Wednesday, April 17, 2019 03:04 PM / CBN
Operational Risk Capital Requirement
1. In calculating the capital requirements to cover operational risk, NIFIs are required to assess the correlations among the various types of risks and identify their possible impact in terms of operational risk. For NIFIs, operational risk can be broadly divided into four categories: General risks, Shari`ah Non-Compliance Risk, Legal risk and Fiduciary risk.
2. This Guidance Note makes provision for two methods of calculating operational risk capital charge: The Basic Indicator Approach (BIA) and The Standardized Approach (TSA).
3. NIFIs using the BIA are required to calculate their capital requirement by multiplying an indicator of its volume of business, gross income, by a specified regulatory percentage (currently 15%). They shall hold capital for operational risk equal to the average over the previous three years of a fixed percentage of positive annual gross income.
4. NIFIs using TSA are required to calculate their capital requirement by multiplying gross income by separate regulatory percentages (as specified in paragraph 30) for each of the eight Lines of Business (LOB) into which NIFIs’ activities are divided (corporate finance, trading and sales, retail banking, commercial banking, payment and settlement, agency services, asset management and retail brokerage).
5. TSA uses the gross income from the above business lines as a proxy for the scale of business operations and thus the likely scale of operational risk exposure within each of these business lines. The capital charge for each LOB is calculated by multiplying gross income by the factor assigned to that business line. The total operational risk capital charge is the three-year average of the simple addition of the capital charges across the eight LOBs in each year.
Adoption of Approaches
6. NIFIs are expected to adopt the BIA at the commencement date of this regulation. NIFIs that seek to adopt TSA must convince the CBN that they have achieved sound implementation of operational risk management framework and processes, and have adhered to the business line mapping principles, inter alia.
Governance And Management Of Operational Risks
Board, Management and Advisory Committee of Experts (ACE)
7. The Board of Directors plays a key role in establishing an effective and efficient operational risk management and control system. To this end, the Board and Senior management shall, where applicable:
a) Establish the general framework of the system;
b) Be responsible for its implementation;
c) Supervise its operation;
d) Verify its overall functionality and compliance with regulatory requirements; and
e) Establish the relevant sub-committees and reporting lines to ensure appropriate management and oversight of operational risk.
8. The ACE shall ensure that policies, products and processes are Shari’ ah-compliant.
Processes and Procedures
9. Specific attention shall be paid to the processes, functions and other aspects involved in the calculation of the capital requirement. Accordingly, NIFIs’ Board and Management shall have the specific responsibility for:
i. Identifying and measuring infrequent, yet severe loss events;
ii. Identifying the various forms and manner in which operational risks may materialize;
iii. Assessing the operational risks associated with the introduction of new products activities, processes and systems;
iv. Adopting contingency and business continuity plans that ensure their operational resilience and limit losses in the event of severe business disruptions; and
v. Periodic production of Operational Risk Management information reports.
Reversion of Approaches
10. NIFIs that have adopted TSA are not allowed to revert to the BIA without the approval of the CBN. However, if the CBN discovers that a NIFI using TSA no longer meets the qualifying criteria for the approach, it may require the NIFI to revert to the BIA until it meets the conditions specified by the supervisor before returning to TSA.
Sound Practices for Operational Risk Management
11. Regardless of the operational risk capital computation approach adopted, NIFIs are required to comply with principles provided for in Sound Practices for the Management and Supervision of Operational Risk (BCBS, February 2003), the Islamic Financial Services Board Standard on Risk Management for Islamic Financial Institutions (IFSB-1) and other relevant Risk Management Guidelines released by the CBN from time to time.
Basic Indicator Approach (BIA)
Calculation Method a) The capital requirement using the BIA shall be equal to 15% of the average of the last three years positive observations of the relevant indicator (i.e. gross income). The formula for the calculation is given below;
b) Gross income under this Guideline is defined as:
i. Net financing income which shall be gross of:
· Any provisions and write-offs made during the year
· Any operating expenses, including fees paid to outsourcing service providers; in addition to fees paid for services that are outsourced, fees received by NIFIs that provide outsourcing services shall be included in the definition of gross income
· Depreciation of Ijarah assets
ii. Net income from investment activities, including the NIFIs’ share of profits from Musharakah and Mudarabah financing activities;
iii. Fees income (e.g. agency and commission fees) Less
iv. Share of income attributable to Investment Account Holders (IAHs) and other account holders.
