRI model know your customers
Introducing KRI model know your customersBaby Sirota
 
Keys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleKeys to extract value from the data analytics life cycle
Keys to extract value from the data analytics life cycleGrant Thornton LLP
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementSALIH AHMED ISLAM
 
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...Proactive Risk Management: An Introduction to the Importance of Proactive Ris...
Proactive Risk Management: An Introduction to the Importance of Proactive Ris...Benoit Grenier
 
Risk indicators
Risk indicatorsRisk indicators
Risk indicatorsSravani Varma
 
Operational Risk Management System with Statistical Control
Operational Risk Management System with Statistical ControlOperational Risk Management System with Statistical Control
Operational Risk Management System with Statistical ControlAlex Liang
 
Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Hernan Huwyler, MBA CPA
 
PredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections CapabilitiesPredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections CapabilitiesPredictiveMetrics, Inc.
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414aidanc5
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsTony Moroney
 
True Portfolio Diversification
True Portfolio Diversification True Portfolio Diversification
True Portfolio Diversification drewday
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008Ciaran Henry
 
Chapter 12 - Operational risk management
Chapter 12 - Operational risk managementChapter 12 - Operational risk management
Chapter 12 - Operational risk managementQuan Risk
 
Ignorance Is Risk
Ignorance Is RiskIgnorance Is Risk
Ignorance Is RiskJeromie Jackson
 
Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03Pravin Shirname
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012aj22dms
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFrederic Girardeau-Montaut
 
FENG CCAR DFAST BASELIII_real(2)
FENG CCAR DFAST BASELIII_real(2)FENG CCAR DFAST BASELIII_real(2)
FENG CCAR DFAST BASELIII_real(2)Kenneth A. Goodwin Jr., MBA
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Speaker 1
Speaker 1 Speaker 1
Speaker 1 Graham Jones
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsFrancois Combrinck CBAP
 
Essential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance ProgramsEssential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance ProgramsMD Ranger, Inc.
 
4. corporate training (putonghua)
4. corporate training (putonghua)4. corporate training (putonghua)
4. corporate training (putonghua)crmbasel
 
Journal paper 2
Journal paper 2Journal paper 2
Journal paper 2crmbasel
 

Mais conteúdo relacionado

Mais procurados

Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Hernan Huwyler, MBA CPA
 
PredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections CapabilitiesPredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections CapabilitiesPredictiveMetrics, Inc.
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414aidanc5
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk ManagementAsad Hameed
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsTony Moroney
 
True Portfolio Diversification
True Portfolio Diversification True Portfolio Diversification
True Portfolio Diversification drewday
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008Ciaran Henry
 
Chapter 12 - Operational risk management
Chapter 12 - Operational risk managementChapter 12 - Operational risk management
Chapter 12 - Operational risk managementQuan Risk
 
Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03Pravin Shirname
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012aj22dms
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's Andrew Smart
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsFrancois Combrinck CBAP
 
Essential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance ProgramsEssential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance ProgramsMD Ranger, Inc.
 

Mais procurados (20)

Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...Decision trees, scenario analysis, monte carlo simulation and scenario planni...
Decision trees, scenario analysis, monte carlo simulation and scenario planni...
 
PredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections CapabilitiesPredictiveMetrics' Predictive Scoring for Collections Capabilities
PredictiveMetrics' Predictive Scoring for Collections Capabilities
 
CM Introduction 081414
CM Introduction 081414CM Introduction 081414
CM Introduction 081414
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Key Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference PointsKey Risk Indicators - Changing the Reference Points
Key Risk Indicators - Changing the Reference Points
 
True Portfolio Diversification
True Portfolio Diversification True Portfolio Diversification
True Portfolio Diversification
 
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
 
NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008NY Infragard Presentation Dec 2008
NY Infragard Presentation Dec 2008
 
Chapter 12 - Operational risk management
Chapter 12 - Operational risk managementChapter 12 - Operational risk management
Chapter 12 - Operational risk management
 
Ignorance Is Risk
Ignorance Is RiskIgnorance Is Risk
Ignorance Is Risk
 
Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03Gamma Advisory Services 2014/03
Gamma Advisory Services 2014/03
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...
 
Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012Third Party Risk Due Diligence - Feb 2012
Third Party Risk Due Diligence - Feb 2012
 
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoVFSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
 
FENG CCAR DFAST BASELIII_real(2)
FENG CCAR DFAST BASELIII_real(2)FENG CCAR DFAST BASELIII_real(2)
FENG CCAR DFAST BASELIII_real(2)
 
Managing with KPI's and KRI's
Managing with KPI's and KRI's Managing with KPI's and KRI's
Managing with KPI's and KRI's
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
 
Speaker 1
Speaker 1 Speaker 1
Speaker 1
 
Implementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring SolutionsImplementing Robust AML/CFT Monitoring Solutions
Implementing Robust AML/CFT Monitoring Solutions
 
Essential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance ProgramsEssential Elements of Physician Contracting Compliance Programs
Essential Elements of Physician Contracting Compliance Programs
 

Destaque

4. corporate training (putonghua)
4. corporate training (putonghua)4. corporate training (putonghua)
4. corporate training (putonghua)crmbasel
 
Journal paper 2
Journal paper 2Journal paper 2
Journal paper 2crmbasel
 
3. corporate training (putonghua)
3. corporate training (putonghua)3. corporate training (putonghua)
3. corporate training (putonghua)crmbasel
 
2. corprate training (putonghua)
2. corprate training (putonghua)2. corprate training (putonghua)
2. corprate training (putonghua)crmbasel
 
5.3 presentation slides
5.3 presentation slides5.3 presentation slides
5.3 presentation slidescrmbasel
 
Credit linked structured products
Credit linked structured productsCredit linked structured products
Credit linked structured productsQuan Risk
 
6. corporate training (putonghua)
6. corporate training (putonghua)6. corporate training (putonghua)
6. corporate training (putonghua)crmbasel
 

Destaque (7)

4. corporate training (putonghua)
4. corporate training (putonghua)4. corporate training (putonghua)
4. corporate training (putonghua)
 
Journal paper 2
Journal paper 2Journal paper 2
Journal paper 2
 
3. corporate training (putonghua)
3. corporate training (putonghua)3. corporate training (putonghua)
3. corporate training (putonghua)
 
2. corprate training (putonghua)
2. corprate training (putonghua)2. corprate training (putonghua)
2. corprate training (putonghua)
 
5.3 presentation slides
5.3 presentation slides5.3 presentation slides
5.3 presentation slides
 
Credit linked structured products
Credit linked structured productsCredit linked structured products
Credit linked structured products
 
6. corporate training (putonghua)
6. corporate training (putonghua)6. corporate training (putonghua)
6. corporate training (putonghua)
 

Semelhante a 2. op risk and aml

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop Ersoy AKSOY
 
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPB
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPBLess Risk - That would be NICE. Consumer Compliance in the Age of CFPB
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPBNICE
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
492 Ch5web
492 Ch5web492 Ch5web
492 Ch5webFNian
 
Small Law Key Performance Indicators
Small Law Key Performance IndicatorsSmall Law Key Performance Indicators
Small Law Key Performance IndicatorsEvolve Law
 
Strategic Management Accounting for Business and Career Success
Strategic Management Accounting for Business and Career SuccessStrategic Management Accounting for Business and Career Success
Strategic Management Accounting for Business and Career SuccessKen Witt
 
2013 PCAOB Report - Important SOX Update
2013 PCAOB Report - Important SOX Update 2013 PCAOB Report - Important SOX Update
2013 PCAOB Report - Important SOX Update sbyearly
 
Ism webinar building resillience with financial health final (1)
Ism webinar building resillience with financial health final (1)Ism webinar building resillience with financial health final (1)
Ism webinar building resillience with financial health final (1)Sandy Gray
 
Supplier risk resillience with financial health third party risk
Supplier risk resillience with financial health third party riskSupplier risk resillience with financial health third party risk
Supplier risk resillience with financial health third party riskSandy Gray
 
Company profile CUBE Risk Management Solutions
Company profile CUBE Risk Management SolutionsCompany profile CUBE Risk Management Solutions
Company profile CUBE Risk Management SolutionsCUBE Team
 
Operational Risk Governance: 5 Core Regulatory Expectations
Operational Risk Governance: 5 Core Regulatory ExpectationsOperational Risk Governance: 5 Core Regulatory Expectations
Operational Risk Governance: 5 Core Regulatory ExpectationsColleen Beck-Domanico
 
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docxaryan532920
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit planessbaih
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?EDR
 
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020)
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020) EBITDA and Other Scary Words (Series: MBA Boot Camp 2020)
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020) Financial Poise
 
Cga Assignment Au1 Essay
Cga Assignment Au1 EssayCga Assignment Au1 Essay
Cga Assignment Au1 EssaySandra Arveseth
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themAli Zeeshan
 
Digital Marketing: Key Metrics with Jill Quick & Dave Chaffey
Digital Marketing: Key Metrics with Jill Quick & Dave ChaffeyDigital Marketing: Key Metrics with Jill Quick & Dave Chaffey
Digital Marketing: Key Metrics with Jill Quick & Dave ChaffeySmart Insights
 

Semelhante a 2. op risk and aml (20)

IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop IIA Facilitated Risk Workshop
IIA Facilitated Risk Workshop
 
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPB
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPBLess Risk - That would be NICE. Consumer Compliance in the Age of CFPB
Less Risk - That would be NICE. Consumer Compliance in the Age of CFPB
 
Cfo as advisor right advisory presentation [compatibility mode]
Cfo as advisor right advisory presentation [compatibility mode]Cfo as advisor right advisory presentation [compatibility mode]
Cfo as advisor right advisory presentation [compatibility mode]
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
492 Ch5web
492 Ch5web492 Ch5web
492 Ch5web
 
Small Law Key Performance Indicators
Small Law Key Performance IndicatorsSmall Law Key Performance Indicators
Small Law Key Performance Indicators
 
Strategic Management Accounting for Business and Career Success
Strategic Management Accounting for Business and Career SuccessStrategic Management Accounting for Business and Career Success
Strategic Management Accounting for Business and Career Success
 
2013 PCAOB Report - Important SOX Update
2013 PCAOB Report - Important SOX Update 2013 PCAOB Report - Important SOX Update
2013 PCAOB Report - Important SOX Update
 
Ism webinar building resillience with financial health final (1)
Ism webinar building resillience with financial health final (1)Ism webinar building resillience with financial health final (1)
Ism webinar building resillience with financial health final (1)
 
Supplier risk resillience with financial health third party risk
Supplier risk resillience with financial health third party riskSupplier risk resillience with financial health third party risk
Supplier risk resillience with financial health third party risk
 
Company profile CUBE Risk Management Solutions
Company profile CUBE Risk Management SolutionsCompany profile CUBE Risk Management Solutions
Company profile CUBE Risk Management Solutions
 
Operational Risk Governance: 5 Core Regulatory Expectations
Operational Risk Governance: 5 Core Regulatory ExpectationsOperational Risk Governance: 5 Core Regulatory Expectations
Operational Risk Governance: 5 Core Regulatory Expectations
 
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
Compliance Risk Assessment Fall 2016 Class 4 Stephen Paine.docx
 
Key considerations for your internal audit plan
Key considerations for your internal audit planKey considerations for your internal audit plan
Key considerations for your internal audit plan
 
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020)
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020) EBITDA and Other Scary Words (Series: MBA Boot Camp 2020)
EBITDA and Other Scary Words (Series: MBA Boot Camp 2020)
 
Cga Assignment Au1 Essay
Cga Assignment Au1 EssayCga Assignment Au1 Essay
Cga Assignment Au1 Essay
 
The biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent themThe biggest problems caused by suppliers and how to prevent them
The biggest problems caused by suppliers and how to prevent them
 
Digital Marketing: Key Metrics with Jill Quick & Dave Chaffey
Digital Marketing: Key Metrics with Jill Quick & Dave ChaffeyDigital Marketing: Key Metrics with Jill Quick & Dave Chaffey
Digital Marketing: Key Metrics with Jill Quick & Dave Chaffey
 

Mais de crmbasel

Chapter 0 credit neural network
Chapter 0 credit neural networkChapter 0 credit neural network
Chapter 0 credit neural networkcrmbasel
 
13.2 credit linked notes
13.2 credit linked notes13.2 credit linked notes
13.2 credit linked notescrmbasel
 
20.2 regulatory credit exposures
20.2 regulatory credit exposures20.2 regulatory credit exposures
20.2 regulatory credit exposurescrmbasel
 
19.2 regulatory irb validation
19.2 regulatory irb validation19.2 regulatory irb validation
19.2 regulatory irb validationcrmbasel
 
18.2 internal ratings based approach
18.2 internal ratings based approach18.2 internal ratings based approach
18.2 internal ratings based approachcrmbasel
 
17.2 the basel iii framework
17.2 the basel iii framework17.2 the basel iii framework
17.2 the basel iii frameworkcrmbasel
 
16.2 the ifrs 9
16.2 the ifrs 916.2 the ifrs 9
16.2 the ifrs 9crmbasel
 
15.2 financial tsunami 2008
15.2 financial tsunami 200815.2 financial tsunami 2008
15.2 financial tsunami 2008crmbasel
 
14.2 collateralization debt obligations
14.2 collateralization debt obligations14.2 collateralization debt obligations
14.2 collateralization debt obligationscrmbasel
 
12.2 cds indices
12.2 cds indices12.2 cds indices
12.2 cds indicescrmbasel
 
11.2 credit default swaps
11.2 credit default swaps11.2 credit default swaps
11.2 credit default swapscrmbasel
 
10.2 practical issues in credit assessments
10.2 practical issues in credit assessments10.2 practical issues in credit assessments
10.2 practical issues in credit assessmentscrmbasel
 
09.2 credit scoring
09.2 credit scoring09.2 credit scoring
09.2 credit scoringcrmbasel
 
08.2 corporate credit analysis
08.2 corporate credit analysis08.2 corporate credit analysis
08.2 corporate credit analysiscrmbasel
 
07.2 credit ratings and fico scores
07.2 credit ratings and fico scores07.2 credit ratings and fico scores
07.2 credit ratings and fico scorescrmbasel
 
06.2 credit risk controls
06.2 credit risk controls06.2 credit risk controls
06.2 credit risk controlscrmbasel
 
05.2 credit quality monitoring
05.2 credit quality monitoring05.2 credit quality monitoring
05.2 credit quality monitoringcrmbasel
 
04.2 heterogeneous debt portfolio
04.2 heterogeneous debt portfolio04.2 heterogeneous debt portfolio
04.2 heterogeneous debt portfoliocrmbasel
 
03.2 homogeneous debt portfolios
03.2 homogeneous debt portfolios03.2 homogeneous debt portfolios
03.2 homogeneous debt portfolioscrmbasel
 
02.2 credit products
02.2 credit products02.2 credit products
02.2 credit productscrmbasel
 

Mais de crmbasel (20)

Chapter 0 credit neural network
Chapter 0 credit neural networkChapter 0 credit neural network
Chapter 0 credit neural network
 
13.2 credit linked notes
13.2 credit linked notes13.2 credit linked notes
13.2 credit linked notes
 
20.2 regulatory credit exposures
20.2 regulatory credit exposures20.2 regulatory credit exposures
20.2 regulatory credit exposures
 
19.2 regulatory irb validation
19.2 regulatory irb validation19.2 regulatory irb validation
19.2 regulatory irb validation
 
18.2 internal ratings based approach
18.2 internal ratings based approach18.2 internal ratings based approach
18.2 internal ratings based approach
 
17.2 the basel iii framework
17.2 the basel iii framework17.2 the basel iii framework
17.2 the basel iii framework
 
16.2 the ifrs 9
16.2 the ifrs 916.2 the ifrs 9
16.2 the ifrs 9
 
15.2 financial tsunami 2008
15.2 financial tsunami 200815.2 financial tsunami 2008
15.2 financial tsunami 2008
 
14.2 collateralization debt obligations
14.2 collateralization debt obligations14.2 collateralization debt obligations
14.2 collateralization debt obligations
 
12.2 cds indices
12.2 cds indices12.2 cds indices
12.2 cds indices
 
11.2 credit default swaps
11.2 credit default swaps11.2 credit default swaps
11.2 credit default swaps
 
10.2 practical issues in credit assessments
10.2 practical issues in credit assessments10.2 practical issues in credit assessments
10.2 practical issues in credit assessments
 
09.2 credit scoring
09.2 credit scoring09.2 credit scoring
09.2 credit scoring
 
08.2 corporate credit analysis
08.2 corporate credit analysis08.2 corporate credit analysis
08.2 corporate credit analysis
 
07.2 credit ratings and fico scores
07.2 credit ratings and fico scores07.2 credit ratings and fico scores
07.2 credit ratings and fico scores
 
06.2 credit risk controls
06.2 credit risk controls06.2 credit risk controls
06.2 credit risk controls
 
