1Introduction: Scenario Analysis for Potential Catastrophic Losses1 2Addressing Operational Risk3
3Scenario Analysis in a Risk Measurement Framework5
4Scenario Analysis in a Risk Management Framework6
5Achieving Risk Measurement and Management6
6Conclusion: Benefiting from Scenario Analysis7
1Introduction: Scenario Analysis for Potential Catastrophic Losses “Are you saying that you want us to figure out how to lose R50 million?” asked the risk manager for the fund technology and services unit of a large bank. “Obviously, you have no idea how our funds are managed or what extreme measures we take to make sure that no money is lost.” With a hint of pride in his voice, he added, “You know our monthly losses are only in the thousands of Rand, even though we handle millions of Rand on average. We are able to do this because we have sound procedures for money management, prudent guidelines for investing and highly trained personnel.” Not easily dissuaded, Susan, the scenario analysis manager, responded by acknowledging the risk manager’s success. However, she urged him to identify a group of key personnel to participate in a scenario analysis exercise. The goal of this exercise would be to identify potential scenarios that could create losses above the R50 million threshold, which had been established for identifying low probability, high-severity losses. She added that such scenarios were being developed across the financial institution because of heightened emphasis on risk management and compliance. Although he was sceptical, the risk manager identified the business unit manager, compliance manager, customer relations manager, systems and technology manager, and fund operations manager to participate in the exercise. Based on her earlier interaction with the risk manager, Susan anticipated that she would have to use all her facilitation skills to get the group to do some unconstrained thinking. She thanked everyone for attending, gave them a brief overview of regulatory requirements, explained the business value of the exercise and urged them to think creatively about potentially large losses. At first the group was reluctant and said that they could not think of any set of factors or circumstances that would cause a loss of such high magnitude. The business unit manager stated that they were a support function and did not book losses, “Fraud is nonexistent in our world. We do not have transaction instruments such as credit cards, so we are typically not targeted by hackers. And our transactions have good checks and balances, so errors are typically low.” After discussing and rejecting a few scenarios, it appeared that the group had reached an impasse. To spur additional creative thinking, Susan asked if a few of them could collude to defraud the bank. At this point, the systems and technology manager said that he alone could defraud the bank and did not need to collude with anyone. He added, “I have complete access to customer data tapes and control over their disposal. I can easily look at transaction history over several years and know which accounts are dormant and which are active—this information, which includes buying characteristics, is valuable for the identity theft market. I could take tapes from a while back, create a disposal trail with fakes, sell the information, and no one would ever know how it happened or who did it.” Just by watching the faces of the participants, Susan saw that she had been successful in identifying a potential loss scenario and thanked the systems and technology manager for his input in developing a scenario under the Basel loss category, Internal Fraud, Theft and Fraud. Several recent events lend credence to such a hypothetical loss scenario: • ChoicePoint acknowledged selling data on over 140,000 customers to an identity theft ring. • Bank of America admitted to losing tapes with customer identifiers and...