December 23, 2007
Home-Host discussions continue
About a month ago the Bank for International Settlements released its Home Host supervisory cooperation and allocation mechanisms in the context of AMA. This can be found at BIS Paper
While this brings a long debate closer to a definitive rule set, it isn`t a done deal yet, mind you BIS themselves don`t claim it to be so either; ``This document elaborates on the home-host paper by applying the home-host principles and practices emerging in the broader implementation of Basel II`` however ``a range of practice in this area has not evolved as yet.``
In short, banks that have sizeable subsidiaries in foreign jurisdictions will need to walk through the recommendations in this paper. Precisely what is classified as sizeable I can`t say but then neither does BIS:
``The Basel Committee has not defined ``significance`` for purposes of determining which internationally active banking subsidiaries are ineligible to make use of the hybrid approach and Host supervisors are the ultimate arbiters of whether a subsidiary is significant within a given jurisdiction``
While insight for identifying a banks significance factor is probably a relatively obvious step, I can see such a nebulous statement causing some debate between the banks and their associated regulators, particularly with regulators that are behind the game and it is most likely that it will be those countries that cluster a larger collection of foreign banks.
None the less without becoming tied to the semantics at this point, the paper is a beacon on the hill for the absolute blind (pun intended) with its main emphasis being an outline of the key elements of how to co-operate with a supervisor. That is, it re-iterates the very perceptible in the importance of sharing information between home-host banks to home-host regulators and this information may include measurement approaches but most likely `colleges` are going to have to work together.
While some might find this slightly amusing, perhaps audaciously so, I actually have no intention to mock BIS for writing several pages on how banks need to communicate with regulators and what is expected of them in doing so because on the ground in many respects this is what regulators have to deal with much of the time as worrying as that may seem.
Anyway once we move through the paragraphs of general principles for information sharing, scope and frequency of information sharing, mechanics of information sharing and responsibilities of banks, we reach the gritty bits and bobs.
``Banks should be able to quantify the diversification benefits factored into the capital allocated to the subsidiary and to demonstrate that mechanisms are in place to facilitate such capital transfers.``
That isn`t so easy to do across clearing zones and currencies, on the surface it appears very straight forward but the addition of the word diversification in the context of capital goes hand-in-hand with of course non-diversified and in this way it will require banks to dimension how easy it would be to pass capital over without leaving the host entity under capitalised, policy will also need to consider timing and authority. In some cases dependency is likely to exist however fortunately for the banks they don't have to show how to calculate any knock on effects or correlation. Conceptually the statistics are relatively standard in such a top level model however the bank might need to support these models with data or show the robustness of them using hypothetical situational analysis and that is going to require a little bit of creativity.
Next, stability; ``This implies that capital amounts allocated to subsidiaries should not fluctuate unduly from one period to another``. This is all good assuming the bank is static, but operations gear up and down all the time and most banks are going to need to track such strategic changes however very few actually do in line with operational risk agendas.
Banks can of course run different modes of sophistication between one subsidiary and the next or run stand alone AMA for a subsidiary as stated in the article but if a bank is looking to have a centralised operational risk framework where it calculates capital internally for each foreign entity, it is going to need to do some additional work.
The approach is straight forward and after all of the debates that have gone back and forth with Home-Host requirements, its great to see a refined way forwards.
Posted by CausalEvents at 02:24 AM
| Comments (0)
December 21, 2007
Who's in and Who's Out
After living in Australia for some years or perhaps anywhere relatively pleasant, one does start to feel a bit connected to the people, businesses and ethos of the land and only the other day I read the APRA publication on whos in and whos out for Basel II accreditation with some interest.
Who made it?
*) Australia and New Zealand Banking Group (ANZ) was awarded both IRB for credit risk and AMA approach for operational risk.
*) Commonwealth Bank of Australia (CBA) also IRB for credit and AMA for operational risk
*) Westpac Banking Corporation IRB and AMA as well
*) Macquarie Bank Foundation for credit risk and AMA for operational risk
*) Bank of Western Australia AMA for operational risk
*) National Australia Bank AMA for operational risk
So what happens to those that do not make the credit risk accreditation? Well they have to stay on Basel I. Quite Interesting; so Australias largest bank, National Australia Bank has been approved for AMA but must stay on Basel I for its existing capital arrangements. One does ponder how this is going to be calculated because under Basel I operational risk was not part of the program and was `overlapped` on the other risk disciplines. There are two ways out of this situation; AMA will be a parsimonious exercise for the bank or APRA will create some `special` capital calculation for them, highly unlikely, perhaps we can expect snow in the Middle East first.
Apparently Dr John Laker said that ``the process of applying for Basel II AMA has led to significant improvements in risk management systems`` and personally I would agree with him, before Basel II many of these institutions didn`t have a formal loss data process outside write-off to the GL.
Macquarie Banks approach is certainly well planned and while it is a power house investment bank in Australia its client facing operation is relatively private. It does not run the huge processing centres or massive retail portfolios that the other Australian banks control and it follows that the leap to AMA would have been quite straight forward, then in the same token, return from risk weights on retail credit by applying IRB would be a modest kick-back for the marginal efforts that are needed.
