Making Sense out of Metrics ISDA / PRMIA 17th August 2004 In 2002……… A global survey of 76 banks on the existence of formal KRI programs: Acknowledgement Raft International Limited What is a KRI? The number of fails has increased by 2% Is this a KRI? Some definitions…… Metric – something observed or calculated that is used to show the presence or state of a condition or trend; an instrument or gauge that measures something and registers the measurement; something such as a light, sign, or pointer that gives information, for example about which direction to follow KRI – Key Risk Indicator KPI – Key Performance Indicator KCI – Key Control Indicator KMI – Key Management Indicator Overall, prefer the general term “indicator” What is a Risk Indicator? Risk indicators are usually monitored over time Late trade processing in Bank X in May 2004: London 9%, New York 10%, Singapore 9% Late Trade Processing In which branch 15% do we have a 10% London problem? New York 5% 0% Singapore Feb Mar Apr May What is a Risk Indicator? So, Singapore is the problem! Is it? Late Trade Processing absolute numbers 3500 15% 3000 2500 10% 2000 1500 London New York 5% 1000 Singapore 500 0 Feb Mar Apr May 0% Feb Mar Apr May Data without context may not expose the entire problem! The Choice from the Multitude A typical operation can identify hundreds of indicators Some are risk, others performance indicators Indicators’ relevance and weight change over time Some indicators are meaningless on their own Graphics adapted from Reason, J.: “Managing the Risks of Organizational Accidents", Aldershot: Ashgate, 1997 Other factors If a ratings agency is to rate operational exposure, how will they compare different organisations? How will regulators evaluate the effectiveness of different organisation’s operational risk capabilities? How does a business unit provide senior management quality information? Can the organisation use operational metrics to provide stakeholder information? But, KRIs have been disappointing… No means of consistently relate the occurrence of loss events and the location of problems/situations No means of classifying types of KRIs Plenty of data but no idea of its relevance No way to determine relevance No observable best practice No means of comparison, either internally or externally The solution? An organisation needs a common language or framework which identifies areas of exposure and then allows….. – Metrics to be identified to measure, monitor and manage those exposures – Data on losses, near misses and control failures to be recorded – Ongoing assessment of the exposure – Performance measurement around the exposure, including use of capital KRI Study - Background Recognising the need, RiskBusiness developed a strawman framework for identifying risk points within an institution RMA and RiskBusiness co-sponsored Part I of the Study to ascertain the feasibility of using the framework as a KRI framework Seven institutions tested the framework in a risk mapping exercise Initial Participants 7 banks participated in Part I: – Citigroup – Deutsche Bank – Dresdner Kleinwort Wasserstein – JP Morgan Chase – KeyCorp – Royal Bank of Canada – State Street ANZ and Abbey then joined to form the Study Steering Group for Part II The Study Part I – Proof of Concept Part II – 3 primary activities : – Broaden participation, transfer experience, build industry risk profile – Define KRI Library – Develop detailed specifications Future : – Industry benchmarking – Extend participation further The KRI Framework Validation Initial risk maps were evaluated to establish “most risky” risk categories and business functions Compared these to a similar evaluation of the QIS 3 data and to the complete Fitch Risk First database Broad correlation, taking into account the nature of the two data sources Participant risk map deviations Based on risk category: RMA/RiskBusiness Risk Categories Data Management Improper Practices Infrastructure & Systems Transaction Management Internal Theft & Fraud Stage 1 Rankings (additive High ratings) 1 2 3 4 5 Participant Participant Participant Participant Participant Participant Participant A B C D E F G 2 1 5 7 3 5 1 7 6 2 3 1 2 6 5 2 1 3 6 5 1 4 2 6 3 2 1 3 5 4 2 7 