Abstract
Purpose
Due to increase in operational risk, banks are facing huge losses. In order to avoid losses, banks need to manage operational risk. This study aims to analyze the impact of operational risk management (ORM) processes, which include identification, assessment, analysis, monitoring and control in the presence of corporate governance (CG) that can also contribute to effective ORM practices.
Design/methodology/approach
Operational risk management processes are used to manage operational risk along with CG. Primary data are collected through questionnaire from (167) operational risk managers of commercial banks. Multiple linear regressions has been run to analyze the data.
Findings
Results indicate significant impact of CG and operational risk identification (ORI), monitoring and control on ORM practices in commercial banks of Pakistan.
Originality/value
The study suggests policy makers to improve the ORM framework by CG. Beside this, in order to lessen operational risk, proper identification, monitoring and control of operational risk could also contribute.
Keywords
Citation
Altaf, K., Ayub, H., Shabbir, M.S. and Usman, M. (2022), "Do operational risk and corporate governance affect the banking industry of Pakistan?", Review of Economics and Political Science, Vol. 7 No. 2, pp. 108-123. https://doi.org/10.1108/REPS-12-2019-0156
Publisher
:Emerald Publishing Limited
Copyright © 2020, Komal Altaf, Huma Ayub, Malik Shahzad Shabbir and Muhammad Usman
License
Published in Review of Economics and Political Science. Published by Emerald Publishing Limited. This article is published under the Creative Commons Attribution (CC BY 4.0) licence. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this licence maybe seen at http://creativecommons.org/licences/by/4.0/legalcode
1. Introduction
Operational risk is the risk of direct or indirect loss resulting due to inadequate external events and failed internal processes, people and systems (PWC, 1999). Operational risk is inherent in all banking products, activities, processes and systems. Effective management of operational risk has always been a fundamental element of a bank's risk management programs. In September 1998, the Banking Committee on Banking Supervision (BCBS) published a document “Operational risk management” (ORM) in which operational risk is treated as a self-contained regulatory issue. It was acknowledged that large losses in banking industry are due to operational risk and can be avoided when they are identified, analyzed, monitored and controlled properly. Along with this, corporate governance (CG) also contributes to effective ORM.
Due to weakened ORM, fraud and forgery cases are rapidly increasing in Pakistani banking sector for many years. As argued by Bastomi et al. (2017), poor CG and risk management are the main causes of bank. State Bank of Pakistan (SBP) has instructed banks to properly identify, analyze, monitor and control operational risk in order to reduce the level of operational risk. The current study aims to analyze how ORM practices can be made more effective through ORM processes along with CG. The survey-based methodology has been used. The researcher intended to at least partly reduce the gap found through literature in the theme of the impact of CG and ORM processes on ORM practices of commercial banks in Pakistan.
Continuity and success of banks depends upon ORM. Previous studies related to operational risk are not done on the Pakistani banking sector. Beside this, no study finds together the impact of CG and ORM processes on ORM. The current study attempts to fill this gap while keeping the ORM process and CG together that can determine the ORM practice of banks. Furthermore, it is clear from the above discussion that a dedicated study is required on ORM practices in Pakistan's commercial banks.
CG ensures that operational risk managers have resources for performing duties assigned to them, and they may work as an independent unit. The ultimate goal behind the establishment of an ORM unit is to decrease risk, not to increase profit. Briefly speaking, it is board of director's responsibility that bank policies and strategies must be consistent with operational management practices. It is the duty of board of directors (BODs) to place an effective risk management system, which means that along with awareness on risks faced by bank, employees must also be aware of system which is placed to monitor and control risk. This shows that CG encompasses risk management in banking operations (Lam, 2001; Shabbir et al., 2020; Sobel and Reding, 2004).
The findings of the study provide implications for effective CG in order to better manage ORM practices in banks. The study provides policy implications to SBP as a regulatory body for giving insights on current ORM practices of commercial banks Shabbir and Wisdom (2020). The study also suggests commercial banks to improve the ORM practices by involving governance body, i.e. (BODs, senior management). This study addresses the following questions such as, what is the impact of operational risk processes such as operational risk identification (ORI), operational risk assessment and analysis (ORAA) and operational risk monitoring and control (ORMC) on ORM in banks. Furthermore, what is the impact of CG through board of director and senior management on ORM in banking industry.
This study aims to identify the impact of ORM practices and CG which mainly include: To investigate the impact of ORM processes on ORM practices in commercial banks of Pakistan. Moreover, at what extent the impact of CG on ORM practices in commercial banks of Pakistan. Furthermore, to investigate the impact of ORM processes, the main objective of the study, which may be specified as sub-objectives, is as follow: in order to determine the impact of ORI on ORM practices of commercial banks; to determine the impact of ORAA on ORM practices of commercial banks; and finally, the impact of ORMC on ORM practices of commercial banks. Lastly, the structure of paper is as follows: in section 2, literature is reviewed; section 3 illustrates the theoretical framework; in section 4, methodology has been discussed; section 5 shows the results, and in the last section, conclusion and recommendations have been given.
2. Literature review
ORM has become one of the fastest-growing and most complex risk disciplines in banking industry (Koomson, 2011). In 2006 Basel Committee of Banking Supervision provide the operational risk definition as: “Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events”. This definition includes legal risk, but excludes strategic and reputational risk” According to Hussain and Ajmi (2012), ORM includes all the procedures, policies, expertise and systems that are required to manage all the risks occur due to financial transactions. Based on internal data loss, three approaches are used to calculate operational risk: basic indicator approach, standardized approach and the advanced measurement approach (Coetzee and Lubbe, 2014). Basel II and III encourage banks to identify, assess, measure, control and manage operational risk (Moosa, 2007; Shabbir, 2020). Pakhchanyan (2016) conducted a survey of the operational risk literature where he reviewed collected articles and identify studies that provide an overview of the operational risk literature, highlighting its importance and assessment methodologies.
ORM processes includes: ORI, ORAA and ORMC ling. ORM initiated with its identification. Bocker and Kluppelberg (2005) suggest that the only feasible way to manage operational risk successfully is by identifying and minimizing it, which requires the development of adequate quantification techniques. It is a challenging issue to identify operational risk, as the factors of operational risk are not well defined (Muermann and Oktem, 2002). Both internal and external factors are included in risk identification process (Nastase et al., 2013). However, Wei (2007) suggested that “quantification of operational risk has been hindered by the lack of internal and external data on operational losses”. Geiger and Raghunandan (2002) propose that to identify operational risk, RIM (risk identification matrix) can be used. Identification tools comprised of: risk mapping, self-assessment, establishing key risk indicators and measurement processes (Nastase and Unchiasu, 2013). PWC (1999) also suggests that management may also identify operational risk through process mapping, in which business key processes are identified and mapped.
According to Kuritzkes (2002) assessment of the operational risk is very crucial, for achieving the objectives, as objective establishment provide basis for determining how operational risk should be managed. “Top-down” single indicator method, “bottom-up” models including expert judgment and “causal models”, classical statistical approach are some methods used for measuring operational risk (Heinricj, 2006). Risk analysis involves analyzing risk type and outcomes of actions made. According to Herring (2002), there are different ways bank may use to identify and assess operational risk. These processes are: self-assessment, scorecards. According to Davies and Haubenstock (2002), banks are required to define their own approach, the scope of analysis and method used in analysis, either qualitative or quantitative. Banks are required to establish a guiding principle for the ORM process which guarantees that proper measure of operational risk is available in all bank business lines (Crouhy et al., 2003).
According to Ishtiaq (2015) disclosure of information on time is necessary for banks, so that a reliable structure is provided to banks for the assessment of their operational risk monitoring. This can also be found from the case study by (Masenene, 2015) that information on operational risk must be communicated to right people and on right time. Firew (2013) argues that under bank guidelines for ORM, actual level of operational risk and operational risk tolerance level should compare. By this way, bank's operational risk is continuously monitored and also would help to ensure that the bank's operational risk level lies within acceptable range. In an operational risk context, a KRI is a metric that provides information on the level of exposure to some operational risk, at a given point in time. Preventive KRIs measure a rise in the causes of risk, either in probability (KRI of likelihood) or in potential impact should the risk materialize (Chapelle, 2019). Neifar and Jarboui (2018) suggest that Islamic banks shall disclose their ORM framework to inform stakeholders to know about the process of managing OR including the way that the bank identify, assess, monitor and control the OR and how effectively it manages this type of risk.
Masenene (2015) also stated that the effectiveness of internal controls needs to monitor after their placement so that they could be function properly. According to Allen and Bali (2007), controlling operational risk is more important than market and credit risk. Control activities are placed to safeguard the execution of management directives (Andrew, 1995). These policies and procedures help to ensure that risk is addressed and mitigating activities are used in order to achieve bank's objectives. Kuritzkes (2002) argues that control activities must place in the functions of the bank at all levels. Masenene (2015, p. 25) proposes that ORM system reliability depends upon the strength of its internal control processes and reporting system. In case banks unable to monitor and control operational risk, financial penalties are placed by the regulators (Mainelli, 2002; Shabbir, 2018a, b, c; Lewis, 2004).
Kasim and Hussin (2010) argue that in banking operations there is close relationship between CG and risk management. “Corporate Governance” refers to corporate discipline. According to BIS (2006), ISACA (2009) governance, risk management and control (GRC) play a critical role in minimizing operational risk. Corporate failure results, due to inefficient risk management and inefficient CG, i.e. inefficient control of activities by the BODs (Manab et al., 2010). Al Hussiny (2010) argues that bank may use CG as risk mitigation strategy, to safeguard the interest of its stakeholders. According to Quon et al. (2012), Shahzad and Rehman (2015), risk management and CG are interdependent and interrelated. Good CG and effective risk management leads to improvement in bank performance (Manab et al., 2010; Shahzad and Zaman, 2016; Sobil and Reding, 2004). Van Greuning and Brajovic-Bratanovic (2009a, b) argued that for management of operational risk, CG process key players (like the director and executive managers) are responsible.
It is observed that good ORM, senior management involvement and support is required who could give considerable attention to operational risk along with the allocation of resources (Davies and Haubenstock, 2002). Directing senior managers is the responsibility of BODs about setting tolerance level for operational risk and for all major areas of operations the establishment of correspondent processes, procedures, controls and systems (Ishtiaq, 2015). Firew (2013) proposed that for effective ORM by the operational risk managers, BODs may set out strategies, policies and guidelines. Neifar and Jarboui (2018) also suggest that Islamic banks shall encourage to ensure an effective risk culture because it is an important task for learning how to manage unexpected situations. A culture that is conducive to effective risk management urges open and upward communication, sharing of knowledge and best practices, continuous process improvement and a deep commitment to ethical and responsible business behavior.
In light of the above literature, the current study aims to bridge the gap between the relationships of ORM, its processes and CG practice, which will provide a way to realize the vision of mitigating operational risks and optimizing the performance of banking sector. Thus the study is an empirical analysis of operational risks management and role of CG practice followed by the banking sector of developing economies like Pakistan.
