Trang 1 BANKING ACADEMY OF VIETNAM FACULTY OF FOREIGN LANGUAGUES ------ GRADUATION THESIS TOPIC: OPERATIONAL RISK MANAGEMENT IN TOP 10 VIETNAMESE COMMERCIAL BANKS Trang 2 CERTIFIC
INTRODUCTION
Introduction
Global integration has marked a pivotal moment in socio-economic innovation, particularly within Vietnam's financial system and banking industry Over three decades of reform, Vietnam's commercial banking system has experienced two significant phases: the first, from 1990 to 1996, was characterized by a surge in demand for digital banking services, while the second, starting in 1997, focused on the reorganization and consolidation of the banking sector In recent years, the commercial banking sector has shown substantial progress in quality, size, efficiency, and branch network expansion As technological advancements diversify economic goals, commercial banks must adopt flexible and varied business models However, this growth comes with increased risks, necessitating that banks enhance their management systems to align with international standards, with a particular focus on risk management to protect their reputation and assets.
The economic development of countries heavily relies on the stability and security of their banking sectors, with Vietnam's banking system playing a crucial role in supporting the economy As competition intensifies and technology advances, the need for effective operational risk management (ORM) becomes paramount, especially in the face of regular global financial crises The Basel Committee emphasizes the importance of operational risks (OR), prompting the State Bank of Vietnam to guide commercial banks in implementing Basel II in alignment with their individual roadmaps.
Ongoing operational risks (OR) are prevalent across various branches in daily activities, encompassing issues such as credit management, capital mobilization, transaction accounting, treasury currency handling, business operations card services, and instances of incorrect accounting Additionally, there are violations related to customer loans that pose significant challenges, exemplified by a typical case of a customer reporting a loss of approximately [insert amount].
Sacombank's Cam Ranh branch in Khanh Hoa province has been implicated in a scandal involving 47 billion VND in deposits, where customer information was misused to create fraudulent credit records, allegedly driven by the financial demands of the deputy head of the transaction office Additionally, recent media reports highlight a troubling trend where bank staff pressure consumers to purchase insurance packages before disbursing loans These issues stem from weaknesses in the Operational Risk Management (ORM) process, indicating a need for immediate corrective measures and recommendations to strengthen and enhance banking practices.
Therefore, effective risk management at commercial banks is a requirement and prerequisite From the above issues, the topic “ORM in Top 10 Vietnamese commercial banks” was chosen as my graduation thesis.
Objectives of the study
This study aims to explore the theoretical foundations of Operational Risk Management (ORM) within Vietnamese commercial banks It focuses on analyzing significant ORM events and identifying their underlying causes Consequently, the author proposes essential solutions and recommendations tailored to the current landscape, with the goal of enhancing the ORM framework and reducing its effects on Vietnam's banking sector.
Significance of the study
This project establishes an accessible ORM framework for banks, addressing key theoretical issues grounded in reliable research The findings serve as a valuable reference for readers interested in Operational Risk (OR) and Operational Risk Management (ORM) within commercial banking.
The researcher can acquire greater knowledge about the present situation of ORM in Vietnamese commercial banks after completing the research
At the same time, banks and other financial institutions can apply the strategies stated in this thesis to enhance ORM, benefiting businesses' reputation and revenue.
Scope of the study
This research examines the effects of operational risk on the performance of banks, specifically focusing on commercial banks in Vietnam It aims to evaluate whether these banks can adhere to the proposed management framework The study will analyze prominent institutions, including BIDV, Agribank, and VP Bank, over the period from 2019 to 2022.
Structure of the Thesis
This thesis includes 5 main chapters, together with the preliminaries, table of contents and Reference:
Chapter 5: Summary of Findings, Recommendations and Conclusion
LITERATURE REVIEW
Introduction
This chapter offers a comprehensive overview of the current state of operational risk management (ORM) by reviewing and analyzing prior research It defines ORM, highlighting its key features, principles, impacts, and framework Additionally, the author draws on practical experiences from foreign banks to inform the advancement of Vietnamese commercial banks.
Review of previous studies on operational risk management
As the global economy integrates, banks must enhance their operations, services, and products to attract customers, increase competition, and maximize profits However, achieving these objectives presents risks, particularly related to Operational Risk Management (ORM), which is crucial for minimizing negative consequences and mitigating other risks In Vietnam, while there is no comprehensive national research on ORM, the topic has been explored in various dissertations, theses, and industry publications Additionally, numerous economists and financial experts worldwide have examined ORM to evaluate its current status in banking institutions.
