【操作风险文献综述】第二期：操作风险定义、分类、管理与特点

相似文件 换一批

是 否 +2 论坛币

k人 参与回答

经管之家送您一份

应届毕业生专属福利!

求职就业群

赵安豆老师微信：zhaoandou666

经管之家联合CDA

送您一个全额奖学金名额~ !

立即领取

感谢您参与论坛问题回答

经管之家送您两个论坛币！

+2 论坛币

www.cord-oprisk.com。欢迎学者垂询数据细节以及商谈合作，联系邮件gapt418@outlook.com。随着操作风险时间越来越受到关注，比如近期的光大乌龙指事件和上海泛鑫美女老总携巨款跑路事件，我们可能会有疑问操作风险到底在金融机构中受到了多大重视。在 P. Jorion.Value-at-Risk: the New Benchmark for Managing Financial Risk. McGraw-Hill, NewYork, second edition, 2000 一书中，银行大致把60%的监管资本分配给了信用风险，15%给了市场风险，剩下的25%分配给了操作风险，所以操作风险还是占到了很大的比重，这一期我们重点介绍对操作风险的定义，如何对其进行分类，比较了操作风险与其他风险管理的异同，以及逐条列出操作风险的特点。大部分内容可能会以英文呈现。

操作风险定义的历史轨迹
对操作风险的定义向来是每一统一的标准，直到巴塞尔银行监管协会（BCBS）的定义出现，但是它们的定义也有很多缺点，下面列表整合了文献和各机构对操作风险的定义。

• Rao and Dev (2006): the negative definition, Medova and Kyriacou(2001) and Jameson (1998) agree; Buchelt and Unteregger (2004) disagree
• The Group of Thirty (1993): uncertainty related to losses resultingfrom inadequate systems or controls, human error or management
• Bankers Trust: all dimensions of decentralized resources-clientrelationship, personnel, the physical plant, property and assets for whichBankers Trust is responsible, as well as technology resources
• Barclays Bank: fraud, failures in controls and the like
• Chase Manhattan: the risk rising from activities associated withtheir fiduciary dealings, execution, fraud, business interruption, settlement,legal/regulatory, and the composition of fixed costs
• The Commonwealth Bank of Australia (1999): all risks other thancredit and market risk, which could cause volatility of revenues, expenses andthe value of the Bank’s business
• Shepheard-Walwyn and Litterman (1998) at a seminar at the FederalReserve Bank of New York: operational risk can be seen as a general term thatapplies to all the risk failures that influence the volatility of the firm’scost structure as opposed to its revenue structure
• British Bankers’ Association (1997): the risks associated with humanerror, inadequate procedures and control, fraudulent and criminal activities;the risks caused by technological shortcomings, system breakdowns; all riskswhich are not banking and arising from business decisions as competitiveaction, pricing, etc; legal risk and risk to business relationships, failure tomeet regulatory requirements or an adverse impact on the bank’s reputation;external factors include: natural disasters, terrorist attacks and fraudulentactivity, etc
• Tripe (2000): operational risk is the risk of operational loss
• Lopez (2002): every type of unquantifiable risk faced by a bank
• Crouchy (1998): the risk that external events, or deficiencies ininternal controls or information systems,will result in a loss-whether the lossis anticipated to some extent or entirely unexpected
• Crouchy (2001): the risk associated with operating a business; therisk that there will be a failure of people, processes, or technology withinthe business unit
• Halperin (2001): loose-limbed concept that includes potential lossesfrom business interruptions, technological failures, natural disasters, errors,lawsuits, trade fixing, faulty compliance, fraud and damage to reputation,often intangible fallout from these events
• BCBS (1998): the most important types of operational risk involvebreakdown in internal controls and corporate governance; and that suchbreakdowns can lead to financial losses through error, fraud, or failure toperform in a timely manner or cause the interests of the bank to be compromisedin some other way, for example, by its dealers, lending officers or other staffexceeding their authority or conducting business in unethical or risky manner;major failure of information technology systems or events such as major firesor other disasters
• Robert Morris Associates (1999): the direct or indirect lossresulting from inadequate or failed internal processes, people and systems, orfrom external events
• BCBS (2004): the risk arising from inadequate or failed internalprocesses, people and systems or from external events; BBA provides furtherdetails
• BCBS (2007): the risk of direct or indirect loss resulting frominadequate or failed internal processes, people and systems or form externalevents (including legal risk)
• Marshall and Heffes (2003) cite Peyman Mestchian, head of riskmanagement as SAS UK: the threat coming from such factors as people, processesand internal systems, as well as external events unrelated to market and creditrisk
• Mestchian (2003) decomposes the BCBS definition into 4 components
  

• Process risks, such as inefficiencies or ineffectiveness in thevarious business processes within the firm. These include value-drivingprocesses, such as sales and marketing, product development and customersupport, as well as value-supporting processes such as IT, HR, and operations
• People risks, such as employee error, employee misdeeds, employeeunavailability, inadequate employee development, and recruitment
• Technology (or system) risks, such as the system failures caused bybreakdown, data quality and integrity issues, inadequate capacity, and poorproject management
• External risks, such as the risk of loss caused by the actions ofexternal parties (e.g., competitor behavior, external fraud, and regulatorychanges) as well as macroeconomic and socioeconomic events
  

