Jan 15

The 2007 FRM. How to get a jump start: Part 4 (Operational Module)

by David Harper, CFA, FRM, CIPM

GreyGears

In this post (part 4 of 5), I will share a few ways to get a jump start on the Operational Risk section of the Financial Risk Manager (FRM) exam. However, this is the hardest module in the exam to discuss before we see the new study guide: operational risk is a younger science than market and credit risk, and so it is evolving rapidly. The other contributing factor is definitional; operational risk tends to be defined as everything that is not market or credit risk. So intangible phenomena like reputational risk seem to "expand" the operational risk bucket (although, in the case of reputational risk, with controversy as Basel's definition excludes it).

A good starting place is to see that readings like Reto Gallati's divide approaches taken into two dimensions: top-down versus bottom-up; and quantitative versus qualitative.

OperationalRiskQuadrants

Top-down approaches deal with the an entire firm as the unit of analysis (or at least the starting point). For example, earnings at risk is analogous to value at risk (VaR): what is the worst corporate income we would expect over a period of time, for a given confidence interval? If we could produce a multi-factor model that predicted earnings as a function of market and credit risk (i.e., earnings is equal to some sensitivity to credit risk plus some sensitivity to market risk), then the volatility of the residual (everything not explained by market and credit risk) could be called the operational risk.

Bottom-up approaches start at the business unit or process level. Linda Allen divides them into process approaches (which take conduct a "step by step analysis" of processes; think balanced scorecard), where you are really trying to understand why things go wrong) and actuarial approaches (which identify a range of possible operational losses, so they are not trying to figure out the "whys" of causation, but instead they are just trying to plot a distribution).

In a nutshell, bottom-up approaches are more complex, data intensive and time-consuming but they are also more helpful. If you want to generate a forward-looking diagnostic tool, you pretty much must use a bottom-up approach.

The other obvious place to start is Basel II. I think the first hurdle to understanding the Basel II regulations is figuring out how the pieces fit together. Below is part of the map we prepared for our customers. At the top, you can see, there are three mutually reinforcing pillars. The first pillar refers to minimum capital requirements, which in turn consists of credit, market and operational risk (only credit risk is shown below). Within credit risk, we can think broadly about (from left to right, below): 1. an approach to calculating the capital requirement, 2. rules for mitigation, and 3. rules for securitization. For each of these three areas (now going down the map below), there is a either a standardized approach or an internal approach. (But note that mitigation includes either simple or comprehensive.) Further, the internal approaches each have two or three variations. First, just get the lay of the land!