External loss data is used in the operational risk framework to provide input to any operational risk calculation and valuable insights into these different forms of the risks. This external data in the advanced measurement approach (AMA) capital calculation is a required element to better asses risk.

External Operational Risk Event Data

It is possible for external events to help in informing the self-assessment activities control and the risk. They can also be used to develop key risk indicators which will be able to monitor the ever-changing business environment. Therefore, in developing a strong operational risk culture, being aware of these external events is paramount.

Sources of External Loss Event Data

Apart from online sources, there are some operational risk system vendors who make external databases available on a subscription basis. These external events are a valuable source of OpRisk data.

Subscription Databases

These are databases which have analyses of operational risk events and descriptions from various sources which provide useful data that helps in the mapping of events to the appropriate risk categories, business lines, and causes.

Consortium Data

They provide their members with benchmarking services and central data repositories. ORX produces benchmarking information by gathering information on the operational risk event from its members. The use of business lines in ORX is slightly different since it splits retail banking into two: private baking and retail baking.

It is crystal clear that Execution, Delivery, External Fraud, and Process Management are the greatest producers of events in a risk category. It can be deduced that for the member banks of ORX, Clients, Business Practices Events, and Products tend to be larger events. Relatives levels of operational risk in each single business line can be visually be represented by data.

Comparisons between Subscription and Consortium Databases

There is a very interesting impact that is exhibited by both collection methods and scope on the relative distribution of losses between ORX and IBM AlgoFIRST.

Size of Losses by Risk Category

Generally, there are strong differences between the two data sets of FIRST and ORX. The membership of ORX is limited, thus it suffers from a collection bias since not all opportunities are well utilized. In contrast, FIRST exhausts all of its opportunities.

Frequency of Losses by Risk Category

The press is often kept out of External Events. It is crystal clear that the dominance of External Fraud events majorly happens as a result of the presence and active participation of retail banks in the association.

Size of Losses by Business Line

There is a significant difference between the ORX and FIRST data when we compare the sizes of losses. This is seen when comparing the role of the different business lines.

Number of Events by Business Line

After the comparison of the events in the two databases, it can be inferred that retail banking drives ORX data whereas the FIRST data is more equally distributed among business lines. Although retail banking represents most of the FIRST database, it is slim in margin.

Challenges of External Data

Many operative risk functions use ORX or other data suppliers to complement their research. This data should be used with carefulness because it is tough to determine if a text is applicable without biases. However, an external file can be of relevance regardless of specific details. Lastly, the use of benchmarked data depends on the value of the primary data. Even though external data provides awareness for lessons that can be learned from the past, providing context and stress is the current industry’s trend. Loss data offers useful instances for risk, control self-assessment, and analysis

Soci\(\acute { e }\)t\(\acute { e }\)G\(\acute { e }\)n\(\acute { e }\)rale and the External Event that Shook the Operational Risk World

In 2008, Soci\(\acute { e }\)t\(\acute { e }\)G\(\acute { e }\)n\(\acute { e }\)rale publicized a €4.9 billion loss caused by a rogue trader known as Jerome Kerviel. He circumvented its internal controls, which he learned earlier by working at the bank’s back office. The French finance ministry claims to have given him a warning on trades above prescribed limits in 2005 in his amateur days of trading. However, in 2010, he was condemned to 3 years in prison and was ordered to pay back €4.9 billion to his employer. This large operational risk event, caused by many control faults, made firms engage in creating risk frameworks.

The following are highlights of the IBM Algo analysis of the event:

Mr. Kervielwas involved in a lot of unofficial activities to show his expertise as a trader, he was inefficiently overseen, he used knowledge learned from middle and back office to go unnoticed, and he had passwords to the back office allowing him to manipulate data. Moreover, it is believed that many red flags were overlooked: Mr. Kerviel asked for an unusually high bonus due to his good works, he often broke limits, the EUREX raised concerns on his trade volume, and he never took his vacation time allowing him to continue his unofficial activities while the bank had to rely on handbook processing.

The operational risk team met with senior administration to avoid this from happening. Fraud risk valuations were conducted and control measurement applied. Industry forums were held for risk operation managers to compare notes preventing future occurrence of the same scenario. Work sets were made, external event tracing enhanced, and panel packs prepared.

Key points

Losses or potential losses that occurred outside the company give awareness to possible disastrous events. A consortium catalog collects records from members, sharing ad benchmarking info with members. The collection methods can produce biased data that must be reflected when analyzing outside sources of data.

Practice Questions

1) Which of the following is NOT a use of external data?

1. Monitoring the performance of the board, management, and supervisors
2. Monitoring the changing business environment
3. Input for scenario analysis
4. Informing the risk and control self-assessment

The correct answer is A.

The external data is data sourced from outside and hence cannot be used to monitor the performance of the board, management and supervisors as this relies on internal data. All other options represent correct uses of external data.