Response to consultation on Regulatory Technical Standards on operational risk loss

Go back

Question 1: Do you think that the granularity of and the distinction between the different Level 2 categories is clear enough? If not, please provide a rationale.

I have mapped components of the EBA’s revised taxonomy to:

Publicly available loss data: primarily a dataset of 462 large loss events (≥$0.1bn), sourced from IBM FIRST Case Studies, suffered by 31 current and former G-SIBs, with occurrence dates of between 1^st January 1989 and 31^st December 2023, and with a combined value of $421bn;
The business profiles and stakeholders of banks, as this drives their Operational Risk profiles; and
Actual individual events and hypothetical case studies to identify and illustrate overlaps and omissions.

My conclusions are that whilst there have been a number of good enhancements to the taxonomy there are two categories of issues:

Mutually exclusive and collectively exhaustive: The understandable retention of the Basel II Level 1 risk structure leads to overlaps and omissions in the taxonomy. I have set out a number of tactical enhancements to address these issues (see the attached file); but further guidance and examples are required from the EBA to more effectively differentiate causes, events, and impacts, in order, in particular, to ensure mutual exclusivity; and
Granularity: The taxonomy is insufficiently granular to support effective Operational Risk management with regard to both ICT and cyber risks. I have included in the attached file, two Appendices that set out taxonomies for ICT and cyber risks, based upon my analysis of ~900 events in the public domain, also sourced from IBM FIRST Case Studies.

My detailed observations are set out in the attached file.

Question 4: Is “Environmental – transition risk” an operational risk event? If yes, to which Level 2 categories should it be mapped? Please provide a rationale.

Whilst Physical Risks obviously include damage to infrastructure and disruption to the supply chains of firms, they may also lead to increased market volatility; long term changes in the value of financial assets; and wider economic shocks, including raised default rates in affected sectors (e.g. agriculture and sectors with physical infrastructure), through physical damage and supply-side disruption.

In contrast, the economic impacts of Transition Risks are primarily demand driven. They arise from changes in the behaviors of authorities; investors, and customers & consumers; 3^rd and 4^th parties; and society, again leading to increased market volatility; long term changes in the value of financial assets; and raised default rates in affected sectors (e.g. fossil fuel dependent sectors). In addition, like Physical Risks, Transition Risks can also lead to risks of some instances of supply-side disruption due to the transition from old to new technologies, e.g. the transition from coal to hydroelectric power, which may themselves be more vulnerable to Climate Change, in the form of drought.

These complex inter-relationships are reflected in a mapping of both Environmental Transition & Physical Risks to the Basel II Level 1 taxonomy, that is contained in the attached file.

Question 7: Do you think that the granularity the proposed list of attributes is clear enough? Would you suggest any additional relevant attribute? Please elaborate your rationale.

Arguably, Operational Risk’s most important characteristic is its sensitivity to economic shocks. My analysis of 462 large losses (≥$0.1bn), with a value of $421bn, over a 35 year period, suffered by 31 current and former G-SIBs reveals that whilst Operational Risk losses are generally rather idiosyncratic, there are distinct spikes in losses associated with economic shocks, e.g. the bursting of the dot.com bubble and also the Global Financial and Euro Crises (see the attached file).

The mechanism for this sensitivity is partially revealed by analysing the nature of the losses, i.e.:

52% of losses are driven by Credit Risk, e.g. MBS related litigation and also inappropriate foreclosure in the US; whilst
9% are driven by Market Risk, e.g. the mis-sale of Interest Rate Derivatives in the UK and Europe.

Comparing large losses (≥$0.1bn), for the 31 current and former G-SIBs, for the period 1996 to 2006 against 2007 to 2017 demonstrates that economic shocks may:
Influence the Occurrence of Operational Risk events, e.g. customers driven to commit fraud by financial pressures, and traders who mismark to disguise trading losses, caused by an economic shock; or
Trigger the Detection of past & on-going Operational Risk events, e.g. the uncovering, at the beginning of the Global Financial Crisis, of Bernie Madoff’s two decade old Ponzi scheme; and / or
Exacerbate the Severity of events when they occur or are detected, e.g. the scale of compensation paid to customers regarding the mis-selling of Interest Rate Derivatives was driven, in part, by the magnitude of the reduction in interest rates at the beginning of the Global Financial Crisis.

Recommendation: Include an additional attribute entitled “Sensitivity to economic cycles”. This would be used for any Operational Risk loss event for which economic cycles have influenced Occurrence, triggered Detection, and / or exacerbated its Severity. This is valuable as it will aide institutions in their stress testing of Operational Risk.

Upload files

EBA_CP_2024_13_response_Michael_Grimwade_06_09_2024.pdf (1.05 MB)

Name of the organization

This is a personal submission

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre