lawyers in India

Covering the Operational Risk Management under Basel II in the light of COSO - ERM and Maturity Model

Written by: Shuchi Chandra - I am Consultant at Protiviti India. I have completed Masters Splz in Cyber Law & Information Security from IIIT Allahabad
Woman laws in India
Legal Service
  • Operational risk in today's tech savvy organization is of great concern which emphasizes of shield mechanism to mitigate the loss at adverse instances. Looking to this very concept the Banking Sector, in handling its risk management in recent past has acknowledged Operational Risk as one of the critical areas in covering the risk.

    Basel II, the Risk Management Standard for Banks, earlier took into account only the credit risk and market risk at initiation, but with increasing severity of operational losses in banks worldwide in the year 2004 a great move was taken by BIS to account for operational failures and make a suitable provision for the
    same so that it can calculate its optimum CAR (Capital adequacy ratio) along with the coverage of such risk.

    Operational Risk charge is one of the critical associations for the banks to handle as it can result in serious financial losses if not taken care of. Operational Risk generally includes internal frauds, mistakes in data entry and others. No such relevant mathematical formula or analysis is done so forth to figure out the exact value of operational risk coverage. The given article is an attempt to bring out the weakness of calculation of operational risk as presented in the accord of Basel II and provide a better qualitative analysis using the COSO ERM framework enhancing the quality of risk assessment and solving various questions rose highlighting the weakness of current accord.

    As per the guidelines of Basel II the operational risk can be calculated on the basis of three main methods:
    1. Basic Indicator Approach
    2. Standardized Approach
    3. Advanced Measurement Approach

    Basic Indicator Approach: As far as BIA is concerned it is just a regulatory measure defining a fixed rate of risk rate i.e. α which is set by the supervisor and in current accord it is 15%. The Operational Risk is calculated as the product of:
    K TSA= {∑years 1-3max [∑ (GI1-8* β1-8), 0]}/3
    KTSA = the capital charge under the Standardized Approach
    GI1-8 = annual gross income in a given year, as defined above in the Basic
    Indicator Approach, for each of the eight business lines
    β1-8 = a fixed percentage, set by the Committee, relating the level of required capital to the level of the gross income for each of the eight business lines.

    The values of the betas are detailed below as per the different Business Lines:
    Business Lines Beta Factors
    Corporate Finance (β1) 18%
    Trading & Sales (β2) 18%
    Retail Banking (β3) 12%
    Commercial Banking (β4) 15%
    Payment & Settlement (β5) 18%
    Agency Services (β6) 15%
    Asset Management (β7) 12%
    Retail Brokerage (β8) 12%
    As the table depicts the approach specifies stringent business lines with fixed percentage of risk cover it is not at all suited for banking organizations that are capable of valuing their own operational risk. Fixed rate of Beta factor may sometimes result in wrong allocation of operational risk. The given business line also does not take into account the Operational Risk Function and the evaluation of Board and Management in ORM system as their performance should also be evaluated and open reporting would, hopefully, demonstrate leadership and commitment to implementation of high quality ORM processes.

    Advanced Measurement Approach: The approach makes the bank more independent as far as calculation of operational risk is concerned The Internal Measurement Approach provides discretion to individual banks on the use of internal loss data, while the method to calculate the required capital is uniformly set by supervisors. In implementing this approach, supervisors would impose quantitative and qualitative standards to ensure the integrity of the measurement approach, data quality, and the adequacy of the internal control environment.

    Operational risk basically relates to the concept of quality and efficiency of employees and staff effecting the organizational information anyway round.

    Henceforth to assess the due operational risk cover the Qualitative Analysis is a better option at organizational end.

    Two Main shortcomings the Accord faces:
    1. Is there a set of objective criteria that could be used to evaluate the 'quality of compliance' of a particular ORM system? [Quality here would encompass all of the 'qualitative standards' identified in Basel II.]

    2. If such a set of criteria exists, is there a mechanism whereby the 'quality of compliance' of a particular ORM system's implementation can be compared against other implementations within a bank and with similar situations in other banks?

    Integrating COSO Framework for Better Accomplishing Basel II Objectives

    Basel II identifies the responsibility of independent operational risk management function as developing strategies to identify, evaluate monitor and control the OR. Although COSO ERM model is not specifically aligned with the Basel II but by analyzing the Business Lines on the COSO cube it may fulfill the following major targets of Basel II ORM:-
    # Conceptually sound
    # Credible and appropriate and
    # Well reasoned, well documented

    Implementing Maturity Model as a mechanism for Quality of Compliance in ORM

    The question need to be raised against the approach is primarily that Basel II asks the banking organization to calculate the regulatory capital in country like India but the calculation would be more viable if it is focused on the Economic Capital. As Basel II basically talks about “supporting an allocation of economic capital for operational risk across business lines in a manner that creates incentives to improve business line ORM”, the organization can use the maturity model where the target or ideal layouts of different business processes can be laid down and then the gap between the ideal and actual can be analyzed and same can be used as a indicator to improve in the line with the risk appetite set by the management.

    Thus the above stated two aspects using the available COSO framework and Maturity Model to result in better compliance of Basel II and leading to more comprehensive output after the analysis of risk environment of banks can provide them additional value for calculation of risk exposure pertaining to qualitative nature. Although compliance in India as far as Basel II is concerned is at initial level as banks are supposed to adhere the basic indicator approach only and no supervisor (RBI) has acknowledged any banks to move further to better processes such as standardized or advanced approach. So to be at better evaluation state it is recommended for banks to follow the above two stated existing models for Basel II compliance.

    The author can be reached at: [email protected] / Print This Article

    How To Submit Your Article:

    Follow the Procedure Below To Submit Your Articles

    Submit your Article by using our online form Click here
    Note* we only accept Original Articles, we will not accept Articles Already Published in other websites.
    For Further Details Contact: [email protected]

    Divorce by Mutual Consent in Delhi/NCR

    Mutual DivorceRight Away Call us at Ph no: 9650499965

    File Your Copyright - Right Now!

    Copyright Registration
    Online Copyright Registration in India
    Call us at: 9891244487 / or email at: [email protected]