Institutions value quality over quantity

It was with great interest that Ci3 agreed to sponsor this survey of op risk eco capital attitudes within financial institutions. Within our own geographically and functionally diverse customer base, we are hearing mixed messages as to the perceived value and appetite for op risk eco capital calculation. It is obvious from this survey that there are equally mixed feelings within the general industry.

While it is excellent to see that 75% of institutions have an op risk capital strategy, it is concerning to note that not many people seem to feel that they will ever have a single number that correctly represents the operational risk capital in their business. These results have two possible causes:

1) Institutions are creating op risk capital strategies that they do not entirely believe.

2) In addition to eco capital strategies, institutions are creating qualitative reporting to support quantitative modelling that they do not entirely rely upon.

Perhaps the results to the questions concerning the methodologies for calculating op risk capital show us that number (2) is the most relevant cause. It is evident that institutions realise that there is at least as much data in qualitative form within operational risk as there is in quantitative form and that this data must be included within any overview of operational risk. In some cases qualitative data will be used to 'inform' the quantitative modelling and in others it will simply be reported alongside capital numbers.

The above-mentioned concerns with the purely quantitative operational risk capital calculation, coupled with the large number of respondents who say that the aim of this calculation is to improve overall operations and efficiency, might be a major cause of the senior management buy-in problems many op risk executives are experiencing. Many of our customers have found that business line executives relate much better to qualitative data concerning operational risks than to quantitative capital figures. When it comes to operational decisions, data concerning audit findings, customer care and risk scenarios are as relevant as past loss histories and KRIs.

While we feel that capital calculation for operational risk is advancing quickly towards a state where it will be a well-accepted tool, it should never be relied upon to give a complete picture of the operational risk within a firm. It could therefore be seen as a core input to an operational risk scorecard that includes other more qualitative factors.

Lastly, given the mixed responses to the questions concerning linkage with other risk types, we suggest that some time is spent with those risk types that are more qualitative in nature (for example, strategic, reputational and IT). A lot of very good research and development efforts are under way in these disciplines that could assist operational risk executives in convincing senior management that the final enterprise risk report is not a single capital number but a single risk scorecard that includes capital numbers from those risks that lend themselves to that approach (such as market and credit) and qualitative data from other risk types.