This paper aims at covering and describing the shortcomings of various models used to quantify and model the operational risk within insurance industry with a particular focus on Romanian specific regulation: Norm 6/2015 concerning the operational risk issued by IT systems. While most of the local insurers are focusing on implementing the standard model to compute the Operational Risk solvency capital required, the local regulator has issued a local norm that requires to identify and assess the IT based operational risks from an ISO 27001 perspective. The challenges raised by the correlations assumed in the Standard model are substantially increased by this new regulation that requires only the identification and quantification of the IT operational risks. The solvency capital requirement stipulated by the implementation of Solvency II doesn’t recommend a model or formula on how to integrate the newly identified risks in the Operational Risk capital requirements. In this context we are going to assess the academic and practitioner’s understanding in what concerns: The Frequency-Severity approach, Bayesian estimation techniques, Scenario Analysis and Risk Accounting based on risk units, and how they could support the modelling of operational risk that are IT based. Developing an internal model only for the operational risk capital requirement proved to be, so far, costly and not necessarily beneficial for the local insurers. As the IT component will play a key role in the future of the insurance industry, the result of this analysis will provide a specific approach in operational risk modelling that can be implemented in the context of Solvency II, in a particular situation when (internal or external) operational risk databases are scarce or not available.
Branford, K., Naikar, N., Hopkins, A. (2009). Guidelines for AcciMap analysis. In: Hopkins, A. (Ed.), Learning from High Reliability Organisations. CCH Australia, Sydney, Australia, pp. 193–212.
Cifuentes, A., & Charlin, V. (2016), Operational risk and the Solvency II capital aggregation formula: implications of the hidden correlation assumptions. The Journal of Operational Risk. doi:10.21314/jop.2016.181.
EIOPA-TFQIS5-11/001. (14 March 2011), EIOPA Report on the fifth Quantitative Impact Study (QIS5) for Solvency II, pg. 71.
EIOPA-14-322, (25 July 2014), The underlying assumptions in the standard formula for the Solvency Capital Requirement calculation.
Frachot, A., Moudoulaud, O., and Roncalli, T. (2003, May). Loss Distribution Approach in Practice. Groupe de Recherche Opérationnelle, Crédit Lyonnais.
Grody, A.D., Hughes, P.J., & Toms, S. (2011) Risk Accounting - A Next Generation Risk Management System for Financial Institutions. SSRN Electronic Journal. doi:10.2139/ssrn.1395912.
Guillen, M., Gustafsson, J., & Nielsen, J.P. (2008). Combining underreported internal and external data for operational risk measurement. The Journal of Operational Risk, 3(4), 3-24. doi:10.21314/jop.2008.050.
Lambrigger, D., Shevchenko, P., & Wüthrich, M. (2007). The quantification of operational risk using internal data, relevant external data and expert opinion. The Journal of Operational Risk, 2(3), 3-27. doi:10.21314/jop.2007.030.
Neil, M., Marquez D., and Fenton N. (2008). Using Bayesian networks to model the operational risk to information technology infrastructure in financial institutions. Retrieved February 09, 2017, from https://ideas.repec.org/a/ris/jofitr/0929.html
NORMA NR.6/2015 privind gestionarea riscurilor operat ionale generate de sistemele informatice utilizate de entităţile reglementate, autorizate/avizate şi/sau supravegheate de ASF, Monitorul Oficial, Partea I, nr.227 /03.04.2015.
NORMA nr. 40/2016 pentru modificarea şi completarea Normei ASF nr. 6/2015 privind gestionarea riscurilor operaţionale generate de sistemele informatice utilizate de entităţile reglementate, autorizate/avizate şi/sau supravegheate de ASF.
Tripp, M.H., Bradley, H.L., Devitt, R., Orros, G.C., Overton, G.L., Pryor, L.M., & Shaw, R.A. (2004). Quantifying Operational Risk in General Insurance Companies. Developed by a Giro Working Party. British Actuarial Journal, 10(05), 919-1012. doi:10.1017/s1357321700002919.