GROUP 4

Trương Thuý Vi
Trần Đặng Thanh Trúc
Dương Thị Bảo Ngọc
Phan Hồ Hải Yến

OPERATING RISK IN
BANK
 I. DEFINITION OF OPERATING RISK

1) Reality:

The existing OPERATIONAL RISK rate has risen dramatically in recent years. Many
significant bank failures have occurred around the world as a result of the modern
economy. The terrorist attacks of September 11, and fraudulent company losses at Société
Générale (France), Barings (UK), AIB (Ireland), and the National Bank of Australia
demonstrate that risk control is more than just market risk and credit risk. And, in
particular, the number of OPERATIONAL RISK damages is typically very high. The most
notable is the 1995 failure of Barings Bank, one of Britain's oldest banks, which sparked a
massive uproar in the banking community. An employee of this bank, Nick Leeson,
"borrowed" Barings for equity speculation, resulting in a $1.4 billion loss despite the bank's
fixed capital of just $ 615 million.

When the existing risk occurs in all classes of risks that must be handled and is closely
linked to other categories of risks in banking activities, it becomes more apparent. Credit
risk and business risk present current risk, either directly or indirectly.

2) Definition:

According to the Basel Committee on banking supervision: “Operational risk is the risk of
loss due to human causes, inadequate or poor operation of the process and system; external
objective events "

3) Types:

- Risks due to regulations, professional processes:  

Operational risks caused by the process due to incomplete contractual documents, lack of
specific instructions, make it difficult for employees or have many inadequacies,
incomplete, creating a gap for bad guys to take advantage of. bad for the bank.

- Risks are caused by bank officials:    

 Operational risk caused by employees and internal fraud. This is one of the main reasons
causing risks in the banking industry. And especially, the risk caused by the injured
employee causes great damage. Bank staff are highly qualified and well informed people,
they can cheat or collude internally and externally, but sometimes it can be confusing due
to large and complex workloads. magazine in the banking industry. Employee fraud: theft
or collusion between bank staff and customers. Bank staff intentionally recorded the wrong
position, intentionally marked the wrong position, performed illegal transactions, insider
transactions. Employees collude with outsiders to destroy, steal or steal or accept bribes….
Employees accidentally make mistakes: bank employees may mistakenly account for the
wrong transaction or the wrong currency when transferring money ... Commercial banks
lose or lack key characters.

- Risks caused by external influences:      

In addition to the above reasons, there are also operating risks, the cause of which is
external factors such as law, natural disasters, crime, terrorism ... The risk of external fraud
is mainly related to theft. Document fraud fraud is carried out by a third party outside the
organization.

- Risks from information technology systems:

Operational risk caused by information technology can be caused by poor software quality
that can easily cause errors or system security loopholes due to incomplete information
data or insecure information security systems. . Without a modern information technology
system, it can create many security holes, vulnerable to hackers entering the system to steal
customer information or other information. These hackers can counterfeit credit cards or
ATM cards to withdraw the bank's money, causing a lot of damage and can affect the
reputation of the bank.

- Risks due to other reasons.

4) Characteristics:

If credit risk and market risk relate to only one or several parts of a bank, then operational
risk is related to all divisions.
 For example: If a power failure occurs, for example, or a computer system error is
suspended, the entire banking operation will be halted. Or, if the capital mobilization
process is not in accordance with the current regulations of the regulators, there is a risk
that the bank will be penalized and the transactions will be canceled. The main cause of
operational risk, which can be seen through the above examples, comes from human factors
with activities such as fraud, embezzlement, document forgery, information theft, Perform
transactions not in accordance with the authority, intentionally act against the regulations
of the bank, the law ...

II. RATIO OR HOW TO MEASURE OPERATIONAL RISK AT BANKS

1) Indicators for measuring KRIs
a) Definition:

 KRIs are metrics or systems for calculating the cost of operational risk.

As a result, something that meets the aforementioned criteria is called a risk

predictor. When an indication reflects particularly serious damage or a pattern of mishaps,
it becomes important. We're looking for metrics that monitor the intensity and frequency of
operational risk.

Risk metrics are made up of a number of different criteria that reflect each level of
risk. In banks, some of the most widely used metrics include:

Incident Indicators for Measuring Risk (KRIs)

Cheat - Number of insider frauds 

- Number of outsider frauds

Customer complaints and -The number of allegations and conflicts that have been
disputes reported.

- The number of grievances reported has surpassed X

days.

Vacancies - The percentage of workers who are unemployed.

- Empty vacancies for more than X days.

 Product policy - A large number of products were provided but were not
properly completed; 

- The number of products deployed was too late.

Errors - The sum of money is inadequate or has been wasted as

a result of a mistake.

- The number of offences is insufficient.

Transaction processing. - Amount of trading

-The sum of past-due debt that is now awaiting

settlement.

Information technology -The number and duration of device outages

- The number and duration of unscheduled server

outages.

Violation of regulations. - Number of offenses, fines, and warnings for agency/law

violations
Sources: KPMG International 2007(6)

b) Kris's ambition
- Double-check that the risk assessment is right.
- Ensuring that danger warnings are sent to business units in a timely and accurate
way.

2) Method for calculating operational risk

Depending on the complexity and risk sensitivity in each business operation , Basel II
proposes three ways for banks to determine the minimum amount of capital required to
assess the cost of operational risk management:

• The Basic Indicator Approach (BIA) tool, which is focused on a financial institution's
annual sales.
 • The Standardized Approach (STA), which is focused on the annual sales of each financial
institution's business line.

• The Approach to Advanced Measurement (AMA)

Without the permission of a supervisor, a bank could not use the simplified method
after using the more sophisticated method. If the supervisor decides that the bank's use of a
more sophisticated method does not fulfill the method's standard qualification, the bank
may be asked to resort to a single solution. more straightforward

a) The Basic Indicator Approach (BIA) framework is focused on a financial

institution's annual sales. 

The simple index system is dependent on the bank's cumulative annual operating profit
over the previous three years. The capital allowance for operating risk is calculated by
multiplying this average by the Basel Committee's cost of 15%. Net interest income plus net
non-interest revenue, plus pre-provision income, minus expenses / gains from stock
trading and insurance, equals gross profits. and exceptional income:

KBIA = [ ∑ (GI1…n x α) ] / n

Among them are:

The cost of capital for the BIA system is known as KBIA.

GI stands for Gross Adjusted Annual Profits over a Three-Year Period.

n: the number of years with a positive income over a three-year period.

      α: 0.15 (this coefficient is regulated by the Basel Committee).

When this type of capital valuation is used, there are no conditions.

b) The Standardized Approach (STA) is focused on a financial institution's

annual sales for a business line.

The structured approach is similar to the BIA method, but the STA method divides the
bank's activities into eight different market fields:corporate finance, sales and trading,
retail banking, commercial banking, payments and settlements, agency services, asset
management and retail brokerage by multiplying net profits from that company by the
corresponding coefficients (beta) as defined by the BIS Banking Supervisory Commission.
The overall amount of capital available for each line of business is used to measure bank
capital needs. The table below shows the beta coefficients of the fields, which range from 12
to 18 percent:

Areas of business β (%)

Finance for businesses 18

Buying and selling events 18

Retail banking operations 12

Commercial banking 15
activities

Payment 18

Agency service 15

Managing inherent assets 12

Retail brokerage 12

Recipe :

KTSA = { ∑năm 1-3 max [∑(GI1-8 x β1-8), 0]}/3

   On the inside:

   KTSA: STA process net cost of resources

   GI1-8: a company's gross annual revenue           

   β1-8: The Commission establishes a fixed ratio for each business sector.
 c) The Advanced Assessment Approach (AMA) - is built on a bank's internal
risk measurement implementation process that meets regulatory
requirements.

Capital criteria are dependent on the bank's internal operating risk assessment
scheme, which focuses on both financial risk measurement and management, according to
the high-end measurement approach. The bank will be more agile in its methods and
strategy thanks to the AMA approach. As a result, there are many discretionary judgments
in the AMA process, and the national inspection and oversight body has the authority to
determine if the AMA is used as a capital measurement metric or not. The advanced
calculation technique is summarized in the table below.

System for Situation analysis as Internal grading

distributing losses a method system

Characteristics -On the basis of -Based on specific -Risk management

previous loss potential and controls are
information. developments that used.
have a detrimental
-Data from both -Risk is measured in
effect on the bank
within and outside the terms of its
company, as well as -It all depends on the probability and
information about bank's decision. magnitude of effect.
specific
-In terms of
circumstances.
configuration and
performance, the
controls are
discussed above.

Result  Calculate the estimated (average) loss over the next 12 months
for each company segment or row.
  Calculate unexpected losses over the next 12 months based on a
given degree of trust (for example, 99.9% or 95%) by market segment
or row.
 Diversification's advantages around the board. Conclusions To
assign capital to business divisions, risk is measured.

Commercial banks and international bank subsidiaries have operating risk

measurement instruments based on the quantification of damages in the situations
mentioned in Clause 2 of this Article, which are divided into 06 classes of business practices
in compliance with legal regulations. The State Bank calculates capital adequacy ratios for
banks and international bank branches using at least two of the methods mentioned below:

a) Using internal audit and outside audit reports (audit findings);

b) Gathering and reviewing internal and external loss data to assess internal and external
losses across the entire commercial banking sector, including international bank branches;

c) Risk Management Self Assessment (RCSA) to assess the efficacy of the control activity in
terms of operating risks both before and after the control;

d) Mapping business processes (BPM) to assess the degree of operational risk associated
with each business process, as well as the total operational risk of the business processes and
their relationships. this danger;

đ) Risk and performance metrics to keep track of the factors that influence operating risk
and to recognise future limits, constraints, and losses;

e) Scenario Analysis (Scenario Analysis) to classify operational risk factors and criteria for
controlling and minimizing operational risks in scenarios and incidents that may occur

The above is some guidance on how to assess a bank's operating risk.

III. WHAT IS VIETNAM BANK’S SITUATION

 According to regulations, from January 1, 2020, banks will have to apply the standard of
41/2016-TT / NHNN regulations on capital adequacy ratios for foreign banks and bank
branches. One of the most important things about Circular 41 is to ensure a minimum
capital adequacy ratio (CAR) of at least 8%..

This is considered an important step in implementing the Basel II model in risk

management for the entire banking system. However, up to now, there are only 18 qualified
banks and there are still many banks that have not met this standard.

Up to now, only 16 (out of 35 domestic banks) have announced the application of

Circular 41, including Vietcombank, VIB, MB, Techcombank, ACB, MSB, HDBank, OCB,
VPBank, TPBank, VietBank, Viet Capital Bank, SeABank, BIDV, LienVietPostBank,
NamABank and two foreign banks, ShinhanBank and Standard Chartered Vietnam. 

Vietcombank and VIB are the first two members approved by the State Bank to apply
Circular 41 a year earlier than the effective date and are also the first two banks to meet
Basel II standards in Vietnam (month). 11/2018).

The Vietnamese commercial banking system has grown in terms of total assets,
distribution network, number of employees and diversification of business activities over
the years. Potential risks are increasing in all three areas of credit risk, market risk and
operational risk, and the causes of operational risk are also increasing.

In order to enhance the effectiveness and efficiency of banking inspection and

supervision, with the approval of the Prime Minister, the State Bank has strengthened the
organizational model of the Banking and Inspection Agency in the direction of streamlining
and efficiency, ensuring good implementation of functions, tasks and roles of inspection and
supervision of banking operations. Thereby, creating an important premise for continuing
to innovate inspection and supervision activities in the direction closer to international
practices and standards and in line with the development practice of the banking industry
in the new period.

In 2019, the inspection work is renewed, closely linked to the supervision, step by step
combining and applying the method of inspection on the basis of risk, towards the
prevention and early warning of risks which possibilities arise. In 2019, the State Bank
carried out 1,420 inspections and issued inspection conclusions and inspection records for
1,379 inspections; issued 10,170 recommendations and requests to credit institutions to
overcome problems and shortcomings; issued 216 decisions to sanction administrative
violations for credit institutions and businesses, individuals with a total fine of about 19.65
billion VND. In addition, the State Bank has also applied handling measures to organizations
and individuals in order to consolidate the organization and stabilize the operating
apparatus at a number of credit institutions, focus on restructuring and handling bad debts;
credit extension, bond investment in potentially risky areas. At the same time, promoting
the application of information technology to improve early warning capacity of potential
systematic risks and prevent the risk of law violation of credit institutions. On the basis of
the mistakes and risks discovered through supervision, the State Bank has issued about 250
risk guidelines and warnings on issues such as cross-ownership between credit institutions
and stock, crowded at credit institutions; real estate loan balance soared; high bad debt at
credit institutions; granting credit to major customers (total credit granting is over 500
billion dong); investment in corporate bonds. At the same time, it is required that the
manager and executive of the credit institution must promptly take measures to rectify and
handle existing problems and risks that have been warned by the State Bank; strictly
comply with legal regulations, strengthen inspection and supervision of activities, ensure
safe and healthy operations.

In order to create enough legal basis for credit institutions to implement Basel II capital
standards according to the standard method, the State Bank has issued Circular No.
13/2018 / TT-NHNN dated May 18, 2018 on internal control systems of commercial banks
and foreign bank branches. The issuance of Circular No. 13/2018 / TT-NHNN contributes to
qualitative changes in the management, administration, risk management and control of
credit institutions; helps prevent, warn, and promptly handle mistakes and risks,
contributing to minimizing the possibility of losses and the risk of breakdown of the
banking system. Accordingly, credit institutions must rearrange and reorganize the
inspection and control apparatus according to the model of 03 defensive lines;
strengthening the responsibility and independence in management and supervision of the
Board of Directors, the Board of Management and the Supervisory Board; seriously
implementing the inspection and control activities for all operations of the credit institution
from the head office to branches and transaction offices; strengthening risk management
for material risks, determining the risk appetite in accordance with the financial and
governance capacity of the credit institution; perform capital calculation, capital
management to ensure sufficient capital to offset risks; strengthen the independent
inspection and evaluation of the internal audit. In addition, SBV staff have gradually applied
quantitative methods, analytical techniques in accordance with international practice in
system risk assessment such as Stress Test, Systematic risk warning mechanism (SRAM),
early warning model, building a financial cycle to monitor, evaluate, analyze risks and
propose appropriate policies and tools in each period. 

(Sources: BCTN 2018,2019 của NHNNVN)

BIDV: 

In 2018, BIDV issued the Anti-Corruption Work Program, aimed at concretizing the
Government's anti-corruption program in the banking sector in 2018 No. 01 / CTr-NHNN
dated August 17, 2018 of the Governor of the state bank of Vietnam. The program focuses
on the following contents: enhancing the roles and responsibilities of officers and
employees in the whole system, especially the head of the unit, strengthening the
management of staff, strictly implementing regulations on the organization and personnel,
control assets, income; enhancing publicity and transparency in performance of tasks,
manage financial effectively and according to regulations, set up and implement the
standard norms regime; strengthen inspection, control, internal audit, comply with
regulations on citizen reception, settlement of complaints and denunciations in order to
update information on corruption, promote the inspection of the party.

BIDV always attaches great importance to propaganda and education to raise

awareness and responsibility of officials, party members and employees on anti-corruption,
regularly propagating the Code of Ethics and Code of Conduct of BIDV, organizing
compulsory competitions on professional ethics, style and trading space. In addition, BIDV
also grasped, implemented and instructed in a timely and complete manner legal
documents as well as guiding documents related to the prevention and fight against
corruption for each employee. Some contents are focused on propaganda and learning
organization during the year such as: Contents of anti-corruption work stated in Central
Conference Resolution 4 (Session XI), Conclusion No. 21- KL / TW 5 Central Conference
(Session XI) and associated with the implementation of the Directive of the Politburo on
"Continue to promote the study and follow the moral example of Ho Chi Minh".

In order to manage and control operational risks, in 2019, BIDV has been
synchronously implementing many tasks such as: establishing organizational structure,
managing risks according to the model of 3 lines of protection from the Head Office to the
branches; elaborate and promulgate a full system of regime documents; research and
implementation of operational risk management tools such as RCSA (Risk Self-
Identification and Control), KRI (Key Risk Sign), LDC (Collecting and analyzing operating
risk loss data), BCP (Business Continuity Plan), concurrently performs operational risk
management for outsourcing activities, new products, activities in new markets and in
information technology application; Implementation of the reporting regime of operational
risk management in full compliance with the requirements of the state bank in Circular No.
13/2018 / TT-NHNN. In 2019, BIDV has concentrated resources to implement the
Consulting Project, deploying advanced operational risk management tools according to
practices to improve the efficiency of operating risk management tools use, approach to
advanced operational risk management practices in the world. In addition, BIDV also
actively researched and calculated the Regulatory Capital for operational risks under the
guidance of the State Bank of Vietnam in Circular No. 41/2016 / TT-NHNN dated December
30, 2016, and at the same time continued to build building and upgrading software
programs to support the collection and processing of operational risk data, the calculation
of capital required for operational risks has also been done automatically on the software
program. Operational risk management culture has also been enhanced through training
courses and communication workshops on operational risk management. BIDV always
emphasizes the anti-corruption work as one of the important and cross-cutting contents in
the operating direction of the whole system. 

