Welcome to the fourth issue of Volume 13 of The Journal of Operational Risk.
I continue to reach out to practitioners to see how they are adapting to the new Basel III operational risk rules. It is encouraging to see how several financial institutions are handling the changes proposed by regulators. Some banks have created a new nonfinancial risk department, which covers not only operational risks but also reputational, strategic and business risks as well as the whole cyber-defense risk apparatus. There is now a stronger focus on collecting not just loss data but business data too, and on controlling internal environment factors in order to monitor risk in day-to-day operations, which I personally think is excellent for the industry. Also noteworthy is the rise in cyber-risk experts within the ranks of operational risk. A recent article on Risk.net showed that some banks are promoting these cyber-risk experts to head their operational risk departments as this form of risk becomes more dominant within the field. In this issue of The Journal of Operational Risk, we publish the results of a survey on global perspectives on operational risk management and practice that is quite interesting and definitely worth reading.
We will be expecting more papers on cyber and IT risks in the future, and on not only quantifying them but also managing them in better ways. We would also like to publish more papers on important subjects such as enterprise risk management (ERM) and everything that encompasses this broad subject, eg, establishing risk policies and procedures, implementing firm-wide controls, aggregating risk and revamping risk organization. As I said before, we still think that analytical papers on operational risk measurement will come, but now with a focus on stress testing and actually managing these risks.
These are certainly exciting times! The Journal of Operational Risk, as the leading publication in the area, aims to be at the forefront of these discussions. We welcome any papers that are able to shed light on these discussions.
In this issue we have two research papers and two forum papers. It is interesting to note that the research papers are both the result of work that is already looking to move operational risk beyond the advanced measurement approach (AMA).
In our first paper, “Is operational risk regulation forward looking and sensitive to current risks?”, Marco Migueis from the Federal Reserve Bank evaluates the operational risk capital requirements of large US banks to determine whether they are forward looking, sensitive to banks’ current exposures, and designed to allow for risk mitigation. This paper also discusses modifications that could bring existing regulation closer to these goals, while highlighting the potential pitfalls of doing so. The analysis focuses on the AMA, the new standardized approach for dealing with operational risk put forward by the Basel Committee on Banking Supervision and the Federal Reserve’s Comprehensive Capital Analysis and Review (CCAR). Unless modified, the author claims, the new standardized approach is unlikely to be forward looking. This paper follows on from ideas that the author proposed in our previous issue.
“Predictive fraud analytics: B-tests”, the issue’s second research paper, finds Sergey Afanasiev and Anastasiya Smirnova claiming that effective anti-fraud tools can be developed with the help of machine-learning methods. The authors note that machine-learning methods are applied across a wide variety of business areas within the banking sector, eg, assessing a client’s risk profile (application and behavior scoring), forming targeted sales (x-sell, up-sell) and choosing collection strategies (collection scoring). In their paper, the authors develop B-test methods, via which they claim it is possible to identify internal fraud at an early stage.
In “Global perspectives on operational risk management and practice: a survey by the Institute of Operational Risk (IOR) and the Center for Financial Professionals (CeFPro)”, Gareth W. Peters, George Clark, John Thirlwell and Manoj Kulwal publish the results of a survey that they designed on behalf of the IOR, which was facilitated and collated by CeFPro. This survey represents a comprehensive perspective on operational risk practice, obtained from practitioners occupying a wide range of countries and sectors. The IOR and CeFPro, who developed and executed the survey, are both leading organizations in operational risk in the financial services industry. This paper is a detailed analysis of the industry report that was jointly created by these organizations. The goal of the survey and its subsequent analysis was to develop an under- standing of the dynamic and evolving nature of operational risk management practice from the perspective of industry practitioners. The authors sought out a large cross-section of industry areas to capture a truly global view of the discipline’s responses. They focused on developing a survey that would facilitate a greater understanding of the following core aspects of operational risk practice, both at present and with regard to future possible directions: the current best practices and approaches to operational risk; the tools and skills being applied in practice; the discipline’s current status in different regions and sectors; and the directions in which the discipline may go in future.
In our second forum paper, “A review of the state of the art in quantifying operational risk”, Sonia Benito and Carmen Lopez-Martın provide a comprehensive review of the different approaches to modeling operational risk that have been developed, specifically focusing on the actuarial approach. The authors highlight the relative strengths and weaknesses of the various methods. In the case of the actuarial approach, which is the method most commonly used by financial institutions, the authors review the challenges faced (eg, scarcity of data, truncated data, and modeling dependence in both frequency and severity) and offer proposals to overcome them. The authors’ objective is to provide financial risk researchers with all of the models and proposed developments for operational risk estimation.
This paper evaluates the operational risk capital requirements of large US banks to determine whether they are forward looking, sensitive to banks’ current exposures and designed to allow for risk mitigation.
In this paper, the authors look at B-tests: methods by which it is possible to identify internal fraud among employees and partners of the bank at an early stage.
Global perspectives on operational risk management and practice: a survey by the Institute of Operational Risk (IOR) and the Center for Financial Professionals (CeFPro)
This paper presents survey results which represent comprehensive perspectives on operational risk practice, obtained from practitioners in a wide range of countries and sectors.
In this paper, the authors provide a comprehensive review of the different approaches developed to model operational risk, specifically focusing on the actuarial approach.