2.2.1 International studies on operational risk management
In his 2008 analysis on "Operational Risk Management," Stanisław Strzelczak examined the different types of risks and their interrelations, focusing on the estimation and measurement of operational risk (OR) He highlighted various approaches for allocating capital to OR, including the Advanced Measurement Approach (AMA), Basic Indicator Approach (BIA), Internal Measurement Approach (IMA), Standardized Approach (SA), Loss Distribution Approach (LDA), and Scoreboard Approaches.
Giuliana Birindelli and Paola Ferretti (2017) explore the key characteristics, origins, and primary sources of Operational Risk (OR) in banks, highlighting its regulatory, organizational, and strategic implications They emphasize the similarities between OR and other risk types, providing a comprehensive analysis of how banks can effectively manage these risks.
Operational risk (OR) differs from compliance, credit, strategic, and market risks, necessitating specific capital calculations for coverage This study emphasizes key methodologies that integrate the operational risk function with compliance and internal audit processes It also proposes a regulatory framework and effective techniques to mitigate OR challenges, focusing on the most beneficial aspects that enhance operational risk management (ORM) in banks.
In their 2020 research article, "A Conceptual Model of Operational Risk Events in the Banking Sector," Suné Ferreira and Zandri Dickason-Koekemoer explored theories related to operational risk (OR) and clarified its categorization They found that depositor behavior during OR events could predict withdrawal risks in banks, revealing a correlation between the likelihood of withdrawal and factors such as bank perception and behavioral finance biases However, the study's findings, based on a survey of only 417 participants in Gauteng, South Africa, limit the applicability of the results and recommendations to banks in other regions.
2.2.2 Studies on operational risk management in Vietnam
Le Thi Van Khanh (2016) with the doctoral dissertation of “Operational risk management systems in Vietnamese commercial banks”, National Economic
The University of Vietnam has introduced the concept of Operational Risk Management (ORM) systems in Vietnamese commercial banks, drawing from theoretical frameworks, evaluation criteria for risk management systems, prior research, and the Basel II Agreement This comprehensive study provides detailed definitions and analyses of key factors influencing ORM, including senior management's leadership perspective, the organizational structure of ORM, ORM processes and tools, IT support and training, and effective ORM communication Additionally, the research establishes definitions and criteria for assessing the impact of each factor on ORM effectiveness, supported by an analysis of actual implementations and survey results.
6 the author has proposed solutions to enhance the risk management system in Vietnamese CBs
In the master thesis, “ORM at Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietinbank) - Ben Tre branch”, University of Economics Ho Chi
Minh City, Vietnam, Tran Anh Tuan Long (2019) evaluated the current situation of
The author analyzes operational risk (OR) and operational risk management (ORM) by employing comparable measures and descriptive statistics derived from internal audit reports and business operations data Through this analysis, key factors and constraints affecting the results are identified and addressed As a result, the author proposes solutions aimed at reducing the negative impacts of operational risk.
Nguyen Le Minh Phung (2022) with the master thesis of “Operational risk management in Vietnamese commercial banks”, University of Economics Ho Chi
Minh City, Vietnam, assesses the strengths and weaknesses of the existing Operational Risk Management (ORM) scenario at various Vietnamese commercial banks using qualitative methods to gather ORM outcomes The study aims to identify enhancements for ORM effectiveness The author developed a comprehensive ORM model to evaluate the effectiveness of operational risk management at key commercial banks across the country.
Master thesis of Phan Thi Hoang Yen (2021) on the topic of “The difficulty of
The study on ORM in Vietnamese commercial banks reveals a prevalent aggressive mentality among units, leading to a reluctance to accept responsibility for their actions This blame-shifting among departments contributes to significant errors and omissions in risk management regulations when issues occur Additionally, many banks struggle with managing outsourcing risks, particularly in areas such as hiring security for their headquarters and engaging agencies for information technology services.
The article discusses various aspects of Operational Risk Management (ORM), highlighting the insightful internship report titled "Operational Risk Management at Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietinbank) - Thu Duc Branch" by Nguyen.
Hoang Minh Toan, Hoa Sen University, 2012), master thesis on the topic
“Implementing Basel II-compliant operational risk management at Saigon Thuong
Tin Commercial Joint Stock Bank (Sacombank)” (Luu Thi Kim Oanh, University of
Economics Ho Chi Minh City, 2019), etc
Previous studies have explored various concerns surrounding the theoretical aspects and clarification of the Basel Accords, leading to the development of multiple solutions that align with specific provisions of the Basel II Treaty.
There are still some unresolved issues in addition to the outcomes of previous investigations More specifically:
Several strategies have been proposed to align Operational Risk Management (ORM) with Basel II standards, including the enhancement of operational management models, the improvement of operational risk measurement, and the optimization of operational processes However, there is a lack of established solutions for compliance with Basel II standards Additionally, previous studies have not provided a comprehensive system of remedies and requirements for implementing strategies that ensure adherence to Basel II ORM criteria in commercial banks.
Overview of risk in commercial banking activities
Numerous researchers define risk in the context of commercial banks (CBs) from various perspectives, with the concept generally recognized through two primary theories.
Risk is commonly understood as failures or unexpected events that adversely impact organizations, resulting in decreased profits, increased debt, or asset loss, ultimately hindering the achievement of financial goals However, as noted by Vu Thi Phuong Hoa (2020), a broader definition of risk encompasses both the potential for loss and the opportunities for rewards, thereby expanding the traditional perspective.
In the context of economic integration, CBs are launching more and more new products and services based on the digital industry platform It implies that banks
To effectively evaluate and mitigate potential threats, it's essential to categorize the types of risk associated with various conditions and cases, and provide tailored solutions Banks face a multitude of risks, which can be broadly classified into five primary categories.
Figure 2.1: Risk classifications in bank operation
Sources: Combined by Author a Credit risk
The Basel Committee on Banking Supervision (BCBS) defines credit risk as the likelihood that a borrower or counterparty will fail to meet their contractual obligations, which can lead to a decline in creditworthiness This risk primarily arises from traditional lending activities, as well as from holding bonds and other securities Currently, lending activities constitute about 77% of banks' total assets and income, making it a critical component of their profitability Consequently, effective management of credit risk is essential for banks to mitigate potential financial losses and avoid bankruptcy.
A liquid asset is defined as an asset that can be quickly transformed into cash without incurring any loss in value or interest charges For banks, ensuring liquidity is crucial to accommodate potential rises in operating costs and to fulfill loan demands effectively.
Barbara Casu, Claudia Girardone, and Philip Molyneux (2015) identified that liquidity risk arises from a mismatch in the maturity and size of assets and liabilities on a balance sheet, leading to potential harm to financial and reputational capital Additionally, interest rate risk is a significant factor that can exacerbate these vulnerabilities.
Interest rate risk arises from unfavorable changes in interest rates that negatively impact a bank's revenue, asset value, and liabilities This risk can stem from several factors, including discrepancies in new fixed-term interest rates or their redefining periods, variations in the relationships between interest rates at different maturities, the influence of interest rate option products, and differences in interest rates on various financial instruments with identical maturities.
Market risk, as defined by Barbara Casu et al (2015), encompasses potential losses in both on- and off-balance-sheet positions due to fluctuations in market prices, including changes in interest rates, exchange rates, and stock prices This type of risk is especially significant in short-term trading involving assets, liabilities, and derivatives Key components of market risk include interest rate risk, currency risk, commodity risk, and stock risk, along with operational risk.
This thesis concentrated on researching this kind of risk The theoretical concept of OR would be performed in the next part ( 2.4 Theory framework of operational risk in Commercial banks)
In recent years, commercial banks in Vietnam and worldwide have faced substantial losses due to operational risks, adversely affecting their assets and reputations Operational risk, prevalent in most banking activities, remains one of the most unpredictable challenges Therefore, enhancing risk management practices in commercial banks is a primary concern.
2.3.3 The formation and role of Basel against risk
The Basel Committee was formed to foster international cooperation among countries, aiming to mitigate specific risks within the global financial system, including reputational risk It is responsible for developing reports and establishing key principles for financial agreements.
10 and though not legally binding, the agreement aims to persuade the authorities in each nation to adopt the suggested measures
The Basel I Agreement, established in 1988 and implemented in 1992, aimed to address credit risks in the banking sector In 1996, it was revised to include considerations for market risk Despite these efforts, Basel I was unable to avert several significant crises that undermined confidence in the financial system, particularly in emerging markets, starting with the collapse of Barings Bank.
1995, which led to the thought that risk management would be better In 2004, Basel
Basel II, established under the International Convergence of Capital Measurement and Capital Standards, aims to enhance the quality and stability of banks, ensure a safe and equitable workplace, and promote stricter risk management practices.
