end-to-end for effective operational risk management...
TRANSCRIPT
![Page 1: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/1.jpg)
An End-to-End Process Approach for effective Operational Risk Management
12 November, 201712 November, 2017
![Page 2: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/2.jpg)
BioKamonrat joined Kiatnakin Bank in February 2011, as Senior Vice President - Department Head of Operational Risk Management. As such, she is responsible for implementation of KiatnakinGroup of Operational Risk Framework and oversight all
In her last role, she was the head
of operational risk management;
responsible for implementing of
KGroup operational risk
management framework.
For Education Backgroud, she Framework and oversight all credit ,non-credit ,and investment products related operational risk exposure. This includes IT and Cyber Risk.
Prior to Kiatnakin Bank, she worked at KBank for five years
KamonratKharawamit
SVP, Head of Operational Rsik
For Education Backgroud, she
graduated from Chulalongkorn
University, Accountancy Faculty.
In 2003, she was granted a full
Thai Government Scholarship to
study in USA and graduated
from Cornell University ; Master
Professional Studies in Applied
Statistics in May 2004.
![Page 3: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/3.jpg)
Agenda
• Definition of Operational Risk and Loss Event
• 2017 COSO ERM Updated Framework and Key Changes
• Key Success Factor in Operational Risk Management
• End-to-End Process Approach
![Page 4: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/4.jpg)
Credit Risk is the risk of default on a debt that may arise from a borrower failing to make required payments. In the first resort, the risk is that of the lender and includes lost principal and interest, disruption to cash flows, and increased collection cost.
Market Risk is the risk of losses in positions arising from movements in market prices
Operational Risk is the risk of loss resulting from inadequate or failed
Types of Risk
increased collection cost.
Liquidity Risk is the risk that a company or bank may be unable to meet short term financial demands. This usually occurs due to the inability to convert a security or hard asset to cash without a loss of capital and/or income in the process
resulting from inadequate or failed internal processes, people, and systems, or from external events. This definition includes legal risk, but excludes reputational risk
Strategic Risk is a possible source of loss that might arise from the pursuit of an unsuccessful business plan. Making poor business decisions, from the substandard execution of decisions, from inadequate resource allocation, or from a failure to respond well to changes in the business environment
![Page 5: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/5.jpg)
What is operational risk?
“ Operational Risk is the risk of loss resulting from inadequate or failed internal “ Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. This definition includes legal risk, but excludes reputational risk”
![Page 6: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/6.jpg)
Types of Operational Risk
Process
Operational Risk Categories (BIS)
Cause
1. Internal Fraud2. External Fraud
ImpactImpact
People
System
External Factor
2. External Fraud3. Employment Practice and
Workplace Safety4. Client,Product, Business
Practice5. Damage to physical Asset6. Business Disruption &
System Failure7. Execution, Delivery, Process
Management
Operational Loss
![Page 7: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/7.jpg)
![Page 8: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/8.jpg)
Cyber AttackBangladesh Bank
Soc Gen, KervielInternal Fraud
Clients, Products, & Business Practice
Damage to Physical Assets
Business Disruption & Systems Failures
911 Attacks ������ � 2547������������ �������������
��������� � 2554
�������!""#��
![Page 9: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/9.jpg)
Bangladesh Central Bank: US$ 81 Million Cyber-Attack
The Federal Reserve Bank of New York
• Took place in February 2016, when instructions to steal US$951 million from Bangladesh Bank, the central bank of Bangladesh
• Be issued via the SWIFT network
• Five transactions issued by hackers, worth $101 million and withdrawn from a Bangladesh Bank account at the Federal Reserve Bank of New York, succeeded, with $20 million traced to Sri Lanka (since recovered) and $81 million to the Philippines (about $18 million recovered)
• The New York Fed blocked the remaining 30 transactions, amounting to $850 million, at the request of Bangladesh Bank
• It was identified later that Dridex malware was used for the attack
Atiur Rahman, Governor of Bangladesh Bank who resigned from his post in response to the case
![Page 10: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/10.jpg)
Unauthorized Cross-Selling and The Creation of Fake Accounts
John Stumpf, former CEO of Wells Fargo
• Employees were encouraged to order credit cards for
pre-approved customers without their consent, Employees also created fraudulent checking and savings accounts
• It has found a total of 3.5 million potentially fake bank and credit card accounts, the review found 528,000 potentially unauthorized online bill pay enrollments
• Bank was fined $185 million to settle three government
lawsuits over the bank’s creation of sham accounts
• The bank fired approximately 5,300 employees between 2011 and 2016 as a result of fraudulent sales
CEO of Wells Fargo
![Page 11: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/11.jpg)
Who is Jerome Kerviel
Rogue Trading: SOC GEN Societe Generale
• Jerome Kerviel was a junior level derivatives
trader at Societe Generale, one of Europe’s largest banks
• Kerviel had been trading profitably in • Kerviel had been trading profitably in
anticipation of falling market prices; however, they have accused him of exceeding his authority to engage in unauthorized trades totaling as much as €4.9 billion (US$7.2 billion)
• Thousands of trades were hidden behind offsetting faked hedge trades
![Page 12: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/12.jpg)
World Trade Center Attack, Collapse 9/11
These are losses incurred by damages caused to physical assets due to natural disasters or other events like terrorism and vandalism. Rapid and unexpected changes in climatic conditions have been a constant cause of concern in the business world for more than a decade in recent history..
