Operational Risk Management
Operational Risk Management
Systemic
• The danger that problems m a single financial institution might spread
and, in extreme situations, such contagion could disrupt the normal
functioning of the entire financial system.
External The risk of loss due to damage to physical property or assets
from natural or non-natural causes. This category also includes the risk
presented by actions of external parties, such as the perpetration of fraud, or
in the case of regulators, the execution of change that would alter the Bank's
ability to continue operating in certain markets.
• Disasters (natural disasters, non-natural disasters, etc.)
• External Misdeeds (external fraud, external money laundering, etc.)
• Litigation/Regulation (ca p i ta l control, regulatory change,
legal change, etc.)
a) Regularly review the policy and procedures of all organs of the Bank in
light of operational risk management;
b) Develop, distribute and review operational risk identification and
reporting formats;
c) Measure and report the level of operational risk to the Bank;
d) Ensure that appropriate internal controls and practices are m place
operating effectively and consistently with the Bank's policies, legal and
contractual obligations, and regulatory requirements;
e) Monitor the implementation for the identified risk findings of operational
risk.
The measurement of risk is based on the rating of each risk by usmg two
a) Impa ct refers to the magnitude of the effec t or to the result of a
particular outcome when it is evaluated against the objectives of the Bank; and
b) Like hood refers to the duration or frequency/ probability of the occ u rre
nce of the risk.
Thus, the operational risk measurement is based on the impact and likelihood
of the risk factors. Both factors use a rating of 1(lowest) to 5 (highest). These
two scores are then multiplied together to develop an overall Risk Score. The
formula can be portrayed as:
Potential Impact x Likelihood of Adverse Outcome = Risk Score
• Impact refers to the magnitude of the effect or result of the particular
outcome when it is evaluated against the objective of the Bank.
• Likelihood refers to the duration or frequency/ probability of occurrence
of the risk.
I. Risk scoring- Impact Assessment
While the scores have not intended to provide precise measu rements of risk,
they do provide a useful basis for identifyin g vulnerabilities and ensuring that
highly rated risks get the necessary attention, and provide a way of comparing
different risks across the Bank.
The risk management process will continue for those risks with an overall
rating of 4 and a bove . Risks with the scoring of 4 through 14, which is
flagged in yellow; that is to mean "be careful," may be managed by the
Executive Management. Where the overall rating is 15 or above, which is
Hagged in red, meaning "stop!" The risks identified are significan t. Hence, they
may call for the involvement of the Board of Directors.
30,000.00
90,000.00
70,000.00
00
Current
Account
40,000.00
30,000.00
70,000.00
40,000.00
150,000.00
90,000.00
if)
Special
Savings
40,000.00
30,000.00
70,000.00
40,000.00
150,000.00
90,000.00
00
Payment
Instruments
20,000.00
30,000.00
20,000.00
20,000.00
50,000.00
30,000.00
90,000.00
90,000.00
70,000.00
00
Domestic
Transfer
20,000.00
20,000.00
, \•
10,000.00
25,000.00
50,000.00
50,000.00
OC,
,r ;\., , \
The recruitment committee for positions below branch manager and division
manager shall be designated by VP, Corporate Services as follows:
• President/ VP Chairperson.
• Two Directors to be assigned by President--Member
• Director, HRM & SS -------- ------ ------ Member and minutes recorder.
5.4.5. REPORTING
The monitoring process also includes producing summarized reports that could
show the operational risk exposure and level of risk to the Bank, which has
been identified, measured and monitored by Risk and Compliance Management
Department to the Board's Risk and Compliance committee on quarterly basis
in brief for informed business decisions and proper management of
operational risk of the Bank. The reporting should be performed as an ongoing
basis; special attention shall be due to significant or high risk categories.
For reasons that may be beyond a ban k's control, a severe event may result
in the inability of the bank to fulfill some or all of its business obligations,
particularly where the bank's physical, telecommunication, or information
technology infrastructures have been damaged or made inaccessible. This can,
in turn, result in significant financial losses to the bank. This requires that the
bank to establish disaster recovery and business continuity plans that take
into account different types of plausible scenarios to which the bank may be
vulnerable.
The Bank shall identify critical business processes, including those where
there is dependence on external vendors or other third parties, for which rapid
resumption of service will be most essential. For these processes, the bank
shall identify alternative mechanisms for resuming service in the event of an
outage. Particular attention shall be paid to the ability to restore electronic or
physical records that are necessary for business resumption, where such
records are backed-up at an off-site facility. The bank shall periodically review
its disaster recovery and business continuity plans so that they are consistent
with their current operations and business strategies. Moreover, these plans
shall be tested periodically to ensure that the bank will be able to execute the
plans in the unlikely event of a severe business disruption. Finally, Enat
Bank's business continuity
and disaster recovery plan singles out how and who would execute the derived
course of actions.