Journal of Operational Risk

Risk.net

What do risk disclosures reveal about banking operational risk processes? Content analysis of banks’ risk disclosures in the Visegrad Four countries

Gabriella Lamanda and Zsuzsanna Tamasne Vonek

This paper analyzes the operational risk disclosure practices of twenty-six large banks in the Visegrad group of countries (Czech Republic, Hungary, Poland and Slovakia) in the period 2008–16. Within a content analysis framework, we examine the content and the quality of operational risk reporting, relying on annual reports and Pillar 3 disclosure reports. Both descriptive statistics and multiple regression analysis are applied to evaluate how the firms’ financial and governance characteristics are associated with operational risk disclosures. Regression analysis of risk disclosures shows that a high number of total assets and the implementation of the Basel advanced measurement approach result in more risk-sensitive and more informative reports. However, although reporting practices improved to a certain extent in the period examined, our results indicate that reports are quite limited in content and contain hardly any relevant information. Most banks do not provide information on their operational losses and exposures. Most of the reports do not reflect the heterogeneous and diverse nature of operational risk; “emerging” risk types such as conduct, model and reputational risks are not adequately addressed. Based on the results, we propose the disclosure practices related to operational risk should be reconsidered.

Abstract

This paper analyzes the operational risk disclosure practices of twenty-six large banks in the Visegrád group of countries (Czech Republic, Hungary, Poland and Slovakia) in the period 2008–16. Within a content analysis framework, we examine the content and the quality of operational risk reporting, relying on annual reports and Pillar 3 disclosure reports. Both descriptive statistics and multiple regression analysis are applied to evaluate how the firms’ financial and governance characteristics are associated with operational risk disclosures. Regression analysis of risk disclosures shows that a high number of total assets and the implementation of the Basel advanced measurement approach result in more risk-sensitive and more informative reports. However, although reporting practices improved to a certain extent in the period examined, our results indicate that reports are quite limited in content and contain hardly any relevant information. Most banks do not provide information on their operational losses and exposures. Most of the reports do not reflect the heterogeneous and diverse nature of operational risk; “emerging” risk types such as conduct, model and reputational risks are not adequately addressed. Based on the results, we propose the disclosure practices related to operational risk should be reconsidered.

1 Introduction

The Basel II Capital Accord targeted the strengthening of market discipline by developing a set of disclosure requirements and widening the range of information disclosed on institutions’ risk profiles and capital adequacy. Banks’ reports based on disclosure requirements according to Basel II Pillar 3 indisputably play an essential role in the valuation of counterparties and in the assessment of creditworthiness by rating agencies. At the same time, such reports have a large influence on an institution’s reputation.

The 2007–9 financial crisis highlighted the importance of information in banks’ capital adequacy and risk profiles. Despite the fact that operational risk is the second largest element of banks’ capital requirement after credit risk, it is often, due to its elusive nature, considered unimportant. In addition, according to the European Banking Authority (2014, Articles 235 and 252), several new risks (eg, conduct, model, information and communication technology and reputational risks) have come into focus; these have been categorized as operational risks. On the one hand, this tendency may be considered as a return to the early definition of operational risk, when it was defined as “everything that is not covered by exposure to credit and market risk” (Zhang et al 2008; Power 2005). On the other hand, we may expect operational risks to be in the spotlight of banks’ management and an essential and featured part of their disclosures.

Our research follows the content analysis approach applied by Zeghal and Aoun (2016). We analyze the Pillar 3 and annual reports of the twenty-six largest and most developed banks in the Czech Republic, Hungary, Poland and Slovakia (the so-called Visegrád Four (V4) countries) in the period 2008–16. We focus on operational risk, representing 10–15% of banks’ regulatory capital.

We think enhancing banks’ transparency by public disclosure on operational risk is important. In the literature, there is no clear evidence on the main determining factors of banks’ operational risk disclosure; therefore, we attempt to recognize these in our research. The aim of this paper is to evaluate the content and the quality of operational risk disclosures, and to determine which banking characteristics – advanced measurement approach (AMA) implementation, size, level of leverage (equity-to-assets ratio), profitability and board structure (board size; duality between the roles of chief executive officer (CEO) and of the chair of the board; and the proportion of independent nonexecutive directors) – influenced operational risk reporting in the V4 countries during 2008–16.

We conclude that operational risk reports are quite limited in specific content; banks provide barely any information on their operational risk profile, including exposures, trends and potential future threats. In addition, they do not pay particular attention to emerging risks, such as conduct, model, information and communication technology and reputational risks. Banks demonstrate their efforts in complying with corporate and internal governance principles through risk reporting, reflecting their high-level risk culture and risk governance. The implementation of the AMA was seen as a highly positive influence on disclosure.

This paper is organized as follows. Section 2 reviews the literature in our research field. Section 3 discusses the European risk disclosure regulation. Section 4 presents our sample, describes the content analysis framework applied in the paper and introduces our hypotheses. Section 5 discusses the main results. Section 5.1 concludes. Coding sheets of analysis are given in the online appendix.

2 Related research

Pakhchanyan (2016) analyzed 279 operational risk-related papers published between 1998 and 2014 and showed that only eighteen papers focused on Pillar 3 disclosure, while only four examined the determinants of risk reporting. These four papers and most of the underlying surveys and studies were conducted before the finalization of Basel II (in 2004) and before the Capital Requirements Directive (CRD) was introduced (in 2006) in the European Union, or in the early stages of its application.