3. Theoretical framework
The relationship between proper identification, assessment and analysis, monitoring and control of operational risk and ORM takes center stage: in addition to this relationship, the study proposed that banks can improve their ORM through CG. The study will help to explain the cause-and-effect relationship between the operational risk process, CG and ORM in banks. Following framework has been proposed:
Following hypothesis has been
There is a significant impact of operational risk identification on operational risk management.
There is a significant impact of operational risk assessment and analysis on operational risk management.
There is a significant impact of operational risk monitoring and control on operational risk management.
There is a significant impact of corporate governance on operational risk management.
4. Research methodology
Sampling method and data collection process and techniques has been discussed in this section. One of the non-probability judgmental sampling techniques, expert sampling technique that has been used in this study is the best way to elicit the views of operational risk managers on the proposed cause an effect relationship of operational risk process and CG on ORM. The experts have demonstrable experience and expertise in the field of ORM in banks. However, 200 questionnaires were distributed among the operational risk managers, area managers, zonal head coordinator and risk managers of commercial banks in Rawalpindi and Islamabad. The questionnaire has been used to collect data for finding the impact of ORM processes and CG on ORM. All the questions were close-ended and five-point Likert scale has been used to get response against every item. Data have been analyzed in Statistical Package for Social Sciences (SPSS) to find data reliability, demographics and descriptive analysis to investigate correlation among variables and to perform regression analysis.
The study empirically examine whether the processes of ORM such as the risk identification, risk assessment and analysis and risk monitoring and controlling leads to improved risk management or not. Where, results of the study confirm that the operational risk assessment and analysis (one of X) play an insignificant role toward the risk management which also highlight that X is different than Y. This is predominantly due to the fact that banks in Pakistan still lack behind on the assessment and analysis of operational risk in order to manage it effectively. This is mainly due to the reason that majority of banks are still using basic indicator approach to assessing operational risk however there is a strong need to adopt standardize or advance approach for the assessment of operational risk by employing qualitative techniques (audit findings, scorecards and self-assessment) and quantitative techniques (loss distribution, economic models) to better manage operational risk. Moreover, as we have incorporated the role of CG in the proposed framework therefore the regression analysis is suitable methodology.
5. Findings and discussion
The following section discusses the results of reliability analysis, demographic analysis, descriptive and normality analysis, Pearson correlation and multiple linear regression.
5.1 Reliability analysis
Cronbach's alpha (α), an internal consistency statistical tool is used by the researcher to measure the reliability as suggested by researchers (Pallant, 2013; Gujarati and Porter, 2009 and Shabbir, 2018a, b, c).Table 1 shows reliability measure values of all the variables, and it can be seen from the table that Cronbach's alpha values for all variables are more than (0.60) which is in the acceptable range (Hair et al., 2006).
5.2 Demographic analysis
Majority of the respondents were male, i.e. (76%). Most of the respondent's age is between 30 and 39 years. None of the respondents fall in the age group of 40–49 and above. Work experience of majority of the participants is 16–20 years with a share of 37.7% in the total data. The highest education attained by the respondents is a master's degree with a frequency and percentage of (121, 72.5%) (see Table 2).
5.3 Normality and descriptive analysis
Table 3 depicts mean and standard deviation values of all the variables. Participants score highest mean score on ORI and ORAA (m = 3.974) and the lowest score on ORM (m = 3.8308). Highest standard deviation value for ORMC (0.5676) indicates variability in respondent's response from the average (m = 3.8915).
Normality analysis is tested through skewness and kurtosis. Table 3 shows that data is normal as all values lie in the acceptable range, i.e. −1 to +1 for skewness and −3 to +3 for kurtosis.
5.4 Correlation
Significant positive correlation is observed between all variables (p ≤ 0.01). Table 4 shows no problem of correlation among all the independent variables.
5.5 Multicollinearity
Multicollinearity has been tested by employing both tolerance and VIF. The acceptable range of VIF and Tolerance, i.e. (<=10 and >0.20) and Table 5 indicates that there is no issue of multicollinearity in the data.
5.6 Multiple regression analysis
The researcher done the regression analysis to measure the cause-and-effect relationship of multiple independent and one dependent variable. Independent variables ORI, ORAA, ORMC and CG regressed on dependent variables, i.e. ORM.
Dependent variable ORM is measured by ORI, ORAA, ORMC and CG. Table 6 also shows values for these variables. The value for R2 = 0.579, tells that 57.9% variance in ORM was explained by the desired model, while the remaining 42.1% variation is explained by other factors which the researcher does not include in this model. Rejection or acceptance of a hypothesis depends upon P value in regression analysis. If the value of P is greater than 0.1, it means that the hypothesis is rejected.
Variables importance is indicated by beta coefficients. The beta coefficient for ORI with value 0.206 is showing that with one unit increase in ORI, there will be a 20.6% increase in ORM which shows an equal change in both constructs. The t value and the Sig. opposite ORI, i.e. (3.656, 0.000) indicate that variable is significantly contributing to the equation for predicting ORM (Sekaran, 2003). Therefore, hypothesis H1 is accepted.
Acceptance of the hypothesis shows that banks are properly identifying and prioritizing operational risk. Commercial banks have developed procedures for identifying operational risk found in their products, procedures and they are working properly on the identification of external and internal events. Banks are instructed by SBP (2015) to identify risk through risk mapping, key risk indicators and self-assessment tools, results show that banks are using these tools to identify operational risk. The results are in line with the study of Ishtiaq (2015) that proper identification of operational risk legitimate the effective management of operational risk. Similar kind of relationship was also observed by Pearl-Kumah et al. (2014) in the banking sector of Ghana in which they identify a positive significant relationship between risk identification and risk management practices.
