FRM操作风险管理 | 如何进行案例分析?
行业资讯 | 2019-04-17
若您想从他人的操作风险错误中吸取教训,同时防控可能严重影响您公司声誉和底线的风险事件,那么案例研究是您较好的选择。有效的操作风险案例研究需要询问正确的问题,详细说明事件的后果,并提供建议避免类似事故。
当考虑操作风险时,我们可能会首先想到欺诈和信息技术故障,但简单的人为错误也是其中的一部分。去年三星证券的“乌龙指”事件正是一个很好的例子,研究该案例我们能够了解到人为错误、监管不力和系统缺陷的风险。
三星证券是韩国最大的经纪公司之一。2018年4月6日,三星证券意外地向员工发放了价值1050亿美元的股票。根据该公司的股权计划,它本来应该向约2,000名员工支付价值28亿韩元(260万美元)的股息。但三星证券的一名员工错误地将“股票(shares)”而不是“韩元 (won, 韩国的货币)”输入系统,导致实际上发行了28亿股票,这个数字超过该公司已发行股票数量的30倍。
三星证券在37分钟后就发现了该错误,并通知受影响的员工该股票是被错误发放的。尽管公司发出了警告,部分员工已经抛售了股票。
三星证券出了什么问题呢?很多问题。让我们根据案例研究模型将该事件庖丁解牛,以了解该事件涉及了哪些风险因素,后果如何,以及我们能够从中吸取哪些教训。》》更多金融证书相关问题点我咨询
蝴蝶结模型
Good case studies can either be outsourced or written internally, based on public resources. One of the most popular and effective approaches to operational risk case studies is the bow-tie model, which (1) explains the underlying causes, motives, opportunities and means that are at the basis of the incident; (2) thoroughly describes the incident itself; and (3) breaks down the consequences, including direct and indirect loss amounts.
The bow-tie model can certainly help us understand what happened at Samsung Securities, and can also yield ideas on preventing similar incidents from unfolding in the future. The “fat finger” incident happened in just a fraction of a second – an errant keystroke resulting in the issuance of an extremely costly and grossly erroneous dividend. The underlying causes include poor supervision, ineffective internal controls and inadequate regulatory monitoring.
The model also yields a series of probing questions about the incident: Why was one person allowed to initiate and authorize this transaction? Why did there appear to be no segregation of duties? Why didn't the IT system block the issuance and distribution of an extraordinary number of shares? And why wasn't the naked short-selling immediately prevented?
The consequences of this blunder were manifold.Analysts criticized the firm for having neither a filtering system for preventing human errors nor a warning system that could have stopped the issuance of more shares than actually existed.
The Financial Supervisory Service, South Korea's financial watchdog, found that 21 employees of Samsung Securities had either sold or attempted to sell the mistakenly-issued shares. All 21 lost their jobs, and several are facing criminal charges.
The National Pension Service, South Korea's biggest pension fund, stopped using Samsung Securities to trade stock almost immediately after the incident. Roughly seven weeks later, South Korean prosecutors raided the broker's head office, which precipitated the partial suspension of its brokerage services and the resignation of its CEO.
独特的挑战
Operational risk is different from – and I think more difficult to manage than – credit risk and market risk. One reason is that it can arise anywhere in the organization – from commercial units, to brick-and-mortar bank shops, to support functions and IT systems.
Its impact, moreover, is difficult to quantify. Keep in mind that the advanced modeling approach to measuring operational risk has been eliminated, while the new benchmark – the standardized measurement approach – has drawbacks of its own.
While banks use databases to collect and store data on operational risk incidents, it is difficult, in practice, to extrapolate from these past occurrences – particularly with respect to quantifying losses.
Indeed, a bank's own incident database provides only a very limited view of its current operational risk exposure. The incident data that is collected is typically the result of a stochastic process, and therefore not necessarily commensurate with a firm's operational risk exposure to specific event types.
The operational risk case study is the go-to methodology for overcoming this randomness bias. It expands the experience from learning from one's own errors to learning from errors made by others. While reading detailed accounts of incidents that happened elsewhere, operational risk managers may very well ask themselves questions that will help them avoid similar mistakes: Could this happen at our firm? If it does, what would I do? And what specific steps can our organization take to prevent this from happening?
一些其他思考
Case studies are among the biggest assets in the operational risk manager's toolkit. When we analyze the case study of the Samsung Securities “fat finger” incident, important questions are triggered. A more fundamental question relates to the irresponsible behavior of the 21 employees who attempted, illegally, to benefit from the “fat finger” blunder.
How would your employees behave under a similar scenario? Case studies provide the answers every firm needs to avoid being the next poster child for operational risk disaster.
.gif)
FRM官方交流群:909308278(点击直接加群)
▎来源金程FRM,更多内容请关注微信号金程FRM。原创文章,欢迎分享,若需引用或转载请保留此处信息。
相关标签 FRM一级
