Two years ago we noticed a resurgence in portfolio risk modelling and some new trends in the modelling practices being implemented, with an emphasis on supporting business decision-making by reducing complexity and fully linking to business intuition. Two years and one COVID-19 crisis later, there is still steam in the sails. The principle of "as-simple-as-possible" continues to create value by complying with regulation while allowing risk departments to support the business in optimising for long-term, sustainably-higher ROE. Read on below for more insights on how to use Portfolio Operational Risk Models to "make friends and influence people".
How to make friends and influence people
Such is the complexity of the COVID-19 pandemic that most banks are probably operating at the margins of their organisational capacity. Now, more than ever, it’s crucial for them to deploy scarce and stretched resources where they can most solve business problems. Seen within this context, modelling operational risk (OR) can be a time-consuming minefield because it:
- Requires a rare blend of skills to get right;
- Can jeopardise your credibility with regulators, if done badly; and
- Runs a high risk of generating illogical results that are of no real use to anyone.
And yet every firm that falls under Basel III’s Pillar 2A/R requirements has no choice but to estimate its OR capital requirements. They then have to share their results, interpretation and methodology with their regulators – who won’t even help firms out by telling them exactly what to do. Unfortunately, there seems to be almost as many modelling options as there are ways of going wrong.
To save time and money as well as free up capacity (so that your risk teams can focus on what they do best) we think nearly every firm should consider modelling OR through loss distribution analysis (LDA), using frequency, severity and scenario calibration. It’s the approach we use when our clients ask us to deliver a robust solution at speed. As a tried and tested methodology, it helps ‘make friends’ by meeting regulatory expectations and can ‘influence people’ because its outputs are credible and help your colleagues make better risk decisions.
From a regulatory perspective, it has been in use for many years now. As we continue to track the evolving regulatory environment (including the recent consultation paper on the UK’s approach to transition to CRRII/CRDV and the FCA’s discussion paper 20/2 on IFD/IFR for investment firms), we expect it to remain a principle method for internal Pillar 2 capital quantification.
We get it, you’re really busy
It takes time to build a model able to robustly estimate your OR capital in ways that are both sensible (they pass the ‘use’ test) and defensible (in the eyes of your model validation team, your board and the PRA). Some firms spend six months from start to finish – and still don’t end up with a sure-fire success.
Right now, we can think of many better things your OR team could be doing: expanding scenario assessments to consider impacts on customers and markets; setting up your operational resilience framework; reporting to the board on COVID-related developments in the firm’s OR profile.
By adopting the scenario-based-LDA approach that Deloitte has long advocated across the financial services (FS) industry, firms can shave five of the six months from their initial development schedule. Why? Because the methodology is established and ready to go, particularly if implemented through a vendor hosted-web-service (e.g. Capital Clarity). That frees up firms to focus on understanding their true OR risk profile, which can then be used as inputs for the model (thereby avoiding the ‘GIGO’ problem of ‘garbage in, garbage out’).
OR modelling is neither fish nor fowl
If your firm is like most of the firms we’ve worked with, your OR team will have extensive experience in control frameworks, conducting internal audits, analysing processes and rolling out risk management frameworks. The skill set you recruited them for probably didn’t include understanding the finer points of conditional, cumulative and absolute probabilities. Yet that’s what they need to deliver OR models to the standards both expected by regulators and needed to support business investment decisions.
Asking for help from more numerate colleagues is not the solution it might seem. Ask a credit or market risk modeller to try their hands at operational risk and you may find yourself running into problems. Operational Risk data often ranges from patchy to non-existent and the intuition behind this low frequency, high severity risk type is very different to the others (which is why firms typically do not raise provision, aimed at expected rather than unexpected losses, for it either!).
The long and the short of it is this: you need a mixture of skills to pull off OR modelling:
- Enough experience of operational risk types to understand the model inputs;
- A thorough understanding of regulatory expectations to ensure your model passes muster;
- Experience in choosing between and applying statistical techniques so that you understand your model’s limitations and can carry it successfully through validation; and
- Familiarity in working with scenarios to generate the raw material that your model needs.
When it goes wrong, it can get really ugly
It’s rare to find all of these skills in a modestly-sized OR team. So it’s perhaps not surprising that sometimes the models such teams develop will generate problems down the line. Poor levels of transparency, plausibility or stability are three common problems, as are models that are hard to explain, hard to validate and hard to apply in practice. As a consequence, firms may end up holding more or less OR capital than they really need. Their reputation with their regulators suffers. And a lot of time and energy is wasted as internal stakeholders reject a model that doesn’t align with their understanding of the business’ risk profile.
In the worst case we’re aware of, the board of one firm was seriously embarrassed to discover it had approved a model that the PRA soon pulled to shreds. That’s not a good look for a firm endeavouring to come across as technically-savvy.
You may be missing a trick
The LDA approach to OR modelling that we’re recommending in this article doesn’t merely get you off the hook with respect to your obligations. It’s also genuinely insightful. By simplifying the model choices, it frees up time for your risk-type SMEs to assess the true risk profile of the firm – which in any case should be their skills sweet-spot.
By harnessing your firm’s best insights and channelling them through a model that has passed regulatory scrutiny dozens of times, the results are capital allocations that are easy to understand and share around the business. Better first-line and second-line buy-in means the model can pass the ‘use test’ and become the basis of business decisions. It’s not just a more accurate tool for calculating capital. It’s a better way to understand your true risk profile and decide on investment priorities for risk (and capital) reduction.
All of the actions we recommended two years ago (here) remain relevant. Two years has seen some further convergence in modelling approaches as firms align on the "as-simple-as-possible" approach that provides maximum business insight for its complexity, and thus lends itself best to helping the business maximise long-run ROE. On this basis we've become somewhat more prescriptive on methodology in this article (as a reminder, it’s the "loss distribution analysis approach using frequency and severity estimates gleaned through SME inputs on scenarios"). To demonstrate that we put our money where our mouth is, we've also built this methodology into a hosted-web-service Capital Clarity aimed at making it easier still. If you don't already use Portfolio Capital Models to make business decisions, you may be running out of excuses!
For more information on any of the contents of this article or to join our Pillar 2A/R community including webinars, insights updates and more, email firstname.lastname@example.org or visit our Capital Clarity webpage.