US regulators: "Let the industry lead the way on operational risk"

Ferguson said that regulators should allow the banking industry to take the lead in developing modelling frameworks for operational risk geared towards producing a capital charge under the advanced measurement approach (AMA). "Supervisors must be willing to say that the size of the capital charge for operational risk under AMA, to some extent, will depend on the development of industry practice and the experience and associated consensus that will evolve over time," he said. "In the interim, supervisors will need to engage banks in discussions about the likely size of their operational risk capital requirements."

He said supervisors should provide banks with a "concrete sense of what supervisors are looking for" when it comes to how components of the AMA -- such as external data and scenario analysis -- are expected to be used to arrive at an operational risk capital charge. But Ferguson emphasised that banks should be given the freedom to develop methods of modelling operational risk on their own, so that new methodologies can evolve.

This is consistent with pronouncements from US regulators to date. John Jordan, head of the quantitative unit at the Federal Reserve Bank of Boston, said at the Operational Risk conference in New York in March that the US approach to op risk has so far evolved out of the Federal Reserve Board’s Supervisory Letter SR99-18, which was issued in 1999. The letter, Assessing capital adequacy in relation to risk at large banking organizations, says banks should be "identifying and measuring all material risks", which include credit, market, interest rate and "operational and other risks".

"If we look at the advanced measurement approach, it is a flexible approach, it relies on banks’ internal models, it’s designed to promote enhancement of risk management practices, and it is supposed to accommodate innovations over time. All of these things line up well with SR99-18," says Jordan. From his presentation, Jordan seemed to indicate that for now, SR99-18 was providing the framework for US examiners when it came to operational risk.

Jordan indicated that the Fed first examines the corporate governance structure of a bank, including how op risk information gathered, and how it is transmitted to senior management and the board of directors. Jordan also said that the Fed favours structures in which audit double-checks op risk data and results, rather than generates them.

He added that regulators will "look at the inputs into your framework". This includes how the data collected relates to the definition of op risk within the organisation, and the way in which the data is obtained within the bank. For example, examiners will want to understand how employees are trained to input op risk data, so that all staff are working with the same event definitions. Examiners will also verify that data is correct and representative of what is happening at the bank. Only then will examiners look at the bank’s actual op risk modelling framework.

"There will be certain challenges," Jordan said. "We have certain parameters we want people to apply to their methodology, but generally we allow the institutions themselves to decide the appropriate methodology. We understand what is going on in the industry, and we assess the reasonableness of the results." OpRisk