operational risk capital - actuaries institute · operational risk capital considerations for a...

Operational Risk Capital Considerations for a Conglomerate

Martin Lalor Suncorp

This presentation has been prepared for the Actuaries Institute 2013 Risk and Regulation Seminar. The Institute Council wishes it to be understood that opinions put forward herein are not necessarily

those of the Institute and the Council is not responsible for those opinions.


• Agenda 1. Suncorp

– Corporate Structure – Internal RBC modelling framework

2. Operational Risk – Regulatory capital assessment for a Conglomerate – Internal RBC assessment at Suncorp

Suncorp Corporate Structure • We have a fascinating challenge for:

1. Regulatory capital modelling across all of our entities 2. Robust & consistent internal RBC modelling across all of our entities 3. Robust & consistent operational risk modelling across all of our entities

1. Scenario driven approach, accounting for: – Insurance risk – Credit risk – Market Risk – ALM Risk – Operational Risk

2. Applied consistently within a

distinct RBC model for each Business Unit

3. Projecting NPAT and Balance Sheet (inc. regulatory capital) for each scenario

4. Aggregation of scenario outputs from each Business Unit

Suncorp’s 1st Generation Internal RBC

A key challenge is to ensure consistency across RBC models, while Business Units maintain ownership and independence

Regulatory Capital for Operational Risk Industry APRA Standard Comment

ADI – Standardised APS 114 ORRC = capital charge which is proportional to business size

ADI – Advanced APS 115 ‘Advanced Measurement Approach’ (AMA), with key principles: • Loss distribution approach • Drawing on ILD (internal loss data) & Drawing on ELD (external loss data) • Drawing on scenario workshop assessments • Drawing on BEICFs ‘Business Environment and Internal Control Factors’

General Insurance • Standard

GPS 118 ORC = capital charge which is proportional to business size/growth

General Insurance • Internal Model Based

GPS 113 Paragraph 21 – Operational risk module must consider: • Relevant internal event data • Relevant external event data • Scenario Analysis • BEICFs

Life Insurance LPS 118 ORC = capital charge which is proportional to business size/growth (Risk, investment linked, and ‘other’ business)

RSE SPS 114 SPG 114

Operational Risk Financial Requirement (ORFR) • An RSE must determine a ‘target amount’ of financial resources to address operational

risks of the RSE licensee’s operations • APRA ‘does not endorse any particular approach for determining ORFR target’ • APRA expects ORFR is equal at least to 0.25% x FUM

Conglomerate Standards – Non-APRA Regulated

3PS 110 (Draft) Paragraph 50, capital allocation must be: • “..based on rigorous and robust methodology” • In many of these entities, the only material financial risk is Operational Risk

The basic methodology is reasonably well aligned. Good scope for more advanced approaches.

Conglomerate Capital is the

sum of:

ORFR

ORCO

ORCNI

ORCI ORCR

ORRC

ORCOA1

Regulatory Capital for Operational Risk

1 Suncorp defined term

But what a head spin!

1. Scenario driven approach, accounting for: – Insurance risk – Credit risk – Market Risk – ALM Risk – Operational Risk

2. Applied consistently within a

distinct RBC model for each Business Unit

3. Projecting NPAT and Balance Sheet (inc. regulatory capital) for each scenario

4. Aggregation of scenario outputs from each Business Unit

Suncorp’s 1st Generation Internal RBC

Shifting focus to operational risk, and Suncorp’s key principles…

Suncorp Internal Approach to Operational Risk Principle Comment

Pragmatic • A relatively simple “1st generation” LDA modelling approach across Suncorp With separate frequency and severity distributions for each Event Type Stochastic sampling

Integrated Within the broader internal RBC model for each Business Unit

Consistent • A consistent methodology for each Business Unit across the Group • Common definition of ‘Event Types’ – The Basel II (APRA) definition

7 x ‘Category 1’ Event Types

Intuitive • Linking operational risk capital assessment to relevant risk indicators/drivers, and not just linking to the size and growth of business alone

• Calibration of LDA with the use of: ILD ELD Scenario workshops BEICFs

Effectively at Suncorp, we have implemented simple AMAs, independently but consistently within each of our Business Units.

Stochastic Sampling

Suncorp Internal Approach to Operational Risk

Suncorp Business Unit

Basel II Event Types General

Insurance Life Bank Other Entities ‘Enterprise Wide’

Internal Fraud

External Fraud

Employment Practices and Workplace Safety

Clients, Products, & Business Practice

Damage to Physical Assets

Business Disruption & Systems Failures

Execution, Delivery, & Process Management

• A 7 x 5 Matrix of ‘Cells’ for modelling purposes


LDA approach adopted for each Cell

Loss Distributions Observed Range of Practice (for Banks)

Basel Committee on Banking Supervision “Observed Range of practice in key elements of Advanced Measurement Approaches” – July 2009

Participants 42 participating AMA banks (including 5 Australian)

Severity versus Frequency The vast majority of banks model severity and frequency distributions separately

Frequency Distributions • 93% use a Poisson distribution • 20% use a Negative Binomial

Severity Distributions • 33% use LogNormal • 17% use Weibull • Others are Generalised Pareto, Gamma, Generalised Beta

Although 4-years old, still insightful.

Correlation Dimension Description

Which Event Types One Event Type with another, e.g.: • External Fraud with Clients, Products and Business Practices

Which distribution

Should it be modelled as correlation between: • Frequency distributions • Severity distributions

Body or Tail? • Annual Loss distributions Or perhaps the joint behaviour of certain loss events should be driven by an underlying causal driver

Across Business Units Are operational risk losses in one Business Unit related to those in another?

Between Risk Types For example: • Is operational risk and insurance risk in General Insurance business correlated? • Is operational risk and credit risk in the Bank correlated?

Correlation: The many dimensions to consider. • But how material is each? • What empirical evidence exists?


Consideration Comment

Separate Severity Distributions

It may be appropriate to model separate distributions for an event type: • High frequency, low severity events (HFLS) • Low frequency, high severity events (LFHS)

Calibration of LDA

It may be appropriate to calibrate using different inputs for different parts: • ILD more useful for HFLS • Scenario workshops and ELD more useful for LFHS

Double Counting

For example: • External Fraud (claims) in General Insurance: Could be included within both Insurance risk and

Operational risk

Appropriateness of ELD Need to consider carefully the relevance/applicability of external loss databases: • Scaling: Accounting for the relative size of the contributing organisation versus your organisation • Filtering: Accounting for the relevant business lines in your organisation versus the data

Some other considerations:


An important consideration: • How to drive change in risk practice, if staff are unable to influence the ultimate capital

assessment?

To Sum Up

• 1st generation internal modelling solution in place

• A key challenge: – Was to ensure consistency across Business Unit RBC models, although they

maintain ownership and significant independence of decision making

• Many considerations on the path to a 2nd generation

operational risk capital - actuaries institute · operational risk capital considerations for a...

Documents