BIDV's Steering Committee for Anti-Corruption and Crime was established from the
Head Office to its member units (At the Head Office: BIDV's Steering Committee for Anti-
Corruption, Crime Prevention and Control is made by the Chairman of the Board of
Directors. Head of the Committee; At the member units: The Steering Committee for Anti-
Corruption and Crime Prevention is led by the Director), in order to ensure the consistency
in the direction and administration and proactively in the fight against corruption and
crime in the whole system.

VIETCOMBANK: 

Along with the comprehensive provision of banking products and services, Vietcombank
is increasingly focusing on operational risk management (O&M). Vietcombank's O&M
framework, including the model, organizational structure and policy and process of O&M
management, has been continuously improved to ensure compliance with State
management agencies' regulations in Circular 13 and standards. innovation of Basel II. In
2019, Vietcombank's O&M will continue to be focused and strengthened, with the aim of
minimizing operational risk losses to protect the Bank, shareholders and customers.
Operational risk management is effectively deployed not only in width but also in depth
across the whole system through O&M tools such as incident reporting, risk self-
assessment and control points, and develop and monitor key risk indicators (KRI), risk
assessment for all new policies, regulations, products and services, including outsourcing.
These tools effectively aid in identifying, measuring, assessing, and minimizing operational
risks. In particular, Vietcombank has invested in the modern management software system,
thereby enhancing automation, enhancing the effectiveness and quality of O&M work at
Vietcombank. In particular, Vietcombank is very active in implementing specific processes
and actions to manage critical operational risks. In particular, fraud risk management (risk
management) continues to be strengthened, with the comprehensive implementation of the
policy, process and tools of risk management, the implementation of the whistle-blowing
mechanism and related regulations. personnel management to prevent and detect early
signs of fraud risks. In addition, the information technology (IT) risk management
framework continues to be strengthened and perfected to prevent and minimize IT risks
and maintain continuity in the operation of IT systems. In addition to measures to prevent,
detect and mitigate operational risks, Vietcombank also continues to transfer operational
risks through operational risk insurance packages to bank assets as a measure. Additional
risk management helps protect the bank in case of serious losses. In addition to technical
tools, Vietcombank is also constantly focusing on improving the modern risk management
culture through training, ensuring compliance with the Code of Conduct and professional
ethics, and building an integrated working environment. to prevent risks.

 ( nguồn BCTN 2018, 2019 của BIDV và VIETCOMBANK)

IV) SUGGESTION

Firstly, each bank needs to focus on the internal management and control on a
regular and continuous basis. When detecting unusual signs, the Supervisory Board must
immediately report to the Board of Directors to quickly release settlement solutions. The
bank is a particularly sensitive business sector, the risk of happening is not only related to
each of the bank's managers or employees, but it also affects all depositors, businesses or
institutions that have credit relations with banks. Therefore, with each bank, the
management of modern risk or internal control is even more necessary to operate
effectively.

Combining commercial banks, the State Bank or other competent state agencies also
needs to strengthen the inspection, inspection and supervision of the operations of
commercial banks, with strong sanctions against officials. Bank embezzlement, or accepting
bribes, step by step purify the banking system.

Secondly, Vietnam should map out a roadmap to apply Basel II's methods of
measuring capital costs, based on the economic situation, the development of the banking
system accordingly. As same as India, the State Bank of Vietnam should not apply a single
cost of capital to all banks, but should let banks choose the right measurement method for
themselves. Branches of foreign banks in Vietnam with conditional conditions can use
advanced methods such as AMA, while domestic banks are not eligible to apply for BIA or
STA. Beside that, it is possible to apply a mixed regime within a bank, but if the branches
operating in geographic areas are too different in terms of socioeconomic conditions or
cultural level, then options can also be chosen to calculate the cost of capital.

Of course, the new regulations of Basel II also have many difficulties in applying in
developing countries, the problem is to apply the Basel II risk measurement models in a
flexible and appropriate way. It is thought that, in order to apply the Basel II rules, it is not
necessary to have complicated models, we need a simpler application for Vietnam.
Commercial banks will be the best advisor to the SBV.