PBORM

Process based approach to managng Operations and Operational Risk Management

PBORM

March 2022

The process-based approach to managing the operations of a bank and operational risks has found acceptance in the banking industry. Many banks have documented their banking processes and are using workflow management as a proxy for enterprise process automation. In this universe of ‘process-aware’ banks, some have implemented process automation. However, these are largely ‘point solutions’ in specific functional areas like customer on-boarding in retail banking.

My book titled Process Base Approach to Operational Risk Management was published in 2015. The methodology is for the banking industry. Control framework such as COSO, CoBIT, the methodology for SOX Section 302 and 404 compliance and the Six Sigma methodology, are based on underlying processes. They are industry agnostic.

Siloed is a generic term and it should be understood in the context of business goals, corporate governance, synergy in business effort, organisation structure, customer focus, staff empowerment, resource productivity, enterprise architecture, data and communications.

The operating model of a bank comprises of production and non-production environments. The non-production environment includes:

  • all non-branch offices or non-customer servicing offices. The activities in these office do not update the production system but generate data. In many banks, this does not come under the purview of data governance. e.g. work done at a zonal office;
  • non-payroll data with the H.R. department;
  • the training department’s systems and the data;
  • the data that is part of the enterprise information technology governance;
  • the legal department;
  • the facilities department. The accounting aspects of the fixed assets (Original value, depreciation and written-down-value) is owned by the Finance department

The non-production environment is part of the enterprise architecture, data management and enterprise risk management.

Policies are decision-making guidelines. Process refers to the transformation of inputs into outputs based on procedures that define the sequence of tasks. Processes accomplish a business objective by executing business models and rules contained in procedures. Business and Risks are intertwined and could have different navigation paths that have one or more points of convergence.

Only some banks are committed to a culture of Continuous Process improvement. These banks are in the process of implementing a loosely coupled enterprise architecture and automating their banking processes.

Standardised Operating Model is explained in a Knowledge Hub article section. A bank must continuously make an effort to contain the high degree of variations in business delivery. The variations are aligned to the Risk Appetite.

The Bank’s process inventory is a core component of the digital transformation, providing the capability to orchestrate banking activities across lines of business, human resources and systems. In a services based enterprise architecture, it can be integrated with enterprise data management that has knowledge management, as it core component.
The tools that a financial institutions can use to improve their operating model include Business Process Management Suite and Advanced Analytics. The operational data that is made available from process automation can be fully leveraged by advanced analytical engine to optimise costs, mitigate risks, maximise risk adjusted returns and improve the competitive advantage.

In August 2007, the Financial Services Agency (FSA) and the Bank of Japan (BOJ) published a summary of a study on losses arising from operational risk ("op risk") based on data collected from 14 Japanese banks.

https://www.boj.or.jp/en/research/other_release/data/risk0804a.pdf

The three tables below are from the Bank of Japan survey of banks that implemented AMA. The tables provide a comparison of Operational Risk exposure of the Japanese Banks with those of the American Banks that were identified in the FSA survey.
The critical issues that the BOJ report highlighted are as follows:

  • The Survey acknowledged that lack of operational loss data is a key obstacle for ORM. Several other surveys by Central banks and Basel committees have also emphasised the constraint.
  • External data is a very useful source for ORM. However, there is a serious constraint on data availability on External events affecting a number of banks e.g. a disaster affecting several banks in a geographical location.
Survey Table – Loss Data Collection Comparison
PBORM

  • Japanese banks treated Personnel Overtime costs as System Failure Operational Loss.
  • American Banks used “Other Losses” as a basket for losses that did not strictly fall within the definitions of stated events. As a result 70% of losses fell into Other Losses.
  • Japanese banks grouped losses that were on account of Control Failures under Execution, Delivery & Process Management. American banks group control failures losses under Customer, product or transaction to avoid litigation. The banks considered grouping it under Execution, Delivery and Process Management, as an admission of their failure.
Survey Table – Loss Data Collection Comparison
PBORM

  • The Loss Distribution approach was considered as the most representative approach for calculation of operational risk.
  • The Loss Distribution approach was considered as the most representative approach for calculation of operational risk.
  • The report also stated that several Losses categorised as Credit Risk Losses could have the root cause as an Operational Risk factor.
Survey Table – Loss Severity
PBORM

The Bank of Japan survey inferences are similar to other surveys done by Basel committees and other Institutions.

The key inferences are:
  • Data Availability is a constraint for operational risk management –Process modelling and Enterprise Process Automation is the way forward to resolve this issue.
  • External Data cannot be used without adjustments – Banking Process maturity, operating model maturity can be the ‘Basis’ for calibrating external data for internal use. They can also be the basis for the Central Bank to compare the Operational Risk exposure of banks.
  • There is a correlation between Operational Risk and other risks like Market, Credit and Liquidity risks. An enterprise-wide approach is necessary for effective risk management.
  • Supervisor’s intervention to manage Credit and Market risk exposure of the banking industry is more effective when wrongly classifications (i.e. Operational Risk as Credit or Market risk) are rectified.

Today, the above report is still valid, as the global banking industry has made limited progress with improving banking operations and mitigating operations risks. Several operational risk management experts recommended the AMA approach as it is a feasible and effective approach for improving efficiency, reducing costs and minimising operational risks.

The Human Factor (Extending from ‘About’ in www.BankERRM.org)
Too Big to Fail Culture

An IMF study found that the benefit derived by big banks from ‘taxpayer subsidies’ ran into billions of U.S. Dollars. The risk taken by the Big Banks, is assumed by the Government.
Central Banks of certain advanced countries have tried to limit the damage to society and stakeholders by implementing measures that include (a) tighter regulation on capital buffers and risk-taking, (b) insistence on 'living wills' for future workout procedure and (c) ring-fencing of operations within banks.

In a way, this is an implicit acceptance of weak governance by government and the inevitable consequence of the Too Big to Fail culture. Point to ponder over– How good can corporate governance be, when the political system is corrupt?

Preet Bharara United States Attorney for the Southern District of New York, stated “History has shown that one cannot legislate a culture of integrity. And yet, one of the paramount responsibilities and challenges of corporate leadership is to ensure such a culture. Without it, a troubling phenomenon that should be anathema to any company emerges: The penchant to test the legal and ethical line”.

Recent Basel recommendations such as the Fundamental Review of the Trading Book, Interest Rate Risk in the Banking, Net Stable Funding Ratio, Liquidity Coverage Ratio, Liquidity Transfer Pricing, Intra-day liquidity management make it imperative for banks to transform their enterprise architecture and enterprise data management. Open banking is another issue that has an impact on the enterprise architecture of a bank.
In 2017, Basel dropped the three approaches for operational risk management recommended in Basel II and introduced a new approach called Standardized Measurement Approach (SMA). This is not progress, as we have gone back to Square-One.
A lot needs to be by banks and banking industry stakeholders to re-issue an enterprise operational risk management work that is consistent with the evolving business and regulatory needs.

Kannan Subramanian R
Global Financial Stability Report: Moving from Liquidity to Growth driven markets, Chapter-3 How Big is the implicit subsidy for banks considered too important to fail? International Monetary Fund | April 2014
KannanSubramanianR@BankERRM.org

Close