ORR Innovation Awards: Initiative of the year

Understanding operational risks within institutions has never been more pertinent than it is today. The Operational Riskdata eXchange (ORX) recognises this, and has spent the past three years developing a set of new standards by which members can report their loss events.

The new standards have replaced the original standards document, which was written in 2004. The process was led by a working group of 10 banks – the ‘definitions working group’ – headed by Mark Laycock, senior adviser for standards at ORX in London; Günther Helbock, head of operational risk at UniCredit Group in Vienna; and Thomas Mueller, vice-president in charge of the operational risk framework at Deutsche Bank in Frankfurt.

With comments from the ORX membership, the group rewrote and reorganised the entire document. The result is a clear, consistent, accessible document that can be used by members and non-members alike.

“As people have tried to extract more value from a risk management perspective and from internal and external data, they want to have more consistency and more clarity,” says Laycock. “Having something like the operational risk reporting standards makes it much easier for everybody.”

Laycock highlights that individual institutions are likely to have their own internal procedures and standards, but is confident the new ORX reporting standards allow some level of uniformity in dealing with operational risk events. “The consistency helps dialogue significantly,” he says. “Everybody can look at the same piece of text. They might not agree with it but at least they can start from the same place, rather than people trying to enter into detailed conversation when each has a different idea in their head.”

The aim now is to have a fixed structure flexible enough to be updated and to easily incorporate any new changes without fundamentally re-writing the whole thing

The new standard not only provides a level of consistency across the op risk community, it is also more accessible than its predecessor, according to Simon Wills, executive director of ORX. “One of the big steps forward between these standards and the last is that you could give these to a new person as a document and they would work,” he says. “The previous standards were a major achievement, but you needed a background in the subject to make them work.”

The new standards came about in part because of the significant growth in ORX membership since 2007. Additional categories, such as products and processes, had already been added but, as UniCredit’s Helbock explains, this affected the structure of the document.

“As time passed, banks came up with more and more difficult items to classify, which were always added to the standards. But they were added in here and there, and this meant the document was no longer perfectly organised. We realised within ORX that when a new bank joined they had a lot of questions that should have been answered by the standards, but that were never clearly highlighted or were located in different places. This creates misunderstanding – so the aim of the big re-organisation was to give the document a very simple structure, detailing in every section what the definition is and what the requirement is, and also listing all the inclusions and exclusions.”

From here, ORX decided to significantly extend the number of examples in the standards to assist members and get consistency in ORX reporting. “The appendix of the new standards is extensive,” says Laycock. “But it’s intended to help people who might come across issues once in a lifetime to understand where it should be allocated to be consistent with the data and understand the data they’re getting back.”

For large losses, two additional categories have been added to the reporting standards. One of these is jurisdiction. “If a firm were to have an issue with a retail banking product and it was under US law, for example, then a member might be able to say it would be less severe for us in our jurisdiction. That helps members make a better decision about the relevance of data points when using it for risk management purposes,” Laycock explains.

And Wills is keen to note the industry has embraced the new standards, with many already familiar with them before sigining up to ORX. “When I started doing this in 2006, we’d go and talk to a new member bank and you’d take the standards along – quite often it might be the first time they’d seen or heard of them,” he says. “When we go and talk to a new member bank now, they know what the standards are and a number of them have built their systems to accommodate them.”

Wills feels the new standards offer a more complete, easier to use, and more coherent document. He says it is testament to the depth of knowledge of the working group led by Laycock, Helbock and Mueller. “There’s a real depth of understanding of the subject that these three have that they brought to bear in developing the new standard,” he says. “And we are certainly very grateful for it.”

It’s also key for Wills that the new standards not be seen as the end of the process. “It’s not like we’ve now chiselled the standard into stone and that’s it,” he says. “I think it’s intended to be a living document. We’ve already done quite a lot of work this year on negative revenues and there’s a big discussion going on at the moment among membership regarding the credit risk and operational risk boundaries, so that will be coming next for the standards.”

Helbock agrees. “We hope we don’t have to revise it any more, and that we now have a structure into which we can incorporate additional cases for inclusion or exclusion, and can introduce another headline – adding something not just as a footnote. The aim now is to have a fixed structure flexible enough to be updated and to easily incorporate any new changes without fundamentally re-writing the whole thing.”

Helbock is also keen for regulators to adopt the new standards. He says that if they accept a bank using the ORX data in an advanced measurement approach model, they are implicitly accepting that the events the bank gets are according to ORX standards. He is also pleased that the Basel Committee on Banking Supervision’s operational risk sub-group of the standards implementation group (Sigor) has acknowledged the document.

“Sigor has taken this document and looked at it,” he says. “The hope is that any future regulation will build on this.”