ANZ has certainly been an early adopter of operational risk systems with Dr Mark Lawrence`s scorecard approach some years back and they might be able to share some of their ability with the recent acquistion in South East Asia to bring that financial institution up to speed for Basel II.
The interesting omission from the list is St George, a massive retail lender in New South Wales. No IRB, No AMA, nothing just Basel I. Quite amazing what could have gone wrong there especially as only a year ago Incisive Media awarded Group Risk at St George WINNER : Op Risk executive of the year, so we were all expecting that bank to make it over the line.
The full media release can be found at APRA releases Basel II prudential standards
Posted by CausalEvents at 12:53 AM
| Comments (0)
December 19, 2007
Throwing it around at UBS
Over the last couple months there has been quite a substantial amount of discussion regarding the sub prime mortgage crisis and the collateralized debt obligation instrument, mortgage backed securities and the likes. In much respect I haven't made any formal statement on this ongoing event outside the occasional commentary debate during morning coffee but after reading the news this morning in respects to UBS and their current situation, one does really wonder what kind of risk systems, if any, some of these big banks are running.
Taking a wild position on a market is one thing, going back for more, 10 billion dollars worth is another but to not even keep track of what is on the balance sheet simply shows a total lack of accounting procedure, risk policy and governance support. It is possible that UBS will record a net loss for 2007, although no one is really sure unbelievable that it might seem and while one perceives a bunch quant jocks with their feet on the desk and management chasing the tails, the European Central Bank is going to float 500 or so billion up for cheap grabs and that might ease the pressure some of these banks are under, certainly it will improve their liquid position at the end of the year. The ECB stated that 390 banks across the region had sought funding, so UBS is not alone.
Come on Martin, its UBS do you know how big this organisation is I hear everyone say but in reality when one of your own customers has to prop you up for capital support, it shows how fragile the institution truly is or perhaps how delicate the business model has become through a total lack of risk management and insight in the market place.
To be precise UBS announced this week that they would sell 10.8% of their investment business to the Singapore government as well as a Middle Eastern firm that UBS didn't name as is often the case with some investors.
Mr Ospel told investors during a conference call that "the bank would stick to its existing business model of running a private bank, an asset manager and an investment bank under one roof" whatever that is and was it something else before this? He also added that there was no pressure internally for him to step down, externally he didn't make a reference to.
This is not a first for the Singapore government which runs two large investment funds, GIC which has grown to about 100 billion and Temasek Holdings, which manages about the same sized investments and is run by Ho Ching, the wife of the prime minister Lee Hsien Loong. Both funds have grown over the last few years and have acquired assets in telecommunications, property, shipping, health care, shopping centres in the UK and Australia, aviation carriers and a swag of banks scattered across South East Asia that perhaps incorrectly look to these European big players as a standard for risk management. With Tamasek controlling 17% of Standard Chartered this is not a first for Singapore and in many respects the crisis in mortgage backed securities has presented an opportunity for Singapore to take a stronger foot hold overseas, one that has doubled over the last two years to 38.7 billion for GIC the cousin of Tamasek.
As the deal sits, UBS will issue 9.75 billion of convertible securities to GIC where it pays a coupon rate of 9% until the notes convert to ordinary shares two years on. What a deal for Singapore assuming of course the management of UBS do something with their risk frameworks, so all up 9% return followed by a dividend paying position. The relationship however is a little more symbiotic than may first appear as UBS is also a financial advisor to the Singapore Government on assisting Singapore become a major financial hub. Anyway, if you hang around till the middle of February, there may be more to come from UBS as it plans to sell treasury shares and replace its 2007 cash dividend with stock boosting capital by a further 6.4 billion francs.
Posted by CausalEvents at 02:30 PM
| Comments (0)
May 25, 2007
A reason to defend VaR
In continuing on with the debate on VaR, I agree with some of the comments that were made to the previous blog article and I accept I was hard with my critique. Sure VaR may not be the panacea of risk measurement that it is proclaimed to be but it has some good attributes, starting with the way in which it translates relatively well from market to other disciplines of risk such as credit and this is kind of neat. What is the saving grace is that it is parametrically based and focuses on losses. Up until VaR became a relative standard some banks used what I would classify as exciting alchemy to define the chemistry of causality for their potential loss with the occasional Fibonacci related approaches really taking us to the exotic edge of measurement. Many organisations didn't adopt anything cognisant at all and some still operate this way.
What is important to the industry as a whole is that it finds a reasonable measure of exposure that can be commonly accepted, stochastically sound (whatever that is) and is not refined for one investment strategy over another otherwise transparency and exposure rating is lost.
VaR meets the majority of the criteria to take the world of capital measurement global however many analysts claim expected short fall is a better approach for tail work. Expected Short Fall is the conditional expectation of loss given that the loss is beyond the VaR level and it again is still working in a coherent domain.
The real catch that so many oversee is not that VaR underestimates or overestimates exposure, it is the requirement of including correlation and aggregation that is complex and without these two the VaR calculation is likely to be lower in weight. When a risk analyst drops aggregation from the calculation only to do it post simulation the VaR calculation could lead an organisation to position where it might measure exposure in a manner that lacks subadditivity. Subadditivity implies that aggregating individual risks does not increase the overall risk and that is mathematically expressed in the following way. For all X and all Y, p(X+Y) <= p(X) + p(Y)
What we have here is a deficiency where a decentralised risk framework may be flawed because VaR is calculated on individual portfolios which cannot be aggregated to produce an upper bound of loss and Rudiger Frey and Alexander McNeil published a paper on this quite a few years back when VaR was all the rage in Europe. Another issue with VaR is that investment portfolios have become exponentially complex and contain exposure of many natures including a blend of credit, market and operational risk. This can be seen in the new hybrid derivatives or mitigation alpha investment strategies that are now popular and which for what its worth are fantastic investment approaches with a real purpose but from a risk perspective; is the overall exposure being measured correctly? Is the inference between the arbitrage space of the pure risk disciplines being reported? Perhaps the real concern is that advanced investment strategies are being used by an ever growing investment community and I fair I am not the only one with this fear as many regulators are showing apprehension over the increase in popularity of hedge funds globally.
To close off on this, I see VaR as a stepping stone to a more sophisticated technique of exposure measurement and I agree with you entirely that there may be a better way but we are on a path and in reality the industry as whole has a long way to walk yet. Some banks are stuck on Basel I, some are adopting the basic approaches to capital estimation which is a tragic representation of failure, barely risk based at all and puts expression of loss and capital reserves as nothing more than a proxy of revenue. So now the industry has accepted VaR, we might all just be in a risk renaissance here where VaR is the Euclidean equivalent of risk reasoning just as Greek mathematics opened the space for geometry 320BC and while banks are moving onto risk based capital regimes, VaR might be a likely vehicle to embed a risk based approach in the financial sector and while its doing that, I will defend it.
Posted by CausalEvents at 04:14 PM
| Comments (2)
May 18, 2007
Defending an argument against VaR
A recent article published on RiskCentre news from the author IRA staff on the subject 'Will Basel II finally discredit VaR' left me shocked and raised an eyebrow, actually both of them shot up. This journal critiques some of the assertions that were made against a backdrop of logical thought but before we begin I have to state one theme left me slightly disappointed. When someone slings hard unjustified criticism against a maxim but does not offer an alternative we are left with little option but to diffuse some of the affirmations into the pool of white-noise. All that said, being a dedicated risk professional I feel it my duty to at least point out another light on the hill in the relative risk world of darkness.
This is where it started:
[AUTHOR IRA STAFF] <<< Where we asserted that the use of risk pricing tools such as Value at Risk or 'VAR' models and other types of statistical routines arguably amplified the effect of excess liquidity, boosting the throughput of the Wall Street vastly expanding the pool of risk for end-users.>>>>
Firstly before we refute this, what is VaR?
Value at Risk or VaR is a measure of potential loss from an unlikely adverse event in a normal everyday market environment. It is an expensive measure of risk because it focuses on the worst case event (the tail of the loss curve) and thus in our simple definition alone we would realize that the use of VaR is likely to reduce liquidity or funds available for investment because a larger holding of capital for potential loss would be required by the institution when the institution focuses at the end of the curve rather than the body or mean.
After some debate the article then accepted this point and followed on with ...
[AUTHOR IRA STAFF] <<< To review, VAR models summarize the expected maximum loss (or worst loss) over a target horizon within a given confidence interval. To us, this is an elegant way of saying "I don't know. >>>
Lets be totally real here, a spiritually centred person is aware of this and so is the wise investor. We simply don't know the future and this conundrum has been plaguing man since he realised that some inkling into what might happen can be derived by speculating on outcomes from past events with the same properties. Surely this insight is far better than no perception at all however the argument is actually more profound than this. Assume for example we did know what is going to happen without question of doubt and there was no such thing as chance, then one could argue does opportunity exist at all? To engage in opportunity is to invest a resource into an entity which has potential to move past its current position to a higher one and the steeper the potential the higher the return. Now remove that tensile gap and the price will flatten for everything that is instantly available without limit has little value be it important or not. VaR is the worst case scenario of this tensile gap so it makes a conservative estimate on what could go wrong and that surely has to be the most sane approach to any investment strategy. VaR departs us from our own myopic delusional sentiment and brings all estimates to a single view of exposure.
Looking at the next argument from the article
[AUTHOR IRA STAFF] <<< The trouble with VAR models is that the methodology says nothing about specific risks regarding specific transactions, yet provides risk practitioners with the false impression that the particular risk has been measured >>>
This is not true, the technique for deriving VaR is through the use of variance/covariance, Monte Carlo or historical simulation and it involves using historical data which in our above example is the set of circumstances on a current investment position and the potential for these prices to move away from what we believe or want. These inputs are often combined in different ways depending on the method so that an estimate of a particular percentile of the loss distribution, typically the 99th percentile of loss is created. Now after these calculations only the foolish analyst would throw away his data, equations, documented techniques and workings. What is false about the risk measure is that the 99th percentile of loss is quite improbable and sanely conservative but still VaR should not be expressed alone, it should be justified like any estimate and back tested for accuracy.
Then like many authors with an agenda they made a set of convoluted linguistic twists so that the reader would land at a point where the contraction and change in article direction would be lost. The sad result was the following statement:
[AUTHOR IRA STAFF] <<< Simply stated, if the overall risk calculated in the VAR model appears to be low, then additional risk may be taken >>>
Hang on its the worst case loss, its the 99.9th percentile position, how can that be low however the author did introduce an interesting concept. To be concise the insertion of the word 'additional' is impacting in a risk measure. 'Additional' lends us to believe that each marginal choice in a network of risk based decisions actually has the propensity to conceal the real potential loss from the starting position of an investment. That is, it is a human tendency of error to forget the tally of wins and losses when a goal seems ever so close especially when we just read our risk profile over a short stint in time.
The article did stipulate a real fact in respect to Pillar III, thank the world of regulation for that.
[AUTHOR IRA STAFF] <<< Pillar III of Basel II, the requirement for market discipline, where banks will be compelled to publicly disclose and benchmark the efficacy of VAR models against their actual results, including public 'mark-to-actuals' results for VAR, Defaults, Loss Given Default and Exposure at Default, etc. Will Pillar III ultimately be the undoing of VAR? >>>
What worries me however is that the US regulators are yet to fully adopt an approach for Basel II, landing between the first version of the accord and some advanced standard approach. Really the advantages of Pillar II and III are probably a long way off for US bankers even though Pillar II and III could seriously assist in publishing the true volatility US institutions are exposing themselves to.
Now to finish up the author stated the following:
[AUTHOR IRA STAFF] <<< Just as global regulators are enshrining VAR as the centerpiece of the Basel II regime, markets may demonstrate that this method of measuring risk is entirely useless >>>
VaR is not new to the 'global' banking community and just because regulation is adopting what most investment institutions are using will not demonstrate that this measure of is risk is entirely useless. My dear people, financial institutions have been using VaR to explain the Greek measures of market risk for sometime. VaR simplifies the varied measures of this exposure type so that expressions of threat can occur in a transparent manner. In my opinion, this is overstated and a touch sad. Its authoritarian sounding no doubt about that and it may just fool some, confuse the masses perhaps, but without an alternative and with assumptions missing I have to rebuke that VaR is entirely useless.
Posted by CausalEvents at 11:28 PM
| Comments (1)
June 10, 2006
A top ten focus list for AMA
A couple of days ago a client asked me to list the top issues that banks seem to come up against when constructing a Basel II operational risk framework, particularly when these institutions are striving towards meeting Advanced Measurement Approach. In this short article we are going to openly discuss some of the major issues facing banks that are trying to engage the construction of such a framework and while there are many differing conundrums for alternate banks globally, there is a common theme of say ten items that seem to be continually overlooked when Basel II projects are planned. This list is far from definitive but each item has factored more than once in general Basel II discussions I have had.
Let’s have a closer inspection at ten issues for building a Basel II operational risk framework:
Segmentation of Project Activities
Without doubt this would have to be the most common project planning misdemeanor facing a bank in the Basel II operational risk camp. Generally all risk frameworks whether they are measuring market, credit or operational, will consist of three parts. These parts are Policy, Methodologies and Infrastructure and while these parts are separate agendas for the framework they have lots of cross over activities. Failure to understand how campaigns from policy can be combined with specific business unit facing discussions for methodologies will result in the business units having to be revisited more often than required and is a major cause for escalating costs on the Basel II program.
Unable to integrate the Methodologies
Whether the institution selects Loss Data Approach, Risk Drivers and Controls Assessment or Scenario Analysis as their spearhead modeling technique, the Basel II project will be very much the same, the only difference lies in how the methodologies are combined in the capital calculation. Some of the key methodologies that are used include: Risk Registration, the capture of Loss Data, Integration of External Data, Scenario Analysis, Controlled Self Assessment and Risk Indicators. Many Basel II programs will address each one of these methodologies in a siloed manner without consideration of how variables are used from one methodology to the next. Indicators alone are powerful tools but when correlated with loss data have a certain level of accuracy and of course scenarios need to make sure they only address the tails. Scenario analysis that is detached from external and internal loss data often results in a list of events that have unjustifiable weights and a poor clarification on where the tail begins, certainly we don’t want scenarios to result in expected loss events being captured twice.
Homogeneous Risk Classifications
The estimation of capital is generally a stochastic exercise which relies on pure definitions for a good and accurate result. We all accept operational risk is a nebulous and heterogeneous risk classification but banks’ inability to classify events transparently exacerbate the confidence of exposure calculations, reduce the ability for the institution to benchmark and encourage capital disputes. Interestingly if every bank has a different definition of what comprises a fraud how useful is external data going to be in the risk calculation. What amazes me most is that while the accord has been quite prescriptive with the risk classifications in its annex VII, some operational risk teams seem to stubbornly go ahead wasting their time creating another incommensurable list of loss categories and their efforts are neither fruitful nor an efficient use of time.
Policy and Treatment of risk
Project teams that assign too much of their budget to the infrastructure (software systems and databases) component will find that additional work will have to be planned during deployment to ensure policy is aligned to the business unit measurement methodologies. Risk is not about software and policy describes when an operational risk has occurred, what a near miss is, how both of these should be treated and how the outcomes should be recorded. Very few banks seem to include a serious piece of work around policy design and its associated education campaigns. The result is inconsistent view of exposure from one year to the next and staff will be able to game that system. Sadly how these institutions back test their risk facilities is a mystery to them as much as it must be to the regulator and I am sure overtime they end up having to revisit this piece of work to be in any kind of position to plan strategic improvements in consideration of operational exposure.