Helbok and Wagner (2006) analyzed 142 Asian, European and North American financial intermediaries over the period 1998–2001. They concluded that the extent and content of voluntary disclosure on operational risk are negatively correlated to a bank’s equity ratio and profitability.

Oliveira et al (2011) examined the annual reports of 190 Portuguese credit institutions for 2006 and found that the main reason for banks disclosing operational risk-related information in their annual reports was preserving their reputation. They argued that operational risk reporting needed further reforms.

Barakat and Hussainey (2013) investigated the effects of bank governance, regulation and supervision on the quality of operational risk reporting by more than eighty European banks from 2008 to 2010. They analyzed the disclosure quality by using a self-constructed index and concluded that “banks with a higher proportion of outside board directors, lower executive ownership, concentrated outside nongovernmental ownership, more active audit committee and operating under regulations that promote bank competition disclose higher-quality operational risk reports”.

The fourth paper is related to the Jordanian banking sector (Haija and Al Hayek 2012).

For Asia, a number of papers (see, for example, Htay and Salman 2015; Haddad and Hakim 2015; Nobanee and Ellili 2017; Sriram 2018; Bhasin et al 2012) focus on the extent of compliance with local and international requirements. In the most recent research for China, Elshandidy et al (2018) found evidence that firm size is the most significant and positive factor of disclosure.

The only paper focusing on Eastern Europe is, to the best of our knowledge, that of Herghiligiu (2013), who examined the operational risk reporting of forty-one Romanian commercial banks based on the method of Haija and Al Hayek (2012). Both Herghiligiu (2013) and Haija and Al Hayek (2012) provide general insight on operational risk disclosure practices but do not discuss this topic from a theoretical perspective. The main finding of Herghiligiu (2013) was that supervisors should put “pressure on Romanian Commercial Banks to disclose qualitative and quantitative data on operational risk”.

Khlif and Hussainey (2016) summarized and reconciled the findings of forty-two empirical studies focused on determinants of risk reporting. Supported by agency, signaling and political cost theories, they concluded that the institution size and the leverage (debt-to-assets) ratio are positively and significantly associated with voluntary risk reporting. They pointed out the importance of risk disclosure from an accounting perspective. However, in the banking industry, secrecy, as an additional determinant of risk disclosure, affects risk reporting negatively; market discipline standards are becoming increasingly important.

Hemrit and Ben Arab (2011) revealed that, over the period 2000–2009, for insurance companies, “the level of operational risk disclosure is significantly related to the size of a company and to the intensity of its provisions and its leverage.… However, profitability and the cost of capital are not significant”.

Our research follows the content analysis approach applied by Zeghal and Aoun (2016), who analyzed the annual reports of fifty-nine banks in the United States. Their aim was to investigate the effects of the financial crisis on the content and quality of banks’ enterprise risk management (ERM) information published in their annual reports. They used the content-analysis method and created self-constructed indexes to measure voluntary and mandatory risk disclosures. The volume and quality of risk reporting were measured using the natural logarithm of the number of sentences information about ERM, and multivariate analysis was used to establish the determinants of ERM disclosure. They observed a significant improvement in both the content and the quality of the reports after the crisis. Zeghal and Aoun found that “ERM disclosure is significantly and positively associated with the crisis, bank size, board independence, duality and significantly and negatively associated with profitability, leverage, and board size”.

Based on the literature and on our own practical experience, we examine the correlations between operational risk disclosure and banks’ financial characteristics.

3 Market discipline in focus

Strengthening market discipline has been a key aspect of the regulation of financial markets in the European Union since the 1990s. The second Basel Capital Accord aimed to ensure this through the harmonization of and increase in banks’ disclosure requirements. This requirement is contained in Pillar 3, under which banks publish their risk reports annually.

Based on Pillar 3 disclosure requirements, banks are free to choose the form in which they disclose information on their capital adequacy and risk profile. Most European banks disclose an individual report on Pillar 3, but some banks present such information in their annual report. If a bank publishes an individual report on Pillar 3, it also has to present risk information in its annual report. In many cases these two forms of risk reporting overlap. For these reasons, we analyze both Pillar 3 and annual reports and refer to them collectively as “risk reports” throughout the paper.

Risk reports are public platforms through which banks can provide (and market participants can acquire) information on their capital adequacy, risks and risk management processes, as well as on their internal prudential defense lines. The Capital Requirements Regulation (CRR) lays down the rules for banking disclosure processes (see European Parliament and Council of the European Union 2013, Part 8). As Article 435 of the CRR states, “institutions shall disclose their risk management objectives and policies for each separate category of risk”. The CRR is rather reticent on the subject of operational risk disclosure, and focuses on the approach used to calculate the operational risk capital requirements. Only the banks applying the AMA have to provide information on their internal capital calculation models and risk mitigation mechanism (European Parliament and Council of the European Union 2013, Article 454).

Risk reports have great influence on how market participants (investors, customers, analysts, rating agencies, etc) evaluate institutions. Following the global financial crisis, the role of risk information became more crucial for investors and other public stakeholders; at the same time, high-quality risk reports could decrease uncertainty and help to rebuild confidence in financial institutions (Financial Stability Board 2012). Hamrouni et al (2017) analyzed 155 nonfinancial firms listed on the Euronext Paris stock exchange and found that voluntary disclosure provides crucial information for financial analysts in order to create and refine their forecasts. Information included in a bank’s annual and/or Pillar 3 reports is relevant to its reputation. In addition, reports play an essential role in the calculation of counterparty and settlement limits. A bank’s willingness to take risks, its solvency and its risk ratings by credit rating agencies are important aspects of the calculation of these limits. Risk reports provide a suitable and substantial basis on which to evaluate the degree of compliance with these aspects. We can see that, after the 2007–9 crisis, subjective aspects and approaches have come to the fore during supervisory, rating and planning processes.

