New methodological approach for the assessment of the quality of risk management by financial institutions


The CSSF has set up a research partnership programme with the CRP Henri Tudor, the GRIF project ("Gestion des Risques opérationnels dans les Institutions Financières", Operational risk management within financial institutions), with the aim of investigating new methodological ways to objectively assess the quality of the operational risk management implemented in financial institutions.


Research is based on the introduction, by the New Basel Accord and the new capital adequacy Directive (CAD III) respectively, of capital requirements for operational risk.


Within the framework of this project, a generic assessment method is believed to be promising. This method should allow to meet the new prudential supervisory framework without imposing constraints on specific processes, but by promoting the enhancement of the know-how of financial institutions, their providers (of advice, products and services), as well as of supervisory authorities.


The method envisaged allows, in the long run, to assess all types of organisations through the maturity of processes (based on ISO 15504) and can thus be implemented by financial institutions to assess the maturity of the operational risk management as well as business lines.


The current results of the project, applied within the scope of Pillar 2 of Basel II, would allow the CSSF to obtain an objective assessment of the operational risk management model submitted by institutions.


The advantage of this method lies in the normative assessment that leads to coherent results and allows it, as a consequence, to be carried out by a third party to define the capability level of an institution to manage its operational risks.


It is also possible to carry out a self-assessment by or on behalf of an institution to define the relevance of its own processes and to improve them, for a particular purpose or for a whole set of requirements (Pillar 1 of Basel II).


The methods also provides for the assessments to be based on questionnaires, which should be set up in a transparent manner and in co-operation with the financial market participants concerned.


Within the context of the GRIF project, and of Pillar 2 as an example, the objectives of the New Basel Accord's respectively of the CAD III Directive should be clarified within the questionnaires allowing thus coherent assessments that are repeatable.


A Process Reference Model (PRM) as well as a Process Assessment Model (PAM) are being developed.


Publication documents


Slides of the GRIF presentation of 25.05.2005 (only in French)

Process Reference Model (PRM). Description of processes for operational risk management in terms of process purpose and expected outcomes.

Process Assessment Model (PAM). The PAM includes the PRM, the attributes for capability levels 1 to 4 and the generic indicators for these attributes.


Working documents


For illustration purposes - Questionnaire Operational Risk Assessment

For illustration purposes - Questionnaire Operational Risk Identification

Traceability method Basel II - PRM/PAM (only in French)


Annexe documents


Paper presented at the conference SPICE 2005. This conference gathered experts of ISO/IEC 15504 and provided an overview of work in progress in relation with ISO 15504.


General presentation of ISO 15504 (only in French)


Other purpose ISO 15504 - Project AIDA. This PRM modelizes processes of Service Management, being inspired by a frame of reference for good practices ITIL® (registered trademark of the Office of Government Commerce (OGC)), with a view to their assessment ISO/IEC 15504.


References Books References

Internet links (only in French)