It's all in the data – consistent operational risk measurement and regulation

Publication Date20 November 2007
Date20 November 2007
AuthorAndreas A. Jobst
SubjectAccounting & finance
It’s all in the data consistent
operational risk measurement
and regulation
Andreas A. Jobst
International Monetary Fund, Monetary and
Capital Markets Department (MCM), Washington, DC, USA
Purpose – Amid increased size and complexity of the banking industry, operational risk has a
greater potential to occur in more harmful ways than many other sources of risk. This paper seeks to
provide a succinct overview of the current regulatory framework of operational risk under the New
Basel Accord with a view to inform a critical debate about the influence of data collection, loss
reporting, and model specification on the consistency of risk-sensitive capital rules.
Design/methodology/approach The paper’s approach is to investigate the regulatory
implications of varying characteristics of operational risk and different methods to identify
operational risk exposure.
Findings – The findings reveal that effective operational risk measurement hinges on how the
reporting of operational risk losses and the model sensitivity of quantitative methods affect the
generation of consistent risk estimates.
Originality/value – The presented findings offer tractable recommendations for a more coherent
and consistent regulation of operational risk.
Keywords Risk management,Financial services, Regulation
Paper type Research paper
1. Introduction
Although financial globalization has fostered higher systemic resilience due to more
efficient financial intermediation and greater asset price competition, it has also
complicated banking regulation and risk management in banking groups. Given the
increasing sophistication of financialproducts, the diversity of financial institutions, and
the growinginterdependence offinancial markets, globalizationincreases thepotential for
marketsand business cycles to becomehighly correlated in times ofstress while banks are
still lead-regulated at a national level and crisis resolution becomes more intricate.
Although operational risk has always existed as one of the core risks in the financial
industry, it is becoming an ever more salient feature of risk management in response to
new threats to financial stability from higher geopolitical risk, poor corporate
governance, and systemic vulnerabilities from a slush of financial derivatives. Against
the background of inadequate risk management techniques, concerns about the
soundness of traditional operational risk management (ORM) practices, and limited
capacity of regulators to address these challenges within the scope of existing
regulatory provisions, the Basel Commit tee on Banking Supervision recently
The current issue and full text archive of this journal is available at
The views expressed in this paper are those of the author and should not be attributed to the
International Monetary Fund, its Executive Board, or its management. Any errors and omissions
are the sole responsibility of the author. The author is indebted to Marcelo Cruz, Rodney
Coleman, Paul Kupiec, and Brendon Young for their comments.
Operational risk
and regulation
Journal of Financial Regulation and
Vol. 15 No. 4, 2007
pp. 423-449
qEmerald Group Publishing Limited
DOI 10.1108/13581980710835272
completed an overhaul of the existing capital rules with the goal of introducing
regulatory guidelines for the capital adequacy of operational risk[1].
As the revised banking rules for internationally active banks (International
Convergence of Capital Measurement and Capital Standards or short “Basel II”) move
away from rigid controls towards enhancing efficient capital allocation through the
disciplining effect of capital markets, improved prudential oversight, and risk-based
capital charges, banks are now facing more rigorous and comprehensive risk
measurement requirements. The new regulatory provisions link minimum capital
requirements closer to the actual riskiness of bank assets in a bid to redress
shortcomings in the old system of the overly simplistic 1988 Basel Capital Accord.
While the old capital standards for calculating bank capital were devoid of any
provisions for exposures to operational risk and asset securitization, the new, more
risk-sensitive regulatory capital rules include an explicit capital charge for operational
risk, which has been defined in a separate section of the new supervisory guidelines
based on previous recommendations in the Working Paper on the Regulatory
Treatment of Operational Risk (Basel Committee on Banking Supervision, 2001b) and
the Sound Practices for the Management and Supervision of Operational Risk (Basel
Committee on Banking Supervision, 2003b).
The implementation of New Basel Capital Accord in the USA underscores the
particular role of operational risk as part of the new capital rules. On Februa ry 28, 2007,
the federal bank and thrift regulatory agencies published the Proposed Supervi sory
Guidance for Internal Ratings-based Systems for Credit Risk, Advanced Measurement
Approaches (AMA) for Operational Risk, and the Supervisory Review Process (Pillar 2)
Related to Basel II Implementation (2007) (based on a previous advanced notices on
proposed rule-making in 2003 and 2006). These supervisory implementation guidelines
thus far require some and permit other qualifying banking organizations (mandatory
and “opt-in”)[2] to adopt AMA f or operational risk (togeth er, the “advanced
approaches”) as the only acceptable method of estimating capital charges for
operational risk. The proposed guidance also establishes the process for supervisory
review and the implementation of the capital adequacy assessment process under Pillar 2
of the new regulatory framework. Other G-7 countries, such as Germany, Japan, and the
UK have taken similar measures as regards a qualified adoption of capital rules and
supervisory standards that govern operational risk under the New Basel Capital Accord.
Operational risk has a greater potential to transpire in greater and more harmful
ways than many other sources of risk, given the increased size and complexity of the
banking industry. It is commonly defined as the risk of some adverse outcome resulting
from acts undertaken (or neglected) in carrying out business activities, inadequate or
failed internal processes and information systems, misconduct by people or from
external events and shocks (Basel Committee, 2004a, 2005a, 2006b). This definition
includes legal risk from the failure to comply with laws as well as prudent ethical
standards and contractual obligations, but excludes strategic and reputational risk.
The measurement and regulation of operational risk is quite distinct from other
types of banking risks. The diverse nature of operational risk from internal or external
disruptions to business activities and the unpredictability of their overall
financial impact complicate systematic and coherent measurement and regulatio n.
Operational risk deals mainly with tail events rather than central projections or
tendencies, reflecting aberrant rather than normal behavior and situations. The loss

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT