Cover Page

“Patrick Naim and Laurent Condamin articulate the most comprehensive quantitative and analytical framework that I have encountered for the identification, assessment and management of Operational Risk. I have employed it for five years and found it both usable and effective. I recommend this book as essential reading for senior risk managers.”

–C.S. Venkatakrishnan, CRO, Barclays

“I had the pleasure to work with Laurent and Patrick to implement the XOI approach across a large multinational insurer. The key benefits of the method are to provide an approach to understand, manage and quantify risks and, at the same time, to provide a robust framework for capital modelling. Thanks to this method, we have been able to demonstrate the business benefits of operational risk management. XOI is also well designed to support the Operational Resilience agenda in financial services, which is the new frontier for Op Risk Management.”

–Michael Sicsic, Head of Supervision, Financial Conduct Authority; Ex-Global Operational Risk Director, Aviva Plc

“The approach described in this book was a ‘Eureka!’ moment in my journey on operational risk. Coming from a market risk background, I had the impression that beyond the definition of operational risk, it was difficult to find a book that described a coherent framework for measuring and managing operational risk. Operational Risk Modeling in Financial Services is now filling this gap.”

–Olivier Vigneron, CRO EMEA, JPMorgan Chase & Co

“The XOI methodology provides a structured approach for the modelling of operational risk scenarios. The XOI methodology is robust, forward looking and easy to understand. This book will help you understand the XOI methodology by giving you practical guidance to show how risk managers, risk modellers and scenario owners can work together to model a range of operational risk scenarios using a consistent approach.”

–Michael Furnish, Head of Model Governance and Operational Risk, Aviva Plc

“The XOI approach is a simple framework that allows to measure operational risk by identifying and quantifying the main loss drivers per risk. This facilitates the business and management engagement as the various drivers are defined in business terms and not in risk management jargon. Further, the XOI approach can be used for risk appetite setting and monitoring. I strongly believe that the XOI approach has the potential to become an industry standard for banks and regulators.”

–Emile Dunand, ORM Scenarios & Stress Testing, Credit Suisse

Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Australia and Asia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers' professional and personal knowledge and understanding.

The Wiley Finance series contains books written specifically for finance and investment professionals as well as sophisticated individual investors and their financial advisors. Book topics range from portfolio management to e-commerce, risk management, financial engineering, valuation, and financial instrument analysis, as well as much more.

For a list of available titles, visit our website at www.WileyFinance.com.

Operational Risk Modelling in Financial Services

The Exposure, Occurrence, Impact Method

 

PATRICK NAIM

LAURENT CONDAMIN

 

 

 

 

 

 

 

 

 

Wiley Logo

This edition first published 2019.
© 2019 John Wiley & Sons Ltd.

Registered office.
John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom

For details of our global editorial offices, for customer services and for information about how to apply for permission to reuse the copyright material in this book please see our website at www.wiley.com.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior permission of the publisher.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. It is sold on the understanding that the publisher is not engaged in rendering professional services and neither the publisher nor the author shall be liable for damages arising herefrom. If professional advice or other expert assistance is required, the services of a competent professional should be sought.

Library of Congress Cataloging-in-Publication Data

Names: Naim, Patrick, author. | Condamin, Laurent, author.

Title: Operational risk modeling in financial services : the exposure, occurrence, impact method / Patrick Naim, Laurent Condamin.

Description: Chichester, West Sussex, United Kingdom : John Wiley & Sons, [2019] | Includes index. |

Identifiers: LCCN 2018058857 (print) | LCCN 2019001678 (ebook) | ISBN 9781119508540 (Adobe PDF) | ISBN 9781119508434 (ePub) | ISBN 9781119508502 (hardcover)

Subjects: LCSH: Financial services industry—Risk management. | Banks and banking—Risk management. | Financial risk management.

