#MSTAR ONLINE REVIEW DRIVERS#Risk drivers identified during the SSA exercise are categorised into exposure, threat, vulnerability, intensity, recovery and business buckets to enable relevant mitigation actions, such as segregating businesses to reduce the impact of an event, and developing metrics to monitor exposure, threat and vulnerability. The project has created insights to help improve operational risk management. In a lot of areas where banks previously didn’t co-operate, they are now co-operating because it’s too costly to do on their own,” says Davis. “This project fits into the trend of banks getting better quality input or to reduce costs. The benchmarking results are used by participants: to better understand their risk profiles compared with their peers to challenge existing models or input from subject matter experts and to identify additional controls or risk mitigation opportunities. The pilot incorporates anonymised peer benchmarking of loss distribution results and the drivers. “Then you can do Monte Carlo simulations, shock the system and create a lot of outcomes.” “Rather than just look at history and come up with a point estimate of an event, it’s a way to capture everything you know about an uncertain future and project it out,” says Bob Davis, senior adviser at ABA. #MSTAR ONLINE REVIEW FULL#The full distribution of loss projections can be incorporated in regulatory exercises including stress-testing and capital planning. Computer simulations generate a distribution of potential tail events, in contrast to traditional outputs of single-point projections. Using the data that’s collected, ABA and Mstar have built a set of scenarios from the point of attack, through the IT infrastructure, and towards the intended target. The pilot has introduced the use of Structured Scenario Analysis ( SSA), which significantly elevated the quality of the estimation for these risks. Many banks employ scenario analysis to quantify large idiosyncratic risks as part of their operational risk capital and stress-testing processes. The pilot provides a common scheme for classifying cyber incidents, which the Federal Reserve Bank of Richmond has been encouraging banks to do. The project is a step in the direction of providing banks with a way to model cyber risks – something that’s proven elusive due to a dearth of historical data such as exists for market and credit risk The model views cyber risk along three dimensions: mode of attack means of access and assets. Recognising deficiencies in current quantification methodologies for cyber risk, ABA and Mstar launched the cyber risk modelling project at the beginning of 2019. The wide disparity in practices has led to accusations of gamesmanship among banks, with those being ultra-conservative in estimating losses, partly to appease regulators, seeing a resultant drag on capital from the operational risk component of CCAR. The project is a step in the direction of providing banks with a way to model cyber risks – something that’s proven elusive due to a dearth of historical data such as exists for market and credit risk. The identification of risk drivers and introduction of peer benchmarking help banks gain significant insight into their risk profiles, controls and risk mitigation effectiveness, which comprise essential information for improving risk management. “The ABA/Mstar cyber risk modelling project marks an important turning point for operational risk quantification by transforming a complex risk quantification concept into a set of risk assessment tasks, then reconstructing them into a model to achieve the quantification outcome,” says a senior operational risk quant at one of the participating banks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |