The Basel II Guidelines, on banking capital adequacy, have widened the coverage to operation risk issues as well. In the Indian context, over time, the Basel I and II norms along with Reserve Bank of India's capital adequacy requirements have mandated banks to meet minimum capital requirement vis--vis the various risk assets they possess. This, of course, raised the awareness of the various risks that banks face, especially those related to the following:

Working out risk exposure and allocating capital for it; and

Resolving risk issues by prudent and efficient risk management.

The latter is more important, as that is the ultimate objective of any risk-management strategy. The RBI and most central banks have tried to implement prudent risk-management systems for monitoring and controlling , among others, credit and market risks. However, it is surprising that in respect of operation risk, most of the regulatory bodies and central banks are still in phase 1, that is, `Calculation and Working on Operation Risk Data to Identify Required Capital Allocation'. Various models and software have facilitated the calculation and collation of data for capital allocation. But what about resolving operation risk issues through a prudent risk management system? Why is the Bank for International Settlement focussing only on calculating "probable loss" through "modelling" and not on resolving the operation risk issues? It is important to allocate capital for various risks that an organisation may face. However, it is also equally important that guidelines from regulatory authorities address the issue and focus on "resolving" rather than "merely calculating" risk exposures.

Elusive solution

Why is it that the BIS and regulators across the globe have not found a way to prudently manage and reduce operation risks?

The reason seems to be in the approach. The regulators, for instance, have made progress in the area of resolving credit risk issues (especially for mutual funds and insurance). They have set up certain credit exposure limits while managing the funds. For market and liquidity risks, the regulators have tried to provide certain guidelines on asset-liability matching and equity-debt exposure, besides prescribing norms in relation to securities in "Available for Trading" and "Held to Maturity" categories and their valuation norms. However, most regulators are silent with regard to providing guidelines in relation to operation risk management.

Even at the individual organisation level, operation risk managers generally collect data from other departments and arrive at some large and complex tables. Is this the right approach to reducing operational inefficiencies?

Operation risk, by its very nature, is highly decentralised. Hence, its management needs to be decentralised, with adequate control at the central level. For better framework and procedural guidelines, there is need to regularise the following: Setting up a risk management committee ; reporting of concurrent audit; enhancing the scope of the audit committee; regularising separately, critical issues such as disaster recovery and insurance. In spite of its decentralised nature, regulators can still provide a framework to have it partly centralised by having a chief advisor. Most operational risks are either system, process or communication related.

An operation risk management manual can provide guidelines to problem-solving, by way of system enhancement, MIS and controls, process checks and increasing the scope and strength of concurrent audit. Communication gaps can be reduced by formal meetings, documenting them and follow-ups. Though, normally, there are operation risk control measures in concurrent audit, internal audit, systems lock-in and reconciliation, it is necessary to have an adequately documented management policy with its broad problem-resolving models in place.

This will make various initiatives of the BIS and central banks much more fruitful, focussing on resolving risks rather than calculating risks.

Laxmikant Gupta
(The author is a Mumbai-based mutual fund executive.)