Figure 2.2: Three pillars of Basel II
The bank risks and additional capital requirements of the supervisor
The disclosure requirements of minimum bank risk information
Source: www.sbv.gov.vn
Basel II addressed shortcomings in previous regulations by introducing more flexible rules and new concepts aimed at enhancing the stability of financial systems This agreement emphasizes the importance of aligning regulatory frameworks with the actual risk profiles of organizations while also incorporating a broader understanding of risk, including the introduction of Operational Risk (OR).
Theory framework of operational risk in Commercial banks
2.4.1 Definition and Features of operational risk
Operational risk arises from inadequate or flawed internal processes, human errors, system failures, or external events, leading to financial losses and other adverse non-financial impacts on banks.
The concept of Operational Risk (OR) is often ambiguous, making it challenging to distinguish from regular uncertainties faced by commercial banks (CBs) The 1995 collapse of Barings Bank, triggered by rogue trading and similar frauds, highlighted the need for a distinct categorization, as these events couldn't be classified under market or credit risk Consequently, the banking industry began to recognize these incidents as Operational Risk, which had a significant negative impact on bank operations.
Robert Morris Associates et al (1999) provided the most suitable reference to
Operational risk (OR) is defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events, as endorsed by the Basel Committee on Banking Supervision (BCBS) While the initial definition included the term "indirect loss," this was later removed due to difficulties in quantifying it for regulatory capital purposes The BCBS's 2001 statement clarified that OR encompasses legal risk but explicitly excludes strategic and reputational risks.
According to Dao Thi Thu Hien (2015), OR has some significant features as follows:
Operational risk (OR) is inherently unpredictable and frequently fluctuates due to the diverse and evolving nature of human behavior and personality This variability makes it challenging to identify specific indicators for forecasting OR, as it can manifest in various forms at different times and may change significantly over time.
Operational risk (OR) is inherent in all aspects of a bank's products, services, and business processes While predicting and preventing OR can enhance efficiency, the frequency of such risks varies based on the complexity and scale of the offerings In the banking sector, as the complexity increases, the number of participants involved also rises, leading to a higher likelihood of OR events, which can have significant consequences.
Operational risk (OR) not only affects a bank's financial performance but can also lead to significant reputational damage When OR incidents occur, banks may face client losses, increased reputational harm, hefty fines, and, in cases of legal violations, stricter oversight from regulatory agencies.
Operational risk (OR) is often confused with credit risk and market risk, despite its unique characteristics This confusion arises because OR can lead to situations that generate both credit and market risk For instance, a bank employee might deliberately create fraudulent loan documents for a customer, fully aware that the customer cannot afford to repay the loan This action ultimately results in uncollectible credit, demonstrating that credit risk has materialized Therefore, the underlying cause of credit risk can often be traced back to operational risk, particularly when employees engage in intentional misconduct that leads to loan recovery failures.
2.4.2 Classification and Impacts of operational risk on commercial bank activities
According to Basel II, the cause of the operational failure arises from four factors involving process risk, human risk, system (or technology) risk and another external risk
Process risk: The procedures and controls of reporting, monitoring and decision-making are often inadequate in addition to these of handling information is also unreasonable
Human risk: lack of expertise as well as fraud or non-compliance with applicable policies and procedures
System risk in banking encompasses unreasonable technological investments, integration errors during system operation, and security vulnerabilities that can emerge when technology systems fail or internal support ceases While this is a component of operational risk, it has the potential to influence all other risk types within the bank.
External risks significantly impact operational risk (OR) in banks, stemming from factors beyond their control Legal and political changes, as well as incidents of fraud, theft, or criminal activities by external parties, can heighten these risks Additionally, adverse weather conditions may also contribute to the challenges faced by financial institutions.
Figure 2.3: Basel II Operational risk classification
Event type serves as an effective classification criterion for identifying operational risk (OR), simplifying the process for managers The Basel Committee on Banking Supervision (BCBS) has released a table outlining seven key event types, each accompanied by relevant activity examples.
Figure 2.4: Operational risk event types
Source: Introduction to Banking by Barbara Casu et al (2015)
Operational risk encompasses various categories of risk events that can adversely affect a bank's tangible assets and its client interactions These categories include internal and external fraud, employment practices and workplace safety, issues related to clients, products, and business practices, damage to physical assets, business disruptions and system failures, as well as challenges in execution, delivery, and process management.