Although disclosure requirements are wide ranging, they are quite general; therefore, they can be open to different interpretations, resulting in heterogeneous risk reports, where the presentations of given risks are very different. Much post-crisis research has been published that focuses on, and analyzes, risk reports and disclosure requirements, as well as the degree of compliance with expectations. Most of these studies found significant differences relating to both the subjects and the level of detail presented in risk reports (Committee of European Banking Supervisors 2009; Beaudemoulin 2009; Financial Services Authority 2010; European Systemic Risk Board 2013).

In 2014, the Basel Committee reviewed its previous “principles for the sound management of operational risk”. During the review, sixty systemically important banks from twenty jurisdictions self-assessed their implementation of each principle. The Committee identified weaknesses related to four principles, including the role of disclosure. One of the main findings was that banks tend to primarily provide high-level statements instead of practical information. In addition, due to inadequate disclosure policy, market players are insufficiently informed about institutions’ risk profiles and how they manage operational risk (Basel Committee on Banking Supervision 2014).

As a result of increasing tension and pressure, the Basel Committee, after a lengthy consultation phase, published revised Pillar 3 disclosure requirements (Basel Committee on Banking Supervision 2015). These aimed to improve risk reporting through five principles referring to clear, comprehensive, meaningful, consistent and comparable disclosure practices. However, although this revised document determined more specific and well-structured requirements than the former one, the above principles were still difficult to capture in practice. Therefore, the Basel Committee issued further revisions of Pillar 3 in 2017 and in 2018. According to Basel Committee on Banking Supervision (2018), by the time the new standardized measurement approach (SMA) for operational risk capital charge is implemented (in 2022), institutions should provide information on the following:

  1. (1)

    general and qualitative information on their operational risk framework (policies, guidelines, structure, organization, reporting, risk culture, etc);

  2. (2)

    historical losses, ie, aggregate operational losses incurred over the past ten years, with the threshold of collection being €20 000 or €100 000;

  3. (3)

    business indicator and subcomponents;

  4. (4)

    the minimum required operational risk capital.

However distant the year 2022 may appear at the time of writing, this proposal will bring the banking sector closer to transparency.

4 Research methodology

Using the content analysis research method (Hamrouni et al 2017; Mayring 2000; Zhang and Wildemuth 2016) we examined the English language versions of the risk reports of the largest banks in the V4 countries, disclosed in the period 2008–16. With the exception of Slovakian and Czech banks, most of the institutions disclosed separate Pillar 3 reports. We analyzed both the annual report and all available Pillar 3 reports. Disclosure requirements have been in force since 2008; therefore, we used this as the start date of our analysis. As we conducted the content analysis at the beginning of 2017, we examined risk reports up to 2016. More than 350 reports were examined for the nine years in the analysis. The twenty-six banks chosen had the highest number of total assets in their respective local sectors. The institutions involved and their market dominance are detailed in Annex 1 online.

4.1 The Visegrád Four

Following the characteristic former mono-bank (government-run) system of the Eastern Bloc, in the second half of the 1980s the Visegrád Four’s banking sector entered an economic transition to a two-tier system, in which foreign investors played a crucial role. Due to the presence of foreign investors, both the structural and the professional development of the financial intermediary system led to effective and competitive banking operations and services. Currently, most of the banks in V4 countries belong to banking groups headquartered in one of the wealthier EU countries (eg, Italy, France, Belgium and Austria); therefore, they can manage their risks through well-developed approaches. The early 2000s were characterized by dynamic lending activity in all four V4 countries. While foreign currency loans to households fluctuated at around 1% of annual GDP in the Czech Republic and Slovakia at the end of 2009, the share of foreign currency loans exceeded 12% of annual GDP in Poland and 20% of annual GDP in Hungary. The global financial crisis did not cause lasting harm in the Visegrád countries, but tougher regulatory requirements have meant great challenges for the banks (Central Bank of Hungary 2014, p. 32).

Table 1: Aggregate statistical data relating to operational risk in the Visegrád countries in 2016. [*Where an institution uses more than one approach, the institution shall be counted under each of these approaches. BIA, basic indicator approach. TSA, the standard approach. ASA, alternative standardized approach. AMA, advanced measurement approaches. Source: European Banking Authority statistics. URL: https://bit.ly/2TLxBBo (accessed February 15, 2016).]
      Czech Republic Hungary Poland Slovakia

Own funds requirements for operational risk as a percentage of total own funds requirements

12.45 16.32 8.33 10.75
Credit institutions % based on the total BIA 69.23 68.00 91.63 15.38
(breakdown by approach) number of credit TSA/ASA 30.77 32.00 03.38 61.54
  institutions* AMA 11.54 20.00 01.13 23.08
  % based on total own BIA 35.26 22.53 24.54 01.8
  funds requirements TSA/ASA 28.58 33.66 61.98 54.34
  for operational risk AMA 36.16 43.81 13.48 43.85
Number of credit institutions 56 106 621 28
Total assets (€ m) 223 825.64 107 559.48 388 774.82 71 348.02
Total assets (% of GDP) 128.27 95.69 92.62 88.13
Total capital requirements (€ m) 8 427.73 4 432.51 18 548.17 2 583.00
Total capital ratio (%) 16.65 18.60 16.82 18.04

As can be seen in Table 1, in 2016 Hungary had the highest operational risk capital charge as a share of its total own funds and the highest total capital ratio. With the exception of Slovakia, the basic indicator approach (BIA) is the most commonly applied approach. If we look at the total own funds requirements for operational risk, we can see that the role and the contribution of both the standard and advanced approaches are also crucial.

