10.2.10 RISK MANAGEMENT 3: ASSIGNMENT 2 [100] QUESTION ONE IS BASED ON THE FOLLOWING CASE STUDY: Operational risk events in the banking sector Banks are primarily regarded as risk-averse but not always fully risk-aware. Hence, banks are unintentionally exposed to various financial risks, mainly operational risk, due to their economic and monetary role. These financial institutions must furthermore strive in a continuously changing banking regulation and risk management environment, bank automation (nontraditional sources) and consumerism; all of which can be attributed to changing depositor behaviour. These changes and the uncertainties that stem from them might significantly influence bank revenue and operational costs. The primary fear among regulators is that changing depositor and financial behaviour due to operational risk events in the banking environment will influence global financial markets so severely that the total risk in the banking industry will escalate. The Basel Committee on Banking Supervision define operational risk as a risk of direct or indirect losses arising from inadequate or failed internal processes, people, systems or from external events. These operational risk events are categorised by the Basel Committee on Banking Supervision (BCBS) as: (1) internal fraud; (2) external fraud; (3) employment practice and workplace safety; (4) clients, products and practices; (5) damage to physical assets; (6) business disruptions and system failures and execution, and (7) delivery and process management. Internal fraud takes place due to the deliberate embezzlement of bank assets, theft, insider trading or the evasion of laws by any internal party in the bank. Such operational events may include cases of unauthorised trading where transactions were intentionally not reported or unauthorised. Mismarking of a banks position (i.e. the bank is not as financially sound as reported) is also classified among internal fraud and theft. Cases of internal fraud were found to be the most severe operational events experienced by banks in terms of the consequences of these events. External fraud includes a breach of system security due to the deliberate embezzlement of the banks assets or by evading laws and regulations. It encompasses sub-categories such as theft of information or hacking. Hacking in the form of cyber-attacks as well as other technology driven crimes are considered as a form of fraud instead of information damages. Employment practice and workplace safety include three subcategories of activities giving rise to operational risks, namely employee relations in the workplace, health and safety as well as any form of discrimination. The majority of studies regarding operational risk found this event category to be the least severe. The reason being that information regarding this event is usually internal and confidential and is seldom fully disclosed to the public. Clients, products and business practices are also seen as some of the most severe types of operational risk events. This event consists of both the intentional and unintentional failure to act in accordance with the obligations to bank clients, inadequate products or from the wrongful intent of a product. Damage to physical bank assets encompasses losses due to natural disasters or due to human-made events such as terrorism or vandalism. The exposure level of this event is calculated by accounting for the aggregate real estate value of a bank. Such events may involve a single local branch or the headquarters of a bank. Business disruptions and system failures include losses due to the disruption in the normal course of business or due to system failures. System failures may be due to the failure of hardware or software or due to power failures. The severity of this event is often challenging to quantify, as a firm-wide event may be associated with the failure of a single unit within the bank (i.e. power outage due to faulty wire on the ground floor). Execution delivery and process management encompass the failures associated with transactions, monitoring and reporting processes, customer documentation and management as well as losses from traders, vendors and suppliers. The majority of these events occur at a high frequency with a lower severity level (i.e. miscommunication, data entries, accounting errors, missing documents). On the other hand, sub-categories such as monitoring and reporting, where a bank failed to comply with their mandatory reporting obligations, occur at a lower frequency, but at a higher severity level meaning larger losses (i.e. fines or penalties). https://www.tandfonline.com/doi/full/10.1080/23322039.2019.1706394

QUESTION ONE [25]

1.1 With regards to the case study, describe risk evaluation as a function within risk management. (13)

1.2 Provide your opinion on how the provisions of the Basel Committee on Banking Supervision (BCBS) have affected risk evaluation. (12)

QUESTION TWO [25]

2.1 Evaluate the following two (2) approaches to loss prevention:

2.1.1 Engineering (8)

2.1.2 Human / Personal (8)

2.2 Differentiate between any three (3) deductibles used in risk management. (9)

QUESTION THREE [25]

3.1 Analyse the relationship between Hazard and Operability (HAZOP) studies and Risk Management. (10)

3.2 Describe the significance of occupational hygiene in business. (15)

QUESTION FOUR [25]

4.1 Explain risk avoidance in relation to risk management. (10)

4.2 Discuss the various environmental concerns affecting businesses. (15)