Rajit Punshi publishes his take on the planned "scrapping" of AMA (internal models approach to compute how m....

Scrapping AMA? - Missing the plot?

Nov 5, 2015 | Rajit Punshi, Founder and Managing Principal
The Operational Risk Practice Pte Ltd

Reflected and decided to publish my take on the planned "scrapping" of AMA (internal models approach to compute how much capital a bank should hold for Operational risk...yes, that includes KYC, Fraud, System Failures, Cyber threats, Conduct risk, Legal risk, etc, etc.).

"Let a thousand flowers bloom" was what was the term resonating in the industry when the Basel 2 Accord was published. The intent was that regulators wanted to give banks sufficient room to be creative, innovative and come up with models & methods that would provide a near accurate number for Operational risk capital. In terms of the regulatory requirements, a key focus was to try and ensure that banks (those that qualified or were approved) provided adequate capital for a 1 in 1000 year Operational risk event over a 1 year time horizon. Yes, banks had to compute capital at a 99.9% confidence level. Backing this requirement was an incentive driven structure that assumed that the AMA capital requirement would be lower than other standard approaches prescribed by the regulators as a reward for adopting (and embedding) more sophisticated risk management practices.

So what's driving the re-think - a) Large value operational losses, some of which are also repetitive e.g. rogue trader; conduct related; systems related losses b) A strong view at the regulatory level that some of the larger operational losses are being held across the boundary and classified as Credit losses c) Continued challenges to determine how to deal with the linkages between Operational risk and other risk types including Reputation d) Divergence in interpretation of requirements and consequently in the application which have led to observed inconsistencies in terms of how banks are complying with the requirements d) Uncertainty and operating environment challenges, etc. The net result ....current operational risk capital levels are perceived to be inadequate by the regulators. Banks need to hold higher capital.

The question is - is scrapping AMA going to solve the problem? In my humble opinion NO

Operational risk losses still keep senior management (and regulators ...presumably) awake at night. AMA was not just about quantification. There is merit in the incentive based structure though there is a need for some tweaking required to the quantification requirements/expectations. For example, we have to seriously ask ourselves whether the 99.9% confidence level requirement is taking away the focus from the real issue of how to manage this risk, given it is a different beast from the other financial risks. Measuring and quantifying this umbrella risk, spurs us to understand the risk management side better. We have certainly progressed from where we were as an industry and that must be recognised as a key positive. Question is - can we get a better outcome with relatively less focus on the 99.9% confidence level (may be a slightly lower, more realistic level?) and more focus on making sure the business understand clearly (in a realistic and transparent manner) the size of the risks they are taking/facing and have the levers to mitigate risks/drive the right behaviour as they conduct business.

More investment is still clearly required to understand some of the key Operational failures and how they arise. No, we have not cracked it and cannot declare victory. A look at the penalties for repeated and consistent failures provides enough evidence of the work that lies ahead of us as an industry. Take Conduct risk for example. Effort is being increasingly put now on understanding the linkages with the behavioural side of people operating within the formal structures in banks and outside of the same. This is throwing up interesting insights and providing valuable leads into changes that we need to consider in the way we manage Operational risks in context of the broader enterprise risk framework.

Firms across the globe are at different stages of maturity and not all Boards and senior management are ready to commit time, money and effort in Operational risk when revenue margins are shrinking, uncertainty continues to loom and traditional business models are getting disrupted. The reality is that in the absence of an incentive driven, risk based capital charge, the need to focus on adopting and embedding enhanced risk management practices, infrastructure and changing the risk culture may diminish especially across emerging markets (and in legally less mature jurisdictions).

In conclusion - AMA needs to be tweaked, be bounded by clearer guidance to ensure more consistency in interpretation of requirements. Let's rethink the focus on 99.9%. We do need something but precision has to looked at in context of the nature of the beast we are dealing with. Let us continue to incentivise creativity and innovation to see how the this umbrella risk can be better understood and managed through the disruptive trends of big data and technology etc. Let us insist on continued senior management focus, commitment and proportionate (to risk profile) investment, with proper oversight from "three/four" lines of defense... and of course the regulators. The risks are not going away. As the world changes around us, Operational risks (as will other risks) will come in different forms, sizes and continue to challenge and impact us...professionally and personally.

Pragmatism must therefore prevail as pen is put to paper to develop the proposals for change/scrapping.

scroll back to top