4.2 Methodological background and hypotheses

Hemrit and Ben Arab (2011) collected a number of common approaches to measure disclosure. They showed that most methods applied in empirical studies are self-constructed indexes, content analyses and regression. In our analysis, we followed the methodology applied by Zeghal and Aoun (2016), which inspired us to conduct a similar study with a different focus. Content analysis (Zhang and Wildemuth 2016) is a subjective but scientific research methodology for examining documents. This methodology ensures the systematic classification of our research questions, and supports our study empirically and methodologically. Content analysis is widely used for literature reviews and for forming measurable indexes from a text. Gaur and Kumar (2018) demonstrated the application of content analysis by selecting high-ranking content-analysis-based papers between 1991 and 2015.

The starting point of our analysis was the code sheet presented by Zeghal and Aoun (2016). Their list of questions included thirteen relating to information quality but only seven questions relating to operational risk. As we are concentrating on operational risk, we determined additional questions based on European regulation and on our own empirical and practical experience. We strove to consider all the issues discussed by academics, bankers and regulatory authorities in the period examined. As a result of this preparation, we determined twenty-three operational-risk-specific (content) and eleven general (quality) questions. We examined the content and the quality of the banks’ operational risk disclosures separately by investigating the existence/availability and granularity of information in the reports. Based on these aspects, we coded all the potential answers to the questions.

We examined the reports’ content based on twenty-three questions (see Annex 2 online), assigned to the following five categories.

Definition:

the definition and classification of operational risk (event type and business line breakdown), capital calculation method and external data sources.

Governance:

the organization of operational risk, controls and committees.

Risk culture:

the bank’s risk strategy and risk appetite/tolerance.

Risks and trends:

the bank’s risk exposure, largest losses, potential threats, expected/predicted tendencies in the sector and group-level characteristics.

Current issues:

emerging risks (model, conduct and reputational risks, IT incidents), business continuity planning.

If a question was answered in the report, the code attributed took a value of 1; otherwise it took a value of 0.

Following the summary of the code values based on the method of Zeghal and Aoun (2016), we calculated the operational risk (OpRisk) disclosure index (ODI) relating to the content aspects of the report, as follows:

  ODI=i=1nSi23,   (4.1)

where Si is the code attributed to each item, which takes a value of 1 if the item is disclosed and 0 otherwise; n is the number of questions (ie, n=23).

We examined the reports’ quality via eleven questions based on the five principles determined by the Basel Committee on Banking Supervision (2015): clarity, transparency, meaningfulness, comparability and consistency (see Annex 3 online). Depending on the level of compliance, code values ranged from 0 to 3. We calculated the OpRisk quality index (OQI), relating to the quality aspects of the reports, based on the following formula:

  OQI=i=1nSi33.   (4.2)

Here Si is the code attributed to each item, which takes a value of 1 if the item is disclosed in a general statement, 2 if the item is disclosed in a specific statement, 3 if the item is disclosed in a specific statement containing quantitative and qualitative details, and 0 otherwise; n is the number of questions; and the maximum weighted score for all the items in the index is 33.

Based on (4.1) and (4.2), we analyzed the indexes from both a historical perspective and a peer group perspective (by country).

As discussed in the literature, banks can have manifold incentives to disclose information on their risk profiles. Comprehensive disclosure indisputably decreases uncertainty, which has several benefits, including a reduction in information asymmetry, a lower cost of capital and better access to liquidity markets. Therefore, we expected the range of content and the quality of OpRisk information to improve in the period examined. We established the following hypothesis.

  • (H1)

    The content and the quality of OpRisk disclosure by the largest V4 banks improved and became more sophisticated over the period 2008–16.

This kind of data set can be examined by a panel regression method, which combines time series and cross-sectional analysis and provides an opportunity to analyze the determinants of OpRisk disclosure. We assumed the main banking characteristics (applied capital calculation approach, size, profitability, equity-to-assets ratio and board structure) play a significant role in disclosure. Based on previous studies, we established hypotheses (H2)–(H6) below, which relate to these expectations.

The literature is in agreement regarding the significant and positive relation between firm size and level of risk reporting. Based on the results of Homolya (2016) – larger institutions are more inclined to use more advanced capital calculation methods – we assumed that there is a significant and positive relationship between the applied capital measurement approach and risk disclosure.

According to signaling theory, companies with a high debt-to-assets ratio are interested in signaling to investors and creditors that they are prudent and properly manage risks. Agency theory states that these highly leveraged companies give priority to risk reporting in order to reduce conflicts between creditors and shareholders. Zeghal and Aoun (2016) assumed a significant and positive correlation between debt-to-assets ratio and risk disclosure, but they found a negative relationship. Khlif and Hussainey (2016) and Hemrit and Ben Arab (2011) also confirmed a significant relationship, but they found the results regarding the direction of the link between these factors inconclusive.

