RAL6 - Operational Risk

The New Capital Adequacy Framework outlines three methods for calculating operational risk capital
charges in a continuum of increasing sophistication and risk sensitivity. The details are as follows:
1. Basic Indicator Approach (BIA):
Under the Basic Indicator Approach, banks must hold capital for operational risk equal to the average
over the previous three years of a fixed percentage (denoted as alpha) of positive annual gross
income. Figures for any year in which annual gross income is negative or zero should be excluded
from both the numerator and denominator when calculating the average.
The capital charge may be expressed as follows:
KBIA = [Σ (GI1…n x α)]/n
Where:
KBIA = the capital charge under the Basic Indicator Approach
GI = annual gross income, where positive, over the previous three years
n = number of the previous three years for which gross income is positive
α = 15 per cent, which is set by the Basel Committee on Banking Supervision
2. The Standardised Approach (TSA) :
In TSA, banks’ activities are divided into eight business lines. Within each business line, gross income
is a broad indicator that serves as a proxy for the scale of business operations and thus the likely
scale of operational risk exposure within each of these business lines. The capital charge for each
business line is calculated by multiplying gross income by a factor (denoted beta-β) assigned to that
business line.

Business Line β Factor

Corporate Finance (BL-1)* 18%
Trading and Sales (BL-2) 18%
Payment and Settlement (BL-3) 18%
Agency Services (BL-4) 15%
Asset Management (BL-5)* 12%
Retail Brokerage. (BL-6)* 12%
Retail Banking (BL-7) 12%
Commercial Banking (BL-8) 15%
* Our Bank has not assumed any exposure under these 3 business lines
The total capital charge is calculated as the three-year average of the simple summation of the
regulatory capital charges across each of the business lines in each year. In any given year, negative
capital charges (resulting from negative gross income) in any business line may offset positive capital
charges in other business lines without limit. However, where the aggregate capital charge across all
business lines within a given year is negative, then the input to the numerator for that year will be
zero.
The total capital charge is expressed as:
KTSA = {Σyears 1-3 max[Σ(GI1-8 X β1-8),0]}/3
Where,
KTSA = the capital charge under TSA
GI1-8 = annual gross income in a given year, as defined in the Basic Indicator Approach, for each of
the eight business lines

1
β 1-8 = a fixed percentage, set by the Basel Committee, relating the level of required capital to the
level of the gross income for each of the eight business lines.
A bank should calculate its annual gross income for the most recent year by aggregating the gross
income for the particular business line for the last four financial quarters.
Bank has received approval from RBI to migrate to The Standardized Approach (TSA) for calculating
operational risk capital charge on Parallel Run basis. During the parallel run period, Bank will
compute capital charge under TSA for internal purpose. However, for regulatory capital purpose,
Bank will continue to maintain the capital charge as per Basic Indicator Approach (BIA)
3. Advanced Measurement Approaches (AMA) :

Internal
Loss
Data

External
Scenario
Analysis AMA Loss
Data

BEICF

Four major components of Advanced Measurement Approaches (AMA) are Internal Loss Data, External
Loss Data, Scenario Analysis and Business Environment & Internal Control factors (BEICF).
3.1 Internal Loss Data :
Internal loss data is crucial for tying the operational risk measure of a bank to its actual loss
experience. The collection, tracking and use of internal loss data is an essential prerequisite to the
development and functioning of a credible and robust Operational Risk Measurement System (ORMS).
A bank’s internal loss data must be comprehensive in that it captures all material losses from all
appropriate business activities and geographic locations.
The most important element of Advanced Measurement Approach (AMA) of operational risk is the
Internal Loss Data. Operational losses suffered by our Bank due to inadequate or failed internal
processes, people and systems or from external events forms part of Internal Loss Data.
Examples:
a) Penalty imposed by RBI due to presence of fake notes at our Currency Chest
b) Penalty imposed by RBI due to non-compliance of KYC/AML guidelines
c) Loss due to fire in our branch/offices
d) Loss due to vandalism at our Bank’s ATM
e) Employee compensation cases

Branches / Offices should report such events as and when any such event is detected / noticed. It
can be used to analyse the internal controls and create awareness among the officials of the Bank so
as to manage / mitigate the risk of occurrence of such events again. All types of operational losses
should be reported by Branches / Offices. [Ref: HO Circular No. 80/2016 dated 11 Feb 2016].
Under Advanced Measurement Approaches (AMA), Bank has to map its operational loss data to Basel
defined seven Loss Event types (LET) specified as under:
2
Sl No. Loss Event Description Examples
Type
1 Internal fraud Losses due to acts of a type intended Theft / extortion /
to defraud, misappropriate property embezzlement
or circumvent regulations, the law or Fraud / credit fraud / worthless
company policy, excluding diversity/ deposits
discrimination events, which involves
at least one internal party
2 External fraud Losses due to acts of a type intended Hacking damage
to defraud, misappropriate property Theft/Robbery
or circumvent the law, by a third
party
3 Employment Losses arising from acts inconsistent Employee health & safety
Practices and with employment, health or safety All discrimination types
Workplace laws or agreements, from payment of
Safety personal injury claims, or from
diversity / discrimination events
4 Clients, Losses arising from an unintentional Suitability / disclosure issues
Products & or negligent failure to meet a (KYC, etc.)
Business professional obligation to specific Unlicensed activity
Practices clients (including fiduciary and
suitability requirements), or from the
nature or design of a product
5 Damage to Losses arising from loss or damage to Natural disaster losses
Physical Assets physical assets from natural disaster Human losses from external
or other events sources (terrorism, vandalism)
6 Business Losses arising from disruption of Telecommunications or Utility
disruption and business or system failures outage / disruptions
system failures
7 Execution, Losses from failed transaction Data entry, maintenance or
Delivery & processing or process management, loading error
Process from relations with trade Missed deadline or responsibility
Management
3.2 External Loss Data:
In addition of collecting the internal loss data which the Bank has suffered, Bank is also required to
collect external loss data. External Loss data is the data related to the operational losses suffered
by other banks. It is important to collect external loss data because in future our Bank may also suffer
these operational loss events.
Bank need to collect external loss data which is relevant to our business activities from reliable
sources and publications. Bank should also use a scaling parameter to make the external loss data
relevant to its size of operation.
3.3 Scenario Analysis:
Scenario Analysis is a process of identifying operational risk scenarios and assessing the same in the
context of the bank’s operating environment. Scenario Analysis workshop are conducted to identify
plausible operational risk scenarios. A Bank in its operating history might not have suffered those
extreme losses. However, it is very likely that the Bank is susceptible to such events.
3.4 Business Environment and Internal Control Factors (BEICF) :
In addition to using operational risk loss data, a bank’s operational risk measurement system must
incorporate indicators of the bank’s operational risk profile, as well as other information related to
the assessment of the bank’s internal control framework collectively termed as Business Environment
and Internal Control Factors (BEICFs). Risk and Control Self-Assessment (RCSA) and Key Risk Indicators
(KRIs) are two important ways of implementing BEICFs in a Bank.

