February 23, 2006
Single or multi distribution approach?
A few months ago, the Australian Prudential Regulatory Authority (APRA) released its Advanced Measurement Quantitative Standard known as AGN 115.2 which set the benchmark output for Australian banks attempting to reach AMA accreditation. APRA restricts banks to derive their operational risk capital numbers through a distribution approach however it gives financial institutions some options. We are going to take a quick look at those options.
The ADI will be expected to establish a distribution of aggregated potential operational risk losses across the ADI or a set of operational risk loss distributions for sub-parts of the ADI`s operations.
AGN 115.2
+opVar
This goal is actually achieved by a measurement technique known as OpVar or Value-At-Risk which is one method to calculate operational risk capital provision and must cover operational risk losses over a fixed time period and at a given confidence level. OpVar can be calculated provided we know F-1(1-a) where alpha is the confidence level say 1%, which in this case is the 99th percentile of that loss distribution and thus OpVar0.99 is F-1(1-0.99) = (0.01).
Value at Risk was originally a market risk measure that describes probabilistically the market exposure of a trading portfolio and is widely used by banks, security firms and commodity traders. Unlike other measures of risk, Value-at-risk gives management the insight of exposure that is NOT a retrospective risk metric and the Basel Accord in particular has encouraged the translation of this market measure for risk to credit and operational risk so that a transparent metric of risk can be generated across the three disciplines. So back to our loss distribution or more precisely the 99th percent quartile of our complete loss distribution, APRA gives us two choices for creating this distribution:
1)The single distribution approach, representing all potential operational risk losses and the model must be clear in how it shows specific dependence assumptions across operational risk event classifications and multiple business lines.
2) The multiple distribution approach is an alternative where the operational risk measurement model comprises of several distributions that will beaggregated to show a total exposure amount. For what it`s worth one doesn`t simply add the distributions together because that action would overestimate the capital requirement.
If a bank was to take the multiple distribution approach they must also show correlations between event categories. This is where one distribution has an inherent function on another.
+ So which one should a bank choose?
Both have their advantages and disadvantages, as we shall see below.
The single distribution approach may appeal to banks with limited internal data points for a specific operational risk event classification or where their ability to confirm accurate tracking of loss events has occurred. The single approach also is ideal with measurement techniques such as Extreme Value Theory and in that respect it seems a quick way to the solution, but it does come with its conundrums:
Firstly how complete is the model, that is, are all risk events captured and if so how is capital allocation mapped between functions and business lines. APRA specifically makes mention to this for single distribution approaches. Secondly, when this type of analysis is aggregated, it may be easy to understand the total exposure for a business line but a true comprehension of causality can be concealed in the equation and that knowledge is important for tracking and controlling potential events. There are also other satellite issues, such as the use of external data and most regulators have made it mandatory that external data factors in the model. The problem with consolidated external data is in its nebulous nature, how should it be scaled for use within the organisation and how should the bank integrate these additional data points. Consolidated data stratification is not a straightforward task because the weak context classifications create debates over whether such data points are actually part of population they are being applied to. The bank also has to consider a dimension on the scale between external and internal business unit gearing and that task can be very complicated without fragmenting the model.
So let`s turn to the multiple distribution approach, many of the problems mentioned above are actually circumvented with this technique. Certainly ensuring the capital model is representative of the business activities seems to be inherent within the application itself and choosing where and what external data to use is easier to manage. Unfortunately there is no short cut and with this style, the bank will end up having several distributions representative of loss and it will fail unless it can establish and document good correlation coefficients between the inference between one distribution and the next. Such methods explain how a single loss event increases in magnitude as it gathers momentum, instigating knock on effects from one event category to the next and again the regulator has stressed this has to be modeled within the capital system.
Where the ADI`s approach assumes a dependence structure across those risk measures, by way of correlation estimates across operational risk losses or business lines, the ADI may be able to incorporate those estimates into its aggregation of individual operational risk measures.
Like most agendas in life, there isn`t a short cut and Australian banks should carefully consider the implementation tactics required in the context of their internal operations before jumping on one distribution style against the other.
Posted by CausalEvents at 12:10 PM
| Comments (0)
February 20, 2006
Is there an alternative risk analytic?
There are many ways of calculating OpVar and without embroidering semantics the process really falls into one of two camps; parametric or non-parametric. Most credible operational risk systems used to calculate capital, approaches discussed on the internet, the capital articles on this site and the quantification work I have been part of seem to land in the parametric world.
