Pages

Wednesday, 30 March 2016

Why managing operational risk is so important

By Stanley Epstein -

Banks, like any other firm or individual, are exposed to many different forms of risk. So one would not expect it, but the term “risk” still remains one of the most misunderstood terms in the banking industry.

This short article will explain what risk is and some of the different types of risk that banks and other financial institutions are exposed to in their everyday business activities.

The definition of “Risk” as “exposure to the chance of injury or loss” is a typical one (with thanks to Dictionery.com).

There may be other variations on this theme, but what we have is good enough. The key elements of “RISK” are EXPOSURE to the CHANCE of LOSS. Put another way; the possibility that something will cause a financial or other loss. This is the basis for understanding the different types of risks that banks face.

In its basic form, banks take in deposits and lend these deposits out in the form of loans. Should the borrower not repay his loan the bank is faced with what is called “credit risk”. Credit risk is the possibility that a borrower will be unable to make payment of the amount of the loan when it falls due. Credit risk is absolute. It’s the chance that the borrower will never be able to repay the loan. Credit risk and bankruptcy are closely linked.

Liquidity risk is on the other hand not absolute. Liquidity risk is the possibility that a borrower will be unable to make payment of the amount due at the time that it is due. However the reason for this could be cash flow issues. It does not imply that the borrower is insolvent as he may be waiting for funds due to him to arrive. In terms of Liquidity risk the borrower may still be able to repay the loan at a later time.

Between them, Credit risk and Liquidity risk are the major business risks that banks face because they are the major part of the business of banking.

Over the last few years there has been a growing awareness that Operational risk is another source of danger to a bank. This was given “official” voice and form in the Basel Accords, where Operational Risk has been defined as “the risk of direct or indirect loss resulting from inadequate or failed internal processes, people and systems or from external events”. Take note of this definition – it is very important.

Operational risk in terms of the Basel Accords has been subdivided into seven separate categories. We examine each of these categories and briefly explain what types of risks they cover.

  • Internal Fraud. By and large this covers fraud by bank staff such as the stealing of assets, theft of client information, covering up errors, intentional mismarking of positions, bribery etc.
  • External Fraud. This occurs where non-bank staff is involved such as in computer hacking, third-party theft, forgery.
  • Employment Practices and Workplace Safety. Inequitable staff policies, workers compensation claims, employee health and safety issues.
  • Clients, Products and Business Practice. This is a very wide field and generally covers market manipulation, antitrust issues, improper trading activities, bank product defects, fiduciary breaches, account churning. The sub-prime Mortgage debacle is a clear example of a product defect. The huge LIBOR rate rigging scandal which has dominated the news these past few years falls into this category as well.
  • Damage to Physical Assets. This covers things like natural disasters, terrorism and vandalism – anything that results in actual damage or destruction of the bank’s physical assets. These actions may be deliberate or purely accidental.
  • Business Disruption and Systems Failures. Power failures, computer software and hardware failures. A hurricane or a flood that results in banking services being disrupted also falls into this category.
  • Execution, Delivery and Process Management. This covers things like data capture errors, accounting errors, failure to meet legal reporting requirement, negligent loss of client assets.
There are other risks too, such as legal, reputational, market – the list goes on. But that is another story.