![Page 13: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/13.jpg)
Internal Fraud: $������������ �� ��%��� 499 #���"��
������������������� ��� 499,272,777.95 ���� 2552
Background:• ���& 33 �• ()�*+��-�+��/0�������1&23 ��4-)�3��� xx 6�7�� xx• �)����/03��� xx 3����8/�1 ���1:� 9 � (�;�*( �.�. 2542 <=� �.7. 2552
7&>3?��(:• ���1�:�����8/�8 2 �@� A?�7�?/��41�(����&-�(• ���1�:�����8/�8 2 �@� A?�7�?/��41�(����&-�(• �1�:�7B>+���:� 7 +:��A828��/0A?(���C�7�D0��78�:�
���:4��/�8:• 3���������7��C-����4� ���EC/8����/;�-����F����4-)� ���3��� A *:43���B -)�1 419 ������ �����1? 499.27 :���� *:43���������F���������EC/���(��� +�D�IB�/0��/0�1����-)�1�8/�1�� �4+1��1��/0 20 �.�. 2551 <=� 20 �?.�. 2552• ��<B�2���� ATM -����EC/8����/;�-����F����4-)� ��� 3��� A *:43���B A������EC/���(��� +�D�IB�/0��/0�1����+:��6�7����3��?3*71� 1�:4 30 ������ ������:4 30,000 ��� �1?����1�:4 700,000 - 900,000 ��� �&�1� ���1:� 1 �7�=0� 28���O���1:�+:���:��� C1��/0�4�����A?�8 �0��)��������&-�(�/0�7�D0��7�?�1�(�����(28�A??/�7�3�3��
�4�4�1:�:• �4�4�1:��/0�)�����&-�( 1 � 5 �8D�
![Page 14: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/14.jpg)
Damage to Physical Assets: ��������� � 2554
��������� ������������� 2554 �������� !�"��#����������� $ ��%&�'��� ��(�����" ��)��!" �����#�* ����"�+��!"�� "��(�����"���� 7 ��� ��-���!� &�'� �.�#���/�� 5 ��� ��'���"/��# 2 ��� "#$������!"����'"�0 840 $����� "3� � !�"��#�����!" 237,410 ���7��
![Page 15: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/15.jpg)
Damage to Physical Assets: ����'�� �#()�������*#������'� � 2547
• �+(&���>7:/03/�?�/0��8�=;���4��OA��� 2547 3�I:��4�������&*�����(�D;�/0 �7�( 6 -��+1�8 7D� B��R( ����� ��4�/0 �4�� 3(B: *:4(��� ��+�� �����6��?C�(7��;��0��+E @=0�A?�7�����S?������4��OA�� 71�?3BE�3/������+E+:1�8���:�1 *?������� ��-4-)���8��B�T��4���1>C��F��4�:��� 6 -��+1�8 �7�(����; *(?+�( ��7��;�/;�RA83�I:��4����4��D�(��O�WX�-A��28��1?��B����?��81�
• �31���6�7���/0��B���(�D;�/08���:�1 I:��4���;�)��+6�7��(����4��O�8�)����3�����D;�/0 �1?��;�(B ATM *:4�B6*:���:/0���(��(����4��O�3/�+�� 71�?�3/�+���;���3�I:(�:B�7�3�CD0����6�7��81�
![Page 16: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/16.jpg)
Damage to Physical Assets: ������������ ������������������
1��/0 7 �.�. ��8�+(&��:�A+?6�7�� 3)������+E 28�-&8(��:���B�/0���1>C�; 10 ��7�� A @=0���+����R����3�� -��71�?�3/�+���/0��8�=;�)��+3)�����(�;�*( C�; 9-11 ��871�?�3/�+�� 7�871�?�3/�+����4?�> 100 :����
1/2
![Page 17: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/17.jpg)
Damage to Physical Assets: ������������ ������������������
*I�������+��71�?�3/0�����-���+(&���>AZA+??�(����(�?*I3)����T&��T��+��)����: /�� ��* �9��+��:;��&:;���7�����3 �����0#&��.= �����+��#;* ��7���'�7 ��-� �(�#�"�>���#;�)����: �)����7&���������"��>�?�7�(����* ����(���:;��*"(� +� ���-�8��R���?B:*:4���3��3)�7�E: /�� ��"#��-� (���.3��+�"3���'������)� �� $ �"#���)��)������'���A7���(�'�>���#; $ ��(�'�>���#;"#��."#�����*"(;)�!� 20 �$��"(����)���'����: /�� ��* �)���'���� !�"��#;�������&����-)��!�������'���� 10,510 �7.
2/2
![Page 18: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/18.jpg)
Operational Loss : Banking Industry• In banking industry, Operational Loss had occurred up to 23,061MB over three consecutive years while average
per year was 7,687 MB. Large Bank tends to have 3 year average significant OpLoss than others; 5,662MB.