So what about the non-parametric techniques?
There are many ways of calculating OpVar and without embroidering semantics the process really falls into one of two camps; parametric or non-parametric. Most credible operational risk systems used to calculate capital, approaches discussed on the internet, the capital articles on this site and the quantification work I have been part of seem to land in the parametric world.
So what about the non-parametric techniques?
+ Bank of Japan
[Makes mention to such statistical analysis, even though it was a while back now.]
Current studies have revealed that validity of VaR could be robust with some kind of non-parametric or distribution-free estimator such as Harrell-Davis estimator, which has been recognized as very strong order statistics.
Bank of Japan
As we all know, operational risk isn`t quite a science of precision or perhaps more accurately the discipline isn`t truly a coherent risk measure because it lacks subadditivity [For two random uncorrelated losses A and B and a risk measure denoted by p() ... For all A and B, p(A+B)<= P(A)+P(B) which implies that aggregating individual risks does not increase the overall exposure. Operational risk fails this rule.] we`ll still keep an open mind and investigate the equivalence of this line of thought.
The process the Bank of Japan is leaning towards is similar to the L-Estimator and it computes linear combinations of the ordered statistics by estimating the quantile as a weighted average of one or more losses.
+ Parametric
Value at Risk is a measure that is driven in terms of a quantile of a given distribution, or to be precise where loss has the potential of exceeding a specified probability. In the parametric operational risk world this is accomplished by measuring losses, grouping loss data so that it may be aligned to a probability distribution family, remove any outliers, describe the curve mean, skew, variance, model the function of choice, take estimate parameters, evaluate quality of fit and finally carry out goodness of fit test. The tails of the curve can either be described through scenarios or semi-parametric methods such extreme value theory.
+ Non-Parametric
Alternatively non-parametric methods make no explicit assumptions about the distribution itself except the quantile is derived directly from the data which is assumed to be an independent and identically distributed set of losses. The concept works by taking a point estimate from the ordered statistic of the sample and at the smallest value in the sample outwards. For example; if we have 100 losses and we are looking for VaR at 99%, one would order the losses and estimate this value as the second to last statistic. This process is often dubbed the Upper Empirical Cumulative distribution Value (UECV) however it obviously can sustain high variability with subsequent measurements, so we have to elaborate on the process.
Theoretically, if these variants or `marginals` are tracked, captured and plotted they should potentially yield a curve, albeit a jagged one depending on the number of marginals we capture. This curve can be smoothed and the risk analytics based on the differential application of the smoothing outcome. The drawbacks unfortunately are that many measurements need to be taken for confidence to increase and data may be withholding. A solution to the problem is to calculate the marginal VaR as a weighted average over a range of quantile positions which is the L-Estimator process. UECV is actually an L-Estimator, the last one in the series and it places entire weight on the final ordered statistic.
The process being driven at here however is slightly different as it is carried out across the whole distribution function, spreading each sample observation over an interval with a `kernel`. As we know the kernel (plotted marginals through the process) is actually a symmetric probability density function with its own shape, skew and kurtosis.
For a full description of how this can be applied to market risk please follow this link, the article is an Algo Research Quarterly paper and outlines the process in far more depth.
Algo Paper
For what it`s worth I wasn`t able to locate any L-Estimator references in the context of operational risk on the internet, except The Bank of Japan`s comments. Most operational risk analysts that have been around a while will agree that there are some bizarre attempts to measure this risk classification, particularly in the light of capital allocation and I was certainly expecting some mention on this in the broader network, but none was to be found.
+ Critique
On the up side though, curve fitting errors are less likely to be a problem and the attachment of external data should be quite straight forward assuming it is scaled correctly, but that has always been the case. Correlation of risk factors can of course be asserted through snapshot stages of the kernel and that in itself is an interesting thought that might incite some further contemplation. The process could also assist with the management of events assuming such investigations are carried out in an open reported format and that is an important function of any operational risk capital system.
