We support the stated intent of the draft RTS standards to ‘...clarify the scope of operational risk and the scope of operational risk loss and specify common standards for the supervisory assessment of the governance of operational risk..’, since it is particularly important for Global Banks to have Regulatory consistency in the application of standards. However, as currently drafted, there are a number of proposed definitions/treatments in the RTS that lack clarity and are potentially detrimental to the management of operational risk. The industry responses from ORX, the British Bankers Association and European Banking Association cover a number of such points. However in particular HSBC would like to stress that the boundary proposals for Operational Risk/ Credit Risk, and Operational Risk/ Market Risk and the definition of Legal Risk require amendment. The feedback on Operational Risk/ Credit Risk (Lending Fraud) Proposals is covered in our response to Q2 below.
Operational Risk events occurring in market related activities
It is unclear what is the aim of the proposals for Operational Risk events occurring in market related activities. Not all Operational Risk losses in market related activities are impacted by market movements and will consequently not have impacts on Market Risk. The examples shown in the draft RTS are already considered to be within scope of Operational Risk and it is confusing to create a different term, which needs to flagged. If the aim is to ensure that the types of losses listed are captured as Operational Risk events then the section should be modified accordingly to state these examples should be captured as Operational Risk Losses.
Definition of Legal Risk
We agree that Legal Risk should be within scope of Operational Risk however the definition of Legal Risk proposed is too wide. The proposal includes within scope of Legal Risk events triggered by legal settlements. This could result in any category of Operational Risk being within the scope of Legal Risk if the event results in litigation. HSBC’s definition of Legal Risk includes a more narrowly defined scope of contractual risk, dispute risk and legislative risk. It is important that Legal Risk is precisely defined so that other Operational Risks are not misclassified as Legal Risk. As with all taxonomy, care is needed to ensure it is mutually exclusive and collectively exhaustive.
Having discussed the proposed changes with internal management in the Operational Risk, Credit Risk and Fraud Management areas the following issues have been identified with the EBA proposal:
• It is an over simplification and potentially misleading to position First Party Lending Fraud where Fraud has occurred in the initial application, as a pure Operational Risk Loss:
- In such cases the credit lending process will have been applied, a contractual agreement will have been entered into and the customer may be part way through repayment of the loan before defaulting on the facility.
- It is unclear how this proposal can be complied with at the same time as complying with other Credit and Financial Reporting Regulations
- Are Credit Risk requirements being explicitly amended to ensure that there is absolute clarity that these types of events do not fall within the definition of Credit Risk?
- Have Financial reporting requirements been considered (see next bullet)?
• The proposal will require the financial reporting of First Party Lending Fraud in multiple ways, which will increase reporting requirements and challenges on external disclosure:
- On loan impairments, the financial accounting and reporting requirements for lending are governed by accounting standards on financial instruments. Once the bank advances funds under a contractual arrangement, any event that affects the estimated future cash flows from the contract and causes the bank to recover less than is due under the contractual terms of the loan results in an impairment loss. This must be reported as an impairment loss in the financial statements. This is true whether the loss results from fraud, negligence, economic deterioration, or other factors or a combination of such factors.
- The reporting of impairment losses by banks in accordance with accounting standards is important to ensure that investors receive consistent and comparable information on impairment losses.
• The change does not benefit the management or measurement of this risk:
- First Party Lending Fraud is already identified and monitored by management to consider process/control enhancements. Trying to distinguish whether the Fraud applied at the time of initial application or subsequent lending is challenging and the split between Operational Risk and Credit Risk has the potential to create confusion for management.
- The appropriate way to model First Party Lending Fraud exposure is by utilising credit risk models which consider the PD and LGD as the maximum potential exposure is known. This contrasts with Operational Risk where the maximum potential exposure is rarely known and OpR models use techniques, which extrapolate into the tail of the distribution. Using existing Operational Risk Models to capture First Party Lending losses would be inappropriate.
- The Consultation Paper suggests that by separating out First Party Lending Fraud this will result in a reduction in the cost of lending to the customer. It is unclear why a cost of the lending process however categorised would not be priced in to the lending facility?
• The costs of the change outweigh any potential benefit:
- The Credit Risk Function will need to change its data collection process going forward to exclude First Party Lending Fraud that occurs during an initial application. Historic Credit Risk data sets if used will need to be adjusted. There may also be implications on existing Credit Risk models although this will need to be tested and determined.
- Operational Risk will need to adopt Credit Risk Modelling techniques to model this type of risk as previously highlighted.
- In Commercial Banking, a majority of First Party Lending Fraud will materialise within existing banking relationships where potentially long-standing customers run into difficulties rather than initial application. Changes to data capture, historic credit risk data sets and potentially Credit Risk models will need to be made to accommodate this change for minimal if any benefit. This may vary from Retail Banking where potentially a greater percentage of First Party Lending Fraud may occur in initial applications.
• The definition of First Party Lending Fraud and Third Party Lending Fraud included in the consultation paper both include identity theft. We believe that identity theft should be included within the definition of third party lending fraud.
• A longer Phase in process would be required as there would be a period required for changing data collection processes, modelling approaches, and potentially systems change. Even after data collection processes have been changed there would be a three year period to have a minimum set of data to model in line with Regulatory requirements.
The capture of ‘opportunity costs/lost revenues’ for Banks is very challenging. There is no consistent industry approach to quantifying these types of impacts. The priority for loss data capture is to capture direct P&L costs on a consistent basis. Any guidance around ‘opportunity costs/lost revenues’ should clarify that this additional information should be considered for material events with a much higher threshold than the loss data capture threshold.
• Legal Risk definition – in addition to our comments in our response to Q1, it is unclear why Legal Risk would reference internal rules and ethical conduct?
• Market Related activities – please see our response to Q1
• Credit related activities – please see our response to Q2
• For near misses, operational risk gains, opportunity costs and lost revenues, the acceptability of using higher thresholds should be included in the RTS.
Yes, although the RTS should acknowledge that there may be reasons for differences between Regulatory Capital and Economic Capital Methodologies.