OpLoss 3 Year Total
Industry = 23,061 MB
OpLoss 3 Year Average
Industry = 7,687 MBL
M
L
M
• Comparing to OpRisk capital; which calculation is mainly based on GROSS INCOME factor, % OpLoss/OpRisk capital was about 13%. The number tends to have higher proportion in bank with small sizes.
Unit: MB
%OpLoss to Capital
Industry = 13%
Unit: MB
L
M
S
M
S S
![Page 19: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/19.jpg)
• OpLoss control in term of Risk management, have an influence on OpLoss decrease and gap expansion between profit and loss
4,643
*
Impact of Risk Management to Organization’s performance
* Estimate 12-Month Net Profit & OpLoss
*
No. of Event (#)
Net Profit (MB)
OpLoss (MB)
586
620536
413267
220 **
** Estimate 12-Month OpLoss Event
![Page 20: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/20.jpg)
Agenda
• Definition of Operational Risk and Loss Event
• 2017 COSO ERM Updated Framework and Key Changes
• Key Success Factor in Operational Risk Management
• End-to-End Process Approach
![Page 21: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/21.jpg)
2017 COSO : Enterprise Risk Management –Integrating with strategy and Performance
�The Original Framework is widely accepted and used to enhance and organization’s ability to manage uncertainty and to consider how much risk to accept as they strive to increase stakeholder value”
Why update the 2004 Enterprise Risk Management – Integrated Framework
“Since 2004, the complexity of risk has changed, significant new risks have emerged and boards have enhanced their awareness and oversight of risk management; therefore, updating to framework provides greater insight into strategy and the role of enterprise risk management in the setting and execution of strategy, enhance the alignment between organizational performance and enterprise risk management”
![Page 22: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/22.jpg)
Explore how ERM practices support identification and assessment of risk that may impact performance
No longer focused on preventive the erosion of value and minimizing risk. It is viewed as integral to strategy setting and the identification of opportunities to create value
2017 COSO ERM : Key Changes
Alignment between
performance and ERM
Emphasizes relationship between risk
and value
Expand three concept1. The possibility of strategy and
business objective not aligning with mission, vision, and value
2. The implication from selected strategy
3. Risk to executing the strategy
Risk is not positioned as a separate activity. It is presented through the lens of supporting an organization’s operations, managing performance
and ERM and value
Focus on the integration of
ERM
Elevates discussion of strategy
![Page 23: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/23.jpg)
The role of risk in strategy selection
• Risk is a consideration in many strategy-setting processes. But risk is often evaluated primarily in relation to its potential effect on an already-determined strategy.
• 2017 COSO will emphasize more on these concepts
• The possibility of the strategy not aligning with an organization’s mission, vision, and core values
• The implication from the strategy chosenThe implication from the strategy chosen
• Risk to executing strategy
![Page 24: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/24.jpg)
A Focused Framework
![Page 25: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/25.jpg)
Benefits of Effective Enterprise Risk Management
Increasing the range of opportunities
Identifying and managing risk entity-wide
Both positive and negative aspects of risk management can identify new opportunities and unique challenges
A risk can originate in one part of the entity but impact different part. Management identifies and manages entity-wide risk to improve performance
Benefit of Effective ERM
Increasing positive outcomes and advantage while reducing negative surprise
Reducing performance variability
Improving resource deployment
ERM helps improve ability to identify risk establish appropriated response, reducing surprises cost & loss
ERM allows organization to anticipate risk that would affect performance and enable them to put proper action
Obtaining robust information of risk allows management assess, overall resource needs, prioritize and enhance resource allocation
![Page 26: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/26.jpg)
Agenda
• Definition of Operational Risk and Loss Event
• 2017 COSO ERM Updated Framework and Key Changes
• Key Success Factor in Operational Risk Management
• End-to-End Process Approach
![Page 27: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/27.jpg)
Key Success Factors for Effective Operational Risk Management
1. Good Governance
Structure
2. Effective ORM Tools
3. End to end risk Management & Integrated Tools
4. Embedding ORM to Day to Day Operation
& Activity
Effective
ORM
![Page 28: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/28.jpg)
Operational Risk Owner Under Three Lines of Defense
Manage day to day Operational RiskORM Framework and
Policy setting
Independent challenge and review of control
effectiveness
Business Unit Supporting UnitRisk ManagementCompliance Unit
Internal Audit
1st line of defense 2nd line of defense 3rd line of defense
• Risk Owner• Identify, Assess, Monitor and Report their own risk
• Establish risk policy and framework• Facilitate and monitor implementation of effective risk management practice
• Independent review of control effectiveness
![Page 29: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/29.jpg)
Effective Operational Risk – Reporting Line
![Page 30: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/30.jpg)
Example : Operational Risk – Reporting Line
RMCManagement Committee
Board of Director
New Product & Process Change Committee
������������� ���� RMC ��� ���� ����� ��� ������� �!"���#�� �
������ �������� � ����$��#%�&'(/���� � *�+� ��!����*!����+���� �% ��,� � ��!-�.!� ��� ������� ����� ��# ���/0,(���,� � �*�+��� ���� ��� ������0���� +�� *�+% ���++��� 0���1 ��
ORC
Committee
![Page 31: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/31.jpg)
Key Success Factors for Effective Operational Risk Management
1. Good Governance
Structure
2. Effective ORM Tools
3. End to end risk Management & Integrated Tools
4. Embedding ORM to Day to Day Operation
& Activity
Effective
ORM
![Page 32: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/32.jpg)
Standard Operational Risk Tools
Operational Loss Data Key Risk IndicatorsRisk & Control Self Assessment
• �������'�"��(����$ ��9 1. ��'�7��0+��&����� 2. ����+�"3�-����� 3. !�"��#�����#;�� +D����� #(4. ��(���0�#;�� +D�� �(��"��>
����� !�"��#����*!* • +�"3��#;��'�"�� * � ����(� ��(���0 !�"��#���� & $����� ��'��-� ��
• ��� Indicator �&:;�(� (�"/ !7 �"/ � !�"��#�����)� ���#;* -� LD & RCSA • �9��� Early Warning ���' �7��!���� & �� �
• �����-� �A7+�"3� Loss/Near Miss• ������$ � ORM Co +������!�������� �
![Page 33: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/33.jpg)
Operational Risk Loss Reporting
BU/SU ������ �������������������������������� ��
Action Plan �����*���*
2� ���� ����� ��� ���� � �!"���#�� � ����#3/!�+���(������ �� ����� �������� ��34���+���� � �/�������� *�+� �#/����� �0��
$���� � ������ � � �3�1 �� action plan 0���� +�� $� ���+���� �� � � *�+#��# ��� ���� � �!"���#�� �=
��+,-� *�� Loss /Near Miss 4� ORM Co
BU/SU
Action Plan �����*���*
RMC / Management :����+;����*
���*�����- ��<=� �����
>����:��-� *����=?�@����A��B Capital
33
!�+A��(���� B ��� ������C� Operational Loss Data�-� *�����*�����D�� <���+,@*�E�?������<� ���� �FG?�-� *������ �A�@�� �������*��D leverage A����*����������������-I=@���,���� �� *�������B����*�����@ J����*� exposure ���� M �<
![Page 34: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/34.jpg)
Risk and Control Self Assessment
BU/SU :�� Op Risk Profile
P� �!�+������ ������� �#���� A��� ����� ������ J4������#3/!�+���(������ �� �����+���� ��� ���� ������ *�+� � �3�1 �� action
plan �����!K������� ���������� �# *�+� � �3����/��+����� ������� �L����+���0�������.� $� ���+���� ��+�/ !�+���� �� ������
*�+!�+��0,�% ����� �����/�=
BU/SU
BU/SU :�� Op Risk Profile���� �-��@ ���*�����- �>J��� ���F�����>�;�������,�J*
RMC / Management :����+;����*���*�����- ��<=� �����
�����:��-� *�����*����������*���*@����A��BCapital
34
![Page 35: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/35.jpg)
Key Risk Indicator (KRI)
BU/SU
BU/SU E��E�* KRI S��@���T����� �*�E����FU ��<�*��
KRI DI����<,����A���
2#����M����� ������ �!-����������������� �#��# ��� ������ �� ��0�M��!-� Early Warning Indicator ������ BU/SU � � �3� �� �&(
�#/� �&(�� ���������� �# *�+��� #�� �!K����� ���������#/� �&(�� ���� =
35
��+,-� *�� KRI 4� ORM Co - ��J��S���
BU/SU KRI DI����<,����A���
RMC / Management:���<,���� KRI
�����-� *����=?����� F�<,F�J��S� Capital @����*���*ES
���*����������� ���
�*���EJ: �JB�*,<E�- � KRI ����� �E� ���*��D�<��FGE<���-:��������� ���*����������� ���
![Page 36: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/36.jpg)
Key Success Factors for Effective Operational Risk Management
1. Good Governance
Structure
4. Embedding
2. Effective ORM Tools
3. End to end risk
Management & Integrated
Tools
4. Embedding ORM to Day
to Day Operation &
Activity
Effective
ORM
![Page 37: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/37.jpg)
Having standard operational risk tools, many organizations also still fails with risk identification.
Why???
37
![Page 38: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/38.jpg)
Silo Based – Risk Assessment Approach
• Risk is traditionally assessed via Silo /Department Based
• Business Unit focuses on their own risk profile to manage their own performance , not organization performance
Without considering other
Dept. X
Silo/Department Based
Dept.1
Dept.2
Risk Profile
• Without considering other inter-related functions, risk can not be seen, identified, and properly managed entity-wide
• Resource deployment is for their own dept, not for entity-wide. This result in redundant and not efficiency throughout organization
Dept. 1
Dept. 2Dept. 3
Dept.3
Dept.X
![Page 39: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/39.jpg)
End-to-End Process – Risk Assessment Approach
• In new Era, Risk Assessment evolve in End-to-End Process Based Approach
• Risk Owner identifies and manages risk profile by considering inter-related functions/process. With
Dept. 1
Dept. 2
Dept.1
Dept.2
ProductA
ProductB
ProductC
ProductX
Risk Profile
functions/process. With this way, not only entity performance is focused but also dept and process-wise
• Resource deployment is efficiently used for entity-wide.
Dept. 3
Dept. X
Dept.3
Dept.X
AB CXRisk Profile
![Page 40: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/40.jpg)
Key Success Factors for Effective Operational Risk Management
1. Good Governance
Structure
4. Embedding
2. Effective ORM Tools
3. End to end risk
Management & Integrated
Tools
4. Embedding ORM to Day
to Day Operation &
Activity
Effective
ORM
![Page 41: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/41.jpg)
Embedding Operational Risk into Day to Day Management
1. Product Development /
Change 4. Product
Review
1. Product Development /
Change 5. Product
Review
Product & Process Change Life Cycle
Old Life Cycle New Life Cycle
Change Management
2. Development &
Implementation
3. Product
Launch
Review Change Management
2. Risk
Assessment
3. Development & Implementation
4. Product
Launch
Review
Benefit & Cost Trade - off
Benefit
Cost Risk
Trade - off
![Page 42: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/42.jpg)
New Product and Process Risk Process
New Product Process and Change in Process Verification after Product Launch
Path Identification
Product/ProcessPerformance Review
Risk AssessmentProduct/service/process Design
Development
Minor ChangeRisk Assessment &Mitigation plan
Fast track
Sign : BU/SU Head
Product/Service Development and Readiness Verification
ReadinessVerification
-Establish Project Team-Feasibility Study &
Business Plan & Budget Approved
Final : MC (in Case that Feasibility study has not approved)
Sign : BU/SU Head/Risk Final : RMC in Case of High Risk Level
Sign : BU/SU HeadFinal: NPPRC Comm**
Path Identification
Development
Review
ReadinessVerification
Auditing
Acceptance Certificate
Product/Process Change Proposal Template e.g- Change Summary - E2E Process Change - Impact - Cost Benefit Analysis
Sign : BU/SU Head
Major Change ( Involve NPPRC )
TOOLS
within 1 year after Launch
Risk Assessment & Mitigation plan
Sign : BU/SU HeadRisk Standard Verification : Risk Division
-Mutual Agreement if any, escalate to NPRC - Definition / Criteria
AUTHORIZER
-Feasibility Study & Business Proposition
-Process Verification: BA-Sign : BU/SU Head* Adhoc during the year, business plan & budgeting must be approved according to delegation of authority first
![Page 43: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/43.jpg)
Agenda
• Definition of Operational Risk and Loss Event
• 2017 COSO ERM Updated Framework and Key Changes
• Key Success Factor in Operational Risk Management
• End-to-End Process Approach
![Page 44: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/44.jpg)
Product-wise Risk Profile Methodology
2) Enhancing of E2E Business Process
4) Prioritizing Risk Profile• In-depth risk analysis on high level risk
- Root cause analysis- Mitigation plan proposal
1) Understanding Business Concept• Business model• Product coverage• Operating model
3) Enhancing Product Risk Profile• Dept-wise RCSA change to E2E product wise• Mapping Loss to process• E2E risk and control assessment
![Page 45: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/45.jpg)
Floor Plan Product: Business Model
Motor/+,� -��!�,#
������� ��� ���
� ������������
�������� �����������
“ Without knowing Business Model, Risk Manager can not be able to deeply understand underlining risk”
Dealer
Retail CustomerOther Bank
KK Bank
�����
� ��������
� ������� �
�������
!"�� �� #�$%��������������
� ��������
45
![Page 46: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/46.jpg)
Product Coverage
Product Sub Product Product Manager #Customer
FloorplanLending
- Floorplan
- Term loan- OD/PN/LG
Mr.XXXX 4000
![Page 47: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/47.jpg)
Floor Plan : Operating Model
Overview Front office Supporting Office
Main Processing and Operation
� &�b�����(�0c� (� (��3 �� ����"������ ��7�-��7�����3� (�!-��7-)��!��>� ��79)��'����3
Relate department �d������9:;�/���-f����&��
� !�� ��'���'���"�(�g� ��'�"�������'��� -� �)������� ��(���"-)����
� 7���D+�"3�!������ -� �A7������ (�!-��7��:;��*+���7�� �7�-������3� � 7��9#/!�����
� d��!�� ��'�� � �(�3 �/���- � d��&�/#������9:;�Relate department �d������9:;�/���-f����&�����+��d������/��'7��������������9:;�/���-
Key Main System FP offering sheet, �7�-� )�������, Warning System, Work Flow, FMS, FP Lending, SKS, Cash allocation, G-able, LOA-REG, LOA, FCR, KK teller, ABR
� d��!�� ��'�� � �(�3 �/���-� d����'�"���� ����&����� d�����������9:;���'�9�t:��� d����(���"
� d��&�/#������9:;�� d���?�7�(��������'��g� d���?�7�(�������9:;�� d���?�7�(���9)��'����� d��7��9#
![Page 48: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/48.jpg)
Product-wise Risk Profile Methodology
2) Enhancing of E2E Business Process
4) Prioritizing Risk Profile• In-depth risk analysis on high level risk
- Root cause analysis- Mitigation plan proposal
1) Understanding Business Concept• Business model• Product coverage• Operating model
3) Enhancing Product Risk Profile• Dept-wise RCSA change to E2E product wise• Mapping Loss to process• E2E risk and control assessment
![Page 49: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/49.jpg)
Floor Plan : High level E2E business process
P2 (� (��3 �
P17 ���7����$ ��������#� (�0# ��9)��')
P1 &�b�����(�0c
P4 !�� ��'���'���"�(�g
P5 -� �)������
P3 ��'�"�������'��
d������/����9:;�g d����'�"���� �g
d��!�� ��'�� � �(g
d�������g
*P16 (����7��>��'"3� KK*�0#�7�����3-�����'"3�.3�� KK d������9:;�/���-f����&��-'����3(����7�
d������9:;�/���-f����&��
(�0# ��9)��')
P6 ����"�����
P10 ��7�-�(����7�����3
P13 (�!-��7-)��!��>
P14 ��79)��'����3
P7 ��(���"-)����
P8 7���D+�"3�!����� P9 -� �A7�����
P11 (�!-��7��:;��*+P12 �7�-������3
P15 � 7��9#/!�����
P9
�'7!����������"�(�
��+� d����(���"
d���?�7�(�������9:;�g d���?�7�(��������'��g
d��&�/#��gP16
P17(�0# ��9)��')
(�0#9)��' �7>!�)
![Page 50: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/50.jpg)
Product-wise Risk Profile Methodology
2) Enhancing of E2E Business Process
4) Prioritizing Risk Profile• In-depth risk analysis on high level risk
- Root cause analysis- Mitigation plan proposal
1) Understanding Business Concept• Business model• Product coverage• Operating model
3) Enhancing Product Risk Profile• Dept-wise RCSA change to E2E product wise• Mapping Loss to process• E2E risk and control assessment
![Page 51: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/51.jpg)
Dept wise to E2E process wise
Non-Process RelatedOnly Department Assessment
Integrated E2E Process Risk & Loss Analysis
Mapping risk & Loss by process
![Page 52: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/52.jpg)
Floor Plan : Mapping Loss by process (E2E)
P2 (� (��3 �L (-) NM (-) Non (-)
P17 ���7����$ ��������#� (�0# ��9)��')
L (-) NM (-) Non (9)
P1 &�b�����(�0cL (-) NM (-) Non (-)
P4 !�� ��'���'���"�(�gL (-) NM (-) Non (10)
P5 -� �)������L (1) NM (-) Non (2)
P3 ��'�"�������'��L (-) NM (-) Non (3)
d������/����9:;�g d����'�"���� �g
d��!�� ��'�� � �(g
d�������g
Top Loss Amount1) $Mitsu999 =133M (Mitigated) (P12)2) $���7 (Double Finance)= 11.7M (Mitigated) (P14)
L
Top Frequently 1) #Non �)���������(�!-�> = 67 (P13)
F
*P16 (����7��>��'"3� KKL (-) NM (-) Non (-)
d������9:;�/���-f����&��
Mapping Loss Amount and Frequency
F
18 ������ 59%&$�������������%����� ��� %� ��' � 03/2559
P6 ����"�����L (-) NM (-) Non (-)
P10 ��7�-�(����7�����3L (-) NM (-) Non (1)
P13 (�!-��7-)��!��>L (-) NM (-) Non (68)
P14 ��79)��'����3L (14) NM (48) Non (17)
P7 ��(���"-)����L (1) NM (-) Non (-)
P8 7���D+�"3�!�����L (3) NM (-) Non (3)
P9 -� �A7�����L (-) NM (-) Non (2)
P11 (�!-��7��:;��*+L (-) NM (-) Non (7)
P12 �7�-������3L (7) NM (3) Non (5)
P15 � 7��9#/!�����L (-) NM (-) Non (1)
P9
�'7!����������"�(�
��+� d����(���"
d���?�7�(�������9:;�g d���?�7�(��������'��g
d��&�/#��g
L
1) #Non �)���������(�!-�> = 67 (P13)2) $NM ���7 (Double Finance)= 48
(Mitigated) (P14)3) #Non � �"7��. *"���= 7 (P17)
P15
P16(�0# ��9)��')
(�0#9)��' �7>!�)*�0#�7�����3-�����'"3�.3�� KK d������9:;�/���-f����&��-'����3(����7�
L
F
F
52
![Page 53: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/53.jpg)
Mapping previous RCSA and Loss by process
2. Mapping risk & Loss for accuracy risk level
1. Mapping risk & Loss for unidentified risk
![Page 54: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/54.jpg)
Mapping Loss frequency & impact for accuracy assessment
!�"��#;���#;*"�� ����7��(���0 !�"��#����
No Process Risk Risk EventType
RiskLevel
Current Control #Events in 2015
Total GrossLoss in
2015
ProposedRisk Level
1 P14 � �����$����./
� ��������0��� ������� � Floorplan (Double
Finance)
ET7 M 1. ���������2 ���� ������� ���3���3�/' ���4� #�$%��%5����!6�� 7���3�/�!8��7�9��� ���
2. �$������7�������/��.����� ���� ������� �:��;�7��:������ ����'$�� ����� ���7 �� �
3. ���'� Reconcile �/��.���' �0��� ������� ��$����� Floor Plan #�$
18 1.7M H
������ ��$����� Floor Plan #�$ HP & � �5���4�
![Page 55: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/55.jpg)
Product / Dept/ Process Risk Assessment Perspective
FP01 <��A�@,- J*<E����T�� (CA)
de����T�� >J��� f� �����
FP02 ��������������E���*��*��D������
de���������������E de�Fh�,<E�������T�� >J���
de����F�I�i��j�*�����<kk�
(CA)
FP03 J*<E����T�� FP04 <�E<=������ E�* CA E�*���:���<, J*<E�
FP05 �S���<kk�E�*���� :- CA
FP06 ���������*@�<kk�
![Page 56: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/56.jpg)
Product-wise Risk Profile Methodology
2) Enhancing of E2E Business Process
4) Prioritizing Risk Profile• In-depth risk analysis on high level risk
- Root cause analysis- Mitigation plan proposal
1) Understanding Business Concept• Business model• Product coverage• Operating model
3) Enhancing Product Risk Profile• Dept-wise RCSA change to E2E product wise• Mapping Loss to process• E2E risk and control assessment
![Page 57: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/57.jpg)
Product Wise – Product Risk Profile
R7 (1) A?8)�����+���:�:�+/; (Double Finance)
• *" )����������7�7��#��7�9�t:�� tD;��)���"#�� :����� -� �9�t:���7/�� �� :����7 Dealer
R7 (2) Z��A?��1�7���)�+8���7;)���4����� �3�.
• *"* (�!-��7�� �7)��� �)���'�� 7��. +���3��#��)�����#����/�������:;� �)���'��
�' �7 !�"��#;��
H
Key Risk (RCSA)Key Risk (RCSA)
Res
idual
Risk
Map
M
H
VH
71�?</0
R7(1)R7(3)
H
R7(2)
���/�������:;� �)���'��
R7 (3) ���A?)�3������(�1-�<(�?����/0�)�+8
• *"�?�7�(�(�"�'7!����?�7�(���� �)���/�� ��*""#+�"3�����(�!-��7(�"��:;��*+���7����� tD;��>��--'>3�)�*��9��:�+��
R7 (4) ��?B:��D0�A��/0�C����1������4?B:A?<B�(��
• ��:;��*+�#;�9(�!-��7�3 �*">3(�� �����#;�3 �*"��"��>�9!�����������'"3��>*
Res
idual
Risk
Map
VL M HL VH
VL
L
M
71�?�&*��
MR7(4)
M
![Page 58: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/58.jpg)
���+���:�:�+/; Hire Purchase ��� FloorPlan���+���:�:�+/; Hire Purchase ��� FloorPlan
![Page 59: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/59.jpg)
3�&����:4��/�8����+(&���>
/�� ��*"* )����������7�7��#��>!�� Floorplan �#;-� �9�t:���7/�� �� ������3��#�7��=�� A tD;������ ������������*�����=0' Double Finance ���3��#� -)��!� 56 �� ���"3� � !�"��#���� 35.1 �7.
1�-�6&��-
A?+���:�:�+/;�<1�� FloorPlan �/0-�8�C�@D;����6�7��
Mitsu Motor
TJ�� �� A��S�3 4
Dealer Mitsu
999
#,������ ��
KK���%"���* %��.���!��/0
��������
����#"#"��/0
Dealer �������7���I:��4���/0(�??�
- 9� �-���3�#; Floorplan - Dealer *"* �)�����"�� 9)��' �)���*"��"��>�)�9� �-�-)�����*�- �'�7#�����7�3 � HP * - ��"�'�7#��A*"* >3$��"������"���/��+��/�� ��
HP S��� Dealer
1
2
![Page 60: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/60.jpg)
�E+�������1�7��4+��4�8R71�?�3/0��*�� Silo
Dealer
KK �&?�(1���3�CD0�Floorplan
Motor
��3�CD0�
@D;��<��D0�)�A����
-�����+��� Motor
KK F���S��(���3�CD0�6&��-
����'�"�� !�"��#;�� ���#;��!����"������'� A�+����#;��+��(���� (Silo) -'*"��A� !�"��#;���#;�#;�!��:;���� >�"� 3����=0' End to End -'����A���'� A��#;���� ��9�t:���#;(��-���� Dealer *" !�(��-�� :�$ �(�� (���)�"����7�7��#��7/�� ����
KK �&?�(1���3�CD0��C�@D;��<�(
#,������ ��
Dealer
KK F���S��(���3�CD0�������
-�����+��� Dealer@D;��<��D0�
)�A��C��
��3�CD0�-�(�!����-'��A�!� Dealer "#��#��7/�� ������+�����9:;� Floorplan �&:;�t:���>"�+�� �(�":;� Dealer +���>�#;3!����� Floorplan �7/�� ��* $ ��3 �"�+�����9:;��9�t:���7/�� �� /�� �� !��#;-'�)������#;�3 �"�-� �9�t:�����7�7��#��7 ����9:;� Floorplan +��Dealer *" !�-�� :����7 Dealer
![Page 61: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/61.jpg)
Recovery
Net Loss
No. of Event420.2
Role of Risk Management to Bank Performance
“ Risk Management is the process of identifying, analyzing and responding to risk factors throughout the life of a project and in the best interests of its objectives. Proper risk management implies control of possible future events and is proactive rather than reactive.”
Decreasing Trend of Operational Loss over 6 years
2,247
KK OpLoss vs. Capital
Gross Loss
23.1
252.4
15.2 8.6
44.5 9.1
586 620
536
413
267 194
Y2012 Y2013 Y2014 Y2015 Y2016 Y2017
No. of Event
49.6
420.2
95.4
20.4 34.5 9.9 49.6
420.2
20.4 34.5 95.4 9.9
Y2012 Y2013 Y2014 Y2015 Y2016 Y2017
1,0551,186
1,6171,748
2,1422,247
4.7%35.4%
1.3% 2.0% 4.5% 0.4%
Capital
OpLossNet Loss
![Page 62: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/62.jpg)
Net Profit
Role of Risk Management to Bank Performance
Unit: MB
* Estimate 12-Month Net Profit & OpLoss
Net Profitvs.OpLoss
Gap
Net Profitvs.OpLoss
Gap
Gap
![Page 63: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/63.jpg)
Appendix
![Page 64: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/64.jpg)
Cyber Attack: 12� %���3��"��4/������.�5 ���%��"�'���!4�4�
• 7����)��/(8(�@D;�37�-��IB�3/�+�� 28����:��/0��EC/ *:4+���(���4-)�(�1��4C�C
1. 7����:�?3)�����(���4C�C 28��C16/��� “��+�7���” 31?���:�A� *:1<��3)�����(���4C�C�����3���=;?��+? 28��:���4-)�(�1��4C�C 13 +:�������IB�3/�+��*:4)�A���@?���8�+?�����8?
2. 7���2��O���A�����:/0��+�3I������)�6&����?��A: -3�?��<<���A�A8��/03&8
• 7�����O��C��1������(�1-3����?B:�����;�IB�+�����2��O���*:4���6�7�� ���������@?�+? *:4��:/0��+�3I� -�)��+3�?��<2������-����EC/A8��;�+?8
��������71�?�3/�+��
�&77:��01A�:71��4?�8�41�������8�I���?B:3)�����(���4C�C+�D���?B:31(�1�D0� �C �/0��B 1��8D����8 �D0��-����-<B��C����31?����2?���?B:+�D��2?������-����EC/A8
IB�+�����:IB�+�����2��O���?D�<D�*:4IB�+�����6�7����A:71�(��?/?�(����(�1-3���/0��8�&?�=;��D0������A?�+��871�?�3/�+��:��W>4/;�/����7(
![Page 65: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/65.jpg)
Royal Bank of Scotland: IT Failures
• In June 2012, a failed software error left some customers unable to access their accounts for days, and cost RBS Group £175 million in compensation. A software update was applied on 19th June 2012 to RBS's batch software which controls its payment processing system. It later emerged that the update was corrupted by RBS technical staff. Customers' wages, payments and other transactions were disrupted. Some customers were unable to withdraw cash using ATMs or to see bank account details. Others faced fines for late payment of bills because the RBS system could not process direct debits.
![Page 66: End-to-end for effective operational risk management ...¸„ุณกมลรัตน์-1...Group of Operational Risk Framework and oversight all In her last role, she was the](https://reader033.vdocuments.site/reader033/viewer/2022060420/5f174981150e510e596fd423/html5/thumbnails/66.jpg)
System Error: �������!""#��
• /�� ��-'"#�'77����#;-� ����:;����$��-��>��d��'�!��7��9#�#;��#�!� Core Banking ��'"#�'77����(�'�!��9� �'77�����+� �'77������#��A" �'77/�� �����*�� �'77/�� �����":�>:� tD;�"��9:;�"(��&:;���+�"3��+�"���� core banking �#�#��D;� ���'77��� ��� ����D;� �9� ATM �9��*"* �!�����'77��� :� Core Banking A����9��* ��3• ���0#�#��":;��'77 Core Banking �" -D��������'77�����" �9���*"* tD;�����(���$������+�"/�� ��"�-�/�� ���:;� !� �":;� )���;����)�/����"+���3 �/�� ���:;� ����3���'77 �������'77*��#+��/�� ���:;�$�� ����9��� >D��"�'77*"�"(�"*� !��(A��-�'�7(����9���+���3 ����� !�"��A! ����(�7����/����"��37��• ����(�+���'77/�� ���" � !��� -� !�"(�����)�/����"�#;�&�;"+D���3�"� $ ��%&�'9!������ :��-��'77�����7*"*�! ���#;�'77/�� ���"9!������ :�� �����(���0�#;�� (� (�������� :����'*"* �� �7/�� ���&#������ #�! /�� ���������:;�� A�� ������=0'�#�"���!�9���