BIS Paper Analyzes Operational and Cyber Risks in Financial Sector
BIS published a working paper that uses a unique cross-country dataset at the loss event level to document the evolution and characteristics of the operational risk of banks. The paper highlights that better supervision is associated with lower operational losses. It also provides an estimate of losses due to cyber events, which constitute a subset of operational loss events. Cyber losses are a small fraction of total operational losses, but can account for a significant share of total operational value-at-risk.
Representing a significant portion of total bank risks, operational risks are second only to credit risks as a source of losses. Thus, measuring and understanding operational risks, including cyber risks, is critical for both banks and public authorities. The paper uses a unique cross-country dataset from ORX, which is a consortium of financial institutions. The sample contains over 700,000 operational loss events from 2002 until the end of 2017 for a group of 74 large banks with headquarters worldwide. The granularity of the dataset allowed the authors to study the evolution of operational risks through time, compute an operational and cyber value-at-risk for financial intermediaries, document the time lag between occurrence, discovery and recognition of losses, and investigate the link between operational losses, macroeconomic conditions, and regulatory characteristics.
The results of the study show that, after a spike following the Great Financial Crisis, operational losses have fallen in recent years. The spike was largely due to losses arising from improper business practices in large banks that were incurred in the run-up to the crisis but recognized only later. Operational value-at-risk can vary substantially across banks—from 6% to 12% of total gross income—depending on the method used. These numbers are consistent with the actual capital requirements, but notably smaller than the basic indicator approach. The results provide some support for the shift to the standardized approach in Basel III.
The analysis shows that it takes, on average, more than a year for operational losses to be discovered and recognized in the books. However, there is significant variation across regions and event types. For instance, improper business practices and internal fraud events take longer to be discovered. Operational losses are not independent of macroeconomic conditions and regulatory characteristics. The paper shows that credit booms and periods of excessively accommodative monetary policy are followed by larger operational losses. Furthermore, it is to be noted that a higher quality of financial regulation and supervision is also associated with lower cyber losses. Despite representing a relatively minor share of operational losses, cyber losses can account for up to a third of total operational value-at-risk.
Related Links
Keywords: International, Banking, Operational Risk, Value-at-Risk, Cyber Risk, Standardized Approach, Research, BIS
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Pierre-Etienne Chabanel
Brings expertise in technology and software solutions around banking regulation, whether deployed on-premises or in the cloud.
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Previous Article
ISDA Updates List of Derivative Instruments Subject to Margin RulesRelated Articles
Regulators Fine Goldman Sachs for Risk Management Failures
FCA and PRA in the UK, FED in the US, and the authorities in Singapore have fined Goldman Sachs for risk management failures in connection with the 1Malaysia Development Berhad (1MDB).
Canada Hosts International Conference of Banking Supervisors
BCBS announced that OSFI and the Bank of Canada hosted the 21st International Conference of Banking Supervisors (ICBS) virtually on October 19-22, 2020.
FCA Proposes More Measures to Help Insurance Customers Amid Crisis
FCA proposed guidance on how firms should continue to seek to help customers who hold insurance and premium finance products and may be in financial difficulty because of COVID-19, after October 31, 2020.
EBA Issues Opinion to Address Risk Stemming from Legacy Instruments
EBA issued an opinion on prudential treatment of the legacy instruments as the grandfathering period nears an end on December 31, 2021.
ESRB Publishes Non-Bank Financial Intermediation Risk Monitor for 2020
ESRB published the fifth issue of the EU Non-bank Financial Intermediation Risk Monitor 2020 (NBFI Monitor).
HM Treasury Publishes Policy Statement Amending Benchmarks Regulation
HM Treasury announced that the new Financial Services Bill has been introduced in the Parliament.
APRA Initiates Action Against a Bank for Liquidity Compliance Breach
APRA announced that it has increased the minimum liquidity requirement of Bendigo and Adelaide Bank for failing to comply with the prudential standard on liquidity.
PRA Consults on Implementation of Certain Provisions of CRD5 and CRR2
PRA published the consultation paper CP17/20 to propose changes to certain rules, supervisory statements, and statements of policy to implement elements of the Capital Requirements Directive (CRD5).
US Agencies Finalize Rule to Reduce Impact of Large Bank Failures
US Agencies adopted a final rule that applies to advanced approaches banking organizations and aims to reduce interconnectedness in the financial system as well as to reduce contagion risks associated with the failure of a global systemically important bank (G-SIB).
US Agencies Finalize Rule on Net Stable Funding Ratio Requirements
US Agencies (FDIC, FED, and OCC) adopted a final rule that implements the net stable funding ratio (NSFR) for certain large banking organizations.
