Abstract: Well organized digitalization and information systems have been selected as relevant measures to mitigate operational risks within organizations. Unfortunately, information system comes with new threats that can cause severe damage and quick organization lockout. This study aims to measure perceived information system risks and their effects on operational risks within the microfinance institution in D.R. Congo. Also, the factors influencing the operational risk are to be identified, and the link between operational risk with other risks and performance is to be assessed. The study proposes a research model drawn on the combination of Resources-Based-View, dynamic capabilities, the agency theory, the Information System Security Model, and social theories of risk. Therefore, we suggest adopting a mixed methods research with the sole aim of increasing the literature that already exists on perceived operational risk assessment and its link with other risk and performance, with a focus on information system risks.
Abstract: Since the nineties, all Moroccan banking institutions have to respect an arsenal of prudential ratios. The respect of these prudential measures aims to ensure the financial system stability. In order to do so, regulatory authorities tried to reduce the financial and operational risks incurred by the banking entities. Meanwhile, regulatory authorities demanded a balance sheet management work from banks. They also asked them to establish a management control system to manage operational risk, as well as an effort in terms of incurred risk-based commitments. Therefore, the prudential approach has a macroeconomic nature and it is presented as a determinant of the operational, microeconomic approach. This operational approach takes the form of a strategy that each banking entity must develop to manage the different banking risks. This study seeks to analyze the problem of risk management between the prudential and the operational approaches. It was processed through a literature review followed by an analysis of the Moroccan banking sector’s performance. At first, we will reconcile the inductive logic and then, the analytical one. The first approach consists of analyzing the phenomenon from a normative and conceptual perspective, while the second one will consist of considering the Moroccan banking system and analyzing the behavior of Moroccan banking entities in terms of risk management and performance. The results identified a favorable growth in terms of performance, despite the huge provisioning effort made to meet the international standards and the harmonization of the regulations.
Abstract: The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk.
Abstract: The New Basel Capital Accord (Basel II) influences how financial institutions around the world, and especially European Union institutions, determine the amount of capital to reserve. However, as the recent global crisis has shown, the revision of Basel II is needed to reflect current trends, such as increased volatility and correlation, in the world financial markets. The overall objective of Basel II is to increase the safety and soundness of the international financial system. Basel II builds on three main pillars: Pillar I deals with the minimum capital requirements for credit, market and operational risk, Pillar II focuses on the supervisory review process and finally Pillar III promotes market discipline through enhanced disclosure requirements for banks. The aim of this paper is to provide the historical background, key features and impact of Basel II on financial markets. Moreover, we discuss new proposals for international bank regulation (sometimes referred to as Basel III) which include requirements for higher quality, constituency and transparency of banks' capital and risk management, regulation of OTC markets and introduction of new liquidity standards for internationally active banks.
Abstract: Author presents the results of a study conducted to identify criteria of efficient information system (IS) with serviceoriented architecture (SOA) realization and proposes a ranking method to evaluate SOA information systems using a set of architecture quality criteria before the systems are implemented. The method is used to compare 7 SOA projects and ranking result for SOA efficiency of the projects is provided. The choice of SOA realization project depends on following criteria categories: IS internal work and organization, SOA policies, guidelines and change management, processes and business services readiness, risk management and mitigation. The last criteria category was analyzed on the basis of projects statistics.
Abstract: This paper focuses on operational risk measurement
techniques and on economic capital estimation methods. A data
sample of operational losses provided by an anonymous Central
European bank is analyzed using several approaches. Loss
Distribution Approach and scenario analysis method are considered.
Custom plausible loss events defined in a particular scenario are
merged with the original data sample and their impact on capital
estimates and on the financial institution is evaluated. Two main
questions are assessed – What is the most appropriate statistical
method to measure and model operational loss data distribution? and
What is the impact of hypothetical plausible events on the financial
institution? The g&h distribution was evaluated to be the most
suitable one for operational risk modeling. The method based on the
combination of historical loss events modeling and scenario analysis
provides reasonable capital estimates and allows for the measurement
of the impact of extreme events on banking operations.
Abstract: The Malaysia Highway Authority (MHA) was
established by the Government in 1980 for the purpose of designing,
constructing and maintaining toll highways in Malaysia that include
the North-South Expressway and the Penang Bridge, which were
procured using the publicly-funded traditional procurement. However
following a recession in the mid 80-s, the operations of these tolledhighways
had been privatized to ensure that their operational services
continue through private financing as a result of long-term
concession agreement concurred between the Malaysian Government
and private operators. The change in the contract strategy for
highway projects in Malaysia would have a great tendency to dictate
a significant risk exposure towards the key parties involved,
particularly the Malaysian Government as project principal, unless
operational risks are clearly identified and managed via appropriate
mitigation measures prior to a contract signing.
This research identifies potential operational risks that have a
possibility to occur in highway projects in Malaysia from the
perspective of public sector clients. Since this research focuses on the
operational risks for highway projects in Malaysia, the initial results
acquired from literature review on the operational risks of highway
projects in some Asian countries are then justified by a number of
key individuals from the MHA through interviews. As a result,
among key operational risks that have possibility to occur in the
highway projects in Malaysia include initial toll-tariff decided by the
Government, traffic congestion, change of road network and overloaded
freight transportation, which could cause damage to the road
surface and hence affecting the operation of a particular highway.
Abstract: In this paper, a data mining model to SMEs for detecting financial and operational risk indicators by data mining is presenting. The identification of the risk factors by clarifying the relationship between the variables defines the discovery of knowledge from the financial and operational variables. Automatic and estimation oriented information discovery process coincides the definition of data mining. During the formation of model; an easy to understand, easy to interpret and easy to apply utilitarian model that is far from the requirement of theoretical background is targeted by the discovery of the implicit relationships between the data and the identification of effect level of every factor. In addition, this paper is based on a project which was funded by The Scientific and Technological Research Council of Turkey (TUBITAK).
Abstract: Frauds in insurance industry are one of the major
sources of operational risk of insurance companies and constitute a
significant portion of their losses. Every reasonable company on the
market aims for improving their processes of uncovering frauds and
invests their resources to reduce them. This article is addressing fraud
management area from the view of extension of existing Business
Intelligence solution. We describe the frame of such solution and
would like to share with readers all benefits brought to insurance
companies by adopting this approach in their fight against insurance
frauds.
Abstract: This article presents the results of a study conducted to identify operational risks for information systems (IS) with service-oriented architecture (SOA). Analysis of current approaches to risk and system error classifications revealed that the system error classes were never used for SOA risk estimation. Additionally system error classes are not normallyexperimentally supported with realenterprise error data. Through the study several categories of various existing error classifications systems are applied and three new error categories with sub-categories are identified. As a part of operational risks a new error classification scheme is proposed for SOA applications. It is based on errors of real information systems which are service providers for application with service-oriented architecture. The proposed classification approach has been used to classify SOA system errors for two different enterprises (oil and gas industry, metal and mining industry). In addition we have conducted a research to identify possible losses from operational risks.
Abstract: Operational risk has become one of the most discussed topics in the financial industry in the recent years. The reasons for this attention can be attributed to higher investments in information systems and technology, the increasing wave of mergers and acquisitions and emergence of new financial instruments. In addition, the New Basel Capital Accord (known as Basel II) demands a capital requirement for operational risk and further motivates financial institutions to more precisely measure and manage this type of risk. The aim of this paper is to shed light on main characteristics of operational risk management and common applied methods: scenario analysis, key risk indicators, risk control self assessment and loss distribution approach.