Classification: LCC HG173 (ebook) | LCC HG173 .N25 2019 (print) | DDC 332.1068/1—dc23

LC record available at https://lccn.loc.gov/2018058857

Cover Design: Wiley
Cover Images: © Verticalarray /Shutterstock, © vs148 /Shutterstock, ©monsitj / iStock.com, © vs148/Shutterstock

List of Figures

  1. Figure 2.1 Modelling Approach by Risk Type
  2. Figure 2.2 The Three Actors of the Risk Modelling Process
  3. Figure 3.1 A Risk Matrix
  4. Figure 3.2 Example of a Uniform Correlation Matrix
  5. Figure 4.1 Strategic versus Operational Risks
  6. Figure 4.2 Knightian Uncertainty
  7. Figure 4.3 RIMS Risk Taxonomy
  8. Figure 4.4 AIRMIC, ALARM, and IRM Risk Taxonomy
  9. Figure 5.1 Results from the 2008 LDCE
  10. Figure 5.2 Operational Risk Loss Data, 2011–2016
  11. Figure 5.3 Operational Losses by Year of Public Disclosure
  12. Figure 5.4 Legal Operational Risk Losses, 2002–2016
  13. Figure 5.5 Evolution of Operational Risk Losses, 2002–2016
  14. Figure 5.6 Share of Minimum Required Capital
  15. Figure 5.7 Operational Risk Share of MRC
  16. Figure 6.1 Risk Appetite Matches Risk Distribution
  17. Figure 6.2 Risk Appetite Does Not Match Risk Distribution
  18. Figure 6.3 Efficient Frontier
  19. Figure 6.4 Market Risk Efficient Frontier
  20. Figure 6.5 Credit Risk Efficient Frontier
  21. Figure 6.6 Operational Risk Efficient Frontier
  22. Figure 6.7 Risk Management Causal Graph
  23. Figure 6.8 Risk Management Using Risk Measurement
  24. Figure 7.1 Risk Assessment in the Evaluation Process (ISO)
  25. Figure 8.1 Example of a Simple Business Process View in Retail Banking
  26. Figure 8.2 Example of Business Line Decomposition for Retail Banking
  27. Figure 8.3 Example of Hybrid Decomposition for Asset Management
  28. Figure 8.4 Example of Decomposition for External Fraud Event Category
  29. Figure 8.5 Example of an Asset Management Related Risk in the RCSA
  30. Figure 8.6 Distinction between Risk Identification and Risk Assessment
  31. Figure 8.7 Example of Control Defined for a Cyber Risk
  32. Figure 8.8 Assessment of One Risk in Three Business Units
  33. Figure 8.9 Two Methods to Assess the Inherent and Residual Risks
  34. Figure 9.1 Principle of the Loss Distribution Approach
  35. Figure 9.2 Number of Operational Risk Loss Events for the Banking Industry
  36. Figure 9.3 Distribution of Operational Risk Losses for the Banking Industry
  37. Figure 9.4 Simulation of a Loss Distribution Approach
  38. Figure 9.5 Fitting a Distribution on Truncated Data with No Collection Threshold
  39. Figure 9.6 Fitting a Distribution on Truncated Data Using a Collection Threshold
  40. Figure 9.7 Dependencies between the State of the Economy and Operational Risk
  41. Figure 10.1 Extract of One of the IPCC Scenarios for Gas Emissions
  42. Figure 10.2 Severely Adverse Scenario for 11 of the Domestic Variables
