Annual Report 2005
History 
The following information was audited by the Auditing Board of the Savings Bank Auditing Association, by KPMG Austria GmbH and by Österreichische Wirtschaftsberatung GmbH.

(42d) Operational risk

49 of 61

In 2005, activities in the area of operational risk management continued to concentrate on the Group-wide “Basel II” project of Bank Austria Creditanstalt. For the sub-projects “loss data collection”, “risk self-assessments”, “early warning indicators”, and “modelling”, Bank Austria Creditanstalt aims to implement the standardised approach, with the possibility of switching to an advanced measurement approach (AMA), at any rate for Bank Austria Creditanstalt AG. The reasons for this cautious approach are continued uncertainties over the general framework for AMA modelling approaches and over the final implementation requirements in quantitative and qualitative respects.

Operational risk is defined as the risk of unexpected losses due to human error, flawed management processes, natural and other catastrophes, technological failures and external events. For example, in the future, IT system failures, damage to property, processing errors or fraud will be subject to more accurate and consolidated risk measurement and management, on which the calculation of risk capital will be based.

Efforts focused on further expanding and improving the Intranet application (“inFORM” system – Intranet Framework for Operational Risk Management) developed within Bank Austria Creditanstalt and used across the Group. Apart from the modules for loss data collection, reporting and risk self-assessment, which are already used in the Group, work in 2005 concentrated on risk indicators. The objective of extending “inFORM” is to expand it into a central risk management solution for operational risk in Austria and CEE. The basic idea is to develop the Intranet solution into a central communication platform used for obtaining division-specific loss data and risk self-assessments as well as providing consistent information to the various divisions and the Managing Board. This will meet the requirement of involving all decision-makers and divisions in the risk management process in an efficient way.

Loss data are collected, and processes are optimised, in close coordination and cooperation with other units including Internal Audit, the Compliance Office, the Legal Department, the insurance sector as well as payments processing and settlement units. Also to be considered is the fact that Bank Austria Creditanstalt has always taken numerous measures in the various divisions to manage and reduce operational risk. Examples are data security measures, measures to ensure the confidentiality and integrity of stored data, access authorisation systems, the two-signatures principle, and a large number of monitoring and control processes as well as staff training programmes.

Various approaches are now available for operational risk modelling. These are mainly based on stochastic modelling, resampling and causal modelling approaches. The informative value and reliability of these models have been checked against internal and external loss data. Bank Austria Creditanstalt has also decided to use external loss scenarios in order to properly model even extreme events of distribution. To be mentioned in this connection is the use of external data from FitchRisk and Bank Austria Creditanstalt’s participation in the ORX loss data consortium.

In addition to quantitative approaches, and in view of currently still existing quantification and modelling problems, qualitative instruments are of major importance in operational risk management. This fact has been taken into account through Bank Austria Creditanstalt’s participation in the KRI Framework Study of the Risk Management Association (RMA), which deals with the identification of risk points of operational risk and the determination of risk indicators for risk points identified as critical. In this connection the risk self-assessments introduced across the Bank Austria Creditanstalt Group were extended to include RMA-specific risk mapping for Bank Austria Creditanstalt AG and major CEE units.

In the same way as for other types of risk, in addition to central risk management, Bank Austria Creditanstalt – like HypoVereinsbank – has built up a decentralised risk management network of contacts within divisions and at subsidiaries (OpRisk Managers). While the main task of the central risk management unit is to define the methods used and to perform risk measurement and analysis, risk managers working on a decentralised basis are responsible for taking measures to reduce, prevent, or take out insurance against, risks.

In 2006, activities with regard to operational risk will focus on

  • deepening cooperation with the ORX loss data consortium and with the RMA with a view to developing and implementing best practice in the area of operational risk,
  • making a decision on the AMA approach to be used,
  • the start of supervisory reviews of Basel II implementation,
  • completing the inFORM system and taking further steps to commercialise the product,
  • conducting scenario analyses for divisions and subsidiaries,
  • analysing Bank Austria Creditanstalt’s risk mitigation measures in respect of
    operational risk
49 of 61
Search
Increase search accuracy by using
advanced search operators.
Tools
Print Download PDF Compare to 2004
Links
Risk structure and problem loans at the BA-CA Group in 2005