In module 3, we'll look at how you collect operas data to measure and analyze risk. We'll also look at how you calculate regulatory risk capital requirements for unexpected losses and how to create scenario analysis. Collecting risk event data is the first step in measuring and analyzing risk. Internal operational loss data provides information for assessing an organization's exposure to op risk and the effectiveness of internal controls. By analyzing loss events, you can provide insight into what causes large losses and weather control failures are isolated or, more broadly, systematic. External data consists of operational loss amounts, dates, recoveries, and causal information for loss events occurring at other organizations. External data can then be compared with internal loss data and used to explore potential weaknesses in the control environment or to identify new risk exposures. Why do you collect data? You collect data in a risk event database to take immediate actions for risk reporting to assist the operas' committee in making decisions, to help design key risk and control indicators, to verify audit reports, and to create probability distributions for more advanced risk measurement approaches. There are five steps to developing a risk loss database. First, you classify business lines and risking loss types. Second, you define risk event data and data sources. Third, you make database reporting templates. Forth, you obtain management buy-in and assign risk management rules. The last step is to test the process. Data is classified into three broad types: The first is business areas; the second, risk event types; and the third, loss types. There are eight lines of business, including corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency services, asset management, and retail brokerage. Within these lines of business are different risk event types such as internal fraud, external fraud, employment practices, business practices, and so on. There are also four distinct types of loss: The first is direct, which includes client compensation and staff payments. Other loss types are pending losses, provisions, and indirect losses such as the opportunity cost of insurance premiums. Next, you must decide what data are essential to collect. Within record details, the most important data is who is the risk coordinator? Within identification data, the most important information is who is the observer? Within the risk event description, the most important data is date of occurrence and a description of the event. Evaluation data should include the amounts of losses and the effective risks event. Authorization data should identify, who is the line manager responsible? You need external loss data to supplement internal loss data when there's a lack of internal observations with no data integrity or granularity, which leads to low confidence level for measuring risk and incorrect decision-making. External loss data is important for validating decisions about risk controls and processes. Now you can think about your own organization to decide if you can identify some external loss examples, including losses from internal fraud, external fraud, reputational risk, products and processes, system failures and disruptions, and external events. The severity distribution report shows losses grouped by size ranges and frequency. You can see in the data above that about 98.5 percent of the total losses were quite small, between zero and £20,000. On average, these losses were each £1,200 and totaled just over £12 billion, and comprised 18.9 percent of the total monetary losses. At the other extreme, we have the 41 losses that were were over £100 million. Even though there were relatively few of these losses, the average loss severity was £530 million and the total losses were £21.7 billion or about 34 percent of the organization's total losses. You can see that if you just focus on high-frequency losses, you miss about 80 percent of the total monetary losses. The summary risk report reports aggregate frequency and loss amount by business line and risk type. In the table above, you can see retail banking had the largest number of losses was comprised about 28 percent of the total frequency. In terms of monetary amounts, retail banking accounted for 18.7 percent of total losses. On the other hand, retail brokerage accounted for 450 losses or about 23 percent of the total frequency, but accounted for almost 25 percent of the total monetary loss. Also, 23 percent of the losses were high severity; more than £20,000 per loss.