  • (H2)

    The content and the quality of OpRisk disclosure by the largest V4 banks are positively correlated with the implementation of AMA.

  • (H3)

    The content and the quality of OpRisk disclosure by the largest V4 banks are positively correlated with bank size (natural logarithm of total assets).

  • (H4)

    The content and the quality of OpRisk disclosure by the largest V4 banks are correlated with the equity-to-assets ratio.

According to Khlif and Hussainey (2016) and Hemrit and Ben Arab (2011), the correlation of profitability with risk reporting has not been clearly demonstrated; different studies produce conflicting results. Some state that the weaker the profitability, the greater the motivation to decrease uncertainty and reflect the firm’s promising future prospects. Other studies argue that institutions with high levels of profitability are also motivated to disclose risk information in order to reflect the efficient risk management processes behind their good performance. While there is no conclusive empirical evidence on this relationship (see, for example, Zeghal and Aoun 2016), we propose the following hypothesis.

  • (H5)

    The content and quality of OpRisk disclosure by the largest V4 banks are correlated with profitability.

In their study, Zeghal and Aoun (2016) included information on the structure of the board of directors: ownership structure, board size, board independence and duality of the roles of the CEO and chair of the board. In the V4 countries, several banks are not listed on the stock exchange. Therefore, in our research it was not possible to include information on the ownership structure.

However, Zeghal and Aoun (2016) assumed a negative relation between board size and the level of ERM disclosure, referring to studies that confirmed smaller boards are “more cohesive and more conducive to decision-making and management oversight”. They found a positive link between board independence and the level of ERM disclosure. Their finding relating to duality was inconsistent with their hypothesis. They expected a negative relationship between duality and the level of ERM disclosure, but they found a positive link between the two. Lajili (2009) examined the relationship between corporate governance mechanisms and risk disclosure for Canadian publicly traded companies and established that larger companies and those with more independent members on the board of directors are more likely to voluntarily disclose risk management information. Samaha et al (2015) conducted a meta-analysis of sixty-four research papers published between 1997 and 2013. They focused on how corporate governance factors affect voluntary disclosure and found that board size and the composition of both the board and audit committee have a significant positive effect on voluntary disclosure, while CEO duality has a significant negative effect on it.

Therefore, we expect the following relationships between board structure variables and operational risk disclosure.

  • (H6a)

    The content and the quality of OpRisk disclosure by the largest V4 banks are positively correlated with board size.

  • (H6b)

    The content and the quality of OpRisk disclosure by the largest V4 banks are negatively correlated with the duality between the roles of CEO and chair of the board.

  • (H6c)

    The content and the quality of OpRisk disclosure by the largest V4 banks are positively correlated with the proportion of independent nonexecutive directors.

5 Empirical results

In this section, we examine how risk reports provide relevant information on a bank’s risk profile and capital adequacy, and test our hypotheses using ODI, OQI and regression analysis.

5.1 Analysis of content and quality of risk reporting

Average OpRisk disclosure index (%) by country between 2008 and 2016.
Figure 1: Average OpRisk disclosure index (%) by country between 2008 and 2016.
  2008 2009 2010 2011 2012 2013 2014 2015 2016
Czech Rep. 44.3 49.6 53.0 55.7 56.5 62.6 61.7 64.3 64.3
Hungary 39.1 48.3 50.2 54.6 56.0 57.5 54.1 57.5 56.5
Poland 39.1 40.8 39.7 43.5 50.0 65.2 69.0 70.1 71.2
Slovakia 52.2 53.3 54.3 52.2 51.1 48.9 52.2 52.2 51.1
Average OpRisk quality index (%) by country between 2008 and 2016.
Figure 2: Average OpRisk quality index (%) by country between 2008 and 2016.
  2008 2009 2010 2011 2012 2013 2014 2015 2016
Czech Rep. 45.5 46.7 47.3 50.9 50.9 52.1 51.5 51.5 50.9
Hungary 43.1 45.1 44.4 46.5 46.8 48.1 47.8 49.2 49.5
Poland 46.3 47.0 47.3 48.9 49.2 64.4 66.3 62.5 64.4
Slovakia 47.5 44.7 45.5 45.5 45.5 43.9 47.7 47.7 47.7

Figure 1 shows the OpRisk disclosure index by country, which shows the operational risk content was increasingly widely reported and improved to a great extent in all V4 countries over the period 2008–16. The Slovakian ODI remained relatively stable at around 50–55%. However, in the case of Poland, we can see a significant increase in ODI. This sharp increase in the middle of the period was driven primarily by a large number of acquisitions.

Figure 2 reflects the OpRisk quality index. In the period examined, the OQIs increase moderately and vary from 43% to 52% in three countries. However, the result for Poland is similar to that shown in Figure 1: we see a significant improvement in the quality of operational risk disclosure.

Descriptive statistics for ODI and OQI are presented in Table 2.

Table 2: Descriptive statistics for operational risk reporting in the V4 countries. [SD, standard deviation.]
(a) 2008
  No. of        
Index obs. Mean (%) SD (%) Min (%) Max (%)
ODI 24 41.85 16.61 17.39 78.26
OQI 24 45.08 09.92 27.27 69.70
(b) 2011
  No. of        
Index obs. Mean (%) SD (%) Min (%) Max (%)
ODI 26 51.00 16.52 17.39 73.91
OQI 26 47.90 10.77 30.30 69.70
(c) 2016
  No. of        
Index obs. Mean (%) SD (%) Min (%) Max (%)
ODI 26 61.71 14.71 30.43 82.61
OQI 26 54.08 11.96 30.30 72.73

Figure 3 indicates that risk reports focus mainly on risk culture and governance. Implementing and reflecting risk awareness have gained importance in the banking industry since the financial crisis. However, although banks disclose information on their risk strategy and operational risk appetite, as well as on the control environment and reporting structure, they rarely discuss the way in which operational risk departments cooperate with the different internal audit, compliance, IT security, fraud investigation departments, etc. Similarly, risk reports do not contain information on how banks educate and develop their staff to encourage a higher level of operational risk sensitivity.

