Managing Operational Risk of Insurance Companies – Part 4

Operational Incident & Loss Data, and Capital Calculation

Internal loss data: Types of operational risk incident

An operational risk incident is a result of an operational risk event i.e., failed or inadequate internal processes, people and systems or an external event.  The following are some key types of operational risk incidents:

  • Operational Loss or Gain – A direct financial loss or gain, resulting from an inadequate or failed internal processes, people and systems or external events
  • Near Miss – An incident resulting from an inadequate or failed internal processes, people and systems or external events that could have but did not result in a financial gain or loss
  • Timing Issue – An incident leading to a financial gain or loss that is reversed sometime in the future with no net financial impact
  • Accounting Error – An error made in booking of a transactions on the income statement or balance sheet which goes uncorrected over a reporting period
  • Recovery – Firm’s recuperation of value or monies from external sources. The recuperation reflects the return of something that has been lost as the result of an incident

 

Critical components of incident target operating model

Internal loss data is a critical component of the ORM framework. It helps inform the operational risk profile of the business. To ensure the completeness and accuracy of the data collected has been the challenge most businesses face.

 There are six components of a target operating model:

Governance structure and process

  • Oversight committee structure, roles and responsibilities
  • Specific roles for oversight of: incidents/loss MIS, incident escalation requirements, framework monitoring including data integrity oversight
  • Governance/ escalation of decision making around consistent incident classification
  • Escalation channels for items requiring specific Board level review-i.e: inputs to Basel II effectiveness review; inputs to stress testing and capital plan.

Policies and procedures

  • Corporate level policy and procedures
  • Consistency with accounting policy
  • BU/ Regional sub-policies where necessary

Training and education

  • Minimum training requirements for all staff – on boarding and ongoing/ annual refresh. Specific training for certain roles including incident reporting, attestation, etc.

Processes and ley workflows

  • Comprehensive identification of incident sources in BU
  • Automation of loss collection where feasible, with direct feed from source system to incident databases
  • Automated reconciliation routines to GL where feasible
  • Consistency of manual collection processes for losses where appropriate and for other incident types
  • Clear accountability for identification, review, approval
  • Regular management sign-off/ attestation processes
  • Escalation and remediation accountabilities established

Technology infrastructure

  • Identified technology/ data requirements for incidents databases; automated data feeds general ledger account set up and validation/ reconciliation routines.

Monitoring, reporting and validation

  • BU requirements for ongoing monitoring of completeness, accuracy and timeliness
  • Ensure recoveries are specifically tagged for tracking purposes
  • Escalation and reporting of non-compliance
  • 2nd line monitoring by corporate ORM function
  • Periodic independent testing by IA
  • Specific monitoring and reporting of incident data quality; integration with data governance framework
  • Direct tie in to border Basel II Effectiveness, model and framework and validation requirements.

Note- Information management and data governance is a critical aspect of the operating model which in integrated in all components (*)

(*) The BCBS Principles for Effective Risk Data Aggregation and Risk Reporting principles are focused on enhancing governance, IT infrastructure, risk data aggregation capabilities and reporting for risk management routines.

End of the series on operational risks, thank you for reading and hope that was useful !

 

Leave a Reply

Your email address will not be published. Required fields are marked *