Internal fraud encompasses losses incurred through various dishonest activities, including asset theft, tax evasion, internal misreporting, corruption, insider trading, and the use of counterfeit documents These actions may be perpetrated directly by bank employees or facilitated by them in collaboration with criminals, leading to the theft and destruction of valuable assets.
External fraud encompasses various criminal activities such as computer hacking, third-party theft, forgery, information robbery, and cheque kiting These actions often stem from external threats as well as managerial shortcomings and inadequate certification or recognition among bank employees.
(iii) Employment practices and workplace safety: workers’ compensation, discrimination claims, employee health & activities, safety rules and general liability
In general, losses occur because banks fail to comply with laws, fulfill wage or incentive policies, and ensure labor rights and benefits
Negligence in client relations, product handling, and business practices can lead to significant losses or damages Common issues include unintentional mistakes and a failure to follow established company procedures Examples of these pitfalls encompass money laundering, unauthorized trading on bank accounts, unfair competition, and market manipulation.
(v) Damage to physical assets: fix devices, tools, or resources are lost or damaged as a result of external causes consisting of natural disasters, vandalism, terrorism or even war
(vi) Business disruption and system failures: Information technology errors would result in problems with hardware and software failures, utility outages as well as telecommunication problems
Execution, delivery, and process management can lead to unanticipated financial losses or reputational damage due to collateral management failures, incomplete legal documentation, unauthorized access to client accounts, and vendor disputes.
Theory framework of operational risk management in Commercial banks21 1 Concept of operational risk management
2.5.1 Concept of operational risk management
Operational risk (OR), along with credit risk and market risk, is a critical aspect of risk management in banking operations While credit and market risks can be predicted, assessed, and quantified following established standards, operational risk presents unique challenges due to its complex nature Consequently, commercial banks (CBs) must adopt a comprehensive approach to effectively manage and mitigate OR Although leaders in the banking sector recognize the importance of operational risk, the implementation of effective risk management practices in this area remains insufficient, hindering the potential to enhance core values within credit institutions.
According to BCBS (2001), risk management is an essential, ongoing process at all levels of a financial institution, crucial for achieving goals, ensuring viability, and maintaining financial transparency The implementation of Operational Risk Management (ORM) by credit institutions involves several key stages: establishing an organizational structure, developing policies that align with standard systems, and employing methods for risk identification, measurement, evaluation, and management This structured approach enables banks to monitor and control risks effectively, thereby optimizing potential risks Additionally, credit institutions leverage risk management to quantify risks, identify their root causes, and allocate resources to assess the operational risk's variability both internally and externally Nguyen Thi Thanh Hai (2020) emphasized that this proactive risk management enables the generation of timely reports and preventative measures for the financial system.
2.5.2 Principle of operational risk management
BCBS (2011) gave a recommendation for CBs to implement 11 golden principles in ORM, including 4 main issues: (i) Fundamental principles, (ii)
Effective governance and a robust risk management environment are essential for banks, as they influence all aspects and products of banking operations When banks operate with expertise, the executive levels overseeing portfolios of activities, goods, and processes can ensure a powerful and secure system Additionally, the role of disclosure is critical in maintaining transparency and trust within the financial system.
To foster a strong governance culture, it is essential for the Board of Directors and senior management to implement strategies across all business units of CBs This initiative aims to support and enhance professional problem-solving skills within the organization.
Banks must maintain and improve their all-encompassing ORM framework Furthermore, the suitable ORM framework is chosen based on the credit institution's size, characteristics, severity and risk portfolio
Principle 3: The Board of Directors
The Board of Directors must regularly develop, approve, and review the Operational Risk Management (ORM) framework to ensure its relevance and effectiveness in response to new events This ongoing process is essential for maintaining compliance with regulations, optimizing processes and policies, and enhancing the organization's operational systems.
Principle 4: Operational risk appetite and level under control
The Board of Directors is responsible for monitoring and approving the bank's risk appetite, ensuring it aligns with the types and levels of risk the institution is willing to accept Additionally, they must report on the comparison between the established risk tolerance levels and the actual risks faced by the bank.
Senior management should enhance the governance framework to align with the board of directors' approved objectives It is essential for leaders to maintain transparency and accountability in implementing rules, ensuring that Operational Risk Management (ORM) processes are uniformly applied across the organization, in accordance with the bank's risk appetite and operational style.
