The following articles talk about the new rules concerning operational risk for banks due the high levels of risk taking taken in previous years. Operational risk is just one or many risks faced by the management of the bank. Along with this risk I would like you to review the other risks faced by bank manager and explain why it is as important today to manage these risks as it was 5 years ago or 50 years ago.

Top 10 operational risks for 2017

Risk.net presents the top 10 operational risks of 2017, as chosen by risk practitioners

In a series of interviews that took place in November and December 2016, Risk.net spoke to chief risk officers, heads of operational risk and other op risk practitioners at financial services firms, including banks, insurers and asset managers. Based on the op risk concerns most frequently selected by those practitioners, we present our ranking of the top 10 operational risks for 2017.

#1: Cyber risk and data security

An overwhelming number of risk managers ranked the threat from cyber-attacks as their top operational risk for 2017 – the second year in a row it has topped the rankings, this year by an even larger margin.

And this is no surprise as the threat from cyber-attacks is not only growing, but also mutating into new and insidious forms, say risk practitioners.

From the Bangladesh Bank heist back in February – which saw hackers exploit vulnerabilities in the Swift financial communications network to steal $81 million from accounts belonging to the central bank – to November’s theft of £2.5 million ($3.1 million) from 9,000 Tesco Bank customers’ accounts following a data breach, the threat from cyber-attacks was an ever-present over the past year.

As if the reputational damage alone weren’t enough to spur banks into action, the threat of action from regulators for firms whose cyber resiliency isn’t up to scratch probably will be. In September 2016, the UK Financial Conduct Authority revealed that the number of reported incidents of cybercrimes at firms under its jurisdiction had jumped to 75 for the year to date, from just five in 2014. That followed comments from the regulator at June’s Cyber Risk Europe conference that it would be challenging firms more regularly on cyber security going forward.

Under the European Union’s forthcoming General Data Protection Regulation (GDPR), which comes into force in May 2018, financial organizations face eye-watering fines of up to 4% of their global annual turnover for data privacy breaches. If GDPR were in force now, Tesco Bank’s fine for its data breach could have been as high as £1.9 billion, according to some estimates.

The source of potential cyber threats is hard to pin down, say banks, making building appropriate controls a serious challenge, and attacks nearly impossible to avoid.

According to the head of operational risk at one large European bank: “There are three categories of people that carry out cyber-attacks. There’s the guy that’s sitting alone in his bedroom doing it; there are organized groups doing it; and there are governments doing it.”

Cyber criminals do not discriminate between organizations based on their size and location, but the financial sector enjoys the dubious privilege of being one of the most targeted industries, alongside healthcare. Organizations would do well to spend more time defining their risk appetite instead of trying to ensure their systems are impenetrable, practitioners counsel.

#2: Regulation

To many op risk practitioners, the landmark regulations of the post-crisis era – the overhaul of the capital adequacy framework, widespread market structure reforms, far-reaching changes to accounting practices – represent a laundry list of potential operational risks for their institution.

Fines and penalties for noncompliance, the restructuring of desks and operations and the shuttering of businesses all present complex and hard-to-model threats. In the US, the Dodd-Frank Act alone – irrespective of President Trump’s promise to expunge it – has produced thousands of pages of rulemakings from prudential and markets regulators, covering everything from stress testing to clearing, trade execution to hedge fund reporting.

Closer to home for op risk professionals, the Basel Committee on Banking Supervision’s proposal to replace the advanced measurement approach (AMA) for modelling operational risk is already presenting all manner of issues.

By requiring firms to hold the same amounts of operational risk capital against all forms of business, regulators are encouraging firms to enter businesses that exclusively expose themselves to operational risks to maximize their return on equity, argue op risk practitioners.

“Operational risk seems to be the one that’s causing regulators the most concern; they struggle with it,” says the head of operational risk at an international bank in London. “There is a danger they will push something through in order to get [the Basel IV agenda] out at the same time. As the SMA proposal stands now, it will have a huge impact on operational risk capital, and group heads are committed to not having an increase in capital overall – so it will be interesting to see where that all comes out.”