05.2 credit quality monitoring
05.2 credit quality monitoring05.2 credit quality monitoring
05.2 credit quality monitoring
 
04.2 heterogeneous debt portfolio
04.2 heterogeneous debt portfolio04.2 heterogeneous debt portfolio
04.2 heterogeneous debt portfolio
 
03.2 homogeneous debt portfolios
03.2 homogeneous debt portfolios03.2 homogeneous debt portfolios
03.2 homogeneous debt portfolios
 
02.2 credit products
02.2 credit products02.2 credit products
02.2 credit products
 

2. op risk and aml

  • 1. Managing Operational Risk with Key Risk Indicators Dr. LAM Yat-fai (林日辉博士林日辉博士林日辉博士林日辉博士) Doctor of Business Administration (Finance) CFA, CAIA, FRM, PRM, MCSE, MCNE PRMIA Award of Merit 2005 E-mail: quanrisk@gmail.com 2 Agenda Measuring operational risk with KRIs Implementing a KRI program 3 4
  • 2. 5 6 7 Case: The lessons from selling Lehman Brothers’ investment products Do you know how many investment products you are selling? Do you know how many Lehman Brothers-related transactions are processed in the past 3 months? Do you know how many customers you have? Do you know how many new customers you have in the last quarter? Do you know whether your marketing staff have mis-communicated with your clients? Do you know whether your investment product documents are compliant with the SFC’s regulatory requirements? Do you know how many marketing staff have undergone proper product training? 8 Basel III classification on operational failures 1. Internal Fraud 2. External Fraud 3. Employment Practices and Workplace Safety 4. Clients, Products, & Business Practice 5. Damage to Physical Assets 6. Business Disruption & Systems Failures 7. Execution, Delivery, & Process Management
  • 3. 9 Your questions on wealth management services Return How much profit to be generated from wealth management services? Risk What are the major operational failures (high frequency and/or serious loss) associated with wealth management? How do you measure this risk? What are the current risk level? 10 Wealth management services: questions on operational risk Is the operational risk level acceptable, too high or too low? Is the operational risk level increasing or decreasing during the last 12 months? Which branch and/or investment product contributes the most operational risk? If the operational risk level is too high, how to plan for the mitigation actions? How to assess whether a mitigation action is effective? How to set limits for operational risk level? 10 11 Think realistically… There is no perfect indicator You should look for some indicators that are associated with operational failures There is no single right indicator Your audit department and the bank regulator simply ask whether your know the operational risk and how you measure it. It is hard for them to prove whether you are right or wrong 11 12 Operational risk measurement Qualitative Low, medium, high Subjective Difficult to compare Quantitative Numerical Objective Relatively easy to compare
  • 4. 13 What is key risk indicator (KRI)? Indicator Quantifiable Risk Sensitive to risk Key Only a few Definition from the HKMA: KRIs are primarily a selection from a pool of operations or control indicators identified and being tracked by various functions of a bank… 14 KRI report for settlement operations of a major bank in London 15 What regulators expect on KRIs? KRIs may be early warning signals KRIs help predict risk KRIs help the management know where the risks are KRIs help the management know the current risk and its recent trends KRIs help the management set risk limits and action plans 16 How do you benefit from KRIs? To measure operational risk in numbers To compare operational risk among business units To exhibit trend of operational risk To analyze level of operational risk To measure effectiveness of operational risk mitigation actions To communicate operational risk level bottom up
  • 5. 17 Incentives for a corporate deployment of KRIs For audit department Help identifying high risk areas and outliers Thus focusing audits on the weakest link For business department An objective and on-going risk monitor system put in place Justify less audit if you are not an outlier 18 Characteristics of good KRIs Intuitive and simple Easy to observe and measure Recorded automatically Several KRIs on a single risk dimension No contradiction Less overlapping 19 Answer: Possible KRIs for wealth management services No. of investment products No. of regulatory guidelines on selling investment products No. of staff selling investment products No. of customers acquired investment products Monthly sales target of investment products 20 More specific KRIs for wealth management services No. of high risk investment products No. of regulatory guidelines issued last year on selling investment products No. of staff selling investment products with experience less than one year No. of customers acquired investment products with mis-matched risk level Residual sales target of investment products
  • 6. 21 How to analyze KRIs? Peer analysis Which branch is the most risky? Which branch is the least risky? Trend analysis Is the operational risk increasing? Is the operational risk reducing? Threshold analysis At which level has material operational failure started to emerge? At which level has even minor operational failure never observed? Statistical analysis What is the average risk level? What is the distribution of risk level? 22 Peer analysis Monthly no. of transactions per teller - 500 1,000 1,500 2,000 2,500 3,000 3,500 A verage Sha Tin Eastern K w un Tong Yuen Long K w aiTsing Tuen M un W ong TaiSin SaiK ungSham ShuiP oK ow loon C ity TaiPo Tsuen W an High risk trigger level Inefficient trigger level 23 Trend analysis Monthly no. of transactions per teller (Shatin branch) - 500 1,000 1,500 2,000 2,500 3,000 3,500 Jan-2010 Feb-2010 Mar-2010 Apr-2010 May-2010 Jun-2010 Jul-2010 Aug-2010 Sep-2010 Oct-2010 Nov-2010 Dec-2010 High risk trigger level 24 Effectiveness of mitigation plan Monthly no. of transactions per teller (Shatin branch, with two tellers re-deployed from Tai Po in 2011) - 500 1,000 1,500 2,000 2,500 3,000 3,500 Apr-2010 May-2010 Jun-2010 Jul-2010 Aug-2010 Sep-2010 Oct-2010 Nov-2010 Dec-2010 Jan-2011 Feb-2011 Mar-2011 High risk trigger level
  • 7. 25 Setting trigger limits High risk trigger level The level of KRI at which material operational failure starts to emerge Inefficient trigger level The level of KRI at which even minor operational failure never occurred, an indication of inefficiency Trigger limits could only be set after a relevant KRI system is in place for a sufficient long history, e.g. one business cycle Some trigger examples 90th percentile Mean + 1.67 SD The KRI level 3 month before a failure occur 26 Your benefits (again) To satisfy regulatory requirements To minimize audit findings To demonstrate a high standard of OPM compatible with major international banks To prevent potential operational failures To justify additional resources To disclaim liabilities in case of request on additional resources disapproved 27 Disadvantages of KRIs Cost of do business Backward looking No standard KRIs Long data history to build KRI database Unclear causal relationship between operational loss and KRIs 28 Agenda Measuring operational risk with KRIs Implementing a KRI program
  • 8. 29 Who design the KRIs? You design your own KRIs Only you know which KRIs are the best Not compliance department They specify more KRIs to satisfy regulators Not external auditors They specify more KRIs to justify their audit fee Not external consultants They specify useless KRIs to charge more 30 Number of KRIs KRIs must be key Preparation of KRIs is costly Less then no. of productive staff in your department Inconsistency among KRIs are difficult to explain More KRIs trigger more questions from management, auditors and regulators Rule of thumb for a simple business line Between 5 to 7 At least 3 At most 12 31 Common KRIs Annual gross revenue No. of critical operational failures per year No. of customers per staff per month No. of transactions per staff per month Transaction amount per staff per month Time required to process one transaction No. of low, medium, high audit findings Results from control self-assessment … 32 Roll out strategy Start with each business line Then product and branch Start with simple numbers No. of customers No. of low, medium and high risk customers No. of mis-match selling Start with quarterly measures Conduct annual review
  • 9. 33 Preparing management reports Peer analysis e.g. by branch Trend analysis e.g. from last 12 months Threshold analysis e.g. did outliers experienced material failures? Statistical analysis e.g. mean, standard deviation, relationship with material operational failures 34 Common misunderstandings The more KRIs, the better OPM Limit KRIs only to a few KEY Assign “Low”, “Medium”, “High” value to a KRI Use numeric as much as possible External consultants can design KRIs They charge you by copying Bank A’s KRIs to your bank They charge Bank B by copying your bank’s KRIs to Bank B KRIs are forward looking KRIs only tell you as they are Plan to roll out a perfect KRI system You cannot improve your KRI system next year KRI is the most important task You are paid because of creating revenue KRI is only one of the few major OPM methods 35 Use of external consultants Bring in experiences from regulators and other banks Put in place the skeleton of an KRI framework Introduce a culture of KRIs Conduct training on KRIs Design MIS systems and reports But, external consultants can never design KRIs for your 36 Final advice Start your KRI system tomorrow Start with simple and easy KRIs
  • 10. 37 Your exercise List three major business lines in your department List three KRIs for each business line Specify how to collect the KRIs Your opinions http://sites.google.com/site/quanrisk