To ensure that risks are well-controlled, the administration must commit to recognizing OR occurrences throughout goods, processes and activities
Senior management has to guarantee that all new products and departmental operational procedures are sufficiently examined and approved in order to anticipate and handle OR
Executives are required to consistently assess the operational risk (OR) list and identify potential serious damage risks Additionally, it is essential to generate reports for relevant stakeholders, including the board of directors, senior management, and various business units, to address OR issues proactively.
Banks must establish robust internal control measures, consistently monitor their policies, processes, and systems, and implement strategies to mitigate and manage errors effectively Additionally, it is essential to align the operational risk portfolio with the institution's risk appetite.
Principle 10: Business Resiliency and Continuity
Every bank needs a comprehensive strategy to enhance business performance while ensuring stability and gradual growth This plan should also address potential disruptions to operations, aiming to protect assets, maintain reputation, and safeguard profits.
All banks are accountable for supplying complete and accurate information within the specified time frame, OR management methods in the bank to relevant parties for evaluation
The ORM process is regulated by BCBS in the Basel II Accords, including four steps:
Source: Nguyen Van Tien (2015), Commercial bank management,
Statistical Publishing House Step 1: Identifying operational risk
To effectively address operational risk (OR) challenges, banks must engage their entire system in identifying various risks, factors, and causes The primary objective of risk identification and classification is to swiftly detect warning signs within operational processes and assess the potential impact and consequences of these risks.
The OR identification process includes the following actions:
Self-assessment and risk control: to categorize risks based on the relevant signals, determine the gravity and scope of the potential consequences
Effective data collection is crucial for comprehensive analysis and research, ensuring practical outcomes Acquiring accurate and reliable databases forms the foundation of a successful Online Reputation Management (ORM) process.
The Bank diligently tracks monitoring findings from inspections carried out by authorized delegations, ensuring that the requirements and requests from inspection organizations are effectively implemented.
The new product review process is essential for banks when launching new offerings to clients This thorough evaluation helps identify product errors early, allowing for timely corrections and minimizing negative impacts on both bank employees and customer experiences.
The objective of measurement is to assess the likelihood and extent of operational risks while determining the damage scope associated with each risk type This enables central banks to develop effective strategies and allocate staff efficiently According to Prof Nguyen Van Tien (2015), there are two primary approaches for this assessment: qualitative and quantitative methods, as outlined in the Risk Management book published by the Statistical Publishing House.
Summary
Chapter 2 of this graduation thesis provided the basic theoretical issues of ORM at CBs by providing a governance model, 11 management principles and tools used to measure as well as four ORM processes at CBs from identification, measurement, control and mitigation to monitoring/ reporting In addition, the author researched and investigated the experience of risk management in some foreign banks, thereby offering lessons for Vietnamese CBs All of these concerns are the theoretical basis and the premise for reviewing and evaluating the risk management of operations at Vietnamese CBs
RESEARCH METHODOLOGY
Locale of the study
This thesis focuses on commercial banks in Vietnam, emphasizing the importance of operational risk management The Risk Management Department is essential for providing accurate data and valuable insights that will support further research in this area.
Research design
This research employs a qualitative method to explore the processes and outcomes of Operational Risk Management (ORM) within the governance framework The author examines the theoretical foundations of Operational Risk (OR) and ORM, integrating acquired knowledge into the ORM process Additionally, a quantitative approach is used to analyze the current state of operational risk management in banks, supported by observational techniques to evaluate the findings To develop comprehensive solutions, the evaluation process identifies existing limitations By reviewing previous research on ORM, the author constructs a framework to assess ORM practices in Vietnamese commercial banks.
The author aims to assess the operational risk management (ORM) practices of Vietnamese commercial banks by analyzing data from 2019 to 2022 This evaluation utilizes a constructed framework based on secondary sources, which include previously published research, statistics, and articles from Vietnamese banks By leveraging existing data, the author avoids the need for primary data collection, streamlining the research process while ensuring comprehensive insights into ORM status.
Sources of Secondary Data
The research relies on data gathered from various sources, including financial statements, annual reports, internal control boards' reports, and corporate performance reports of prominent Vietnamese commercial banks (CBs), such as Bank for Investment and Development of Vietnam JSC (BIDV) and Vietnam Bank for Agriculture and Rural Development (Agribank).
Vietnam Prosperity Joint-Stock Commercial Bank (VPBank) utilizes a variety of reliable sources for information, including official bank websites, credible e-documents, and expert journal articles Additionally, the author references relevant theses from universities and essays from government organizations, including the State Bank of Vietnam, to enhance the research The study focuses on the period from 2019 to 2022 to ensure the inclusion of the most current information and to accurately reflect the state of Operational Risk Management (ORM) in commercial banks in Vietnam.