Business Unit Mapping
If the risk register is the central domain for operational risk, then Unit Mapping must be a conduit for capital. It isn’t directly stipulated in the ‘AMA qualification moiety’ of the accord however I suppose it is assumed that if standard approaches require lines of business to be established that theme would apply to Advanced Measurement Approach. What granular level should these capital boundaries be set at seems to confuse many operational risk analysts. If the level is too broad, an inherent issue with top down approaches to operational risk, there is a threat that the maps will not furnish a good understanding of causality and then management improvements won’t be tied to a potential event for capital reduction. If on the other hand the maps are a microcosm, the cost of maintaining those maps against the value they return is totally skewed.
Business Unit Reporting
Basel II and operational risk is not about generating OpVar numbers. In reality some of the assessments that are carried out require business unit input however these very same people won’t be able to see how an OpVar number applies to their exposure unless this is reported to them in fashion that translates to exposures they can monitor and controls they can influence. If the operational risk economic capital calculation uses the more actuarial techniques of extreme value theory, the Basel II program must be able to translate the results into management activities for the business unit otherwise they are going to be unlikely to accept and sign off on the results that are displayed to them.
Central Facilities
I have debated business continuity exposures born from systemic faults inherent in a banks central facilities in an earlier article on this journal however while this seems very obvious to most analysts, measuring such exposures is a minefield of complexities. It requires specific focus in its own right, particularly as the cause for an event and its impacts will inevitability lie across capital boundaries.
Factoring Change into the Capital Equation
As with central facilities, factoring change into the capital equation seems to feature in only a small handful of Basel II frameworks. This is concerning because as institutions change, back testing exercises are going to be very long winded and the ability for an institution to use its operational risk capital in the design of sound strategy will be diminished. Again change management needs specific metrics and a transparent approach to measuring exposure for a close proximity of loss to be accounted for.
Demarcation Exercises
Operational risk may be novel to the Basel accord but it certainly isn’t new to banks and has always featured in some way in the capital tiers. One common trend I have been witnessing is the propensity for the credit risk team to throw their loss events over the fence now that there is formal bias for them to do so. While operational risk should account for such losses, definitions need to be clearly established to treat credit events that contain some operational exposure. Specifically paragraph 673 of the Basel Accord makes mention to this however very few institutions that I have visited are taking steps to resolve capital arbitrage between the core disciplines market – operational, credit – operational and credit – market.
Accounting for Insurance
In paragraph 667 of the Basel Accord the recognition of insurance attracts a further 20% reduction of capital against the operational risk capital charge. But for this value to be ascertained banks need to carry out an exercise of attaching insurance to potential loss estimates and centrally modeling the gaps of under or over insurance, the time line before insurance is paid and specifically what events insurance covers for each asset type in turn. With some of the larger banking groups spanning diverse fields of banking (retail, insurance, wholesale, brokerage etc) and multiple geographic locations, the complexity of this exercise should not be underestimated.
So there we have a top ten hit list, please accept this is as not determinative and that priorities between banks will differ, certainly it shows the extensibility of Basel II should not be taken lightly and I hope that this text stimulates some thought.
Posted by CausalEvents at 07:53 PM
| Comments (2)
March 13, 2006
Link between internal capital and regulatory capital
One of the most articulate and well delivered speakers on the circuit of Operational risk would have to be Susan Schmidt Bies of the US Federal Reserve Board and she has been working her magic again late last year with another laudable speech at the international Centre for Business Information on risk management. In line with her previous addresses on subjects such as the demarcation of credit and operational risk, this delivery is as much interesting as it is true to the world of banking:
The linkage between internal capital measures and regulator capital requirements
Curiously, it’s a subject that doesn’t attract that much attention and there are many operational risk analysts I have met that actually don’t particularly distinguish between the two, even though they are quite different measures, reserves and methodologies as Ms Bies points out.
For safety and soundness reasons, bank supervisors must be sure that a bank with greater exposure to riskier lines of business, products and customers holds more capital than a bank that is more risk adverse and designs its business plan to minimise risk taking
Let me add a point about the differences between minimum regulator capital, as set out in the Basel accord and the level of capital that banks may choose to hold for business reasons
+ What is Capital in terms of risk
Before we look at the some of the gaps between these measures of risk and some of the misinterpretations that exist in the industry, let’s loosely define the terms. Capital, what is this? It is a term so often bantered around and hence becomes misused, perhaps even trendy to drop in conversation. In the context of banking and risk together it is a reserve that is held to preserve the “ongoing integrity” of the organisation, some people liken it to a buffer that ensures the institution can account for potential threats to its business and in this sense it provides protection against unexpected losses.
It generally comes in two forms Tier 1 and Tier 2, where Tier 1 is considered very safe, reliable and liquid and usually consists of common stock that is non-cumulative, irredeemable and retained earnings. Tier 2 is also accepted by global regulators as the second most reliable form of reserve and consists of accumulated after-tax surplus of captured earnings, revaluation reserves of fixed assets and long-term holdings of equity securities, hybrid dept/equity capital instruments and subordinated debt.