The work of study is also supported by Al Hussiny (2010) and Masenene (2015, pp. 30-31) in the context of UAE banking industry and Dar-Es-Salaam selected banks respectively. The results of current study indicates that commercial banks in Pakistan are properly identifying operational risk as per Basel guidelines implemented by SBP to manage operational risk more effectively as mentioned by SBP in BPRD circular No. 4 on 20th May, 2014 that proper identification of operational risk is very essential for effectively managing operational risk and results are also in line with this statement that proper identification leads to good management.
Beta coefficient value for ORAA is 0.019, which means that 1.9% increase in the dependent variable is due to ORAA which is a nominal charge, but in both constructs, equal change is predicted. T-value 0.342 along with significance level at 0.733 predicts that this variable has no significant impact on ORM (Sekaran, 2003). Therefore, H2 is rejected.
From the analysis, an insignificant impact of ORAA on ORM indicates that banks still lack behind on the assessment and analysis of operational risk in order to manage it effectively. Findings indicates that banks have no or less capabilities for assessing operational risk through qualitative techniques (audit findings, scorecards and self-assessment) and quantitative techniques (loss distribution, economic models), and they do not have contingency plans to minimize the losses in the event of severe business disruption Saleem et al. (2020). This is because of the reason that all the banks in Pakistan are using basic indicator approach and they do not reach on standardizing or advance approach where all of the above-mentioned techniques are used to analyze operational risk. Commercial banks are trying to follow these processes yet they are not able to do it. While they are managing operational risk through identification, monitoring and control with respect to basic indicator approach.
From the above discussion and analysis, it is concluded that proper assessment and analysis of operational risk do not contribute to ORM as techniques used are of advanced approach and commercial banks of Pakistan are managing it through basic indicator approach. Whereas, (B = 0.121) for ORMC reveal that one unit increase in ORMC leads to 12.1% increase in ORM, predicting equal change in both constructs. T-statistics value for this variable is 1.956 with significance value (p = 0.052) also shows that ORMC is significantly contributing to the equation for predicting ORM practices (Sekaran, 2003). Hence, hypothesis H3 is accepted.
Acceptance of hypothesis shows that commercial banks are monitoring actual level of operational risk with permissible level as supported by Firew (2013) in selected Ethiopian Commercial Banks for providing regular and timely feedback on daily basis. Beside this, they also had made plans for identified operational risk. Banks also made insurance to cover daily operational risk. Commercial banks in Pakistan are reporting operational risk-related matters on timely basis according to disclosure requirement of SBP Shabbir (2016). The results are in line with the study of Ishtiaq (2015) that proper monitoring and control of operational risk legitimate the effective management of operational risk. This is also supported by the work of Pearl-Kumah et al. (2014) in the Ghana banking industry and Masenene (2015, p. 28) in Dar-Es-Salaam selected banks. Kuritzkes (2002) also proposes that policies and procedures help to ensure that risk is address and mitigating activities are used in order to achieve bank's objectives.
According to fundamental principles of risk management framed by SBP, every bank should implement a comprehensive mechanism to monitor and control operational risk. An inference can be drawn while considering the significant impact of operational risk monitoring, and control on ORM practices that with effective monitoring and control of operational risk, it can manage properly. From the above discussion, it is concluded that proper monitoring and control of identified operational risk can improve ORM processes.
The highest beta value is for CG (β = 0.451) tells that with one unit increase in CG, there will be 45.1% increase in ORM. Relationship strength is described by (t) values. CG t value and the Sig. opposite CG, i.e. (7.368, 0.000) indicates that variable is significantly contributing to the equation for predicting ORM (Sekaran, 2003). Therefore, hypothesis H4 is accepted. A positive and significant relationship between the CG and ORM practices indicates that when senior management and BODs receive and review information on daily basis and according to that they set proper procedures and processes for providing direction to employees. It will result in effective ORM.
This result is also confirmed from the study that good CG and effective risk management leads to improvement in bank performance (Manab et al., 2010; Muhammad et al., 2020; Nguyen et al., 2020; Sobil and Reding, 2004). Van Greuning and Brajovic-Bratanovic (2009a, b) argues that for management of operational risk, CG process key players (like the director and executive managers) are responsible. According to Arif and Shabbir (2019), Quon et al. (2012), risk management and CG are interdependent and interrelated.
Koomson (2011) also confirms that good CG leads to effective ORM. According to Koomson (2011) managing operational risk is not the sole responsibility of directors or senior managers but everyone in the bank is equally responsible to manage operational risk. According to current study, when operational risk manage with governance body, it can be manage more effectively. If operational risk mange effectively, there will be less forgery, fraud and less failure of systems.
From all of the above discussion, it is concluded that ORM processes which include ORI, monitoring and control along with over sightedness of BODs and senior management involvement can improve the ORM practices in commercial banks. Thus, in this relation, only ORAA is not significantly adding to the prediction while other three variables are significantly predicting positive impact.
6. Conclusion and recommendation
This study focuses on finding the impact of ORM processes and CG on ORM. Results indicate that proper identifying, monitoring and controlling, along with the studious attention of bank's BODs and senior management will lead to effective ORM.
