AMA Risk Model


Save the AMA whale

ΝΒ: This is not a post about real whales and the ongoing struggle to keep these magnificent mammals alive for future generations to marvel at. Hopefully the individuals who have risked their lives to bring the near extinction of many whale species to worldwide attention will not take offense with us usurping imagery linked to this valiant campaign. We simply want to draw attention to another, rather more armchair type of campaign, namely: saving the AMA risk model. A bit more esoteric as a cause, but ultimately a good cause nevertheless

The AMA Risk Model

What is the AMA risk model, why might we confuse it for a Whale, and finally, why should we try to save it rather than savor some choice pieces of sushi?

The Advanced Measurement Approach (AMA) is a method for quantifying and capitalizing operational risk for banks. That is, a systematic prescription for collecting information about the bank, so that it can self-estimate its likely range of operational losses and help set aside a suitable capital buffer. Such losses include anything from theft, to IT system failures, to botched execution of trades or contracts, rogue traders and staff misconduct.

There are various options for estimating the range of such operational losses. For more than a decade before the financial crisis, one of the “grand bargains” between regulators and banks was that banks that invest in more accurate self-assessment of risks will in exchange obtain the right to hold proportionally less capital, which in turn boosts return on equity and associated remuneration levels. A somewhat simplistic analogy of this grand bargain:

If your car is equipped with the latest generation, expensive, digital speedometer, the speed limit is set at 100 km/hr – as measured by your speedometer!

But if you opt for a cheap, old fashioned, wire and needle type, analog speedometer, you are restricted to a speed of 80 km/hr – again as per your own speedometer.

…the idea being that poor speedometers can be really wrong, hence need a larger safety buffer to offer the same ultimate amount of driving safety.

Unfortunately there were too many high speed car crashes recently, which showed, without the need for much forensic analysis, that the advanced speedometers could not possibly be showing the right speed.

So the grand speedometer bargain is experiencing a difficult patch: As announced recently, international regulators are now actively considering the possibility of removing the option for banks to calculate their capital using the above described sophisticated method.

Is the AMA really a Whale?

The regulatory verdict is summarized in the following paragraph:

The Committee’s review of banks’ operational risk modelling practices and capital outcomes revealed that the Advanced Measurement Approach’s (AMA) inherent complexity, and the lack of comparability arising from a wide range of internal modelling practices, have exacerbated variability in risk-weighted asset calculations, and eroded confidence in risk-weighted capital ratios. The Committee is therefore proposing to remove the AMA from the regulatory framework.

But how complex is the AMA really? We will actually try to explain the essence of the model in only two sentences:

  • You assume that risk events (losses) happen with the frequency they happened before
  • You assume that the magnitude of the loss, while random, is adequately captured by the pattern exhibited by previously experienced events.

That’s it. No further assumptions, no elaborate option-theoretical constructs, no perfect markets zealotry. This is instead a bread and butter actuarial approach. If one can accuse the AMA of something, it is that it is excessively simple, to the point of being naive about the causes of operational risk events.

A more poignant remark would actually be that because of the simplistic and “agnostic” attitude of the AMA model towards the system attributes that cause operational risk events, the AMA framework misses the chance to try to integrate other sources of company data (key risk indicators, other internal company metrics) into a more informed view of what is really going on, what is the true nature of the processes that generate operational losses.

Recent oprisk events of true Whale proportions are of course including the huge misconduct fines, to which the AMA framework was rather blind. Such gigantic whales had not been spotted ever before, hence they did not exist in the AMA set of possible outcomes.

It seems somewhat odd, though, to contemplate any approach for “capitalizing” this type of conduct risk, whether it be a simple rule of thumb or a complex model. One would hope that there is simply zero risk appetite for this behavior and thus no actual need to capitalize. Not to be nitpicking semantics, but

Capitalization of conduct risk implies it is OK to misbehave every so often, provided it is not too blatant to put the firm solvency at risk

Or to go back to the automotive analogy, proper risk management dictates that if you are drunk you should not be driving, no matter what your speedometer accuracy.

Is the AMA saved if we move conduct risk outside its scope?

Alas no. Because it is actually such a simple model, there can be various other event types that are hard to capture convincingly, even if we would hope they are less likely to lead to era defining losses.

How then to save the AMA Whale?

The answer lies within the framework. It is already modular, as it is composed of several sub-models per event type. Regulators (and others) have access to all the losses of all the banks worldwide. It is a relatively simple exercise to see which of the event types can be salvaged as being adequately, or at least within a margin of safety, modelable and which are not.

Use a rigorous validation regime to shrink the ungainly whale into a sleek dolphin

Retaining a subset of AMA capability will, in the fullness of time, allow best practice risk management teams (they do exist, against all odds), figure out the next steps of integrating organizational information to make the models actually know a bit more about the institution, like, for example, how big or complex it is and how effective its risk mitigation infrastructure. To make the point of the need for significant new development clear suffice it to say that even a key metric such as firm revenue is not a typical risk factor in the advanced approach, while it is in the simpler option proposed!

Why try at all to save the Whale?

A wholesale return to simplistic capital regimes would be a blow to the confidence (of any dispassionate observer) that banks, as currently structured, and their regulators, know how to operate a safe banking system. It is not the amount of capital that is the relevant signal here (its calibration, aka “confidence level” is in any case quite arbitrary), but whether its manner of determination indicates there is actual insight into what the system is.

There will be groans of course. One of the other unfortunate revelations of recent times is that IT systems within banks, despite their enormous cost, can be “lagging”, which, coupled with the amount of paperwork required for negotiating and updating binding rules and laws, makes the task of flexible releases and updates of the buggy regulatory framework far more burdensome and costly that it should really be.