+Regulatory Capital vs Economic Capital
‘Regulatory Capital’ and ‘Economic Capital’ thus so far in our definition is the same thing however with regulatory capital the method in which to calculate the reserve is prescribed by the regulator, this ensures a greater comparability among banks and the Basel accord pillar II / III is specifically designed to facilitate this. Regulatory capital also defines what instruments can be used for Tier 1 and Tier 2 capital and, what risks the bank must measure, estimate and hold reserves for; the latter of that statement is all critical. By approaching operational risk from a regulatory capital perspective it is imperative for the bank to setup its event classifications so that it may integrate external data within its regulatory calculation.
Economic capital in comparison is a lot more dismembered because it encompasses risks that may not be directly part of the regulatory capital suite and ideally it would encourage the bank to include gearing of operations in the calculation. Economic Capital generally allows the bank to understand a profitability margin against associated or chosen risks and within each business line in turn. It is a metric often referred to in the theme of risk adjusted return on capital and it can be used to benchmark one business unit with another. Regulatory capital on the other hand is less focused on the business return and more on the bank describing its 99th percentile quartile of aggregated loss; a position it should have a complete aversion from and be holding reserves for.
While economic capital also enjoys the freedom of allowing the strategy of the framework to include calculation practices or remove them, this liberty often creates a major difference between the two methodologies. In particular, deriving regulatory capital from economic capital is a complex task, although many banks have taken to do both by bolting on reporting criteria for regulatory components within their economic capital systems. How this is done we will have to leave to another article as that is not what we are trying to drive out here. So back to Ms Bies, a statement she made left me pondering where the industry is truly at, well perhaps the outlook of some of those that operate in it.
One of the questions regulators have been asked as we work toward implementing Basel II is whether we can just continue to encourage the improvement in risk modeling at banks and stop there, I.E, Not tie risk models to capital.
I too have heard statements of similar tenor and was shocked, in fact every time I hear an operational risk analyst lean this way, one has this image of them traveling to a nine-to-five job with both fingers crossed; “please no BCP issues today”. They are generally well intentioned and following a check list but leaving the rest to go on luck.
In reality different banks don’t have the same risk and applying a blanket of audit check lists across the group doesn’t really assist senior management understand what causes their exposures. Most importantly focusing on the control cost effectiveness against risk in the light of products allows strategic decisions to be given a platform of justification. Then if we move back to our capital question surely risky business activities need higher reserves, not some smear across all organisations against a weird proxy such as “revenue”, that doesn’t present a real gauge to the type of risk a business entertains. For what it’s worth, I selected net profit as an example proxy because that is how the Basel II basic indicator approach operates and it has more critics than it does partisans.
Operational Risk in particular is nebulous, that is an auditor may follow a prescribed set of actions and still return an unsatisfactory result, quite simply because this risk classification is exogenous in nature and there are often many causes for a single fault, some of which no control can be 100% effective against. Quantifying operational risk from a capital perspective though is a solution to this unlikely problem because it ties probability, frequency and magnitude on the same curve and it is that curve that allows the analyst to best decide what the worse outcome may be and what should be reserved if such an event occurs.
So without further ado please find a link to the Bies speech here:
Bies on Capital
Posted by CausalEvents at 09:54 PM
| Comments (0)
March 07, 2006
Strategy Risk vs Operational Risk
The definitional boundary of Operational risk is intricately tied to that of strategy however while Pillar-I of the Basel Accord excludes it from operational risk Pillar-II, certainly does not. We are going to have a brief look at it here.
The reason it has been segmented this way is most likely due to BIS wanting to encourage financial institutions to establish a credible quantification framework and a solid operational risk management infrastructure into play before introducing more complex risk scalars. All good in concept but that then leaves the organisation to set about clearly defining what constitutes an operational event and that will require the institution to highlight the nature of strategic causes so that they can be put aside for consideration at a later date.
A recent debate with a colleague from a large Australian insurance company attested to such a problem.
---> Really what is the definition of strategic risk?
and
---> Is a poor strategy an operational event of the finance or planning department?
He has raised some good points here and the market risk section of Pillar-I can`t exist unless such boundaries are drawn; which they are in Pillar-I.
Clearly documented trading strategy for the position/instrument of portfolios, approved by senior management which would include expected holding horizon” and “dealers have the autonomy to enter into/manage the position within agreed limits and according to the agreed strategy
Operational risk on the other hand doesn`t make mention to such clear divisions, yet such segregation policies are paramount to establish if the bank is going to align losses accurately in a transparent taxonomical structure. If that fails then these loss repositories will be imbued with nebulous data points, all of which are difficult to statistically interpolate, particularly if opinion changes next financial year.
+ On with Pillar II and Strategic Risk
So onto Pillar II, this makes a good 17 references to strategic risk; from the strategy of holding capital itself which is in bold might I add, to “The analysis of a bank`s current and future capital requirements in relation to its strategic objectives”
One of the foundational problems with measuring anything though is starting out with a clear definition. The good old statement that everyone seems to throw around like loose change in a café “one has to measure what they manage and define what they measure”, might just be applicable here even though I generally avoid regurgitating overused paraphernalia however, if you pop out and search the web for a good definition you’ll enter a dungeon of burgeoning risk analysts all lobbying a concept that seems to suit their agenda.
A good place to begin and perhaps finish with is the TOWS matrix. At least it commences its piece by explaining the Greek origins of strategy, it does though move onto a process that could be effective in planning strategy and I certainly recommend having a peep by following this link:
TOWS
What I find appealing with the TOWS Matrix is that it offers a process for capturing alternative strategies along with internal weaknesses and strengths. This is very important because that levels how management should decide strategy. Really any risk decision is based on the following criteria: a good understanding of ones ability for success, what drives that success, the alternatives and an appetite for risk/aversion in the current environment.
The TOWS matrix also draws a line between tactical failure and strategic failure for they are very different beasts. Tactical failure of course has a closer proximity to operational risk than a poor steering choice, so now all one has to do is understand whether the inability to mobilize a good tactical team or understand what environment they operate best in belongs to poor strategy or an operational event.
Posted by CausalEvents at 01:36 PM
| Comments (1)
February 23, 2006
Single or multi distribution approach?
A few months ago, the Australian Prudential Regulatory Authority (APRA) released its Advanced Measurement Quantitative Standard known as AGN 115.2 which set the benchmark output for Australian banks attempting to reach AMA accreditation. APRA restricts banks to derive their operational risk capital numbers through a distribution approach however it gives financial institutions some options. We are going to take a quick look at those options.
The ADI will be expected to establish a distribution of aggregated potential operational risk losses across the ADI or a set of operational risk loss distributions for sub-parts of the ADI`s operations.
AGN 115.2
+opVar
This goal is actually achieved by a measurement technique known as OpVar or Value-At-Risk which is one method to calculate operational risk capital provision and must cover operational risk losses over a fixed time period and at a given confidence level. OpVar can be calculated provided we know F-1(1-a) where alpha is the confidence level say 1%, which in this case is the 99th percentile of that loss distribution and thus OpVar0.99 is F-1(1-0.99) = (0.01).
Value at Risk was originally a market risk measure that describes probabilistically the market exposure of a trading portfolio and is widely used by banks, security firms and commodity traders. Unlike other measures of risk, Value-at-risk gives management the insight of exposure that is NOT a retrospective risk metric and the Basel Accord in particular has encouraged the translation of this market measure for risk to credit and operational risk so that a transparent metric of risk can be generated across the three disciplines. So back to our loss distribution or more precisely the 99th percent quartile of our complete loss distribution, APRA gives us two choices for creating this distribution:
1)The single distribution approach, representing all potential operational risk losses and the model must be clear in how it shows specific dependence assumptions across operational risk event classifications and multiple business lines.
2) The multiple distribution approach is an alternative where the operational risk measurement model comprises of several distributions that will beaggregated to show a total exposure amount. For what it`s worth one doesn`t simply add the distributions together because that action would overestimate the capital requirement.
If a bank was to take the multiple distribution approach they must also show correlations between event categories. This is where one distribution has an inherent function on another.
+ So which one should a bank choose?
Both have their advantages and disadvantages, as we shall see below.
The single distribution approach may appeal to banks with limited internal data points for a specific operational risk event classification or where their ability to confirm accurate tracking of loss events has occurred. The single approach also is ideal with measurement techniques such as Extreme Value Theory and in that respect it seems a quick way to the solution, but it does come with its conundrums:
Firstly how complete is the model, that is, are all risk events captured and if so how is capital allocation mapped between functions and business lines. APRA specifically makes mention to this for single distribution approaches. Secondly, when this type of analysis is aggregated, it may be easy to understand the total exposure for a business line but a true comprehension of causality can be concealed in the equation and that knowledge is important for tracking and controlling potential events. There are also other satellite issues, such as the use of external data and most regulators have made it mandatory that external data factors in the model. The problem with consolidated external data is in its nebulous nature, how should it be scaled for use within the organisation and how should the bank integrate these additional data points. Consolidated data stratification is not a straightforward task because the weak context classifications create debates over whether such data points are actually part of population they are being applied to. The bank also has to consider a dimension on the scale between external and internal business unit gearing and that task can be very complicated without fragmenting the model.
So let`s turn to the multiple distribution approach, many of the problems mentioned above are actually circumvented with this technique. Certainly ensuring the capital model is representative of the business activities seems to be inherent within the application itself and choosing where and what external data to use is easier to manage. Unfortunately there is no short cut and with this style, the bank will end up having several distributions representative of loss and it will fail unless it can establish and document good correlation coefficients between the inference between one distribution and the next. Such methods explain how a single loss event increases in magnitude as it gathers momentum, instigating knock on effects from one event category to the next and again the regulator has stressed this has to be modeled within the capital system.
Where the ADI`s approach assumes a dependence structure across those risk measures, by way of correlation estimates across operational risk losses or business lines, the ADI may be able to incorporate those estimates into its aggregation of individual operational risk measures.
Like most agendas in life, there isn`t a short cut and Australian banks should carefully consider the implementation tactics required in the context of their internal operations before jumping on one distribution style against the other.
Posted by CausalEvents at 12:10 PM
| Comments (0)
February 20, 2006
Is there an alternative risk analytic?
