Fast track to advanced operational risk management

Bank of India invests in operational management capabilities to improve loss data quality and reporting

Fast-growing banks want to spend capital on introducing new products and services, not hiring more staff to manage operational risk with spreadsheets.

With the help of SAS® Enterprise GRC modules, Bank of India has broken free of spreadsheets and is efficiently improving the bank’s loss data quality and operational risk reporting processes.

Risk control self-assessment can be conducted with ease, and results are available online through dashboards and graphical representation.

Shyamal Karmakar
Assistant General Manager of the Risk Management Department

“Our risk management department is now able to collect loss data directly from our 4,892 branches. This lays the foundation for a standardized approach and prepares us to move to an advanced measurement approach (AMA) eventually,” explains Shyamal Karmakar, Assistant General Manager of the Risk Management Department.

All of Bank of India’s branches have access to SAS Enterprise GRC, with around 5,000 users who report loss data, participate in risk control self-assessment (RCSA) exercises on an as-needed basis, and provide key risk indicator (KRI) data. With the help of SAS Enterprise GRC modules, the branches are able to report the loss data directly to the risk management department through a network of risk officers at the regional level. This has improved the loss data quality and reporting process.

Taking steps toward an advanced operational risk management approach

Prior to implementing the operational risk framework using SAS Enterprise GRC, the bank was reporting operational risk capital under the basic indicator approach with reports created at quarter end. Following the implementation, the bank can generate about 50 types of operational risk monitoring reports. The bank has been able to implement the entire operational risk framework, from collection of input data to statistical capabilities for value at risk (VaR) computation, using a variety of distribution techniques.

The RCSA exercises are much easier to run now, and the results are online through dashboards and graphical representation. In addition, KRI monitoring is automated, and the SAS Enterprise GRC workflow enables the bank to capture all the user activity within the system and provides a transparent mechanism to the internal and external auditors for analyzing the efficacy of its operational risk identification process and framework. This will help when the bank moves to the AMA approach.

“SAS provides a robust and complete solution for risk management,” Karmakar says. “We now have excellent operational risk management capabilities for both regulatory and internal requirements.”

Challenge

Enterprise-level operational risk management.

Solution

SAS® Enterprise GRC

Benefits

The bank has implemented the entire operational risk framework, from collection of input data to statistical capabilities for VaR computation, using a variety of distribution techniques.

  • Bank branches can report loss data directly to the Risk Management Department.
  • RCSA exercises are easier to run.
  • Results are available online via dashboards and graphical representation.
  • KRI monitoring is automated.
  • The bank captures all user activity within the system and provides a transparent mechanism to auditors for analysis.
The results illustrated in this article are specific to the particular situations, business models, data input, and computing environments described herein. Each SAS customer’s experience is unique based on business and technical variables and all statements must be considered non-typical. Actual savings, results, and performance characteristics will vary depending on individual customer configurations and conditions. SAS does not guarantee or represent that every customer will achieve similar results. The only warranties for SAS products and services are those that are set forth in the express warranty statements in the written agreement for such products and services. Nothing herein should be construed as constituting an additional warranty. Customers have shared their successes with SAS as part of an agreed-upon contractual exchange or project success summarization following a successful implementation of SAS software. Brand and product names are trademarks of their respective companies.