operational risk capital - actuaries institute · operational risk capital considerations for a...
TRANSCRIPT
Operational Risk Capital Considerations for a Conglomerate
Martin Lalor Suncorp
This presentation has been prepared for the Actuaries Institute 2013 Risk and Regulation Seminar. The Institute Council wishes it to be understood that opinions put forward herein are not necessarily
those of the Institute and the Council is not responsible for those opinions.
Operational Risk Capital Considerations for a Conglomerate
• Agenda 1. Suncorp
– Corporate Structure – Internal RBC modelling framework
2. Operational Risk – Regulatory capital assessment for a Conglomerate – Internal RBC assessment at Suncorp
Suncorp Corporate Structure • We have a fascinating challenge for:
1. Regulatory capital modelling across all of our entities 2. Robust & consistent internal RBC modelling across all of our entities 3. Robust & consistent operational risk modelling across all of our entities
1. Scenario driven approach, accounting for: – Insurance risk – Credit risk – Market Risk – ALM Risk – Operational Risk
2. Applied consistently within a
distinct RBC model for each Business Unit
3. Projecting NPAT and Balance Sheet (inc. regulatory capital) for each scenario
4. Aggregation of scenario outputs from each Business Unit
Suncorp’s 1st Generation Internal RBC
A key challenge is to ensure consistency across RBC models, while Business Units maintain ownership and independence
Operational Risk Capital Considerations for a Conglomerate
• Agenda 1. Suncorp
– Corporate Structure – Internal RBC modelling framework
2. Operational Risk – Regulatory capital assessment for a Conglomerate – Internal RBC assessment at Suncorp
Regulatory Capital for Operational Risk Industry APRA Standard Comment
ADI – Standardised APS 114 ORRC = capital charge which is proportional to business size
ADI – Advanced APS 115 ‘Advanced Measurement Approach’ (AMA), with key principles: • Loss distribution approach • Drawing on ILD (internal loss data) & Drawing on ELD (external loss data) • Drawing on scenario workshop assessments • Drawing on BEICFs ‘Business Environment and Internal Control Factors’
General Insurance • Standard
GPS 118 ORC = capital charge which is proportional to business size/growth
General Insurance • Internal Model Based
GPS 113 Paragraph 21 – Operational risk module must consider: • Relevant internal event data • Relevant external event data • Scenario Analysis • BEICFs
Life Insurance LPS 118 ORC = capital charge which is proportional to business size/growth (Risk, investment linked, and ‘other’ business)
RSE SPS 114 SPG 114
Operational Risk Financial Requirement (ORFR) • An RSE must determine a ‘target amount’ of financial resources to address operational
risks of the RSE licensee’s operations • APRA ‘does not endorse any particular approach for determining ORFR target’ • APRA expects ORFR is equal at least to 0.25% x FUM
Conglomerate Standards – Non-APRA Regulated
3PS 110 (Draft) Paragraph 50, capital allocation must be: • “..based on rigorous and robust methodology” • In many of these entities, the only material financial risk is Operational Risk
The basic methodology is reasonably well aligned. Good scope for more advanced approaches.
Conglomerate Capital is the
sum of:
ORFR
ORCO
ORCNI
ORCI ORCR
ORRC
ORCOA1
Regulatory Capital for Operational Risk
1 Suncorp defined term
But what a head spin!
Operational Risk Capital Considerations for a Conglomerate
• Agenda 1. Suncorp
– Corporate Structure – Internal RBC modelling framework
2. Operational Risk – Regulatory capital assessment for a Conglomerate – Internal RBC assessment at Suncorp
1. Scenario driven approach, accounting for: – Insurance risk – Credit risk – Market Risk – ALM Risk – Operational Risk
2. Applied consistently within a
distinct RBC model for each Business Unit
3. Projecting NPAT and Balance Sheet (inc. regulatory capital) for each scenario
4. Aggregation of scenario outputs from each Business Unit
Suncorp’s 1st Generation Internal RBC
Shifting focus to operational risk, and Suncorp’s key principles…
Suncorp Internal Approach to Operational Risk Principle Comment
Pragmatic • A relatively simple “1st generation” LDA modelling approach across Suncorp With separate frequency and severity distributions for each Event Type Stochastic sampling
Integrated Within the broader internal RBC model for each Business Unit
Consistent • A consistent methodology for each Business Unit across the Group • Common definition of ‘Event Types’ – The Basel II (APRA) definition
7 x ‘Category 1’ Event Types
Intuitive • Linking operational risk capital assessment to relevant risk indicators/drivers, and not just linking to the size and growth of business alone
• Calibration of LDA with the use of: ILD ELD Scenario workshops BEICFs
Effectively at Suncorp, we have implemented simple AMAs, independently but consistently within each of our Business Units.
Stochastic Sampling
Suncorp Internal Approach to Operational Risk
Suncorp Business Unit
Basel II Event Types General
Insurance Life Bank Other Entities ‘Enterprise Wide’
Internal Fraud
External Fraud
Employment Practices and Workplace Safety
Clients, Products, & Business Practice
Damage to Physical Assets
Business Disruption & Systems Failures
Execution, Delivery, & Process Management
• A 7 x 5 Matrix of ‘Cells’ for modelling purposes
Suncorp Internal Approach to Operational Risk
LDA approach adopted for each Cell
Loss Distributions Observed Range of Practice (for Banks)
Basel Committee on Banking Supervision “Observed Range of practice in key elements of Advanced Measurement Approaches” – July 2009
Participants 42 participating AMA banks (including 5 Australian)
Severity versus Frequency The vast majority of banks model severity and frequency distributions separately
Frequency Distributions • 93% use a Poisson distribution • 20% use a Negative Binomial
Severity Distributions • 33% use LogNormal • 17% use Weibull • Others are Generalised Pareto, Gamma, Generalised Beta
Although 4-years old, still insightful.
Correlation Dimension Description
Which Event Types One Event Type with another, e.g.: • External Fraud with Clients, Products and Business Practices
Which distribution
Should it be modelled as correlation between: • Frequency distributions • Severity distributions
Body or Tail? • Annual Loss distributions Or perhaps the joint behaviour of certain loss events should be driven by an underlying causal driver
Across Business Units Are operational risk losses in one Business Unit related to those in another?
Between Risk Types For example: • Is operational risk and insurance risk in General Insurance business correlated? • Is operational risk and credit risk in the Bank correlated?
Correlation: The many dimensions to consider. • But how material is each? • What empirical evidence exists?
Suncorp Internal Approach to Operational Risk
Consideration Comment
Separate Severity Distributions
It may be appropriate to model separate distributions for an event type: • High frequency, low severity events (HFLS) • Low frequency, high severity events (LFHS)
Calibration of LDA
It may be appropriate to calibrate using different inputs for different parts: • ILD more useful for HFLS • Scenario workshops and ELD more useful for LFHS
Double Counting
For example: • External Fraud (claims) in General Insurance: Could be included within both Insurance risk and
Operational risk
Appropriateness of ELD Need to consider carefully the relevance/applicability of external loss databases: • Scaling: Accounting for the relative size of the contributing organisation versus your organisation • Filtering: Accounting for the relevant business lines in your organisation versus the data
Some other considerations:
Suncorp Internal Approach to Operational Risk
An important consideration: • How to drive change in risk practice, if staff are unable to influence the ultimate capital
assessment?
To Sum Up
• 1st generation internal modelling solution in place
• A key challenge: – Was to ensure consistency across Business Unit RBC models, although they
maintain ownership and significant independence of decision making
• Many considerations on the path to a 2nd generation