136
2013 Annual Report BNI
Risk Management
3. Operational Risk
The management of operational risk becomes very important in line with the increasing diversity
and complexity of banking products and activities offered to customers, the very rapid development
of systems and technologies, and the increased expectation of customers regarding services
provided by the bank.
Governance and Organization Operational risk management governance has
been implemented in all business units and support units as Risk Owner or Risk Taking
Unit forming the first line of defense. The implementation is supported by a second line
of defense undertaken by the Enterprise Risk Management Division and the Compliance
Division as the Risk Control Unit, as well as the third line of defense constituting the Internal Audit
as Risk Assurance Unit.
Policies and Procedures The Enterprise Risk Management Division has
a policy for Operational Risk Management to support the implementation of operational risk
management at all units, namely: -
Policies for operational risk management at domestic branches.
- Policies for operational risk management at
overseas branches. These are further elaborated into Standard
Operating Procedures for prudent transactions and operations in day-to-day business activities such
as: -
Operational risk management procedure for domestic branches
- Operational risk management procedure for
overseas branches -
Guidelines for implementation of operational risk self assessment RSA
- Guidelines for implementation of Loss Event
database LED -
Guidelines for implementation of operational risk expenses BRO
- Operational risk self assessment manual for
overseas branches -
Guidelines for implementation of Operational Risk Tool PERISKOP
Process
Operational risk management process at BNI consists of 5 five major continuing processes
as stipulated by Bank Indonesia, namely the identification, assessment, measurement,
monitoring and mitigation of risk. a. Risk Identification
The mechanism for operational risk identification is done by applying Macro
Process Mapping on work processes activities of each unit to capture the potential
operational risks.
b. Risk Assessment Performed by each risk owner unit through a
method of operational risk self assessment, including an assessment of the impact, the
frequency and causes of risks as well as its solutions.
c. Risk Measurement In accordance with Bank Indonesia regulation,
the measurement of operational risk uses the Basic Indicator Approach.
Quantitative disclosure of operational risk - bank only and consolidated - is presented in
Table 8.1.a and Table 8.1.b d. Risk Monitoring
The Enterprise Risk Management Division conduct evaluation and feedback on risk
assessment based on the results of self- assessment, such as:
-
Feedback reports for all divisionsunits areasbranches
- Monthly report on Operational Risk
Expenses to the Board of Directors -
Operational Risk Profile reports e. Risk Mitigation
The mechanism for operational risk mitigation is reflected in the internal control
processes through the implementation of the four strategies of mitigation, namely
avoid, mitigate, transfer and accept. The four mitigation strategies are carried out
in Operational Risk mitigation procedures that include control procedures, settlement
procedures, accounting procedures, assets and custodial storage procedures, product
delivery procedures, and fraud prevention procedures.
Tools and Methods
To help the process of operational risk management performed by each working unit,
the Bank has developed a web-based Operational Risk Management tool known as PERISKOP
Operational Risk Management Tool. PERISKOP has a very important role because the 3 three
main processes in operational risk management use this tool, namely Self Assessment, Loss
Event Database and Key Risk Indicator.
137
2013 Annual Report BNI
PERISKOP Self Assessment Module
Loss Event Database Module Key Risk Indicator Module
Self Assessment SA is a series of activities conducted by each unit risk
owner in identifying operational risk issues
inherent in the unit, locate the cause, measure the loss potential
that may arise, and search for their solutions. The result of SA provides a
view of potential risks faced by the unit in the next 3 three months period.
Represents a database of all financial loss due to operational risk occurring
in all units of the Bank. In addition to improving the management of
operational risk, data of losses collected in LED also serve as basis for the
calculation of capital needed to cover operational risk using the Advance
Measurement Approach AMA. Key risk indicators are parameters
to identify the loss potential from operational risks inherent in products
and activities before the risk occurs, and to provide a signal if it crossed a pre-
determined range of values.
Business Continuity Management
Disruption or disaster caused by natural factors, human action, and system may happen to various
BNI’s critical business function, causing disruption of business activities and services by BNI.
To anticipate such events, BNI has implemented a Business Continuity Management BCM system
that is expected to be able to minimize operational risk in the event of an emergency or disaster
situation.
The development of the system is in line with Bank Indonesia regulation that requires banks to
implement risk control processes to manage risks that could compromise the survival of a bank, and
also in line with the requirements of the Basel II document which requires the Bank to have
business continuity management and contingency management plan to ensure the Bank’s ability to
keep operating and to limit losses in the event of disruption to business activities.
a. Governance and Organization In a disaster situation, BNI has prepared
a specific organization consisting of a Crisis Management Team CMT and an
Emergency Task Force ETF comprising of Senior Executives as disaster management
coordinator who has the highest level of authority and effective. The CMT is activated
as soon as the Executive Management Team EMT, as the highest authority in CMT,
declares a disaster condition. b. Policies Procedures
In regard the implementation of BCM, BNI has established:
- BCM policies for domestic operations
- BCM policies for overseas branches
- BCM procedures
- Governance of BCM Building
- Guidelines for visits to the BCM Building.
c. Process Every step of the recovery strategy and
restoration strategy implemented are monitored and reported to the CMT until the
return of normal conditions.
To ascertain the level of readiness and evaluation of BCM, BNI conduct disaster test
simulation to examine the implementation of BCM in all operational units. This is conducted
routinely every year to determine the level of readiness of each unit, in terms of organization
and infrastructure of its BCM. The results of the routine evaluation and examination are
evident in the systematic and purposeful handling of disaster situations, whether
caused by human, nature or systems. Thus, operational activities at disaster-affected
locations continue to a certain degree, even though some of its facilities and supporting
infrastructure are disrupted.
4. Liquidity Risk