Banks are using mapping techniques, key risk indicators and self-assessment tools for the identification of operational risk which increase the effective ORM at bank end. It is also concluded from the study that banks still lack behind on the assessment and analysis of operational risk to manage it effectively. This is mainly due to the reason that majority of banks are still using basic indicator approach to assessing operational risk however there is a strong need to adopt standardize or advance approach for the assessment of operational risk by employing qualitative techniques (audit findings, scorecards and self-assessment) and quantitative techniques (loss distribution, economic models) to better manage operational risk. There is also a need for developing contingency plans to minimize the losses in the event of severe business disruption for the effective management of operational risk. This is also concluded that Commercial banks in Pakistan are properly monitoring and reporting operational risk-related matters on timely basis according to disclosure requirement of SBP. Another imperative conclusion of the study is the significance of the positive role that corporate board and senior management play for the effective management of operational risk. Therefore it is recommended that banks management need to disclose all the process of managing operational risk to the corporate board thus to the shareholders of the bank. In light of this, it was suggested that procedures should be in place to inform Board members about the operational risk assessment and minimization procedures. These procedures should be periodically reviewed to ensure that executive management controls risk through means of a properly defined framework. Lastly, although as the study confirms that the Bard of directs and senior management involvement is contributing toward the effective ORM, however, there is a dire need to propagate the conscious culture of ORM in commercial banks of Pakistan.
In future, a study may conduct on ORM practices of development banks, microfinance banks and other small financial institutions. In future studies, the element of tolerance level may be studied which each bank is required to set for its ORM. More elements of CG like board size, management quality can be used in future studies. For secondary research, operational risk loss data could be studied. ORM practices of Islamic and Conventional banks can also explore in future studies.
The first limitation of this study is that it does not include other risks associated with the banking sector, e.g. market and credit risk. The research employed survey method, the questionnaire used in the study were close-ended. In close-ended questionnaires, respondents cannot express their views. In survey method, biasness can also occur as the perception of the respondents for their banks is asked. This study's sample size is composed of only commercial banks (financial institutions) it does not include non-financial organizations that also face difficulty in ORM. This study has also not included some other categories of banks, like development banks, microfinance banks.
Reliability analysis of the study variables
| Variables | No. of items | Cronbach's alpha (α) |
|---|---|---|
| ORI | 6 | 0.779 |
| ORAA | 6 | 0.750 |
| ORMC | 8 | 0.776 |
| CG | 6 | 0.738 |
| ORM | 9 | 0.750 |
Note(s): ORI = Operational risk identification, ORAA = Operational risk assessment and analysis, ORMC = Operational risk monitoring and control, CG = Corporate governance, ORM = Operational risk management
Demographic analysis
| Frequency | Percentage frequency | |
|---|---|---|
| Gender | ||
| Male | 127 | 76% |
| Female | 40 | 24% |
| Age | ||
| 18–29 years | 65 | 38.9% |
| 30–39 years | 78 | 46.7% |
| 40–49 years | 24 | 14.4% |
| Work experience | ||
| <=5 years | 48 | 28.7% |
| 6–10 years | 35 | 21.0% |
| 11–15 years | 63 | 37.7% |
| 16–20 years | 10 | 6.0% |
| Above 20 years | 11 | 6.6% |
| Education | ||
| Undergraduate | 3 | 1.8% |
| Graduate | 33 | 19.8% |
| Master's degree | 121 | 72.5% |
| PhD | 10 | 6.0% |
Descriptive and normality analysis
| Variables | Mean | St. Deviation | Skewness | Kurtosis |
|---|---|---|---|---|
| ORI | 3.974 | 0.563 | −0.505 | 0.967 |
| ORAA | 3.974 | 0.559 | −0.376 | 1.349 |
| ORMC | 3.891 | 0.567 | −0.368 | 0.380 |
| CG | 3.948 | 0.564 | −0.485 | 0.776 |
| ORM | 3.830 | 0.502 | −0.237 | 0.107 |
Note(s): ORI = Operational risk identification, ORAA = Operational risk assessment and analysis, ORMC = Operational risk monitoring and control, CG = Corporate governance, ORM = Operational risk management
Correlation
| Variables | ORI | ORAA | ORMC | CG |
|---|---|---|---|---|
| ORI | 1 | |||
| ORAA | 0.441** | 1 | ||
| ORMC | 0.537** | 0.490** | 1 | |
| CG | 0.483** | 0.511** | 0.612** | 1 |
Note(s): **Correlation is significant at the 0.01 level (2-tailed)
Multicollinearity
| Variables | Tolerance | VIF |
|---|---|---|
| ORI | 0.651 | 1.537 |
| ORAA | 0.665 | 1.504 |
| ORMC | 0.530 | 1.887 |
| CG | 0.551 | 1.816 |
Regression analysis for predictor variables and operational risk management
| Independent variables | B | t | Sig. |
|---|---|---|---|
| ORI | 0.206 | 3.656 | 0.000 |
| ORAA | 0.019 | 0.342 | 0.733 |
| ORMC | 0.121 | 1.956 | 0.052 |
| CG | 0.451 | 7.368 | 0.000 |
Note(s): R2 = 0.579; F(4, 162) = 55.694. *p ≤ 0.1,**p ≤ 0.05, ***p ≤ 0.01
Sample banks for the study
| Commercial banks | Sr. | Commercial banks | |
|---|---|---|---|
| 1 | Askari Bank Limited | 2 | United Bank Limited |
| 3 | Summit Bank Limited | 4 | Bank Alfalah Limited |
| 5 | Dubai Islamic Bank | 6 | Habib Bank Limited |
| 7 | Silk Bank Limited | 8 | Bank Islmi Pakistan Limited |
| 9 | Albaraka Bank (Pakistan) Limited | 10 | Samba Bank Limited |
| 11 | National Bank Of Pakistan | 12 | Faysal Bank Limited |
| 13 | JS Bank Limited | 14 | NIB Bank Limited |
| 15 | Habib Metropolitan Bank Limited | 16 | First Women Bank Limited |
| 17 | Meezan Bank Limited | 18 | Bank of Punjab |
| 19 | Bank of Khyber | 20 | Soneri Bank Limited |
| 21 | Allied Bank Limited | 22 | MCB Bank Limited |
| 23 | Standard Chartered Bank Limited | 24 | Bank Al Habib Limited |
The descriptive analysis tables
| Operational risk identification | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
|---|---|---|---|---|---|
| 1. My bank carries out a comprehensive and systematic identification of its operational risk in terms of people and internal systems | 1 | 2 | 3 | 4 | 5 |
| 2. My bank prioritizes its operational risks according to Basel Accord guidelines | 1 | 2 | 3 | 4 | 5 |
| 3. My bank has developed and applied procedures for the systematic identification of internal and external events of operational risk | 1 | 2 | 3 | 4 | 5 |
| 4. My bank identifies operational risk through risk mapping | 1 | 2 | 3 | 4 | 5 |
| 5. My bank identifies operational risk using self-assessment tool | 1 | 2 | 3 | 4 | 5 |
| 6. My bank uses key risk indicator tool for identifying its operational risk | 1 | 2 | 3 | 4 | 5 |
| Operational risk assessment and analysis | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
| 7. My bank assesses the likelihood of occurring operational risk | 1 | 2 | 3 | 4 | 5 |
| 8. My bank assesses its operational risk by using quantitative analysis methods (e.g. risk indicators, loss distribution and economic models) | 1 | 2 | 3 | 4 | 5 |
| Operational risk assessment and analysis | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
|---|---|---|---|---|---|
| 9. My bank assesses operational risks by using qualitative analysis methods (e.g. risk maps, audit findings, scorecards and self-assessments) | 1 | 2 | 3 | 4 | 5 |
| 10. My Bank has contingency and business continuity plans to ensure its ability to operate as going concern and minimize losses in the event of severe business disruption | 1 | 2 | 3 | 4 | 5 |
| 11. My bank response to analyze operational risks includes an assessment of the costs and benefits of addressing operational risks | 1 | 2 | 3 | 4 | 5 |
| 12. My bank response to analyze operational risk includes prioritizing of operational risks and active management for operational risk | 1 | 2 | 3 | 4 | 5 |
| Operational risk monitoring and control | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
| 13. Monitoring the effectiveness of operational risk management is an integral part of routine management reporting | 1 | 2 | 3 | 4 | 5 |
| 14. My bank continuously compares the actual operational risk levels with permissible operational risk level under Basel II | 1 | 2 | 3 | 4 | 5 |
| 15. The level of control mechanism is appropriate for the operational risk processes in my bank | 1 | 2 | 3 | 4 | 5 |
| 16. My bank is reporting disclosure of information on timely basis for monitoring the operational risk | 1 | 2 | 3 | 4 | 5 |
| 17. My bank monitors the operational risk and provides immediate feedback to the management | 1 | 2 | 3 | 4 | 5 |
| 18. My bank's response to operational risk includes action plans for implementing decisions about identified operational risk | 1 | 2 | 3 | 4 | 5 |
| 19. My bank's evaluates the effectiveness of the existing controls for operational risk | 1 | 2 | 3 | 4 | 5 |
| 20. There is an active insurance made to cover daily operational risks at my bank | 1 | 2 | 3 | 4 | 5 |
| Corporate governance and operational risk management | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
| 21. Executive management and board of directors receive operational risk-based management information on a regular basis | 1 | 2 | 3 | 4 | 5 |
| 22. My bank's executive management regularly reviews the organization's performance in managing its operational risks | 1 | 2 | 3 | 4 | 5 |
| Corporate governance and operational risk management | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
|---|---|---|---|---|---|
| 23. The boards of directors are directly responsible for operational risk management | 1 | 2 | 3 | 4 | 5 |
| 24. The bank's risk management procedures and processes are documented and provide guidance to staff about managing operational risk | 1 | 2 | 3 | 4 | 5 |
| 25. Senior management of the bank transforms the strategic direction given by the board through operational risk management policy | 1 | 2 | 3 | 4 | 5 |
| 26. Efficient operational risk management is one of my bank's objectives | 1 | 2 | 3 | 4 | 5 |
| Operational risk management | Strongly disagree | Disagree | Neutral | Agree | Strongly agree |
| 27. There is a proper set of rules and guidelines, for managing operational risk, available in the bank | 1 | 2 | 3 | 4 | 5 |
| 28. Board and executive management of the bank understands all categories of operational risk applicable to the bank | 1 | 2 | 3 | 4 | 5 |
| 29. My bank has been encountered to daily operational risk | 1 | 2 | 3 | 4 | 5 |
| 30. My bank regularly prepares periodic report of operational risk | 1 | 2 | 3 | 4 | 5 |
| 31. The issue of operational risk control is taken to a great consideration at my bank | 1 | 2 | 3 | 4 | 5 |
| 32. My bank takes more consideration on operational risks occurring to its systems and procedures | 1 | 2 | 3 | 4 | 5 |
| 33. My bank takes more consideration on operational risks occurring to its systems and procedures | 1 | 2 | 3 | 4 | 5 |
| 34. My bank takes more consideration on operational risk occurring to its people side | 1 | 2 | 3 | 4 | 5 |
| 35. Lack of strong rules and principles for operational risk management cause more operational risk to take place in my bank | 1 | 2 | 3 | 4 | 5 |
| 36. Overall, my bank operational risk management practices are consider excellent | 1 | 2 | 3 | 4 | 5 |
Appendix 2
References
Al Hussiny, S. (2010), A Study of Risk Management in the United Arab Emirates Banking Industry, Doctoral dissertation, The British University in Dubai (BUiD).