  43. Figure 10.3 Scenario Analysis Process in Operational Risk
  44. Figure 10.4 Scenario Identification
  45. Figure 10.5 Matrix Representation of a Risk Register
  46. Figure 10.6 A Real Risk Register
  47. Figure 10.7 Scenario Identification Using a Severity Threshold
  48. Figure 11.1 The XOI Method and ISO31000
  49. Figure 12.1 A Simple Causal Graph for Risk
  50. Figure 12.2 An Influence Diagram Based on a Simple Risk Model
  51. Figure 12.3 Inference in Bayesian Networks
  52. Figure 12.4 Bayesian Learning in Bayesian Networks
  53. Figure 13.1 A Bayesian Network for Car Accident Risk
  54. Figure 13.2 Car Accident Risk: Introducing a New Dependency to Reduce Risk
  55. Figure 13.3 Marginal Distributions in the Car Accident Risk Bayesian Network
  56. Figure 13.4 Inference in a Bayesian Network (1)
  57. Figure 13.5 Inference in a Bayesian Network (2)
  58. Figure 14.1 Representation of a Scenario as a Bayesian Network
  59. Figure 15.1 Daily Evolution of a Concealed Trading Position
  60. Figure 15.2 Variations of a Concealed Trading Position
  61. Figure 15.3 XOI Model for Rogue Trading Scenario
  62. Figure 15.4 Simulation of the XOI Model for Rogue Trading
  63. Figure 16.1 Evolution of Deposits for JPMorgan Chase and Total FDIC
  64. Figure 16.2 JPMC Share Price in the Period Before and After the Data Compromise
  65. Figure 16.3 JPMC Share Price One Year Before and After the Data Compromise
  66. Figure 16.4 The Cyber Attack Wheel
  67. Figure 16.5 The XOI Graph for the Scenario Cyberattack on Critical Application
  68. Figure 16.6 Simulation of the XOI Model for Cyber Attack
  69. Figure 17.1 Average Conduct Loss as a Function of Bank Revenue (log2)
  70. Figure 17.2 Dispersion of Conduct Loss as a Function of Bank Revenue (log2)
  71. Figure 17.3 The Generic XOI Graph for Conduct Scenarios
  72. Figure 17.4 An XOI Graph for the Mis-Selling Conduct Scenario
  73. Figure 17.5 Simulation of the XOI Model for Mis-selling
  74. Figure 18.1 Factors Used for Scenario Dependency Assessment
  75. Figure 18.2 Scenario Dependencies Paths
  76. Figure 18.3 Serial Paths between Two Scenarios
  77. Figure 18.4 Divergent Paths between Two Scenarios
  78. Figure 19.1 Inferring Regulatory and Economic Capital from a Loss Distribution
  79. Figure 19.2 A Complete Operational Risk Model in MSTAR Tool
  80. Figure 19.3 Building the Potential Loss Distribution Using XOI Models
  81. Figure 19.4 Multiperiod XOI Model for a Cyber Attack Scenario
  82. Figure 19.5 Applying a macroeconomic scenario to an XOI model
  83. Figure 19.6 Selection Method for Stress Testing
  84. Figure 19.7 Enhanced Selection Method for Stress Testing
  85. Figure 19.8 Representation of Controls in a Bow Tie Model
  86. Figure 19.9 Mapping of a Bow-Tie Control Representation to an XOI Model
  87. Figure 19.10 Representation of Barriers in an XOI Model

List of Tables

  1. Table 3.1 Example of Risk Definition
  2. Table 3.2 Basel Loss Event Categories
  3. Table 3.3 Basel Lines of Business
  4. Table 3.4 Scales for Frequency, Severity, and Control Efficiency
  5. Table 3.5 Scales Are Based on Ordinal Numbers
  6. Table 3.6 Relative Severity Scale
  7. Table 3.7 Aggregation of Two Assessments
  8. Table 3.8 Assessment of Loss Data Information Value
  9. Table 3.9 Value of Information for Different Types of Loss Data
  10. Table 3.10 Working Groups for Scenario Assessment
  11. Table 3.11 Loss Equations for Sample Scenarios
  12. Table 3.12 Table of Losses Used for the Correlation Matrix
  13. Table 3.13 Validation of Model Components
  14. Table 4.1 Comparison of Risk Categorizations
  15. Table 4.2 Risk Owners of Risk Categories According to RIMS
  16. Table 4.3 World Economic Forum Taxonomy of Risks
  17. Table 4.4 Basel Event Types and Associated Resources
  18. Table 5.1 Loss Data Collection Exercise, 2008
  19. Table 5.2 ORX Public Losses Statistics (2017)
  20. Table 5.3 Contribution of Operational Risk to Minimum Required Capital
  21. Table 6.1 Micro and Macro Level Risk Assessment in Industry and Finance
  22. Table 7.1 Mapping of Positions and Market Variables in Market Risk
  23. Table 8.1 A Qualitative Scale
  24. Table 8.2 A Semi-quantitative Scale
  25. Table 8.3 Averaging Qualitative Assessments
  26. Table 8.4 A Semi-quantitative Scale for Controls
  27. Table 9.1 Comparison of Binomial and Poisson Distributions
  28. Table 9.2 ORX Reported Number of Events, 2011–2016
  29. Table 9.3 Number of Events for an Average Bank
  30. Table 10.1 The A1 Storyline Defined by the IPCC
  31. Table 10.2 Population and World GDP Evolution
  32. Table 10.3 Methane Emissions
  33. Table 10.4 Key NIC Trends
  34. Table 10.5 Key NIC Drivers
  35. Table 10.6 Storyline for the Severely Adverse Scenario
  36. Table 10.7 Application of the General Definition of a Scenario to Three Examples
  37. Table 10.8 Mapping the Risk Register and the Loss Data Register
  38. Table 10.9 RMBS Cases As of April 2018
  39. Table 10.10 Operating Income of Large US Banks
  40. Table 10.11 Dates Involved in a Multiyear Loss
  41. Table 10.12 Top 10 Operational Risks for 2018, According to risk.net
  42. Table 10.13 Review of Top 10 Operational Risks
  43. Table 10.14 First Step of Scenario Stylisation
  44. Table 10.15 Second Step of Scenario Stylisation
  45. Table 10.16 Stylised Storyline
  46. Table 10.17 Mis-Selling Scenario Summary
  47. Table 10.18 Mis-Selling Scenario Loss Generation Mechanism
  48. Table 10.19 Frequency Assessment
  49. Table 10.20 Assessment of Scenario Percentiles Using a Benchmark Method
  50. Table 10.21 Assessment of Scenario Percentiles Using a Driver Method
  51. Table 10.22 Drivers Assumptions for Different Situations
  52. Table 11.1 Exposure, Occurrence, and Impact for Usual Risk Events
  53. Table 12.1 Probability Table for the Worker Accident Risk
  54. Table 13.1 Variables of the Car Fleet Management Model
  55. Table 13.2 Distribution of Driver and Road Variables
  56. Table 13.3 Distribution of Road Conditional to Driver
  57. Table 13.4 Distribution of Speed Conditional to Road
  58. Table 13.5 Conditional Probability of Accident
  59. Table 13.6 Conditional Cost of Accident
  60. Table 13.7 Table of Road Types usage
  61. Table 13.8 Table of Distribution of Speed Conditional to Road Type
  62. Table 13.9 Learning from Experts or from Data
  63. Table 14.1 Empirical Assessment of the Probability of Occurrence
  64. Table 14.2 Indicator Characteristics
  65. Table 14.3 Indicator Variability
  66. Table 14.4 Indicator Predictability
  67. Table 14.5 Data Representativeness
  68. Table 14.6 KRI Evaluation Based on Empirical Distribution
  69. Table 15.1 Rogue Trading Cases
  70. Table 15.2 Quantification of Rogue Trading Drivers
  71. Table 15.3 Assessment of Concealed Trading Positions
  72. Table 15.4 Assessment of Time to Detection
  73. Table 16.1 Evolution of JP Morgan Chase Deposits, 2011–2017
  74. Table 16.2 Cyber Attacks: Attackers, Access, and Assets
  75. Table 16.3 Cyber Risk Scenarios
  76. Table 16.4 Quantification of Cyber Attack Drivers
  77. Table 17.1 Mapping of Misconduct Types to EBA Definition
  78. Table 17.2 Quantifiction of Mis-selling Drivers
  79. Table 18.1 How a Scenario Influences an Environment Factor
  80. Table 18.2 How a Scenario Is Influenced by an Environment Factor
  81. Table 18.3 Scenarios and Factors: Mutual Influences
  82. Table 19.1 Selection of Plausible Scenarios
  83. Table 19.2 Mapping Stress Factors to Scenarios Drivers
  84. Table 19.3 Representation of Controls in XOI Models
  85. Table 20.1 Exposure Units Table for Cyber Attack Scenario
  86. Table 20.2 Exposure Units Table for the Mis-Selling Scenario
  87. Table 20.3 Exposure Units Table for the Rogue Trading Scenario
  88. Table 20.4 Sources for Drivers Quantification

Foreword

I met Patrick and Laurent at a conference on operational risk in 2014. This meeting was a “Eureka!” moment in my journey on operational risk, which had started a year earlier.

I had been asked to examine operational risk management from a quantitative perspective. Coming from a market risk background, my first impressions were that, beyond the definition of operational risk, it was difficult to find a book that described a coherent framework for measuring and managing operational risk. Operational Risk Modelling in Financial Services is now filling this gap. Nevertheless, in the absence of such a book available at the time, I became familiar with the basic elements of operational risk: the risk and control self-assessment process (RCSA), the concept of key risk indicators (KRIs), and the advanced model approach (AMA) for capital calculation under Basel II.

In examining the practices of the financial industry, I had the impression that these essential components existed in isolation from each other, without a unifying framework.

The typical RCSA is overwhelming because of the complexity and granularity of the risks it identifies. This makes individual risk assessment largely qualitative and any aggregation of risks problematic.

KRIs were presented as great tools to monitor and control the level of operational risks, but in current practice they appeared to come from heuristics rather than from risk analysis or a risk appetite statement.

Finally, at the extreme end of the quantitative spectrum, all major institutions were relying on risk calculation teams specialising in loss distribution approaches, extreme value theories, or other sophisticated mathematical tools. Financial institutions have fuelled a very sustained activity of researchers extrapolating the 99.9% annual quantile of loss distributions from sparse operational losses data.

As difficult as this capital calculation proved to be, it was generally useless for risk managers and failed to pass the use test, which should ensure that risk measurement used for capital should be useful for day-to-day risk management. This failure should not be attributed to the Basel II framework, as AMA has tried to combine qualitative and quantitative methods in an interesting way and has introduced the important concept of operational risk scenarios!

In summary, I was confronted with an inconsistent operational risk management framework where the identification, control, and measurement of risks seemed to live on different planets. Each team was aware of the existence of the others, but they did not form a coordinated whole.

This inevitably raised the question of how to bridge the gap between risk management and risk measurement, which was precisely the title of Patrick's speech at the Oprisk Europe 2014 conference! Eureka! Never has a risk conference proven so timely.

The question is fundamental because it creates a bridge between an operational risk appetite statement and KRIs, and establishes a link between major risks, KRIs, and RCSA by leveraging the concept of operational risk scenarios.

The quantification of these risks (the risk measurement) can be compared to the stress testing frameworks used in other risk disciplines such as market risk. It can also be used to build a forward-looking economic capital model.

Once a quantitative risk appetite is formulated, once KRI are put in place to monitor key risks, and once an economic capital consistent with this risk measure is established, better risk management decisions can then be made. Cost-benefit analyses can be conducted to establish new controls to mitigate or prevent risk.

In other words, a useful risk management framework for the business has emerged!

I believe that Operational Risk Modelling in Financial Services is a book that will help at every level from the seasoned operational risk professional to the new practitioner. To the former, it will be an innovative way to link known concepts into a coherent whole, and to the latter it will serve as a clear and rigorous introduction to the operational risk management discipline.

Olivier Vigneron
Managing Director | Chief Risk Officer, EMEA |
JPMorgan Chase & Co.

Preface

Thank you for taking the time to read or flip through this book. You probably chose this book because you are working in the area of operational risk, or you will soon be taking a new job in this area. To be perfectly honest, this is not a subject that someone might spontaneously decide to research personally, as can be the case today for climate change, artificial intelligence, or blockchain technologies.

However, we quickly became passionate about this subject when we first started working on it over 10 years ago. The reason for this is certainly that it remains a playground where the need for modelling, that is, a simplified and stylized description of reality, is crucial. Risk modelling presents a particular difficulty because, as the Bank for International Settlements rightly points out in a discussion paper in 20131: “Risk is of course unobservable”.

Risks are not observable, and yet everyone can talk about them, and have their own analysis. Risks are not observable, yet they have well observable consequences, such as the 2008 financial crisis. It can be said that risks do not exist – only their perceptions and consequences exist.

Risk modelling therefore had to follow one of two paths: modelling perceptions or modelling consequences. In the financial field, quantitative culture has prevailed, and consequence modelling has largely taken precedence over perception modelling. For a banking institution, the consequences of an operational risk are financial losses. The dominant approach has been based on the shortcut that since losses are the manifestation of risks, it is therefore sufficient to model losses.

As soon as we started working on the subject, we considered that this approach was wrong, because losses are the manifestation of past risks, not the risks we face today. We have therefore worked on the alternative path of understanding the risks, and the mechanisms that can generate adverse events. This approach is difficult because the object of modelling is a set of people, trades, activities, rules, which must be represented in a simple, useful way to consider – but not predict – future events, and at the same time seek ways to mitigate them. This is more difficult than considering that the modeling object is a loss data file, and using mathematical tools to represent them, while at the same time, and in a totally disconnected way, other people are thinking about the risks and trying to control or avoid them. This work on mechanisms that can lead to major losses bridges the gap between risk quantification and risk management, and is more demanding for both quantification and management, since modellers and business experts must find a common language.

It is only thanks to the many people who have trusted us over these 10 or 15 years that this work has gone beyond the scope of research, and has been applied in some of the largest financial institutions in France, the United Kingdom, and the United States. We have worked closely and generally for several years with the risk teams and business experts of these institutions, and for several of them we have accompanied them until the validation of these approaches by the regulatory authorities.

This book is therefore both a look back over these years of practice, to draw a number of the lessons learned, and a presentation of the approach we propose for the analysis and modelling of operational risks in financial institutions. We believe, of course, that this approach can still be greatly improved in its field, and extended to related areas, particularly for enterprise risk management in nonfinancial companies.

This book is not a summary or catalogue of best practices in the area of operational risks, although there are some excellent ones. In any case, we would not be objective on this subject, since even though we have been privileged observers of the practices of the largest institutions and have learned a lot from each of them, we have also tried to transform their practices.

The first part of this book is both a brief presentation of the method we recommend and a summary of the lessons learned during our years of experience on topics familiar to those working in operational risks: RCSA, loss data, quantitative models, scenario workshops, risk correlation analysis, and model validation. In this section, we have adopted a deliberately anecdotal tone to share some of our concrete experiences.

The second part describes the problem, that is, operational risk modelling. We go back to the definition of operational risk and its growing importance for financial institutions. Then we discuss the need to measure it for regulatory requirements such as capital charge calculation, or stress tests, or nonregulatory requirements such as risk appetite and risk management. Finally, we discuss the specific challenges of operational risk measurement.

The third part discusses the three main tools used in operational risk analysis and modelling: RCSA, loss data models, and scenario analyses. We present here the usual methods used by financial institutions, with a critical eye when we think it is necessary. This part of the book is the closest to what could be considered as a best-practice analysis.

Finally, the fourth part presents the XOI method, for Exposure, Occurrence, and Impact. The main argument of our method is to consider that it is possible to define the exposed resource for each operational risk considered. Once the exposed resource is identified, but only under this condition, it becomes possible to describe the mechanism that can generate losses. Once this mechanism is described, it becomes possible to model and quantify it.

The method we present in this book uses Bayesian networks. To put it simply, a Bayesian network is a graph representing causal relationships between variables; these relationships being quantified by probabilities. You go to the doctor in winter with a fever and a strong cough. The doctor knows that these symptoms can be caused by many diseases, but that the season makes some more likely. To eliminate some serious viral infections from his diagnosis, the doctor asks you a few questions about your background and in particular your recent travels. The following graph can be used to represent the underlying knowledge.

Illustration of a Bayesian model depicting how the patient background and general context of seasonal changes leads to the pathology and symptoms of a disease.

Nodes are the variables of the model, and links are represented by probabilities. The great advantage of Bayesian networks is that … they are Bayesian, that is, that probabilities are interpreted as beliefs, not as objective data. Any probability is the expression of a belief. Even using an observed frequency as a probability is an expression of a belief in the stability of the observed phenomenon.

Bayesian networks are considered to have been invented in the 1980s by Judea Pearl of UCLA2 and Stefen Lauritzen3 of University of Oxford. Judea Pearl, laureate of the Turing award in 2011, has written extensively on causality. His most recent publication is a non-specialist book called The Book of Why4. It is a plea for the understanding of phenomena in the era of big data: “Causal questions can never be answered by data alone. They require us to formulate a model of the process that generates the data”.

Pearl suggests that his book can be summarized in a simple sentence “You are smarter than your data”. We believe this applies to operational risk managers, too.

NOTES

PART One
Lessons Learned in 10 Years of Practice