The gross income includes income attributable to restricted and unrestricted PSIA funds, but excludes extraordinary or exceptional income from Takaful and other activities, and realised profits/losses from the sale of Sukuk in the banking book.
c) However, if, for any given observation, the value of the relevant indicator is negative or equal to zero, this figure shall not be taken into account in calculating the total capital requirement. The requirement shall be calculated as the average for the positive observations only.
d) Where data on the relevant indicator is not available for certain observations during the applicable three-year period, the calculation of the requirement shall be based on the average of the available observations only.
e) If the relevant indicator or its components are related to a period less than 12 months (e.g. in the case of newly formed NIFIs, mergers and acquisitions), this value shall be annualized linearly. f) NIFIs shall be required to reconcile the gross income used in capital computation and the gross income reported in returns made to CBN.
The Standardized Approach
12. NIFIs seeking the approval of CBN for the use of The Standardized Approach (TSA) shall show that their Boards are actively involved in the oversight of operational risk management system; the system is conceptually sound and implemented with integrity and must have sufficient resources to support the use of the approach. They would therefore, be required to submit the following in support of their application:
i. Organization charts that specify the tasks and responsibilities of the operational risk management and control functions;
ii. A Board and ACE certification of compliance with qualifying criteria;
iii. A document describing the self-assessment process and the related findings; and
iv. The Internal Audit report on the adequacy of the operational risk management system.
13. NIFIs that are authorized to use TSA shall send to the CBN annually, a formal certification of compliance with the qualifying criteria and the internal audit report on the adequacy of the operational risk management system.
Qualifying criteria for the Standardized Approach
14. In order to obtain authorization to use TSA, NIFIs shall have adequate internal control procedures and an effective operational risk management system (specified below) in addition to adequate corporate governance mechanisms.
a) The self-assessment process
The self-assessment process shall consist of a formalized set of procedures and activities to:
i. Assess the quality of the operational risk management system, as well as its continuing compliance with regulatory requirements; and
ii. Appropriateness to operational needs and market developments.
15. The procedures for conducting the self-assessment and the related findings shall be adequately documented and reported to Senior Management and the Board. The report shall place specific emphasis on any aspect of the operational risk management system that requires improvement, including changes in the NIFI structure and operations, and on the assessment of compliance with the qualifying criteria.
b) Internal Audit / Shari’ah Review Function
16. The Internal Audit and the Shari’ ah Review units shall carry out periodic reviews of the operational risk management system and the self-assessment process at least once every year with a view to evaluating their effectiveness and compliance with the qualifying criteria.
17. The units shall forward their reports on the review to the Board of Directors for necessary corrective actions. The Shari'ah Review Unit shall forward its report through the ACE.
Operational Risk Management System
18. The key features of the operational risk management system are:
a) The mapping of activities into regulatory business lines
19. For the purpose of calculating the capital requirement, the NIFI shall map its activities into eight regulatory business lines, listed in Appendix A, in accordance with the following principles:
i. All activities shall be mapped into the business lines in a mutually exclusive and jointly exhaustive manner;
ii. Any activity that forms an integral or ancillary part of another shall be allocated in accordance with the mapping criteria for the main activity;
iii. An activity belonging to more than one business line shall be mapped to the dominant business line;
iv. Where an activity cannot be mapped on the basis of a dominant business line, it shall be mapped to the business line yielding the highest percentage of gross income. The same rule shall apply to any associated ancillary activity;
v. A compound activity shall be divided into its significant components, which shall be mapped to the most appropriate business lines on the basis of their nature and characteristics;
vi. NIFIs may use internal transfer pricing methods to allocate the relevant indicator to the various business lines;
vii. The mapping of activities into business lines shall be consistent with the categories adopted for credit and market risks.
viii. The mapping criteria shall be reviewed and adjusted in line with current business activities and the NIFI’s risk profiles.
ix. The process of mapping activities into business lines shall be subject to internal review and shall be documented.
In mapping activities into business lines, NIFIs shall take account of the table contained in Appendix A.
b) Supplementary Business Line Mapping Guidelines
20. There are a variety of valid approaches that NIFIs can use to map their activities to the eight business lines, provided the approach used meets the business line mapping principles. The following paragraphs 21-24 provides examples of approaches that could be used by a NIFI to map its gross income:
21. Gross income for retail banking consists of net income from financing retail customers and SMEs treated as retail, plus fees related to traditional retail activities, net income from Shari’ah-compliant derivatives held to hedge the retail banking book, and income on purchased retail receivables. To calculate net financing income for retail banking, a NIFI takes the income earned on its financing of retail customers less the profits paid to Investment Account Holders (cost of funding).
22. Gross income for commercial banking consists of the net financing income of corporate (plus SMEs treated as corporate), interbank and sovereign customers, plus fees related to traditional commercial banking activities including commitments, guarantees and net income (e.g. from Sukuk and dividends) on securities held in the banking book. Again, the calculation of net financing income is based on income earned on financing of corporate, Shari’ ah-compliant interbank and sovereign customers less the weighted average cost of funding for these risk assets.
23. For trading and sales, gross income consists of profits/losses on instruments held for trading purposes (i.e. in the mark-to-market book), net of funding cost, plus fees and commissions.
24. For the other five business lines, gross income consists primarily of the net fees/commissions earned in each of these businesses. Payment and settlement consists of fees to cover provision of payment/settlement facilities for wholesale counterparties.
c) The operational risk data collection and storage system
25. NIFIs are required to establish an operational risk data collection and storage system, which at a minimum shall include material losses and any related recoveries, which are capable of ensuring the effectiveness of the risk management system.
26. The system shall ensure on a continuing basis that the data are relevant, reliable and up to date. For this purpose, NIFIs shall:
i. Develop information systems capable of ensuring the integrity, confidentiality and availability of the data over time;
ii. Carry out periodic reviews of the operational risk data collection and storage system.
d) Assessment of exposure to operational risks
27. At least once a year, NIFIs shall conduct an assessment of their exposure to operational risks for the entire NIFI and significant operating segments. The results of the assessment shall form an integral part of the process of controlling the NIFI’s operational risk profile and shall be reported to the Board and Management, and within the scope of their duties, to the managers of the operating segments involved. The results of the assessment shall be used by Management to mitigate operational risks. Any significant changes in a NIFIs business strategy, risk profile and size also should require the NIFI’s Internal Capital Adequacy Assessment Plan to be re-visited and updated.
e) The reporting system
28. NIFIs shall establish a reporting system which ensures that the Board, Management and all the functions involved have access to appropriate information on operational risk. At a minimum, the information shall include:
i. Results of the assessment of operational risk exposure;
ii. Material losses and related recoveries;
iii. Description of actions taken to prevent and mitigate operational risks, with information on their effectiveness.
Calculation of the capital requirement using TSA
29. Under The Standardized Approach, the capital requirement for operational risk shall be equal to the average of the last three years observations of the Standardized Approach amount.
30. The Standardized Approach amount shall be calculated for each year as the sum of the relevant indicators (gross income as defined under BIA) for the business lines weighted on the basis of the percentages indicated below.
31. Where the weighted relevant indicator of a business line is negative, it shall be included in calculating the Standardized Approach amount. Where the Standardized Approach amount for a given year is negative, then the result for that year shall be zero and shall be included in the calculation of the three-year average.
32. In any given year, negative capital charges (resulting from negative gross income) in any business line may offset positive capital charges in other business lines without limit.
33. Where data on the relevant indicator is not available for certain periods during the applicable three-year period, the calculation of the capital requirement shall be based on the average of the available periods only.
34. If the relevant indicator or its components are related to a period less than 12 months (e.g. in the case of newly formed NIFIs, mergers and acquisitions), this value shall be annualized linearly.
35. In the event that a NIFI migrates from the Basic Indicator Approach to The Standardized Approach (after CBN approval) during the year, the capital requirement is calculated by using the new method from the first reporting date.
36. Appendix B shows an example of using The Standardized Approach for calculating capital requirement for operational risk.
Download Here – Guidance Notes