Operational Risk Modeling in Financial Services

Transform your approach to oprisk modelling with a proven, non-statistical methodology

Operational Risk Modeling in Financial Services provides risk professionals with a forward-looking approach to risk modelling, based on structured management judgement over obsolete statistical methods. Proven over a decade’s use in significant banks and financial services firms in Europe and the US, the Exposure, Occurrence, Impact (XOI) method of operational risk modelling played an instrumental role in reshaping their oprisk modelling approaches; in this book, the expert team that developed this methodology offers practical, in-depth guidance on XOI use and applications for a variety of major risks.

The Basel Committee has dismissed statistical approaches to risk modelling, leaving regulators and practitioners searching for the next generation of oprisk quantification. The XOI method is ideally suited to fulfil this need, as a calculated, coordinated, consistent approach designed to bridge the gap between risk quantification and risk management. This book details the XOI framework and provides essential guidance for practitioners looking to change the oprisk modelling paradigm.

• Survey the range of current practices in operational risk analysis and modelling
• Track recent regulatory trends including capital modelling, stress testing and more
• Understand the XOI oprisk modelling method, and transition away from statistical approaches

• Apply XOI to major operational risks, such as disasters, fraud, conduct, legal and cyber risk

The financial services industry is in dire need of a new standard — a proven, transformational approach to operational risk that eliminates or mitigates the common issues with traditional approaches. Operational Risk Modeling in Financial Services provides practical, real-world guidance toward a more reliable methodology, shifting the conversation toward the future with a new kind of oprisk modelling.

