The operational risk requirements of Basel II proposes three measurement methodologies for calculating the operational risk capital charges. These are the Basic Indicator Approach, the Standardized Approach and the Advanced Measurement Approach.
Under the Basic Indicator Approach banks must hold capital for operational risk equal to the average over the previous three years of a fixed percentage (15% for this approach) of positive annual gross income (figures in respect of any year in which annual gross income Risk Management was negative or zero are excluded).
Although no specific criteria are set out for use of the Basic Indicator Approach, banks using this method are encouraged to comply with the Committee's guidance on "Sound Practices for the Management and Supervision of Operational Risk" (BIS; February 2003). These principles require:
oA hands on approach in the creation of an appropriate risk management environment,
oPositive actions in the identification, assessment, monitoring and control of operational risk,
oAdequate public disclosure.
Under the Standardized Approach a bank's activities are divided into eight business lines. Within each business line, gross income is a broad indicator that serves as a stand-in for the level of business operations and therefore the probable size of operational risk exposure within each of these business lines. The capital charge for each business line is calculated by multiplying gross income by a factor (called the "beta") assigned to that business line. The beta serves as a substitute for the industry-wide relationship between the operational risk loss experience for a given business line and the aggregate level of gross income for that business line. The business lines and the beta factors range from 12% for "retail banking", "asset management" and "retail brokerage"; 15% for "commercial banking" and "agency services" to 18% for "corporate finance", "trading & sales" and "payment & settlement".
The total capital charge is calculated as the three-year average of the simple summation of the regulatory capital charges across each of the business lines in each year. In any given year, a negative capital charges (as a result of negative gross income) in any business line may offset positive capital charges in other business lines without limit.
At national supervisory level, the supervisor can choose to allow a bank to use the Alternative Standardized Approach (ASA) provided the bank is able to satisfy its supervisor that this alternative approach provides an improved basis for measurement of risks. Under the ASA, the operational risk capital charge/methodology is the same as for the Standardized Approach except that two business lines - "retail banking" and "commercial banking" where a fixed factor 'm' - replaces gross income as the exposure indicator and is related to the extent of loans granted in these areas.
Under the Advanced Measurement Approaches (AMA) the regulatory capital requirement equals the risk measure generated by the bank's internal operational risk measurement system using specific quantitative and qualitative criteria. Use of the AMA is subject to supervisory approval.
Supervisory approval has to be conditional on the bank being able to show to the satisfaction of the supervisory authority that the allocation mechanism for these subsidiaries is appropriate and can be supported empirically. The quantitative standards that apply to internally generated operational risk measures for purposes of calculating the regulatory minimum capital charge are that any internal operational risk measurement system must be consistent with the definition of operational risk and a range of defined loss event types (covering all operational aspects such as fraud, employee practices, workplace safety, business practices, processing practices, business disruption and loss of physical assets).
To qualify for use of the Advanced Measurement Approaches (AMA), a bank must satisfy its supervisor that,
oThe banks board of directors and senior management, are actively involved in the oversight of the operational risk management framework;
oThe bank has an operational risk management system that is conceptually sound and which includes an independent operational risk management function that is responsible for the design and implementation of the bank's operational risk management framework;
oThe bank has It has sufficient resources to use this approach in the major business lines as well as the control and audit areas.
A bank using the AMA will be subject to a period of initial monitoring by its supervisor before it can be used for regulatory purposes. This period will allow the supervisor to determine if the approach is credible and appropriate. The bank's internal measurement system must be able to reasonably estimate unexpected losses based on the combined use of internal and relevant external loss data, scenario analysis and bank-specific business environment and internal control factors.
The bank's measurement system must also be capable of supporting an allocation of economic capital for operational risk across business lines in a manner that creates incentives to improve business line operational risk management.
Additionally,
oThe operational risk management function is responsible for documenting policies and procedures concerning operational risk management and controls, designing and implementing the bank's operational risk measurement methodology, designing and implementing a risk-reporting system for operational risk, and developing strategies to identify, measure, Risk Management monitor and control/mitigate operational risk,
oThe bank's internal operational risk measurement system must be closely integrated into the day-to-day risk management processes of the bank and its output must be an integral part of the process of monitoring and controlling the bank's operational risk profile. This information must play a major role in risk reporting, management reporting, internal capital allocation, and risk analysis.