Response to consultation on draft Regulatory Technical Standards on assessment methodologies for the Advanced Measurement Approaches for operational risk

Go back

Q2: Do you support the treatment under an AMA regulatory capital of fraud events in the credit area, as envisaged in Article 6? Do you support the phase-in approach for its implementation as set out in Article 48?

First and foremost, article 6 contradicts CCR Article 322-3(b), which states that: An institution shall record the operational risk losses that are related to credit risk and that the institution has historically included in the internal credit risk databases in the operational risk databases and shall identify them separately. Such losses shall not be subject to the operational risk charge, provided that the institution is required to continue to treat them as credit risk for the purposes of calculating own funds requirements."

The NVB understands and supports the managerial aspect of managing this risk within ORM. However, the data collection of operational risk events is difficult. From a prudential perspective, it would be preferable to use the existing credit models and procedures to calculate the capital for these ORM losses. The primary objective is for the modelled capital to be as accurate as possible. The results of such events could be calculated by using the credit risk model, and subsequently be allocated to operational risk.

Next to these points, the proposal requires a substantial change in the existing data collection and modelling processes, both for operational risk and credit risk. Also the consequences in terms of capital requirements are unknown, and the benefits are unclear. What is key is the way management acts upon all cases of fraud and that its sources are dealt with effectively. Against this backdrop, the NVB advises to maintain the treatment under the credit risk umbrella, by increasing the threshold."

Q3: Do you support the collection of ’opportunity costs/loss revenues‘ and internal costs at least for managerial purposes, as envisaged in Article 7(2)?

Yes, the NVB supports the collection of this data. However, it should be noted that some opportunity costs and lost revenues can be very hard if not impossible to quantify, as the data is hard to collect. For instance when a customer chooses to discontinue its business with the bank after an operational risk event. Staff will have to assess the amount of lost business and this will require training.

Q4: Do you support the items in the lists of operational risk events in Articles 4, 5 and 6, and the items in the list of operational risk loss in Article 7? Or should more items be included in any of these lists?

With regard to legal risk; the definition of events related to legal risk is broadened beyond the strict legal requirements by including breaches of “internal rules”. This does not accurately reflect “legal” risk because internal rules can be stricter than the legal requirements. In addition, the article brings conduct risk into focus through ethical conduct”. This is not related to "legal" risk. With regard to paragraphs 4 & 5 the first lines should be extended to “(…) from the scope of operational risks related to legal risk”, since some examples given are operational risks. The exclusion of events that are not to be labelled as legal risk should not be the focus of regulation. These could be better stated as guidance.

Article 7 (2): The items mentioned are indeed relevant for management purposes but the completeness of these items will be difficult to prove. Improving the accuracy of information will come at great costs, while the improvement of the capital calculation is expected to be low.

It should be noted that a breakdown of the legal costs, as required by article 7(b) (1) is not very practical. The current practice is that law firms bill banks based on hours worked, not split by specific cases. Consequently this practice will have to be revised, making the processes less efficient."

Q5. Do you support that the dependence structure between operational risk events cannot be based on Gaussian or Normal-like distributions, as envisaged in Article 26 (3)? If not, how could it be ensured that correlations and dependencies are well-captured?

The NVB does not support this change. In the consultation is stated that:
a) The use of a Gaussian or Normal-like copula generally does not appear well suited for operational risk.
b) The 2008-2009 crisis indeed made it clear that the use of Gaussian or Normal-like functions and copulas have significantly underestimated market risk and credit risk tail events.
c) As tail events are usually the main drivers of operational risk, which is perceived as a more ‘fat-tail kind of risk’, dependencies in operational risk and consequently the embedded correlation structures in copulas have to be treated in a more conservative way.

However, regarding these three points the following comments need to be made:
a) Research on the existence of tail correlation has shown that there is no real proof for the existence of tail correlation . This is the case for research done by individual banks and by ORX, where ORX has a very large dataset at their disposal. Consequently, one cannot simply state that the Gaussian copula does not appear well suited. We kindly request the EBA to provide information that formed the basis for this statement.
b) It might be true that a Gaussian copula understated the market risk and credit risk tail events. However, the experience from these two areas cannot simply be extrapolated to operational risk. The nature and modelling of operational risk differs significantly from the other two risk types.
c) Tail events are the main drivers of operational risk. These tail events however, are generally isolated incidents, and not the sum of correlated incidents. It should also be noted that incidents that are caused by a common operational risk are required to be registered as one incident, as is stated in BCBS 196 .

As per the above, correlation in general is coincidental for operational risk, as true causal correlations are ruled out by the above. Historical data shows that companies are hit by severe single events. There might be a few known cases, but most of the large hits are stand alone events. Next to this, the effect of tail correlation is only a single component of operational risk modelling. Correlation modelling cannot be viewed separate from, for instance, the modelling of the severity distributions. It is not clear why correlation is being isolated. In our view, the use of tail correlation in itself does not necessarily result in inappropriate capital levels. Similarly, the absence of tail correlation in a model does not automatically mean that such a model underestimates the amount of capital. The appropriateness of the capital results cannot be judged on a single model element. It depends on many combined model aspects.

Although it is not our desired outcome, it should be noted that a transition period will be required in the event that changes to the modelling treatment of correlations and dependencies are required. Such a transition period will have to include time to finalise all the significant change procedures.

Q6: Do you support the use of the operational risk measurement system not only for the calculation of the AMA regulatory capital but also for the purposes of internal capital adequacy assessment, as envisaged in Article (42)(d)?

Yes, we support this approach, as it enhances consistency.

Upload files

BR2206.pdf (51.62 KB)

Name of organisation

Dutch Banking Association