Operational risk quantification and modelling within Romanian insurance industry

Open access


This paper aims at covering and describing the shortcomings of various models used to quantify and model the operational risk within insurance industry with a particular focus on Romanian specific regulation: Norm 6/2015 concerning the operational risk issued by IT systems. While most of the local insurers are focusing on implementing the standard model to compute the Operational Risk solvency capital required, the local regulator has issued a local norm that requires to identify and assess the IT based operational risks from an ISO 27001 perspective. The challenges raised by the correlations assumed in the Standard model are substantially increased by this new regulation that requires only the identification and quantification of the IT operational risks. The solvency capital requirement stipulated by the implementation of Solvency II doesn’t recommend a model or formula on how to integrate the newly identified risks in the Operational Risk capital requirements. In this context we are going to assess the academic and practitioner’s understanding in what concerns: The Frequency-Severity approach, Bayesian estimation techniques, Scenario Analysis and Risk Accounting based on risk units, and how they could support the modelling of operational risk that are IT based. Developing an internal model only for the operational risk capital requirement proved to be, so far, costly and not necessarily beneficial for the local insurers. As the IT component will play a key role in the future of the insurance industry, the result of this analysis will provide a specific approach in operational risk modelling that can be implemented in the context of Solvency II, in a particular situation when (internal or external) operational risk databases are scarce or not available.

Acharyya, M. (2012), Why the current practice of operational risk management in insurance is fundamentally flawed - evidence from the field. ERM Symposium, April 18-20, 2012.

Badea D., Tudor R., (2016), Operational risk assessment with Bayesian beliefs networks –successful application in other industries. New approaches that could fit Solvency 2, Retrieved February 09, 2017, from http://www.ectap.ro/supliment/international-finance-and-banking-conference-fi-ba-2016-xivth-edition/26/.

Branford, K., Naikar, N., Hopkins, A. (2009). Guidelines for AcciMap analysis. In: Hopkins, A. (Ed.), Learning from High Reliability Organisations. CCH Australia, Sydney, Australia, pp. 193–212.

Cifuentes, A., & Charlin, V. (2016), Operational risk and the Solvency II capital aggregation formula: implications of the hidden correlation assumptions. The Journal of Operational Risk. doi:10.21314/jop.2016.181.

EBA, EIOPA, and ESMA, JC 2015 080 (4 December 2015) Joint Committee Discussion, Discussion paper: Paper on automation in financial advice, Retrieved February 09, 2017, https://www.eba.europa.eu/documents/10180/1299866/JC+2015+080+Discussion+Paper+on+automation+in+financial+advice.pdf.

EIOPA-TFQIS5-11/001. (14 March 2011), EIOPA Report on the fifth Quantitative Impact Study (QIS5) for Solvency II, pg. 71.

EIOPA-14-322, (25 July 2014), The underlying assumptions in the standard formula for the Solvency Capital Requirement calculation.

Frachot, A., Moudoulaud, O., and Roncalli, T. (2003, May). Loss Distribution Approach in Practice. Groupe de Recherche Opérationnelle, Crédit Lyonnais.

Grody, A.D., Hughes, P.J., & Toms, S. (2011) Risk Accounting - A Next Generation Risk Management System for Financial Institutions. SSRN Electronic Journal. doi:10.2139/ssrn.1395912.

Guillen, M., Gustafsson, J., & Nielsen, J.P. (2008). Combining underreported internal and external data for operational risk measurement. The Journal of Operational Risk, 3(4), 3-24. doi:10.21314/jop.2008.050.

KPMG. (2014). Research Paper on Operational Risk, Document 214118, © 2014 Canadian Institute of Actuaries, Operational Risk Subcommittee of the Research Committee Retrieved February 9, 2017 http://www.cia-ica.ca/docs/default-source/2014/214118e.pdf.

Lambrigger, D., Shevchenko, P., & Wüthrich, M. (2007). The quantification of operational risk using internal data, relevant external data and expert opinion. The Journal of Operational Risk, 2(3), 3-27. doi:10.21314/jop.2007.030.

Neil, M., Marquez D., and Fenton N. (2008). Using Bayesian networks to model the operational risk to information technology infrastructure in financial institutions. Retrieved February 09, 2017, from https://ideas.repec.org/a/ris/jofitr/0929.html

NORMA NR.6/2015 privind gestionarea riscurilor operat ionale generate de sistemele informatice utilizate de entităţile reglementate, autorizate/avizate şi/sau supravegheate de ASF, Monitorul Oficial, Partea I, nr.227 /03.04.2015.

NORMA nr. 40/2016 pentru modificarea şi completarea Normei ASF nr. 6/2015 privind gestionarea riscurilor operaţionale generate de sistemele informatice utilizate de entităţile reglementate, autorizate/avizate şi/sau supravegheate de ASF.

ORIC & The Institute of Risk Management, (2015), Internal Model Industry Forum: Operational risk modelling: common practices and future development Retrieved February 09, 2017, https://www.theirm.org/media/1454276/IRM_Operational-Risks_Booklet_hi-res_web-2-.pdf.

Pinto, C.A., Magpili, L.M., & Jaradat, R.M. (2015). Operational risk management. New York: Momentum Press Engineering, pp. 11-12.

Powell, S.G., Baker, K.R., & Lawson, B. (2009). Errors in Operational Spreadsheets. Journal of Organizational and End User Computing, 21(3), 24-36. doi:10.4018/joeuc.2009070102.

Ramamurthy S., Arora H., Ghosh A. (2005), Operational risk and probabilistic networks–An application to corporate actions processing, Infosys White Paper, Retrieved February 09, 2017, from http://hugin.com/wp-content/uploads/2016/05/Infosys-Operational-Risk-and-BNs.pdf.

Risk Control Self Assessment | Institute of Operational Risk. (2010). Retrieved February 09, 2017, from https://www.ior-institute.org/sound-practice-guidance/risk-control-self-assessment.

Selvaggi M. (2009), Analyzing operational losses in insurance, Evidence on the need for scaling from the ORIC database, ABI RESEARCH PAPER 16, Retrieved February 09, 2017, http://www.betterregulation.com/external/ABI%20Research%20Paper%20No.%2016.pdf.

Taleb, N.M. (2009). Errors, robustness, and the fourth quadrant. International Journal of Forecasting, 25(4), 744-59.

Towers P. & OpRisk Advisory. (2010) A New Approach for Managing Operational Risk Addressing the Issues Underlying the 2008 Global Financial Crisis, Sponsored by: Joint Risk Management Section Society of Actuaries Canadian Institute of Actuaries Casualty Actuarial Society ©Society of Actuaries, Retrieved February 09, 2017, from https://www.soa.org/Files/Research/Projects/research-new-approach.pdf.

Tripp, M.H., Bradley, H.L., Devitt, R., Orros, G.C., Overton, G.L., Pryor, L.M., & Shaw, R.A. (2004). Quantifying Operational Risk in General Insurance Companies. Developed by a Giro Working Party. British Actuarial Journal, 10(05), 919-1012. doi:10.1017/s1357321700002919.

Journal Information


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 303 198 12
PDF Downloads 174 145 4