#3: Outsourcing

Outsourcing makes it into our top three operational risks this year, spurred by a clear message from regulators that firms must improve oversight of third-party risk management, or else face punitive sanctions.

Aviva provided one of the highest-profile examples of last year. In October 2016, the firm was hit with an £8.2 million fine from the UK Financial Conduct Authority for failure to ensure adequate controls and oversight of outsourced client money handling arrangements.

The size of the penalty, combined with the undesirable publicity the case attracted, caused alarm for many op risk practitioners, and emphasized that regulators are actively hunting for breaches.

Under the EU’s forthcoming GDPR legislation (see Cyber segment), financial organizations must review their existing outsourcing arrangements to ensure they don’t face eye-watering fines – even if the failures are those of third-party service providers.

GDPR compliance will represent a significant burden, managers say. Banks will need to know exactly where their customer data is held at all times, and be able to present this data on demand in a portable format. That will require a thorough understanding of a complex web of relationships with various outsourcers, practitioners say.

#4: Geopolitical risk

The election of Donald Trump as US president, along with the UK’s shock vote to withdraw from the European Union, have combined to push geopolitical risk into the top 10 this year, rocketing all the way to number four.

The prospect of a so-called hard Brexit, including a departure from the European single market, as outlined in UK Prime Minister Theresa May’s January 17 speech, will have serious implications for the financial services industry, with London home to the European headquarters of most of the world’s top banking, insurance and asset management companies.

Banks are expected to start moving staff out of London in 2017. Those plans are unlikely to be reversed even if the UK secures favorableaccess to the European single market, say op risk practitioners. The consequences could be as painful as they are idiosyncratic; witness fears of a politically motivated attempt by European legislators to forcibly relocate euro clearing to the Eurozone, the cost of which could be as high as $100 billion in additional margin requirements for banks and their clients.

Banks with relatively small operations inside the Eurozone, such as the Japanese banks, are likely to bear the heaviest fallout from Brexit. But even banks with large Eurozone operations will be exposed to increased local market regulator risks, such as not being allowed to ramp up derivatives trading within a given jurisdiction.

In addition to its direct costs, Brexit – because it will occur against a backdrop of significant economic, regulatory and business change – could indirectly exacerbate other operational risks such as outsourcing (#3), organizational and business change (#6), regulation (#2), and conduct risk (#5). For example, the need rapidly to form new supplier relationships opens banks up to heightened outsourcing risk, say practitioners.

In the US meanwhile, the Trump administration’s likely rollback of financial legislation could create its own risks, risk managers warn. There is also widespread speculation that supranational regulatory commitments, in particular the package of prudential reforms collectively dubbed Basel IV, could now be revisited, creating further uncertainty for banks.

Regulatory capital requirements for political risk differ across jurisdictions: European banks that rely on Basel III’s advanced approaches for calculating risk-based capital typically set aside capital against political risk.

#5: Conduct risk

At first glance, 2016 was fairly unremarkable from the point of view of conduct risk, with a lack of newly uncovered high-profile instances of wrongdoing perhaps serving to push it further down practitioners’ list of worries, from #2 last year to #5 this.

But an absence of recent incidents doesn’t indicate that the risk to an organization from misconduct has decreased, say managers; quite the contrary. In the UK, the Senior Managers Regime (SMR), which came into force in March, seeks to codify a culture of personal responsibility for risk managers, with individuals who fulfil certain designated control functions now personally liable for various forms of misconduct.

Under the US Dodd-Frank Act, individuals whose input helps the Securities and Exchange Commission (SEC) take successful enforcement action against wrongdoers are entitled to a reward of up to 30% of the fine imposed on an organization. Since the legislation came into force, the SEC has levied more than $500 million in misconduct-related fines.

#6: Organizational change

Organizational change comes in many forms. But whether prompted by regulation, technological change or a corporate restructuring, the result is always upheaval, and enforced changes to op risk frameworks to cope with new and often idiosyncratic sources of risk.

The convoluted changes to desk structures and internal risk transfer processes banks will be forced to enact under the Basel Committee on Banking Supervision’s revised market risk capital framework are one of the highest-profile instances of forced organizational change impacting bank’s front-office businesses at the moment.

The fear of not being able to adapt a business model to technological change haunts many companies. From Kodak and Blockbuster to Blackberry, many once-prosperous firms have been sidelined by more tech-savvy and customer-focused competitors.

The past year in finance has seen technological innovations that present big opportunities as well as threats to many of the existing financial organizations. A 2016 report from Cap Gemini showed that, although 96% of banking executives agree that the industry is moving towards a digital banking ecosystem, only 13% have the systems in place to keep up with it.

#7: IT failure

Unlike cyber crime, IT failure involves fewer unknown variables. For that reason, it is perhaps perceived as more manageable by op risk practitioners; but its impact can be just as debilitating.

Cloud computing was flagged by many respondents to this year’s survey as one of the most important technological trends in 2017. But as well as its advantages in terms of flexibility and cost-effectiveness, it is prone to outages, with undesirable consequences potentially including financial losses and damaged relationships with clients.

Amazon Web Services – now used by many banks for additional processing capacity, as well as for data storage – experienced a disruption in services in Sydney in June 2016, causing multiple websites and online services reliant on the platform to shut down, affecting everything from banking services to pizza deliveries.

At the beginning of 2016, HSBC suffered a two-day service outage during which millions of retail customers were unable to access their accounts. That wasn’t the only IT failure to hit the bank in the last couple of years: in 2015 its electronic payment system experienced disruptions affecting thousands of clients just before a UK bank holiday weekend.

#8: AML, CTF and sanctions compliance

Tighter anti-money laundering (AML) controls and efforts to prevent transactions with internationally sanctioned entities have been a priority of regulators around the world in recent years, nowhere more so than in the US.

In guidance issued in October 2016, the US Office of the Comptroller of the Currency said banks should have processes for periodic risk re-evaluations and account decisions which address a bank’s risk appetite for the level of Bank Secrecy Act (BSA) and AML compliance risk it is willing to accept and can effectively manage. Banks should provide for an assessment of the implications of account closure on managing overall exposure to BSA/AML compliance risk that is consistent with the bank’s articulated risk appetite.

For lenders that provide banking services across multiple jurisdictions, that’s easier said than done, say practitioners.

“Increasing global cross-border banking activities, real-time speed of financial transactions, and sophistication of technology provide alternative means and opportunity for various manifestations of financial crimes, including AML,” says the head of op risk at a US financial institution.

#9: Fraud

The threat from internal fraud can be as pernicious as that from external actors, as Wells Fargo found out the hard way last year. Though the $187.5 million in penalties and restitution the bank incurred for fabricating customer approval to open checking and credit card accounts in order to meet sales targets might barely dent its bottom line, the blow to its reputation was far more serious.

The US Office of the Comptroller of the Currency (OCC) has identified internal control weaknesses, such as the lack of an effective audit program, as common deficiencies in many banks. Even though reliance on strong internal controls has never been more critical, its supervisory examinations indicate weakness in audit coverage and other internal controls in some banks.

“Internal and external fraud, which the OCC views as increasing, generally results in operational losses,” says Beth Dugan, deputy comptroller for operational risk at the OCC in Washington, DC. “A strong internal control system can help a bank avoid fraud and unintentional errors. Industry trends show that internal control weakness can lead to increased levels of fraud related losses and longer times for fraud identification.”

Pressure to achieve sales targets or investor expectations can cause otherwise conscientious employees to act in a way that is ethically or morally wrong, say practitioners. The chief executive of peer-to-peer lending company Lending Club, for example, was forced out in May amid allegations the company had altered the dates on some of its loans to satisfy criteria that allowed it to securitize them.

The threat from external actors – some sophisticated, some dull but malignant – is a growing threat too, say risk managers.

“We continue to see bad actors developing new schemes and fraudulent techniques,” says the head of operational risk at a US bank. “We’ve seen widespread fraud targeting credit card accounts; now we’re seeing the same thing happen in payments. It’s a matter of trying to remain a step ahead of bad actors. When the fraud event happens at another entity, like a store or a hotel chain, it’s a fraud event at our bank, because now the criminals have access to credit card data and account numbers.”

#10: Physical attack

Physical attack, often in the form of terrorism, has fallen one place in our annual survey, from #9 to #10, possibly reflecting a modest reduction in the global incidence of terrorist activity since 2015, according to research. Despite this, the risk to financial services companies of terrorist attack is an ongoing concern for op risk professionals, making protection of employees, customers and buildings a high priority.

As the incidents in the European cities of Nice and Berlin last year demonstrate, the threat from attacks carried out by a few individuals and requiring little planning can be as devastating as well-financed, state-sponsored acts of terrorism.

Lenders are taking action: US Bank plans to introduce a new mobile app to aid crisis communication, and more frequent compulsory staff training programmes. As well as terrorism, the effort will help it prepare for other violent disruptions – for instance, the possibility of sabotage by disgruntled employees, or widespread civil disobedience.

U.S. banks face variety of risks, financial performance strong: regulator

WASHINGTON (Reuters) – Many of the major risks U.S. banks face lay beyond their control, according to a review released by banking’s top federal regulator on Friday that found the sector’s financial performance remains strong.

The U.S. Office of the Comptroller of the Currency found that risks to banks lurk in competition from nonfinancial lenders and in the rapid evolution of money laundering and terrorism financing methods.

The OCC pointed to heavy reliance on third-party servicers and vendors as a place where banks could be vulnerable to a variety of threats, as they rely on outside firms to carry out critical activities or provide cyber security.

“Many banks have increasingly leveraged and become dependent on third-party service providers to support key operations within their banks. Over time, consolidation among service providers has resulted in large numbers of banks (becoming) reliant on a small number of service providers,” according to the regulator.

It added that that can create “concentrated points of failure for certain lines of business or operational functions for a large segment of the banking industry.”

Banks also could run the risk of falling afoul of multiple new or amended regulations in lending and real estate, because their vendors are not aware of regulatory changes, the OCC said. Banks may rely on outside firms or software to process loan applications, underwrite or close loans, which could open them to challenges in complying with the new regulations.

The OCC said loan growth in commercial real estate and looser underwriting standards are also top areas of risk.

The regulator is keeping its eye on a number of areas that could develop into systemic risks or may affect certain banks, as well: England’s departure from the European Union known as Brexit, declines in commodity prices, auto loans and interest-rate changes.

The agency found that U.S. banks’ revenue increased 3.6 percent in 2016 from 2015, mostly due to their net interest income – the difference between interest earned on assets and paid on liabilities – which had the largest gain since 2010. Meanwhile, residential mortgages began growing again last year, helping boost bigger banks.

Reporting by Lisa Lambert; Editing by Jonathan Oatis and Tom Brown

HYPERLINK “https://www.reuters.com/article/us-usa-banks-risks…” https://www.reuters.com/article/us-usa-banks-risks…

Credit Risk Determinants of Bank Failure: Evidence from US Bank Failure

by Abdus Samad

1. Introduction

There were 25 bank failures in 2008 (Samad & Lowell, 2012). 140 banks went burst in 2009 and 157 banks were wiped out in 2010 (Time, January 2012). Such a large scale bank failure has not happened in the financial history of the United States since the Great Depression. It has resulted in global financial crisis in Europe and around world.

There are several theories that have led to bank failures. One of them is the insolvency theory. According to the insolvency theory, a bank fails when the value of bank assets fall and becomes less than its liabilities. In most cases the value of assets fall due to credit risk resulting from nonperformance of loans. Credit risks are measured by credit risk ratios.

Since a majority of a bank’s assets are in the form of loans, credit risk is a major risk for a bank. Credit risk is mainly a function of the quality of a bank’s loans. It is an internal factor, amenable to bank management. Credit risk is measured by several ratios. They include (i) net charge off to loans, (ii) credit loss provision to net charge off (iii) loss allowance to loans (iv) loan loss allowance to non-current loans, and (v) non-current loans to loans.According to Pantalone and Marjorie (1987), bank internal factors continue to be the significant factor contributing to at least one-third of the bank failures. However, which of a bank’s internal factors in credit risk measures are significant in predicting bank failures that have not been explored quantitatively and deserves examination and exploration.

HYPERLINK “http://ccsenet.org/journal/index.php/ibr/article/v…