Allen, L. and Bali, T.G. (2007), “Cyclicality in catastrophic and operational risk measurements”, Journal of Banking and Finance, Vol. 31 No. 4, pp. 1191-1235.
Arif, A. and Shabbir, M.S. (2019), “Common currency for Islamic countries: is it viable?”, Transnational Corporations Review, Vol. 11 No. 3, pp. 222-234.
Bastomi, M., Salim, U. and Aisjah, S. (2017), “The role of corporate governance and risk management on banking financial performance in Indonesia”, Jurnal Keuangan dan Perbankan, Vol. 21 No. 4, pp. 670-680.
BIS (Bank for International Settlements, Basel Committee on Banking Supervision (2006), “International convergence of capital measurement and capital standards, A revised framework”, available at www.bis.org/publ/bcbs128.htm.
Bocker, K. and Kluppelberg, C. (2005), Operational VaR: A Closed-Form Approximation, Risk-London-Risk Magazine, Vol. 18 No. 12, p. 90.
Chapelle, A. (2019), Operational Risk Management: Best Practices in the Financial Services Industry, John Wiley & Sons.
Coetzee, P. and Lubbe, D. (2014), “Improving the efficiency and effectiveness of risk‐based internal audit engagements”, International Journal of Auditing, Vol. 18 No. 2, pp. 115-125.
Crouhy, M., Galai, D. and Mark, R. (2003), Essential of Risk Management, McGraw-Hill, London.
Davies, J. and Haubenstock, M. (2002), “Building effective indicators to monitor operational risk”, The RMA Journal, Vol. 84 No. 8, pp. 40-43.
Firew, T. (2013), “Establishing financial markets in Ethiopia: the environmental foundation, challenges and opportunities”, Journal of Business and Administrative Studies, Vol. 4 No. 1, pp. 1-44.
Geiger, M.A. and Raghunandan, K. (2002), “Auditor tenure and audit reporting failures”, Auditing: A Journal of Practice and Theory, Vol. 21 No. 1, pp. 67-78.
Gujarati, D.N. and Porter, D.C. (2009), Basic Econometrics, International edition, McGraw-Hills, New York.
Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. (1998), Multivariate Data Analysis, 5th ed Prentice-Hall, Englewood Cliffs, NJ.
Heinrich, G. (2006), Operational Risk, Payments, Payment Systems, and Implementation of Basel II in Latin America: Recent Developments, Vol. 4 No. 1, pp. 42-45.
Herring, R.J. (2002), “The basel 2 approach to bank operational risk: regulation on the wrong track”, The Journal of Risk Finance, Vol. 4 No. 1, pp. 42-45.
Hussain, H.A. and Al‐Ajmi, J. (2012), “Risk management practices of conventional and Islamic banks in Bahrain”, The Journal of Risk Finance, Vol. 13 No. 3, pp. 215-239.
ISACA (Information Systems Audit and Control Association) (2009a), The Risk IT Framework, Printed in the United States of America.
Ishtiaq, M. (2015), Risk Management in Banks: Determination of Practices and Relationship with Performance.
Kasim, I. and Hussin, M.R. (2010), Enterprise-wide Risk Management (EWRM) Practices: Between Corporate Governance Compliance and Value Creation.
Koomson, A. (2011), Operational Risk Management and Competitive Advantage in the Ghanaian Banking Industry, (Doctoral dissertation).
Kuritzkes, A. (2002), “Operational risk capital: a problem of definition”, The Journal of Risk Finance, Vol. 4 No. 1, pp. 47-56.
Lam, J. (2001), Risk Management–the CRO Is Here to Stay, Prentice‐Hall, New York, NY.
Lewis, N.D.C. (2004), Operational Risk with Excel and VBA: Applied Statistical Methods for Risk Management,+ Website, John Wiley & Sons, Vol. 244.
Mainelli, M. (2002), Industrial strengths: operational risk and banks, Balance Sheet, Vol. 10 No. 3, pp. 25-34.
Masenene, F.A. (2015), An Assessment on the Effectiveness of Operational Risk Management among Tanzanian Financial Institutions: the Case Study of Selected Banks in Dar es Salaam, Doctoral dissertation, The Open University Of Tanzania.
Moosa, I.A. (2007), “Operational risk: a survey”, Financial Markets, Institutions and Instruments, Vol. 16 No. 4, pp. 167-200.
Muermann, A. and Oktem, U. (2002), “The near-miss management of operational risk”, The Journal of Risk Finance, Vol. 4 No. 1, pp. 25-36.
Muhammad, I., Shabbir, M.S., Saleem, S., Bilal, K. and Ulucak, R. (2020), “Nexus between willingness to pay for renewable energy sources: evidence from Turkey”, Environmental Science and Pollution Research, Vol. 3 No. 6 pp. 1-15.
Nastase, P. and Unchiasu, S.F. (2013), “Implications of the operational risk practices applied in the banking sector on the information systems area”, Accounting and Management Information Systems, Vol. 12 No. 1, p. 101.
Neifar, S. and Jarboui, A. (2018), “Corporate governance and operational risk voluntary disclosure: evidence from Islamic banks”, Research in International Business and Finance, Vol. 46, pp. 43-54.
Nguyen, V.K., Shabbir, M.S., Sail, M.S. and Thuy, T.H. (2020), “Does informal economy impede economic growth? Evidence from an emerging economy”, Journal of Sustainable Finance and Investment, Vol. 2 No. 7, doi: 10.1080/20430795.2020.1711501.