My critique of it though is that while an OpVar number is returned with very small samples, accuracy is dependent on the completeness of these samples, so we aren`t really escaping the data problem. How many samples are required for completeness to be accepted is going to be one question that will need to be answered and documented. There also seems to be a real detachment to the frequency of events and these will need to be modeled and integrated separately. Then there is the concern that this approach may have difficulty actually separating tails. Combining them by ignoring (automatically including) them may seem to resolve some problems but it introduces others, particularly where the zone between expected loss and unexpected loss begins. This may seem trivial but a definition of this zone is critical to represent how capital is applied against loss; that is some expected losses may have their own reserves/budgets or may actually be costed into the business or products. Understanding whether these budgets are healthy, suitable and sustainable is part of the whole capital process and necessary for Basel II accreditation.
On a closing note, we accept that Harrel-Davis appears on the surface as a `tidy technique`, it is debatable whether the regulator would endorse such an approach and that alone might steal any enthusiasm away from further advancements in this arena. Perhaps a good use for it though, is as a test or second opinion on an existing capital model and that in itself has value.
Posted by CausalEvents at 11:24 PM
| Comments (0)
February 14, 2006
Should rules have classes?
There has been some division lately in the SEC on a stance for the negation of section 404 of the Sarbanes & Oxley act. This argument seems to have been exacerbated as it only targets specific companies that are above a revenue watermark.
Feb 1, 2006 (SmartPros) The Securities and Exchange Commission should not succumb to political pressure and allow smaller public companies to be exempt from 404 requirements of the Sarbanes-Oxley Act, said Arthur Levitt, former chairman of the SEC.
Click here for full article.
Interestingly this is not the first heckle over section 404. In March 2005, the SEC further extended the compliance dates for non-accelerated filers and foreign private issuers over 404 by a year. Back then the commissions chief accountant Donald Nicolaisen stated that the extension was to provide enough time for issuers to objectively manage what he quoted was a hard look at internal controls. Alan Beller, the director of the division for corporation finance added that section 404 had the potential of improving the reliability of governance reporting and although it was a huge effort for some companies, it is those companies that should use the extension not to delay but improve the quality of their efforts.
So just under a year on and the section 404 debates still seem very much in play. For those not familiar with 404, we have paraphrased it below:
+ Section 404
Management Assessment of Internal Controls
(1) State the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and
(2) Contain an assessment, as of the end of the issuer's fiscal year, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.
Section 404, 409, 302 are without doubt pieces of work or whole projects in their own right and simply cant be met through rulings or policies, but require the company to set about building a credible operational risk framework. This framework of course needs to be sensitive to measuring potential events that may affect the business and be representative of such a measurement in an ongoing fashion. No matter the size of the business there is going to be an expanse, where obviously some the largest companies will suffer the highest costs.
+ What the SEC is proposing & Levitts Issues
The SEC advisory committee on smaller public companies
recently recommended that public companies with a market
cap of less than $100 million and revenue of no more than
$125 million would be exempt completely from 404 requirements.
The former chairman of the SEC sees that it is smaller companies that are most likely to have control problems and yet least watched by analysts. He believes that by creating a different standard, small businesses are relegated to a second-class position which hinders their growth.
+ A Wider Issue releasing 404 culpability
From another perspective there are more pertinent concerns that strike me as worthy of consideration which orbit around discriminatory rule making. The most obvious of which is that such divisions leave gaps for exploitation.
A company of market capitalisation of $100 million could actually be quite a large organisation from a resource perspective however to avoid the rule the board may strategically divide the business up into entities that all fall below the threshold and thus escape Sarbanes & Oxley. Simply stating one set of laws under one condition and another set of mandates for a different class of business are also too loose and the SEC would have to define precise guidelines to close such loop holes, sadly this all complicates what is currently quite a tidy ruling.
A more obscure indisposition of discriminatory rule making is that it sets a president. 404 is applicable or not so because it is perceived difficult and expensive to achieve for small businesses. Now that is a platform for any business to argue for any compliance agenda when an industry is under stress. Then of course if 404 is such an enigmatic hurdle what about 409 and 302, should they be questioned as well. Its a slippery slope of erosion of values and each section of the act leans on other components for completeness. Take one component out and the overall act has a very different meaning. Finally on a point that few seemed to have raised; is where investor funds are pooled across a conglomerate of companies all falling under bar but when unified together are well past the mark, how are they to be treated.
What does seem evident is this remonstration of 404 seems to be a reactive one that needs further thought. Considering revenue in isolation of other business indicators is really unlikely to be a true representation of the risk a business contains and hence interferes with the potential a business has to meet the act.
Posted by CausalEvents at 01:12 PM
| Comments (0)
