Fast track to advanced operational risk management
Bank of India invests in operational management capabilities to improve loss data quality and reporting
Fast-growing banks want to spend capital on introducing new products and services, not hiring more staff to manage operational risk with spreadsheets.
With the help of SAS® Enterprise GRC modules, Bank of India has broken free of spreadsheets and is efficiently improving the bank’s loss data quality and operational risk reporting processes.
Risk control self-assessment can be conducted with ease, and results are available online through dashboards and graphical representation.
Assistant General Manager of the Risk Management Department
“Our risk management department is now able to collect loss data directly from our 4,892 branches. This lays the foundation for a standardized approach and prepares us to move to an advanced measurement approach (AMA) eventually,” explains Shyamal Karmakar, Assistant General Manager of the Risk Management Department.
All of Bank of India’s branches have access to SAS Enterprise GRC, with around 5,000 users who report loss data, participate in risk control self-assessment (RCSA) exercises on an as-needed basis, and provide key risk indicator (KRI) data. With the help of SAS Enterprise GRC modules, the branches are able to report the loss data directly to the risk management department through a network of risk officers at the regional level. This has improved the loss data quality and reporting process.
Taking steps toward an advanced operational risk management approach
Prior to implementing the operational risk framework using SAS Enterprise GRC, the bank was reporting operational risk capital under the basic indicator approach with reports created at quarter end. Following the implementation, the bank can generate about 50 types of operational risk monitoring reports. The bank has been able to implement the entire operational risk framework, from collection of input data to statistical capabilities for value at risk (VaR) computation, using a variety of distribution techniques.
The RCSA exercises are much easier to run now, and the results are online through dashboards and graphical representation. In addition, KRI monitoring is automated, and the SAS Enterprise GRC workflow enables the bank to capture all the user activity within the system and provides a transparent mechanism to the internal and external auditors for analyzing the efficacy of its operational risk identification process and framework. This will help when the bank moves to the AMA approach.
“SAS provides a robust and complete solution for risk management,” Karmakar says. “We now have excellent operational risk management capabilities for both regulatory and internal requirements.”
Enterprise-level operational risk management.
The bank has implemented the entire operational risk framework, from collection of input data to statistical capabilities for VaR computation, using a variety of distribution techniques.
- Bank branches can report loss data directly to the Risk Management Department.
- RCSA exercises are easier to run.
- Results are available online via dashboards and graphical representation.
- KRI monitoring is automated.
- The bank captures all user activity within the system and provides a transparent mechanism to auditors for analysis.