There are many ways of calculating OpVar and without embroidering semantics the process really falls into one of two camps; parametric or non-parametric. Most credible operational risk systems used to calculate capital, approaches discussed on the internet, the capital articles on this site and the quantification work I have been part of seem to land in the parametric world.
So what about the non-parametric techniques?
There are many ways of calculating OpVar and without embroidering semantics the process really falls into one of two camps; parametric or non-parametric. Most credible operational risk systems used to calculate capital, approaches discussed on the internet, the capital articles on this site and the quantification work I have been part of seem to land in the parametric world.
So what about the non-parametric techniques?
+ Bank of Japan
[Makes mention to such statistical analysis, even though it was a while back now.]
Current studies have revealed that validity of VaR could be robust with some kind of non-parametric or distribution-free estimator such as Harrell-Davis estimator, which has been recognized as very strong order statistics.
Bank of Japan
As we all know, operational risk isn`t quite a science of precision or perhaps more accurately the discipline isn`t truly a coherent risk measure because it lacks subadditivity [For two random uncorrelated losses A and B and a risk measure denoted by p() ... For all A and B, p(A+B)<= P(A)+P(B) which implies that aggregating individual risks does not increase the overall exposure. Operational risk fails this rule.] we`ll still keep an open mind and investigate the equivalence of this line of thought.
The process the Bank of Japan is leaning towards is similar to the L-Estimator and it computes linear combinations of the ordered statistics by estimating the quantile as a weighted average of one or more losses.
+ Parametric
Value at Risk is a measure that is driven in terms of a quantile of a given distribution, or to be precise where loss has the potential of exceeding a specified probability. In the parametric operational risk world this is accomplished by measuring losses, grouping loss data so that it may be aligned to a probability distribution family, remove any outliers, describe the curve mean, skew, variance, model the function of choice, take estimate parameters, evaluate quality of fit and finally carry out goodness of fit test. The tails of the curve can either be described through scenarios or semi-parametric methods such extreme value theory.
+ Non-Parametric
Alternatively non-parametric methods make no explicit assumptions about the distribution itself except the quantile is derived directly from the data which is assumed to be an independent and identically distributed set of losses. The concept works by taking a point estimate from the ordered statistic of the sample and at the smallest value in the sample outwards. For example; if we have 100 losses and we are looking for VaR at 99%, one would order the losses and estimate this value as the second to last statistic. This process is often dubbed the Upper Empirical Cumulative distribution Value (UECV) however it obviously can sustain high variability with subsequent measurements, so we have to elaborate on the process.
Theoretically, if these variants or `marginals` are tracked, captured and plotted they should potentially yield a curve, albeit a jagged one depending on the number of marginals we capture. This curve can be smoothed and the risk analytics based on the differential application of the smoothing outcome. The drawbacks unfortunately are that many measurements need to be taken for confidence to increase and data may be withholding. A solution to the problem is to calculate the marginal VaR as a weighted average over a range of quantile positions which is the L-Estimator process. UECV is actually an L-Estimator, the last one in the series and it places entire weight on the final ordered statistic.
The process being driven at here however is slightly different as it is carried out across the whole distribution function, spreading each sample observation over an interval with a `kernel`. As we know the kernel (plotted marginals through the process) is actually a symmetric probability density function with its own shape, skew and kurtosis.
For a full description of how this can be applied to market risk please follow this link, the article is an Algo Research Quarterly paper and outlines the process in far more depth.
Algo Paper
For what it`s worth I wasn`t able to locate any L-Estimator references in the context of operational risk on the internet, except The Bank of Japan`s comments. Most operational risk analysts that have been around a while will agree that there are some bizarre attempts to measure this risk classification, particularly in the light of capital allocation and I was certainly expecting some mention on this in the broader network, but none was to be found.
+ Critique
On the up side though, curve fitting errors are less likely to be a problem and the attachment of external data should be quite straight forward assuming it is scaled correctly, but that has always been the case. Correlation of risk factors can of course be asserted through snapshot stages of the kernel and that in itself is an interesting thought that might incite some further contemplation. The process could also assist with the management of events assuming such investigations are carried out in an open reported format and that is an important function of any operational risk capital system.
My critique of it though is that while an OpVar number is returned with very small samples, accuracy is dependent on the completeness of these samples, so we aren`t really escaping the data problem. How many samples are required for completeness to be accepted is going to be one question that will need to be answered and documented. There also seems to be a real detachment to the frequency of events and these will need to be modeled and integrated separately. Then there is the concern that this approach may have difficulty actually separating tails. Combining them by ignoring (automatically including) them may seem to resolve some problems but it introduces others, particularly where the zone between expected loss and unexpected loss begins. This may seem trivial but a definition of this zone is critical to represent how capital is applied against loss; that is some expected losses may have their own reserves/budgets or may actually be costed into the business or products. Understanding whether these budgets are healthy, suitable and sustainable is part of the whole capital process and necessary for Basel II accreditation.
On a closing note, we accept that Harrel-Davis appears on the surface as a `tidy technique`, it is debatable whether the regulator would endorse such an approach and that alone might steal any enthusiasm away from further advancements in this arena. Perhaps a good use for it though, is as a test or second opinion on an existing capital model and that in itself has value.
Posted by CausalEvents at 11:24 PM
| Comments (0)