Pakhchanyan, S. (2016), “Operational risk management in financial institutions: a literature review”, International Journal of Financial Studies, Vol. 4 No. 4, p. 20.
Pallant, J. (2013), SPSS Survival Manual, McGraw-hill education.
Pearl-Kumah, S., Sare, Y.A. and Bernard, B. (2014), “Corporate governance and risk management in the banking sector of Ghana”, European Journal of Accounting Auditing and Finance Research, Vol. 2 No. 2, pp. 1-17.
PricewaterhouseCoopers (1999), Operational Risk Management, Credit Suisse Group, Zurich.
Quon, T.K., Zeghal, D. and Maingot, M. (2012), “Enterprise risk management and firm performance”, Procedia-Social and Behavioral Sciences, Vol. 62, pp. 263-267.
Saleem, H., Shabbir, M.S., Khan, B., Aziz, S., Husin, M.M. and Abbasi, B.A. (2020), “Estimating the key determinants of foreign direct investment flows in Pakistan: new insights into the co-integration relationship”, South Asian Journal of Business Studies, Vol. 10 No. 1, pp. 91-108.
SBP (2015), “Financial stability review”, available at: https://www.sbp.org.pk›FSR›2015.
Sekaran, U. (2003), “Towards a guide for novice research on research methodology: review and proposed methods”, Journal of Cases of Information Technology, Vol. 8 No. 4, pp. 24-35.
Shabbir, M.S. (2016), “Combine effect of automated Services and traditional Services quality on customer satisfaction: evidence from banking sector of Pakistan”, International Journal of Economics and Management Sciences, Vol. 5 No. 3, pp. 18-26.
Shabbir, M.S. (2018a), “Classification and prioritization of waqf lands: a Selangor case”, International Journal of Islamic and Middle Eastern Finance and Management, Vol. 11 No. 1, pp. 40-58.
Shabbir, M.S. (2018b), “The Determination of Money: a comparative analysis of Zakat (Alms) and Income Tax payers among selected ASEAN countries”, Global Review of Islamic Economics and Business, Vol. 6 No. 1, pp. 051-061.
Shabbir, M.S. (2018c), “Privatization predicament and Shari'ah compliant alternate solutions”, Kashmir Economic Review, Vol. 27 No. 1, pp. 28-37.
Shabbir, M.S. (2020), “Human prosperity measurement within the gloom of Maqasid Al-Shariah”, Global Review of Islamic Economics and Business, Vol. 7 No. 2, pp. 105-111.
Shabbir, M.S. and Wisdom, O. (2020), “The relationship between corporate social responsibility, environmental investments and financial performance: evidence from manufacturing companies”, Environmental Science and Pollution Research, Vol. 3 No. 9, pp. 1-12, doi: 10.1007/s11356-020-10217-0.
Shabbir, M.S., Bashir, M., Abbasi, H.M., Abbasi, H.M. and Abbasi, H.M. (2020), “Effect of domestic and foreign private investment on economic growth of Pakistan”, Transnational Corporations Review, Vol. 5 No. 8, pp. 1-13.
Shahzad, M. and Rehman, A. (2015), “Barriers to service quality in the banks of Pakistan: a comparative study of Islamic and conventional banks”, Business and Economics Journal, Vol. 178 No. 6, pp. 13-21.
Shahzad and Zaman (2016), “Marketing strategic of financial Services by Islamic banks”, Standard Journal of Global Business and Management, Vol. 3 No. 2, pp. 15-23.
Sobel, P.J. and Reding, K.F. (2004), “Aligning corporate governance with enterprise risk management”, Management Accounting Quarterly, Vol. 5 No. 2, p. 29.
Van Greuning, H. and Brajovic-Bratanovic, S. (2009a), Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management, World Bank Publications.
Van Greuning, H. and Brajovic-Bratanovic, S. (2009b), Analyzing Banking Risk: A Framework for Assessing Corporate Governance and Risk Management, No. 48238, The World Bank, pp. 1-442.
Wei, R. (2007), “Quantification of operational losses using firm-specific information and external databases”, Journal of Operational Risk, Vol. 1 No. 4, pp. 3-34.
Further reading
Balasubramaniam, C.S. and Pradhan, R.P. (2005), “Corporate governance and its role in banking sector”, Finance India, Vol. 19 No. 4, p. 1393.
Channar, Z.A., Abbasi, P. and Maheshwari, M.B. (2015), “Risk management: a tool for enhancing organizational performance”, Pakistan Business Review, Vol. 17 No. 1, pp. 1-20.
Daniel, O. (2014), Modelling Risk Management in Banks: Examining Why Banks Fail, Doctoral dissertation, Walden University.
Dowdell, L.P. (2014), Postulation of Project Management Office Structures in Reducing Operational Risk of Financial Institutions, Doctoral dissertation, University of Phoenix.
Fasika, F. (2012), Commercial Bank Operational Risks Management: Exploratory Study on Selected Ethiopian Commercial Banks, Master's Thesis.
Habib, S., Masood, H., Hassan, T., Mubin, M. and Baig, U. (2014), Operational Risk Management in Corporate and Banking Sector of Pakistan.
Martínez-Sánchez, J.F., Martínez-Palacios, M.T.V. and Venegas-Martínez, F. (2016), “An analysis on operational risk in international banking: a Bayesian approach (2007–2011)”, Estudios Gerenciales, Vol. 32 No. 140, pp. 208-220.
Rehman, A.A. (2016), A Comparative Study of Risk Management Practices between Islamic and Conventional Banks in Pakistan, Doctoral dissertation, Cardiff Metropolitan University.