5 1 9 Risk Business 3 2 1 4 5 Participant risk map deviations Based on business function: RMA/RiskBusiness Business Functions Payment/Settlement/Collection (cash/securities) Instruction or Order Management Custody and Actions (including assets) Transaction/Fees Capture and Record Update Relationship Management Confirm/Affirm/Matching and Documentation Transaction Maintenance and Administration Infrastructure, Networks & Maintenance Pricing and Quotations IT Security Stage 1 Rankings (additive High ratings) Participant Participant Participant Participant Participant Participant Participant A B C D E F G Risk Business 1 2 3 1 1 1 3 3 2 2 3 1 6 1 2 3 4 2 3 1 3 1 8 - 1 3 4 21 23 2 5 5 5 2 11 5 6 3 5 4 9 19 19 11 4 14 4 18 2 1 - 14 4 7 21 7 13 13 10 5 5 15 8 3 36 21 6 7 7 - 8 9 10 13 10 13 5 28 14 9 5 7 13 3 9 - 8 12 Participants in Part II Abbey† ABN Amro ABSA Acleda Bank Alliance and Leicester ANZ† Bank Austria Creditanstaldt Bank Julius Bäer Bank of America Bank Rakvat Indonesia Bank Vontobel BNP Paribas Byblos Bank Capital One Citigroup† Commerzbank De Lage Landen (sub of Rabobank) Deutsche Bank† Dresdner Kleinwort Wasserstein† Erste Bank Euroclear Federation de Caisses Desjardins du Quebec GMAC Halifax Bank of Scotland HSBC † = Lead Participant Huntington National Bank Investec JP Morgan Chase† KeyCorp† Kookmin Bank Macquarie Bank Mizuho International National Australia Group National Bank of Canada Nomura International Northern Trust People’s Bank Royal Bank of Canada† Royal Bank of Scotland RZB San Paolo IMI SE Banken Southwest Bank of Texas Standard Bank of South Africa State Street† Sumitomo Mitsui TD Financial Group Woori Bank Washington Mutual Defining Indicators Identify candidates for each risk point Evaluate candidates against qualifying criteria (effectiveness, comparability, ease of use/collection) Agree descriptions for each qualifier Prioritise nominated indicators Participant comment and review Generate detailed specifications, stored in KRI Library at www.KRIeX.org Considering each risk point….. Before the problem has been generated Look for ‘Early Warning Flags’ After the problem has been generated Identify ‘Problems in Progress’ Potential loss events, include events that could lead this or another institution to loss Near misses, loss = 0 Research ‘Historical Events’ 0 < Losses < threshold Losses > threshold Issues for consideration What is a KRI...KPI…KCI…or MIS? – An indicator can perform multiple roles depending on who is using it What about scaling and aggregation? – Do we scale then aggregate, or vice versa? How many indicators should a firm be monitoring? – The quest for the “Magic 10” – the KRI Library has 1,600 indicators Issues for consideration Top-down versus Bottom-Up – Operations develop metrics for ongoing use, Management want information Combinations and clusters of indicators – Experience has demonstrated that in many cases, it is groups of indicators which will provide the best management information – Staff Turnover and Transaction Volumes and Error Rates and …… Next Steps - Benchmarking Selected indicators will be driven totally by broad participant agreement Consists of participants delivering KRI data to centralised function : – Data will be anonymous – Data will be collated, analysed and benchmark values calculated Participants have access to benchmarks for comparative purposes First submission expected in Q2, 2005 Next Steps – KRI Library Next intake of participants into KRI Library starts in October 2004 – currently have 68 additional firms wishing to join Insurance KRI Study starts during Q4 2004 Ongoing maintenance and extension to the Library In Summary….. A well-developed and structured indicator program can deliver quality management information and could possibly be used as an adjustor to capital…or at least as a measure of efficient and effective use Common language and standardisation is imperative The indicator program must deliver value at all levels Contact details RiskBusiness International Limited – URL : www.riskbusiness.com – Study URL : www.kriex.org Mike Finlay, Managing Director – Europe, Asia, Australia and Africa – Telephone : +44 7721 969 224 – E-mail : mike.finlay@riskbusiness.com
© Copyright 2024