• Critique of BCBS definition: Turing (2003) too broad; Herring (2002)omits basic business risk (Kuritzkes and Scott, 2002), indirect costs andreputational risk; Hadjiemmanuil (2003) no consensus; Thirlwell (2002)measurable not what causes banks to fail
• IFCI Financial Risk Institute (2000): the risk of unexpected lossesarising from deficiencies in a firm’s management information, support andcontrol systems and procedures; while legal risk is the risk that a transactionproves unenforceable in law or has been inadequately documented or Turing(2003) defines legal risk as the risk that one is unable to enforce rightsagainst, or rely on obligations incurred by, counterparty in the event of adefault or a dispute
• Turing (2003)
  

• The risk that deficiencies in information systems or internalcontrols will result in unexpected loss
• The risk that a firm will suffer loss as a result of human error ordeficiencies in systems or controls
• The risk run by a firm that its internal practices, policies, andsystems are not rigorous or sophisticated enough to cope with untoward marketconditions or human or technological errors
• The risk of loss resulting from errors in the processing oftransactions/breakdown in controls/errors or failures in system support
  

• Vinella and Jin (2005): the risk that the operation will fail tomeet one or more operational performance targets, where the operation can bepeople, technology, processes, information and the infrastructure supportingbusiness activities. Based on this definition, they also define the fundamentaloperational objective as operating within a targeted level of operational riskand in full compliance with regulatory and corporate guidelines, maximizeoperational performance while simultaneously minimizing cost. They argue thatthe BCBS’s definition is a special case of their generalized definition whenthe failure to meet an operational performance target results in a directmonetary loss. They further argue that while it is consistent with thedefinition of the BCBS, their definition has several advantages. First, it tiesoperational risk to distinct components of the operation via the operationalperformance targets. Second, it becomes possible, by using this definition, tomeasure operational risk in terms of operational performance metrics and targetlevels, as the probability that a component of the operation will fail to meetits target levels. Third, firms have substantial resources to define, capture,and report operational performance within the operation that can be used toestimate operational risk under their definition.
• Cagan (2001): operational risk is the risk of business disruption,control failures, errors, misdeeds or external events, and is measured bydirect and indirect economic loss associated with business interruption andlegal risk costs, and also by “immeasurables” such as reputation risk costs
  

操作风险的分类

对操作风险的分类至少可以从三个方面进行：第一是起因（cause），第二是BCBS定义的事件类型（event types），第三是操作风险的影响（effect），举个例子来说，外部欺诈（event）就是由人员（cause）引起并会造成法律诉讼成本（effect）的事件，内部欺诈（event）是由内部流程（cause）引起并会造成资产缩水（effect）的事件，结算失败（event）是由系统或软件（cause）引起并会造成补偿金支付（effect）的事件。

• Cause: people risk; process risk; system (or technology) risk; externalrisk (external fraud such as external money laundering, natural disasters suchas floods, and non-natural disasters such as arson)
  

• The person doing the activity makes an error
• The process that supports the activity is flawed
• The system that facilitated the activity is broken
• An external event occurs that disrupts the activity
  

• Event: BCBS event types
• Effect: the legal and accounting forms of consequential losses
  

• Direct loss before or after direct recovery, the financial effect ofa loss event includes all out-of-pocket expenses associated with an operationalloss event but does not include opportunity costs, forgone revenue, or costsrelated to measures implemented to prevent subsequent operational losses. Low frequency, low severity : do nothing; High frequency, lowseverity: may do nothing. However, they canaccumulate to the point where the severity becomes larger, such as if ittriggers a loss of reputation. E.g., settlement errors and credit card fraud.Occurrence results in efficiency losses; Medium frequency, medium severity, can cause a dramatic increase inexpenses, demanding liquidity; Low frequency, highseverity: analyze by scenario testing. Handled byplanning for these in advance and/or by financing risk such as by purchasinginsurance. E.g., rogue trading, major lawsuits, terrorism and natural disasters. Occurrence can adversely affect the capital of the firm, severely harm itsreputation or in extreme situations even threaten its existence, causing solvencyissues; High frequency, high severity: take risk control measures. May finance risk such as by purchasing insurance.
• Indirect or nonfinancial loss which is excluded by BCBS’s definition: Reputational loss; Positive or negative externality to other firms within the industry; Errors; Risk ratings; Risk scores;  Other performance indicators
  

