© The Institute of Operational Risk

Institute of Operational Risk(IOR)

Scottish Chapter1st Annual Conference

28th October 2011in conjunction with Glasgow Caledonian

University(GCU)

www.IOR-Institute.org

Dr Cormac Bryce

Loss Data Collection at a large MBBG: Issues, Intricacies and Future Research

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

Operational Risk New Title, Old Phenomena

Credit

Operational

Market

'The risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events’

Basel II and the Three Pillars

BASEL IIPILLAR 1 PILLAR 2 PILLAR 3

CAPITAL REQUIREMENTS

SUPERVISORY REVIEW PROCESS

MARKET DISCIPLINE VIA DISCLOSURE

CREDIT RISK

MARKET RISK

OPERATIONAL RISK

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

OPERATIONAL RISK

Basic Indicator Approach

Standardised Approach

Advanced Measurement Approach

Internal MeasurementApproach

Loss DistributionApproach

ScorecardApproach

Research AimTo conduct a critical analysis of internal loss data collection within a

MBBG

What is this Data? What is it used for?

The collation of internal risk event data through risk event reporting and consideration of external loss data; (HBOS, 2008)

The data is used to enhance the adequacy and effectiveness of controls, identify opportunities to prevent or reduce the impact of recurrence, identify emerging themes, enable formal loss event reporting and inform risk and control assessments and scenario analysis (RBS, 2010)

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

Data Collection and Participation

Aim: To conduct a critical analysis of internal loss data collection within a UK financial institution

• Non-Probability Judgement Sample

• 15 Semi-Structured Interviews & 3 focus groups

• Retail Markets Orientation

Methodological Considerations

Group5 Participants

Divisional5 Participants

Business5 Participants

Policy Developed

Policy Implemented

Explicit Business Operations Knowledge

Implicit Business Operations Knowledge

BOARD

RISKOVERSIGHT

Eg: Risk, compliance, legal, health & safety, IT, security, etc.

RISK OWNERS

Business Operations

RISK ASSURANCE

Internal & external audit

Risk Committee Audit Committee

Three Lines of Defence: Research Sample

The three lines of defence model gives assurance that the standards in Group Policy Framework are being adhered to. (RBS, 2010)

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

Results and Discussion

• ORM as a ‘Value adding Function’

• Best Practice -‘Being able to know what went wrong and how much this has cost can help future understanding’

• Bottom -Up Approach – ‘Streamlined and a function of business as usual’

• Data Cleansing

– Data Integrity and Validity

• Engagement of the ORM function externally

– CPD & Learning – ‘marketing would have taken the loss out of their budget’

1. Why this area of Interest

2. How the Study Developed

3. What the Study Involved

4. Outcomes of the Study

5. New Considerations

6. Feedback

Risk Reporting & Escalation within the Call Centre Environment - Cognitive Risk Assessment

‘The ongoing monitoring and reporting of Operational Risk is a keycomponent of an effective Operational Risk Framework. Reports are used by the Operational Risk

function and by business management to understand, monitor, manage and control operational risks and losses.’

(Barclays, Pillar 3 Disclosure, 2010)

A cross-comparison of operational risk reporting behaviour and policy dissemination in the UK financial services environment.

The aim of this research is to investigate the operational risk reporting behaviour of call centres in the selling of financial products

• To analyse the development and dissemination of operational risk policy in the financial services industry

• To determine the main drivers and catalysts of operational risk reporting behaviour in call centres

• To determine whether antecedent factors have a role in the dissemination and application of operational risk policy i.e. staff turnover

Study Sample

All Call centre Operatives

All Call centre managers/supervisors

All Operational Risk Managers with Call Centre Oversight

Behavioural Intention as a Proxy for Risk Culture

ATT = AttitudeSN = Subjective NormPBC = Perceived Behavioural ControlBI = Behavioural IntentionB = Behaviour

BISN

PBC

B

ATT

Staff Training

Effort

Planning

Uncertainty

What does all this mean?

1. Empowerment of Staff – Is it worthwhile/effective?

2. Process Driven Environment – How prevalent is ‘people risk’ here?

3. Benchmarking Proxy – Is it reflected Geographically/Strategically?

» How well is policy disseminated?

» How do our lines of defence perceive the constructs?

4. Is our escalation procedure effective at the operations level? “The Bank Group has adopted a formal approach to operational risk event escalation. This involves the identification of an event, an assessment of the materiality of the event in accordance with a risk event impact matrix and appropriate escalation” (Lloyds, 2010)

5. Can we determine a measurable proxy for risk culture?

6. Can we test that proxy relatively across other business lines?

Contact Info

Dr Cormac Bryce

Glasgow Caledonian University

0141 331 8947

Cormac.bryce@gcu.ac.uk

© The Institute of Operational Risk

Institute of Operational Risk(IOR)

Scottish Chapter1st Annual Conference

28th October 2011in conjunction with Glasgow Caledonian

University(GCU)

www.IOR-Institute.org