List of Figures xi

List of Tables xv

Foreword xix

Preface xxi

Part One Lessons Learned in 10 Years of Practice

Chapter 1 Creation of the Method 3

1.1 From Artificial Intelligence to Risk Modelling 3

1.2 Model Losses or Risks? 5

Chapter 2 Introduction to the XOI Method 7

2.1 A Risk Modelling Doctrine 7

2.2 A Knowledge Management Process 8

2.3 The eXposure, Occurrence, Impact (XOI) Approach 9

2.4 The Return of AI: Bayesian Networks for Risk Assessment 10

Chapter 3 Lessons Learned in 10 Years of Practice 13

3.1 Risk and Control Self-Assessment 13

3.2 Loss Data 24

3.3 Quantitative Models 30

3.4 Scenarios Workshops 36

3.5 Correlations 41

3.6 Model Validation 47

Part Two Challenges of Operational Risk Measurement

Chapter 4 Definition and Scope of Operational Risk 57

4.1 On Risk Taxonomies 57

4.2 Definition of Operational Risk 68

Chapter 5 The Importance of Operational Risk 71

5.1 The Importance of Losses 71

5.2 The Importance of Operational Risk Capital 74

5.3 Adequacy of Capital to Losses 76

Chapter 6 The Need for Measurement 77

6.1 Regulatory Requirements 77

6.2 Nonregulatory Requirements 82

Chapter 7 The Challenges of Measurement 93

7.1 Introduction 93

7.2 Measuring Risk or Measuring Risks? 93

7.3 Requirements of a Risk Measurement Method 95

7.4 Risk Measurement Practices 98

Part Three The Practice of Operational Risk Management

Chapter 8 Risk and Control Self-Assessment 105

8.1 Introduction 105

8.2 Risk and Control Identification 107

8.3 Risk and Control Assessment 113

Chapter 9 Losses Modelling 121

9.1 Loss Distribution Approach 122

9.2 Loss Regression 134

Chapter 10 Scenario Analysis 137

10.1 Scope of Scenario Analysis 137

10.2 Scenario Identification 150

10.3 Scenario Assessment 163

Part Four The Exposure, Occurrence, Impact Method

Chapter 11 An Exposure-Based Model 179

11.1 A Tsunami Is Not an Unexpectedly Big Wave 179

11.2 Using Available Knowledge to Inform Risk Analysis 180

11.3 Structured Scenarios Assessment 181

11.4 The XOI Approach: Exposure, Occurrence, and Impact 182

Chapter 12 Introduction to Bayesian Networks 185

12.1 A Bit of History 185

12.2 A Bit of Theory 186

12.3 Influence Diagrams and Decision Theory 187

12.4 Introduction to Inference in Bayesian Networks 187

12.5 Introduction to Learning in Bayesian Networks 189

Chapter 13 Bayesian Networks for Risk Measurement 191

13.1 An Example in Car Fleet Management 191

Chapter 14 The XOI Methodology 203

14.1 Structure Design 203

14.2 Quantification 209

14.3 Simulation 214

Chapter 15 A Scenario in Internal Fraud 219

15.1 Introduction 219

15.2 XOI Modelling 219

Chapter 16 A Scenario in Cyber Risk 227

16.1 Definition 227

16.2 XOI Modelling 234

Chapter 17 A Scenario in Conduct Risk 239

17.1 Definition 239

17.2 Types of Misconduct 241

17.3 XOI Modelling 246

Chapter 18 Aggregation of Scenarios 255

18.1 Introduction 255

18.2 Influence of a Scenario on an Environment Factor 257

18.3 Influence of an Environment Factor on a Scenario 258

18.4 Combining the Influences 261

18.5 Turning the Dependencies into Correlations 262

Chapter 19 Applications 265

19.1 Introduction 265

19.2 Regulatory Applications 267

19.3 Risk Management 278

Chapter 20 A Step towards “Oprisk Metrics” 287

20.1 Introduction 287

20.2 Building Exposure Units Tables 288

20.3 Sources for Driver Quantification 289

20.4 Conclusion 290

Index 291

PATRICK NAIM is the CEO of Elseware and widely recognized as an expert for operational risk modeling and quantification. Patrick has extensive experience in advising banks, insurance and energy companies for over 20 years in Continental Europe, the United Kingdom, and North America. He is also the author of Risk Quantification: Management, Diagnosis and Hedging and Bayesian Networks: a Practical Guide to Applications, both from Wiley.

LAURENT CONDAMIN, PHD, is Managing Partner and Researcher at Elseware. For the past 10 years, he has been advising the largest financial institutions. His areas of expertise are operational risk modeling, stress testing, credit rating modeling, project risk analysis, insurance coverage optimization and cost-benefit analysis.

Whilst regulators are proposing to withdraw the capacity for financial institutions to assess capital using internal statistical models, Operational Risk Modeling in Financial Services offers a well-tested, new approach.

Drawing on the authors’ years of experience and lessons learned, Operational Risk Modeling in Financial Services outlines a fresh approach for the analysis and modeling of operational risks within financial institutions. The book discusses the need to measure operational risk to meet regulatory requirements, such as capital charge calculation or stress tests, as well as non-regulatory requirements including risk appetite and risk management.

The authors explain the challenges measurement presents and explore the three main tools used in operational risk analysis and modeling: RCSA, loss data models and scenario analyses. The book then details the authors’ XOI method, for Exposure, Occurrence and Impact. This method makes it possible to define the exposed resource for each of the operational risks, therefore making it possible to describe the mechanism that can generate losses. Once the mechanism is identified, it can be successfully modeled and quantified.

Praise for Operational Risk Modeling in Financial Services

“Patrick Naim and Laurent Condamin articulate the most comprehensive quantitative and analytical framework that I have encountered for the identification, assessment and management of Operational Risk. I have employed it for five years and found it both usable and effective. I recommend this book as essential reading for senior risk managers.”
–C.S. Venkatakrishnan, CRO, Barclays

“I had the pleasure to work with Laurent and Patrick to implement the XOI approach across a large multinational insurer. The key benefits of the method are to provide an approach to understand, manage and quantify risks and, at the same time, to provide a robust framework for capital modeling. Thanks to this method, we have been able to demonstrate the business benefits of operational risk management. XOI is also well designed to support the Operational Resilience agenda in financial services, which is the new frontier for Op Risk Management.”
–Michael Sicsic, Head of Supervision, Financial Conduct Authority; Ex-Global Operational Risk Director, Aviva Plc

“The approach described in this book was a ‘Eureka!’ moment in my journey on operational risk. Coming from a market risk background, I had the impression that beyond the definition of operational risk, it was difficult to find a book that described a coherent framework for measuring and managing operational risk. Operational Risk Modeling in Financial Services is now filling this gap.”
–Olivier Vigneron, CRO EMEA, JPMorgan Chase & Co

“The XOI methodology provides a structured approach for the modeling of operational risk scenarios. The XOI methodology is robust, forward looking and easy to understand. This book will help you understand the XOI methodology by giving you practical guidance to show how risk managers, risk modellers and scenario owners can work together to model a range of operational risk scenarios using a consistent approach.”
–Michael Furnish, Head of Model Governance and Operational Risk, Aviva Plc

“The XOI approach is a simple framework that allows to measure operational risk by identifying and quantifying the main loss drivers per risk. This facilitates the business and management engagement as the various drivers are defined in business terms and not in risk management jargon. Further, the XOI approach can be used for risk appetite setting and monitoring. I strongly believe that the XOI approach has the potential to become an industry standard for banks and regulators.”
–Emile Dunand, ORM Scenarios & Stress Testing, Credit Suisse