操作风险的管理与其他风险相比较

适用于任何风险管理的一般逻辑步骤顺序	操作风险的对应步骤
Risk organizational& governance structure set policies, procedures & processes formanaging risk, define risk tolerance to various risks in terms of what theorganization is willing & able to bear
识别 Identification, setof procedures for identification of risks along different bank processess risks in terms of what theorganization is willing & able to bear	With independence,capacity (adequately staffed w/ adequate resources), & professionalcompetence & due diligence to identify and analyze causes of various operationalrisk events. Then estimating the frequency and severity of risk events
评估或测量Assessment/measurement, set of procedures for quantification based onadvanced methods and approachesperationalrisk events. Then estimating the frequency and severity of risk events	Analyze variousidentified risk events and measure their impacts on business operations by asound quantitative approach that will reveal the distributions of lossfrequency and loss severity. It is at this step that different models enter
监控或限制 Monitoring/limitation,set of controls and limitation instruments which minimize the impact ofoperational riskslossfrequency and loss severity. It is at this step that different models enter	Key performance indicators:are we achieving our desired level of performance? Key risk indicators: how’sour risk profile changing, is it within our desired tolerance levels? Key controlindicators: are ourorganization’s internal controls effective?
企业全面风险监控 Integration	Riskstrategy, integration with market and credit risk

跟帖中继续 操作风险的特点（而非操作风险数据的特点）

扫码加我 拉你入群

请注明：姓名-公司-职位

以便审核进群资格，未注明则拒绝

分享0 收藏1 回帖

关键词：操作风险 文献综述 Organization interruption relationship 风险度量 风险管理 操作风险 second 数据库

操作风险的特点（而非操作风险时间数据的特点）

学术界有争议的特点

• take该种风险不能产生利润 Not used to generate profit (one-sided?)
• 与发生风险机构的特定息息相关，不具普适性 Usually dependsmore strongly on the culture of a particularinstitution, and the context of a particular event (idiosyncratic?)
• 无法与其他风险分开对待 (Indistinguishable?) fromother risks
  

学术界公认的特点

• 影响很大 Material risk, one of the major causes of organizational failure and the destructionof shareholder value
• 异质性 Cross-sectional diversity, combines exogenous(natural disasters, terrorism, etc.) and endogenous(technology, human resources, processes, etc.) factors
• 时间序列特性且难以预测 Time-series dynamics, loss data changes continually with the institution’s businessstrategy, technology, processes, human resources, etc. and the evolution of theenvironment (competition, macroeconomics, etc.) in which it operates. Use Phylogenetic instead of scenario analysis to assessemerging or evolving operational risksmight occur in the future
• 风险因子和风险损失关系不明 Unclear links between riskfactors and OR losses, it does not have clearexposure measures for transactions and processes and sensitivity measures tendto be highly non-linear if identifiable
• 不能像信用风险和市场风险一样采取分散投资的方法来规避 Lack/Uncertainty ofposition equivalence and difficult to achieve portfolio completeness of operational riskexposures.
• Risk mapping is the basis ofoperational risk as, unlike market and credit risks, it is not productspecific. The market risk of a derivative contract depends strictly on thecontract’s features and on the relevant market risk factors. Once the deal isconcluded, the underlying process, by and large, does not matter to the relatedmarket risk exposure. It is impossible, on the other hand, to analyse theoperational risk in the trading activities of a bank without a thoroughunderstanding of the whole trading process from initial negotiation to finalaccounting.
  

度量和控制操作风险时操作风险所显现的特点

• 操作风险模型很难评估 Difficulty in validatingoperational risk models
• 控制和减少操作风险涉及到对流程，技术和人员的改进，成本很高 Control and mitigation involve changes in processes, technology, human resources,etc.
• 很难评估操作风险管理的决定的效果 There are difficulties when capturing/assessing the effect of risk managementdecisions
• 操作风险的监管措施和成熟程度随着国家、地区、行业和机构的不同相差巨大 Wide divergence in regulatory maturity levels for operational risk across regions, countries, industries, andcompanies
  

【微信如何关注】
微信，通讯录，添加朋友，搜索号码：ChinaAlterInvestment；
微信，通讯录，公众号，订阅号，右上角加号搜索：特许另类投资分析；
或扫描下方二维码添加：

【官方微博】
新浪微博账号：上海财经大学高翔
腾讯微博账号：特许另类投资分析
【优酷】
提供博士、硕士、MBA风险管理和国际金融方向课程 http://i.youku.com/ChinaAlterInvestment
【领英】
http://cn.linkedin.com/in/xianggaoisu
【联系方式】
投稿与合作请联系邮箱gapt418@outlook.com，并请注明您的身份和事由
【了解更多】
请登录官方网站
科德中国金融机构操作风险数据库：www.cord-oprisk.com
特许另类投资分析中国：www.caiachina.com

主贴中未开头科德中国操作风险数据库信息被删除，这里重新说明，该数据库包含近5000条1987年至今发生在银行、保险、证券业的操作风险事件，详细记录了每条事件的背景和前因后果，并对每条事件进行了详细的分类和损失记录。具体细节请参考第一期【操作风险文献综述】：https://bbs.pinggu.org/thread-3155732-1-1.html

非常感谢分享

您好，请问，您的数据库网站是不对外公开的吗？点击进去后发现似乎被关闭了

你好

数据是我历时几年自行开发的，将于九月中下旬上线，请持续关注，www.cord-oprisk.com，数据只会公开summary stats和一部分，全部数据届时可能会要求您提供简历、研究计划或者论文proposal以及签署保密协议，我审核后作为您的coauthor将会同您共享数据。


谢谢！