Figure 3.1: Top 10 banks with the largest charter capital on June 30, 2022
Unit: billion VND on December 31, 2021 on June 30, 2022
The author selects BIDV and Agribank for ORM assessment due to their significant roles in the Vietnamese banking sector As of June 30, 2022, BIDV is the leading state-owned bank with over 80% state capital and the largest charter capital of 50,585 billion VND In contrast, Agribank, despite being a state commercial bank with 100% charter capital, has the lowest total charter capital among the BIG 4 banks in Vietnam, totaling 34,328 billion VND.
35 last bank is VPBank - a joint-stock commercial bank with 100% private capital and has the largest charter capital among all private banks, at 45,057 billion VND
Analyzing these three banks and their notable features offers insights into the current state of Vietnam's commercial banking system, particularly regarding Operational Risk Management (ORM) While this examination does not encompass the entire banking landscape, it highlights the performance and practices of a specific group within the sector.
Evaluation of Secondary Data
From 2019 to 2022, the head of the operational risk department at each commercial bank compiled and reported all operational risk data in the annual report This data supported research initiatives aimed at enhancing operational risk management effectiveness The information, presented in text form, aligned with the content and governance principles of each bank, ensuring consistency with reports from the Head Office's ORM department Additionally, the research included tables and graphs that correlated with specific criteria within the ORM framework.
Framework of Operational risk management
The ORM process, as outlined by BCBS (2011), emphasizes the importance of identification, measurement, control, mitigation, and monitoring/reporting to establish an effective integrated risk management structure The Basel Committee offers valuable guidance for banks to optimize their risk management frameworks Research by Patricia Pereira (2018) and the ORM procedures within the Basel II governance framework support the development of an ORM framework, notably constructed by Nguyen Le Minh Phung in his thesis "ORM in Vietnamese banks."
(2022) adapted for Vietnamese CBs as follows:
Table 3.1: Operational risk management framework for Vietnamese Commercial banks
Operational risk management tools Identification Measurement Monitoring/ Reporting Control and Mitigation Operational risk management database
Source: Operational risk management - Nguyen Le Minh Phung, 2022
Banks should strategically select specific sectors to develop based on their strengths and capabilities, while also having the option to expand comprehensively within the entire governance framework.
Building a strong operational risk culture is essential for operational risk managers, as it prioritizes awareness of potential dangers Due to the unpredictable nature of operational risk, investing in training and conducting thorough research are crucial steps for effectively identifying and mitigating these risks.
Risk management at banks: emphasizing the roles and responsibilities of the head holding the key function and operating the risk management team under the principle of the manager
Strategies and policies: this is the basis of ORM procedure If banks provide favorable and evident strategies and policies, their flexible ability can be increased significantly
Operational risk management database: it involves the process of collecting loss data both internal and external scope The database is the foundation for implementing ORM procedures, policies and tools
Operational risk management process: it includes four steps in order of identification, measurement, control and mitigation together with monitoring/ reporting
Operational risk management tools: banks will benefit from the use of appropriate and efficient management tools by precisely recognizing and quickly assessing the risks it faces
The bank is required to generate a comprehensive report utilizing operational risk management tools, encompassing all collected and analyzed data This reporting aims to clearly and transparently assess risks at all levels, facilitating informed management decisions.
Risk appetite serves as a crucial counterpart to culture risk management within the governance structure A clear understanding of risk appetite is essential for effective governance, and it can only be fully established through transparent governance practices.
Validity and Reliability
The study focuses on collecting data for an Operational Risk Management (ORM) framework across three commercial banks: BIDV, Agribank, and VP Bank It examines cultural risk management, governance procedures, ORM processes and tools, reporting practices, and risk appetite, specifically analyzing metrics such as Return on Equity (ROE), Capital Adequacy Ratio (CAR), Non-Performing Loan Ratio (NPL), and required capital for operational risk The analysis adheres to established guidelines from previous research, utilizing data sourced directly from the banks' financial statements and annual reports to accurately reflect their current operating performance.
Summary
This chapter outlines the methodology employed in the graduation thesis, primarily focusing on qualitative methods To ensure reliability, secondary sources were gathered with the assistance of authorized bank staff from the ORM Department Furthermore, previous successful theses played a crucial role in the author's data collection process A generic governance framework was presented prior to the investigation to guide the research.
