New Capital Calculations for Basel II Op Risk

It was to be expected that the proxy system for calculating Basel II operational risk capital was always dangerously simplified and consequently fraught with inaccuracies that would under or overestimate capital. A recent publication from the Bank for International settlements confirms what risk practitioners have feared for years and in this post, we take a look at the new recommendations that have been released from the Bank for International settlements.

Shape of Risk - When things break

In the first article on The Shape of Risk [LINK], we investigated why risk practitioners who simplify risk evaluations to a single point estimate will miss the shape of risk and we demonstrated this problem by comparing two very similar but independent risks side by side.

Our inaugural posting on the Shape of Risk series (I fair there might be a few chapters to come yet) attempted to keep the analysis lucid by only focusing on the comparable magnitude aspect of two risks and while the Shape of Risk part I is a nice bite size read, it leaves the frequency of a potential risk event untreated.

In this blog posting we'll address measurements around the likelihood aspect of risk accordingly and hopefully in the same straightforward manner.

The shape of risk

Risk practitioners who evaluate risk as a single number will miss the shape of uncertainty.

If risk is the effect of uncertainty on objectives, just as ISO 31000 defines it to be, we need to accept that there are many ways to describe this uncertainty.  In this short blog posting I am going to demonstrate that risk has shape and being able to dimension this shape will tell us a lot more about the underlying risks we have to manage. 

What makes a good risk manager?

A recent debate in the G31000 risk forum [LINK] on the old subject of what caused the Global Financial Crisis needs a fresh rethink in my opinion.

Is Risk Management a Science or an Art?

The discussion of whether Risk Management is really an art or a science has become a popular debating subject over the last few years as practitioners try to place it within a specific faculty of study.  Today we deliberate on this very subject again and on the G31000 forum [LINK].

Risk management can of course be an art or a science depending on one's point of view, taking features from both schools to become a craft.

Operational Risk Ten Stories

A decade ago, plus a couple of months, the banking community was thrown a new mandate from the Bank for International settlements titled Basel II. For the world of Basel this was the first time regulation had included operational risk as part of the capital regime program.

Ten years on, I have decided to take stock and pull together a presentation on what has worked for the banking community in operational risk management and what remains a stubborn challenge.

Networked Risk Factors

Rieks Joosten has recently released an excellent paper and concept for assessing networked risks which has spawned on a debate for measuring such risks on the G31000 forum.

Funds Transfer Pricing Foundations

In this quick blog posting I am sharing the Funds Transfer Pricing presentation I delivered at the 7th Annual Risk and Liquidity Conference in Singapore.

Unraveling Extreme Value Theory

An interesting request came through from one of our customers today and is worth sharing on the Causal Capital blog because a lot of risk practitioners struggle with some of the more complex areas of modelling uncertainty. This is especially the case when risk managers are attempting to assess the size of impacts from catastrophes.

Risk Appetite In Operations

Assessing and measuring risk appetite away from an investment portfolio is perhaps one of the most difficult risk management initiatives practitioners have to entertain, it is also discussed often on risk forums and written about avidly by many consulting firms.  Yet, very few subject matter experts actually delve into the semantics required to measure risk appetite and this is kind of frustrating. I personally have plenty of clients that have expressed their sentiments around how difficult the entire risk appetite program is and many managers out there struggle to take this important aspect of risk management to completion.

In this article we release a white paper that steps through the entire process of measuring and assessing risk appetite, dealing with the numbers specifically rather than just top level summaries and catch phrases on what risk appetite is.

The Near Miss

In section 2.17 of the ISO 31000 standard, an event without consequences but an event all the same can be classified as a "near miss", "near hit" or "close call". Yesterday morning at Barcelona airport did such an event take place?

Why 5000 iterations in Monte Carlo

For those risk analysts out there using Monte Carlo in their analysis, have you ever wondered why the industry standard for simulation sample sizes in Monte Carlo is set at five thousand iterations?

So many Monte Carlo systems I see in use today run a standard five thousand simulations but why five thousand, why not ten thousand, why not five thousand and one?

How many samples should we have in our simulation sample size and when is the number of iterations insignificant?  To be concise, if you were to add another sample to your Monte Carlo simulation, when doesn't it make a difference to the final result?

Gigantic Catastrophes - Fukushima Daiichi

Recent investigative journalism has turned out some pretty horrifying developments and realizations at the Fukushima Daiichi Nuclear Facility ... The video from Vice is nothing less than deeply concerning.

What to do with KRIs? [Part 2]

So to follow up on Part 1 of our Key Risk Indicator network or system which can be found here [LINK], perhaps the most important consideration we should ponder on is what do we actually do with the KRI data we capture?

In reality, why bother tracking Key Risk Indicators if we aren't going to do anything with them?  Yet, so many risk managers do go through this very exercise without bringing it to full conclusion.

In this article I would like to describe at a top level what we can use our KRI data for and outline what holds us back from that objective.

What to do with KRIs? [Part 1]

Over a typical month a lot of risk practitioners in my network pose various technical questions to me. Today is no different but this month we certainly have an interesting query that goes along the following lines:

"I am creating a data model for KRIs and Op Risk Loss Events and would be curious to know how the metadata model and tables could work, how can I simulate or model Key Risk Indicators?" | US Banker

A good question without any doubt and from what I observe in general risk management practice, Key Risk Indicators are rarely modeled in coherent manner. Let's address the database design first, then we can investigate various ways in which Key Risk Indicators can be modeled. 

Big challenges in risk

Only the other day, someone asked me what are presently the biggest challenges in risk management and while risk culture is probably always going to feature, Risk Information Technology or Risk IT has a lot of issues. When I refer to Risk IT here, this has nothing to do with computers or network connectivity but instead the analytics on these machines. Interestingly, what holds the risk community back is not the technology aspect per se but in some respects narrow mindsets. Let's take a look ...

Risk Based Audit

One of the biggest trends I am witnessing in the domain of audit is for auditors to migrate a traditional audit across to a Risk Based Audit program. This auditors' evolution or revolution if you prefer is relatively pervasive across market and industry sectors. It is actually reaching a point that in the not too distant future, a traditional audit will be seen by many as an outdated and unsatisfactory process for auditing a company.

In this blog posting we share a complete paper / presentation that leads an auditor through the various phases or steps that are required to perform a Risk Based Audit. 

Comprehensive Risk Frameworks for Reputation

Reputation risk is without any doubt a major concern for different types of entities across the planet, and while risk managers recognize this fact, the methods by which many practitioners go about measuring and subsequently treating reputation risk can end up enfeebled and even missing the point.

In this blog posting, we share a complete and entire framework for Reputation Risk. 

The Auditor's Dilemma Part 1

Perhaps one of the largest dilemmas auditors face is being able to give stakeholders of any business they audit a level of confidence that they have captured and assessed 'all' material risks that threaten the company. A thumbs up if you prefer after an audit has taken place that the audit went well and the results are sound.

If risk is the effect of uncertainty on objectives, as the ISO 31000 global risk standard states it to be, it follows that senior managers often expect auditors to report on their coverage during a risk assessment exercise. They may also be keen to know what additional uncertainty may remain once the audit report has been published.

In this blog posting we are going to describe the auditor's dilemma and in future blog postings we will untangle this paradox. 

Market Risk Implied or Inherent

To extend on from our previous article on inherent risk [ LINK ] we will dive a little bit deeper into the importance of inherent risk using an example from the domain of market risk measurement.