3
3.4.1 Risk and Control Self-Assessment (RCSA) :
One of the major component of implementing Business Environment and Internal Control Factors
(BEICFs) in the Bank is RCSA. Risk and Control Self-assessment approach defines identification and
assessment of level of risk and effectiveness of the controls that are in place to ensure effective
implementation of organizational processes.
Risks are primarily related to operating processes of the bank. In RCSA exercise, risks linked to
processes are identified. For example; if process is “accepting cash deposits at branches”, then
related risk could be the “presence of fake currency notes”. After identification of risks, related
controls are identified. For above mentioned risk, control is ‘checking the currency notes under UV
lamp or fake currency detection machines’.
A simple webpage is made available in Bank’s Intranet Portal (IRMD Portal) through which any
employee can submit his / her inputs/ feedback/ suggestions for improvement for specific products/
services for specific period. In Risk & Control Self-Assessment (RCSA) exercise, an employee can
provide inputs regarding risk perceived and suggest controls in the existing process of a product or
services. RCSA exercise helps in identifying new risk areas and establishing necessary controls for
mitigating identified risks.
Results of RCSA exercise are used in defining the overall operational risk profile of the Bank. The
same is also used in adjusting the operational risk capital charge computed under the Advanced
Measurement Approach (AMA).
3.4.2 Key Risk Indicators (KRIs) :
Key Risk Indicator is defined as a measure that attempts to identify potential operating losses before
such loss happen. There is a strong correlation of operational risk with values of the KRI falling outside
an established range (thresholds) indicating potential operational risk scenarios. The tracking of KRI
significantly improve the risk awareness levels and prepares the Bank to respond to risk-sensitive
changes.
However, it should be noted that KRIs are not meant to predict future risk with certainty, nor are
they a comprehensive way of detecting a specific risk. They are designed to help provide indications
that something could go wrong. The business process and environment would need to be assessed to
determine if the perceived risk is present when KRI report shows values in threshold defined as high
risk.
Criteria for good KRIs
Effectiveness
Indicators should:

 apply to at least one specific risk and one business function or activity;
 be measurable at specific points in time;
 reflect objective measurement rather than subjective judgment;
 track at least one aspect of the loss profile such as frequency, severity, or near miss values;
 provide useful management information
ComparabilityIndicators should:

 be quantified as an amount, a percentage, number or a ratio;

 have values that are comparable over time;
 be a reasonably precise and definite quantity
Ease of use
Indicators should:

 be available reliably on a timely basis;

 be cost-effective to collect;
 be readily understood and communicated

4
Examples of KRIs

 Number of customer complaints

 Total time that the CBS was down
 Number of inoperative accounts in the branch
 Number of bank guarantees expired but not cancelled by the branch
 Number of employee terminations due to unethical behavior

Results of KRIs are used in defining the overall operational risk profile of the Bank. The same will
also be used in adjusting the operational risk capital charge computed under the Advanced
Measurement Approach (AMA).
Basel Business Lines :
Level 1
Corporate Finance
Trading & Sales
Payment and Settlement*
Agency Services
Discretionary Fund Management
Asset Management
Non-Discretionary Fund Management
Retail Brokerage
Retail Banking
Commercial Banking
Level 2 Activity Groups
Corporate Finance Mergers and acquisitions, underwriting,
Government Finance privatisations, securitisation, research,
Merchant Banking debt (government, high yield), equity,
Advisory Services syndications, IPO, secondary private
Sales Fixed income, equity, foreign
Market Making exchanges, credit products, funding,
Proprietary Positions own position securities, lending and
Treasury repos, brokerage, debt, prime brokerage
Payments and collections, inter-bank
External Clients funds transfer (RTGS, NEFT, EFT, ECS
etc.), clearing and settlement
Escrow, securities lending (customers)
Custody
corporate actions, depository services
Corporate Agency Issuer and paying agents
Corporate Trust Debenture trustee
Pooled, segregated, retail, institutional,
closed, open, private equity
Pooled, segregated, retail, institutional,
closed, open
Retail Brokerage# Execution and full service
Retail lending including trade finance,
cash credit etc. as defined under Basel II
and also covering non fund based and
bill of exchange facilities to retail
Retail Banking customers, housing loans, loans against
shares, banking services, trust and
estates, retail deposits@, intra bank
fund transfer on behalf of retail
customers.
Private lending (personal loans) and
private/bulk deposits@, banking
Private Banking
services, trust and estates, investment
advice
Merchant/commercial/corporate cards,
Card Services
private labels and retail
Project finance, corporate loans, cash
credit loans, real estate, export and
import finance, trade finance, factoring,
leasing, lending, guarantees including
Commercial Banking deferred payment and performance
guarantees, LCs, bills of exchange, take-
out finance, interbank lending other
than in call money and notice money
market.

*********