Average OpRisk disclosure index by category.
Figure 3: Average OpRisk disclosure index by category.
Average OpRisk disclosure index by AMA and non-AMA banks
Figure 4: Average OpRisk disclosure index by AMA and non-AMA banks

Further, most V4 risk reports do not present current risk factors, incidents, trends, potential threats and “new” subtypes of operational risk, eg, conduct, model and reputational risk.

As can be seen from the preceding ODI and OQI results, the content of OpRisk disclosure by the largest V4 banks became more sophisticated and the quality improved in the period 2008–16, confirming hypothesis (H1).

Figure 4 shows that for 2016 the average OpRisk disclosure index at banks that had implemented the AMA was 67.2%, while in other banks it only reached 58.2%. This result confirms hypothesis (H2).

5.2 Regression analysis

In this section, in order to improve the robustness of our study, we test our hypotheses by using panel regression. Table 3 presents the variables chosen for our analysis.

Table 3: Variables and their source for regression analysis.
Independent variable Measure Code Source

Bank size

Natural logarithm of total assets

ln Totalasset Annual report

Profitability

Return on assets ratio

ROA Annual report

Leverage, equity-to-assets ratio

Total equity/total assets

E/A Annual report

Duality between the CEO and the chair of the board

Dummy variable:

1 if the CEO is the chair of the board,

0 otherwise

CEO Annual report

Board independence

Ratio of independent, nonexecutive members to the total number of members

BoardIndep Annual report

Board size

Number of board members

Boardsize Annual report

OpRisk capital calculation method

Dummy variable:

1 if the bank uses AMA method,

0 otherwise

AMA Annual report

We run the following panel regression models for bank i and year t:

  ODIi,t =αi+β1lnTotalasseti,t+β2ROAi,t  
      +β3E/Ai,t+β4Boardsizei,t+β5BoardIndepi,t  
      +β6CEOi,t+β7AMAi,t+μi,t   (5.1)
and
  OQIi,t =αi+β1lnTotalasseti,t+β2ROAi,t  
      +β3E/Ai,t+β4Boardsizei,t+β5BoardIndepi,t  
      +β6CEOi,t+β7AMAi,t+μi,t.   (5.2)
Table 4: Panel regression ODI results based on (5.1). [Model 1 is a firm fixed-effect model. Model 2 is a firm and time fixed-effect model. p<0.1; p*<0.05; p**<0.001; p***<0.0001. Positive and significant connections are shown in italics.]
Model variations Model 1 Model 2
CEO 0.002 -0.026
Board independence -0.057 -0.036
Board size 0.019 0.020*
Equity-to-assets ratio 0.024* 0.004
ROA 0.016 0.006
AMA method 0.167*** 0.085*
Total assets (ln) 0.112* 0.038
_cons -0.868 -0.07
R-squared:    
 within 0.2686 0.3985
 between 0.0429 0.0043
 overall 0.0606 0.1380
Table 5: Panel regression OQI results based on (5.2). [Model 1 is a firm fixed-effect model. Model 2 is a firm and time fixed-effect model. p<0.1; p*<0.05; p**<0.001; p***<0.0001. Positive and significant connections are shown in italics.]
Model variations Model 1 Model 2
CEO 0.122* 0.106*
Board independence 0.029 0.025
Board size 0.001 0.004
Equity-to-assets ratio 0.017*** 0.012*
ROA 0.006 0.003
AMA method 0.078*** 0.052*
Total assets (ln) 0.106*** 0.069*
_cons -0.738 -0.372
R-squared:    
 within 0.3230 0.4140
 between 0.1142 0.1050
 overall 0.1075 0.1413

Based on the Hausman test, the fixed-effect model is the best method for analyzing both indexes. We run several model variations and present two of them here: a fixed-effect model (model 1), and a firm and time fixed-effect model (model 2). Tables 4 and  5 give their results (positive and significant connections are highlighted in italics). Table 4 shows the results of regression analysis based on (5.1). Table 5 contains the results of regression analysis based on (5.2).

Model 1 is based on Zeghal and Aoun (2016). Model 2 controls the changes across both time and banks and shows a very interesting result. If we do not take into account differences across time and firm, only the selected capital calculation method and the board size influence the content of the reports.

Based on the results, we can accept hypotheses (H2) and (H3). Both the content (ODI) and the quality (OQI) of OpRisk disclosure by the largest V4 banks are positively correlated with the implementation of AMA and with bank size (natural logarithm of total assets). However, the regression model shows a positive connection between the level of leverage (equity-to-assets ratio) and report quality, but there is a nonsignificant connection with the content of risk reports. Therefore, we reject hypothesis (H4).

The results do not indicate a connection between the banks’ disclosure and return on assets. Therefore, we refute hypothesis (H5), which assumes the content and the quality of OpRisk disclosure by the largest V4 banks are correlated with profitability.

