Response to consultation on draft Regulatory Technical Standards on assessment methodologies for the Advanced Measurement Approaches for operational risk

Go back

Q2: Do you support the treatment under an AMA regulatory capital of fraud events in the credit area, as envisaged in Article 6? Do you support the phase-in approach for its implementation as set out in Article 48?

Having discussed the proposed changes with internal management in the Operational Risk, Credit Risk and Fraud Management areas the following issues have been identified with the EBA proposal:
• It is an over simplification and potentially misleading to position First Party Lending Fraud where Fraud has occurred in the initial application, as a pure Operational Risk Loss:

- In such cases the credit lending process will have been applied, a contractual agreement will have been entered into and the customer may be part way through repayment of the loan before defaulting on the facility.
- It is unclear how this proposal can be complied with at the same time as complying with other Credit and Financial Reporting Regulations
- Are Credit Risk requirements being explicitly amended to ensure that there is absolute clarity that these types of events do not fall within the definition of Credit Risk?
- Have Financial reporting requirements been considered (see next bullet)?

• The proposal will require the financial reporting of First Party Lending Fraud in multiple ways, which will increase reporting requirements and challenges on external disclosure:

- On loan impairments, the financial accounting and reporting requirements for lending are governed by accounting standards on financial instruments. Once the bank advances funds under a contractual arrangement, any event that affects the estimated future cash flows from the contract and causes the bank to recover less than is due under the contractual terms of the loan results in an impairment loss. This must be reported as an impairment loss in the financial statements. This is true whether the loss results from fraud, negligence, economic deterioration, or other factors or a combination of such factors.
- The reporting of impairment losses by banks in accordance with accounting standards is important to ensure that investors receive consistent and comparable information on impairment losses.

• The change does not benefit the management or measurement of this risk:
- First Party Lending Fraud is already identified and monitored by management to consider process/control enhancements. Trying to distinguish whether the Fraud applied at the time of initial application or subsequent lending is challenging and the split between Operational Risk and Credit Risk has the potential to create confusion for management.

- The appropriate way to model First Party Lending Fraud exposure is by utilising credit risk models which consider the PD and LGD as the maximum potential exposure is known. This contrasts with Operational Risk where the maximum potential exposure is rarely known and OpR models use techniques, which extrapolate into the tail of the distribution. Using existing Operational Risk Models to capture First Party Lending losses would be inappropriate.

- The Consultation Paper suggests that by separating out First Party Lending Fraud this will result in a reduction in the cost of lending to the customer. It is unclear why a cost of the lending process however categorised would not be priced in to the lending facility?

• The costs of the change outweigh any potential benefit:
- The Credit Risk Function will need to change its data collection process going forward to exclude First Party Lending Fraud that occurs during an initial application. Historic Credit Risk data sets if used will need to be adjusted. There may also be implications on existing Credit Risk models although this will need to be tested and determined.

- Operational Risk will need to adopt Credit Risk Modelling techniques to model this type of risk as previously highlighted.

- In Commercial Banking, a majority of First Party Lending Fraud will materialise within existing banking relationships where potentially long-standing customers run into difficulties rather than initial application. Changes to data capture, historic credit risk data sets and potentially Credit Risk models will need to be made to accommodate this change for minimal if any benefit. This may vary from Retail Banking where potentially a greater percentage of First Party Lending Fraud may occur in initial applications.

• The definition of First Party Lending Fraud and Third Party Lending Fraud included in the consultation paper both include identity theft. We believe that identity theft should be included within the definition of third party lending fraud.

• A longer Phase in process would be required as there would be a period required for changing data collection processes, modelling approaches, and potentially systems change. Even after data collection processes have been changed there would be a three year period to have a minimum set of data to model in line with Regulatory requirements.

Q3: Do you support the collection of ’opportunity costs/loss revenues‘ and internal costs at least for managerial purposes, as envisaged in Article 7(2)?

The capture of ‘opportunity costs/lost revenues’ for Banks is very challenging. There is no consistent industry approach to quantifying these types of impacts. The priority for loss data capture is to capture direct P&L costs on a consistent basis. Any guidance around ‘opportunity costs/lost revenues’ should clarify that this additional information should be considered for material events with a much higher threshold than the loss data capture threshold.

Q4: Do you support the items in the lists of operational risk events in Articles 4, 5 and 6, and the items in the list of operational risk loss in Article 7? Or should more items be included in any of these lists?

• Legal Risk definition – in addition to our comments in our response to Q1, it is unclear why Legal Risk would reference internal rules and ethical conduct?
• Market Related activities – please see our response to Q1
• Credit related activities – please see our response to Q2
• For near misses, operational risk gains, opportunity costs and lost revenues, the acceptability of using higher thresholds should be included in the RTS.

Q5. Do you support that the dependence structure between operational risk events cannot be based on Gaussian or Normal-like distributions, as envisaged in Article 26 (3)? If not, how could it be ensured that correlations and dependencies are well-captured?

Yes

Q6: Do you support the use of the operational risk measurement system not only for the calculation of the AMA regulatory capital but also for the purposes of internal capital adequacy assessment, as envisaged in Article (42)(d)?

Yes, although the RTS should acknowledge that there may be reasons for differences between Regulatory Capital and Economic Capital Methodologies.

Name of organisation

HSBC