Overview Challenge and Offer
Operational risk is as great a threat as it is hard to analyze for both financial services and industrial companies.
In spite of complex models in practice, connections between different OpRisk events can hardly be identified in practice, and underlying causes often remain unrecognized.
On the other hand, data science methods have been already established for similar questions and allow the analysis of large amounts of different data in order to identify interdependencies, e.g. in the buying behavior of customers in online trading.
RiskDataScience has adapted existing data science methods to the requirements of operational risk management and has developed algorithms to identify interdependencies between operational losses.
Herewith, companies are able to identify causal relationships between damages and spend less time in the search for common causes. The entire accumulated knowledge can be used efficiently in order to prevent future damage as far as possible or to anticipate it at an early stage.
Operational risks can be assigned to the following categories, depending on the cause
- People: e.g. fraud, lack of knowledge, employee turnover
- Processes: e.g. .g. transaction errors, project risks, reporting errors, valuation errors
- Systems: e.g. programming errors, crashes
- External events: e.g. lawsuits, theft, fire, flooding
Usually, operational risks are categorized according to extent of damage and probability. Accordingly, suitable management strategies are:
- Avoidance: for big, unnecessary risks
- Insurance: for big, necessary risks
- Mitigation: esp. for smaller risks with a high probability of occurrence
- Acceptance: for risks that are part of the business model
Methods and Problem
The handling of operational risks is strictly regulated, especially in the financial services sector. For example, under Basel II / III, banks must underpin operational risks with equity capital. There are compulsory calculation schemes such as the Standardized Approach (SA) based on flat-rate factors and the Advanced Measurement Approach (AMA). The latter is based on distribution assumptions and will in future be replaced by the SA.
In terms of methodology, the following distinction is made among others between the treatment of operational risks:
- Questionnaires and self-assessment: probablities and extents are determined in a rather qualitative way
- Actuarial procedures: these are based on distribution assumptions based on past damage
- Key risk indicator procedures: easily observable measures are identified that serve for early warning
- Causal networks: interdependencies are mapped using Bayesian statistics
Interdependencies between and causes of operational risk can either not be determined at all or only in a very complex and error-prone manner.
Detecting relationships using data science techniques
For the analysis of the connections of several different events (“items“) methods from the field of association analysis are recommended.
The respective “market basket analysis” methods have already been established for several years and are used in particular in online commerce (for example, book recommendations in online commerce), search engine proposals or in retail (products on shelves).
Using association analysis, the common occurrence of different events can be identified directly and without distributional assumptions.
The enormous number of possible conclusions can be efficiently and properly limited by means of specially developed measures such as support, confidence and lift.
The analyses require programs based on appropriate analysis tools, e.g. Python, R or RapidMiner.
In addition, we offer a free web app for simple association analysis based on CSV files.
First, the damage data must be brought into a usable format for the analysis.
Depending on the type of damage, temporal aggregations (for example on a daily, weekly basis) must also be carried out.
Too often occurring or already explained types of damage have to be removed on the basis of expert assessments.
Before the start of the analysis, the criteria for the relevant inference rules should be set according to support and confidence. The determination of the criteria can be supported by graphics.
Subsequently, the conclusions of experts must be made plausible.
The steps should be repeated for all relevant time aggregations.
Use Case: analysis of a fictitious damage database
As an application example, a fictitious loss database of a bank was constructed for an entire year.
There were a total of 23 possible types of damage, including e.g. a flu epidemic, late reports, wrong valuations, and complaints about wrong advice. The following assumptions underlie the test example:
- Bad transactions are very common
- Deficiencies in the outsourcer hotline become apparent through requests for PC head crashes
- Reporting staff usually drive by car and are affected by a snowstorm
- After a valuation system crashes, wrong valuations occur
- Thefts occur during work after fire in the meeting room
- Staff shortages at suppliers lead to failed projects
- Massive customer complaints after experienced employees leave customer service
Because the wrong transactions were very frequent and incoherent, they were removed first:
First of all, all determined rules were graphically displayed to find the relevant support and confidence measurements.
The restriction of the confidence to a minimum of 0.6 gives the list shown below.
Of the found coincidences, the green ones turn out to be valid after plausibility check.
On a weekly and monthly basis, the procedure was analogous:
After a plausibility check of possible causal relationships, all assumptions used in the preparation could be identified in the data.
Offer levels for using association analysis in OpRisk
RiskDataScience enables customers to use and develop the described processes efficiently and company-specifically. According to the respective requirements, the following three expansion stages are proposed.
Stage 1: Methodology
- Introduction to the methodology of association analysis
- Handover and installation of existing solutions based on Python, R and RapidMiner – or, depending on customer requirements, support of the on-site implementation
- Transfer and documentation of the visualization and evaluation techniques
Customer is able to independently use and develop methodology.
Stage 2: Customizing
- Stage 1 and additionally
- Adaptation and possibly creation of criteria for rule selection according to circumstances of the respective customer
- Analysis of specific risks, processes and systems to identify optimal applications
- Development of a process description for an efficient use
- Communication and documentation of results to all stakeholders
Customer has custom procedures and operational risk analysis processes.
Stage 3: IT Solution
- Stage 1, Stage 2, and additionally
- Specification of all requirements for an automated IT solution
- Suggestion and contacting of potential providers
- Support in provider and tool selection
- Assistance in planning the implementation
- Professional and coordinative support of the implementation project
- Technical support after implementation of the IT solution
Customer has automated IT solution for efficient association analysis of operational risks.
Depending on customer requirements, a flexible design is possible. We are happy to explain our approach as part of a preliminary workshop.
Dr. Dimitrios Geromichalos
Founder / CEO
RiskDataScience UG (haftungsbeschränkt)
Theresienhöhe 28, 80339 München
Phone: +4989244407277, Fax: +4989244407001