Relating to board structure, we conclude that board size is positively correlated with the content of disclosures, when selecting a confidence interval of 10. In the case of quality, the board size is not significant. As for the proportion of independent nonexecutive directors, the coefficient of independence is not significant in the regressions. The regression analysis shows that the report quality is better if the CEO and the chair of the board are the same person. However, there is no empirical evidence for the connection between the content of the report and the duality between the role of CEO and the chair of the board. Due to these results, we reject hypotheses (H6a)–(H6c).

6 Conclusion

We conclude that, despite increasing regulatory interest, operational risk is often neglected in risk reports. However, although operational risk disclosures have become more informative since 2008, much relevant information remains unknown to external stakeholders. We conclude that many banks provide primarily high-level statements instead of practical information. Major incidents, the structure of operational risk exposure, trends and challenges are rather neglected in risk disclosures.

Our results show that higher quality and more sophisticated reports are associated with a greater amount of total assets and the implementation of AMA.

From January 1, 2022, the AMA will be replaced by the SMA, which is a less risk-sensitive capital allocation method; its several weaknesses and limitations have been summarized by Peters et al (2016) and Mignola et al (2016). Like many practitioners and academics, we expect that the current motivation and support for the application of manifold operational risk management techniques will decrease after the introduction of the SMA. At the same time, the SMA might have a detrimental effect on disclosure, while the importance of operational risk will presumably not change. Therefore, we argue that operational risk disclosure should be supported by more specific and clearer regulatory requirements. We think that market participants (including banks and regulatory authorities) should pay greater attention to historical data, trends, subtypes of operational risk, staff risk awareness and cooperation with other control units.

Declaration of interest

The authors report no conflicts of interest. The authors alone are responsible for the content and writing of the paper. The views expressed here are those of the authors only and not necessarily of the institution with which they are affiliated. Any inadequacies are the authors’ alone.

Acknowledgements

The authors are very grateful to the anonymous referees for their suggestions and constructive comments. The work of Zs. Tamásné Vőneki was supported by the Higher Education Institutional Excellence Program of the Ministry for Innovation and Technology (Hungary) under the framework of the “Financial and Public Services” Research Project NKFIH-1163-10/2019 at Corvinus University of Budapest.

References

  • Barakat, A., and Hussainey, K. (2013). Bank governance, regulation, supervision, and risk reporting: evidence from operational risk disclosures in European banks. International Review of Financial Analysis 30, 254–273 (https://doi.org/10.1016/j.irfa.2013.07.002).
  • Basel Committee on Banking Supervision (2014). Review of the principles for the sound management of operational risk. Report, October, Bank for International Settlements. URL: http://www.bis.org/publ/bcbs292.pdf.
  • Basel Committee on Banking Supervision (2015). Revised Pillar 3 disclosure requirements. Standards Document, January, Bank for International Settlements. URL: http://www.bis.org/bcbs/publ/d309.pdf.
  • Basel Committee on Banking Supervision (2017). Pillar 3 disclosure requirements: consolidated and enhanced framework. Standards Document, March, Bank for International Settlements. URL: http://www.bis.org/bcbs/publ/d400.pdf.
  • Basel Committee on Banking Supervision (2018). Pillar 3 disclosure requirements. Consultative Document, February, Bank for International Settlements. URL: http://www.bis.org/bcbs/publ/d432.pdf.
  • Beaudemoulin, N. (2009). Fostering convergence in the application of Pillar 3 requirements and enhancing comparability of related disclosures. Opening remarks at Public Roundtable, December 9, CEBS, London. URL: http://www.eba.europa.eu/documents/10180/18422/CEBS.pdf.
  • Bhasin, M. L., Makarov, R., and Orazalin, N. (2012). Determinants of voluntary disclosure in the banking sector: an empirical evidence. International Journal of Contemporary Business Studies 3(3), 60–71. URL: https://bit.ly/2uoRymQ.
  • Central Bank of Hungary (2014). Financial stability report. Report, November, Magyar Nemzeti Bank, Budapest. URL: https://bit.ly/38xoGaJ.
  • Committee of European Banking Supervisors (2009). Disclosure guidelines: lessons learned from the financial crisis. Consultation Paper, October 30, CEBS, London. URL: https://bit.ly/37wmDnv.
  • Elshandidy, T., Neri, L., and Guo, Y. (2018). Determinants and impacts of risk disclosure quality: evidence from China. Journal of Applied Accounting Research 19(4), 518–536 (https://doi.org/10.1108/JAAR-07-2016-0066).
  • European Banking Authority (2014). Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP). Report EBA/GL/2014/13, EBA, Paris. URL: https://bit.ly/2RiSNNm.
  • European Parliament and Council of the European Union (2013). Regulation (EU) No. 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012. Official Journal of the European Union 56(L176), 1–337. URL: http://data.europa.eu/eli/reg/2013/575/oj.
  • European Systemic Risk Board (2013). Benefits of a standardised reporting of Pillar 3 information. Staff Note, January, ESRB, Frankfurt. URL: https://bit.ly/2NRm3sD.
  • Financial Services Authority (2010). Enhancing financial reporting disclosures by UK credit institutions: feedback on DP09/5. Feedback Statement, September, FSA, London. URL: http://www.fca.org.uk/publication/feedback/fs10_03.pdf.
  • Financial Stability Board (2012). Enhancing the risk disclosures of banks. Report, October 29, FSB, Bank for International Settlements, Basel. URL: http://www.fsb.org/wp-content/uploads/r_121029.pdf.
  • Gaur, A. S., and Kumar, M. (2018). A systematic approach to conducting review studies: an assessment of content analysis in 25 years of IB research. Journal of World Business 53(2), 280–289 (https://doi.org/10.1016/j.jwb.2017.11.003).
  • Haddad, M., and Hakim, S. (2015). Using financial disclosures to evaluate the risk profile of large GCC banks. Journal of Applied Finance and Banking 5(2), 29–43.
  • Haija, M. F. A. E., and Al Hayek, A. F. (2012). Operational risk disclosures in Jordanian commercial banks: it’s enough. International Research Journal of Finance and Economics 83, 50–61.
  • Hamrouni, A., Benkraiem, R., and Karmani, M. (2017). Voluntary information disclosure and sell-side analyst coverage intensity. Review of Accounting and Finance 16(2), 260–280 (https://doi.org/10.1108/RAF-02-2015-0024).
  • Helbok, G., and Wagner, C. (2006). Determinants of operational risk reporting in the banking industry. The Journal of Risk 9(1), 49–74 (https://doi.org/10.21314/JOR.2006.140).
  • Hemrit, W., and Ben Arab, M. (2011). The disclosure of operational risk in Tunisian insurance companies. The Journal of Operational Risk 6(2), 69–111 (https://doi.org/10.21314/JOP.2011.089).
  • Herghiligiu, R. (2013). Operational risk disclosure in Romanian commercial banks. Journal of Public Administration, Finance and Law 4, 171–178.
  • Homolya, D. (2016). Risk management approaches and bank size. Financial and Economic Review 15(2), 114–128. URL: https://epa.oszk.hu/02700/02758/00007/pdf/.
  • Htay, S. N. N., and Salman, S. A. (2015). Operational and liquidity risk information disclosure practices by Malaysian listed banks. International Business Management 9(1), 60–64.
  • Khlif, H., and Hussainey, K. (2016). The association between risk disclosure and firm characteristics: a meta-analysis. Journal of Risk Research 19(2), 181–211 (https://doi.org/10.1080/13669877.2014.961514).
  • Lajili, K. (2009). Corporate risk disclosure and corporate governance. Journal of Risk and Financial Management 2(1), 94–117 (https://doi.org/10.3390/jrfm2010094).
  • Mayring, P. (2000). Qualitative content analysis. Forum: Qualitative Social Research 1(2), Article 20 (https://doi.org/10.17169/fqs-1.2.1089).
  • Mignola, G., Ugoccioni, R., and Cope, E. (2016). Comments on the Basel Committee on Banking Supervision proposal for a new standardized approach for operational risk. The Journal of Operational Risk 11(3), 51–69 (https://doi.org/10.21314/JOP.2016.184).
  • Nobanee, H., and Ellili, N. (2017). Does operational risk disclosure quality increase operating cash flows? Brazilian Administration Review 14(4), 1–13 (https://doi.org/10.1590/1807-7692bar2017170025).
  • Oliveira, J., Rodrigues, L. L., and Craig, R. (2011). Risk-related disclosure practices in the annual reports of Portuguese credit institutions: an exploratory study. Journal of Banking Regulation 12, 100–118 (https://doi.org/10.1057/jbr.2010.20).
  • Pakhchanyan, S. (2016). Operational risk management in financial institutions: a literature review. International Journal of Financial Studies 4(4), 20:1–20:21 (https://doi.org/10.3390/ijfs4040020).
  • Peters, G., Shevchenko, P., Hassani, B., and Chapelle, A. (2016). Should the advanced measurement approach be replaced with the standardized measurement approach for operational risk? The Journal of Operational Risk 11(3), 1–49 (https://doi.org/10.21314/JOP.2016.177).
  • Power, M. (2005). The invention of operational risk. Review of International Political Economy 12(4), 577–599 (https://doi.org/10.1080/09692290500240271).
  • Samaha, K., Khlif, H., and Hussainey, K. (2015). The impact of board and audit committee characteristics on voluntary disclosure: a meta-analysis. Journal of International Accounting, Auditing and Taxation 24, 13–28 (https://doi.org/10.1016/j.intaccaudtax.2014.11.001).
  • Sriram, M. (2018). Do firm specific characteristics and industry classification corroborate voluntary disclosure of financial ratios: an empirical investigation of S&P CNX 500 companies. Journal of Management and Governance (https://doi.org/10.1007/s10997-018-9414-z).
  • Zeghal, D., and Aoun, M. E. (2016). The effect of the 2007/2008 financial crisis on enterprise risk management disclosure of top US banks. Journal of Modern Accounting and Auditing 12(1), 28–51 (https://doi.org/10.17265/1548-6583/2016.01.003).
  • Zhang, C., Zhu, W., Yang, S., and French, J. (2008). Assessment of banking operational risk. In New Frontiers in Enterprise Risk Management, Olson, D. L., and Wu, D. (eds), pp. 195–196. Springer (https://doi.org/10.1007/978-3-540-78642-9_13).
  • Zhang, Y., and Wildemuth, B. M. (2016). Qualitative analysis of content. In Applications of Social Research Methods to Questions in Information and Library Science, Wildemuth, B. M. (ed), 2nd edn, pp. 308–319. Westport, CT: Libraries Unlimited. URL: http://www.ischool.utexas.edu/~yanz/Content_analysis.pdf.

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.risk.net/subscribe

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: