Businesses will often argue that they are not exposed to operational risk in certain risk categories or scenarios because they carry insurance against just such risks arising. However, insurance payments can be slow and contentious and therefore Basel II does not allow for insurance to be used to reduce the gross amount of the loss, except under very narrow circumstances.
Under the AMA, a bank will be allowed to recognize the risk mitigating impact of insurance in the measures of operational risk used for regulatory minimum capital requirements, but only if specific, fairly onerous, criteria are met. The recognition of insurance mitigation is limited to 20 percent of the total operational risk capital charge calculated under the AMA. The qualifying criteria are as follows:
A bank's ability to take advantage of such risk mitigation will depend on compliance with the following criteria:
A bank's methodology for recognizing insurance under the AMA also needs to capture the following elements through appropriate discounts or haircuts in the amount of insurance recognition:
- The insurance provider has a minimum claims paying ability rating of A (or equivalent).
- The insurance policy must have an initial term of no less than one year. For policies with a residual term of less than one year, the bank must make appropriate haircuts reflecting the declining residual term of the policy, up to a full 100% haircut for policies with a residual term of 90 days or less. The insurance policy has a minimum notice period for cancellation of 90 days.
- The insurance policy has no exclusions or limitations triggered by supervisory actions or, in the case of a failed bank, that preclude the bank, receiver or liquidator from recovering for damages suffered or expenses incurred by the bank, except in respect of events occurring after the initiation of receivership or liquidation proceedings in respect of the bank, provided that the insurance policy may exclude any fine, penalty, or punitive damages resulting from supervisory actions.
- The risk mitigation calculations must reflect the bank's insurance coverage in a manner that is transparent in its relationship to, and consistent with, the actual likelihood and impact of loss used in the bank's overall determination of its operational risk capital.
- The insurance is provided by a third-party entity. In the case of insurance through captives and affiliates, the exposure has to be laid off to an independent third-party entity, for example through re-insurance, that meets the eligibility criteria.
- The framework for recognizing insurance is well reasoned and documented.
- The bank discloses a description of its use of insurance for the purpose of mitigating operational risk.
Operational risk capital may run into many billions of dollars and so it is certainly worth pursuing a 20 percent reduction in that amount and many firms are exploring how best to take advantage of this opportunity. At the same time, many insurance companies are looking to produce insurance products that can meet the many criteria required. In the following disclosure examples, firms have outlined their approach to the use of insurance to lower their operational risk capital requirements. -- Girling, Philippa X.. Operational Risk Management: A Complete Guide to a Successful Operational Risk Framework (Wiley Finance) (Kindle Locations 4607-4640). Wiley. Kindle Edition.
- The residual term of a policy, where less than one year, as noted above;
- A policy's cancellation terms, where less than one year; and
- The uncertainty of payment as well as mismatches in coverage of insurance policies.