38 present situation, evaluate and then the study was conducted, the validity of its sources and its relevance to the study's topic
RESULTS AND DISCUSSION
Situation of operational risk management at Vietnamese commercial banks
4.1.1 Regulatory framework for risk management according to Basel II in Vietnam a Policies from the Vietnamese Government
On March 1, 2013, the Prime Minister of Vietnam highlighted the importance of adopting Basel II capital standards to enhance the banking system's quality and ensure sustainable growth, following the approval of the project aimed at restructuring credit institutions and addressing bad debts Subsequently, the Vietnam National Assembly approved Resolution No 24/2016/QH14 on November 8, 2016, which outlined the Economic Restructuring Plan for 2016-2020.
To place the above guidelines into practice, the Prime Minister issued Decision
No 986/QD-TTg dated August 8, 2018 on approving the Strategy for sustainable development of the banking industry in Vietnam to 2025, simultaneously orienting to
By the end of 2020, commercial banks in Vietnam largely met the Basel II capital requirements, with at least 12-15 banks adopting the standard method By 2025, all commercial banks that have completed the Basel II standard method will pilot the advanced method, particularly at state-owned banks and those with robust oversight, as outlined by the State Bank of Vietnam (SBV) in 2019.
On March 17, 2014, “Authorizing the schedule for Basel II capital adoption standards adoption in the banking sector until 2019” was released by SBV via Document No 1601/NHNN-TTGSNH
The State Bank of Vietnam (SBV) issued Circular No 41/2016/TT-NHNN, which amended capital adequacy ratio (CAR) regulations, mandating that commercial banks (CBs) maintain a minimum CAR of 8% by January 1, 2023 Additionally, the project "Restructuring the System of Credit Institutions Associated with Bad Debt Settlement" aims for CBs to achieve a CAR of 10-11% in 2023 and 11-12% by the end of 2025.
On May 18, 2018, the State Bank of Vietnam (SBV) issued Circular No 13/2018/TT-NHNN, which supplements regulations regarding the internal control systems of credit institutions and foreign bank branches This regulation introduces the Internal Capital Adequacy Assessment Processes (ICAAP), a crucial component of the Basel framework It emphasizes the importance of risk appetite, stress testing for significant risk categories, and capital adequacy risk assessments, particularly in relation to new products, services, and operations in emerging markets.
The final pillar involves the State Bank of Vietnam (SBV) mandating commercial banks (CBs) to regularly report and disclose their Capital Adequacy Ratio (CAR), risk control measures, and capital consumption plans This requirement provides a foundation for assessing operational safety and monitoring risk appetite, enabling the SBV to effectively evaluate and manage potential risks within the banking system.
As a result, SBV basically created a framework legalizing the application of Basel II Treaty using the standard methodology through Circulars No.13 and 41, alongside retaining a strategy for implementing international standards
4.1.2 Current state of Basel II operational risk management in Vietnamese commercial banks
SBV set up an appropriate roadmap for CBs systems while instructing the specialist department to deploy the application of the Basel II Treaty, including two stages:
Stage 1: With the goal of basically meeting the Basel II demands, SBV was selected to serve as a pilot at ten banks comprising Vietinbank, Vietcombank, BIDV, Techcombank, VP bank, Sacombank, Maritime Bank, MB, ACB, VIB in the period of nearly three years from February 2016 to the end of 2018
Stage 2: According to Resolution No 24/2016/QH14, it was essential for CBs to own the core capital by 2020 complying with Basel II standards, which roughly 12 to 15 CBs fulfilled thus far
VIB made history as the first commercial bank to achieve Basel II accreditation among the initial 10 piloted banks, demonstrating its ability to operate safely and mitigate various risks, including operational, credit, and market risks, in line with international best practices.
In late 2019, the State Bank of Vietnam (SBV) officially recognized Vietcombank, BIDV, MB Bank, and VPBank for meeting Basel II standards However, due to the need for restrictions and adequacy ratios in banking operations and international branches, SBV issued Circular No 22/2019/TT-NHNN, which postponed the implementation timeline for banks by two years, pushing the original deadline from January 1, 2021.
Until 2020, 18 commercial banks (CBs) in Vietnam met Basel II requirements, including Vietcombank, VIB, BIDV, and others Among these, only a third, such as VIB, Vietcombank, and VP Bank, fully satisfied all three pillars of Basel II, while others primarily achieved the minimum capital requirements This focus on risk management has become crucial for CBs to maintain a balance of growth, durability, and quality within the banking system, marking a significant advancement in their risk management capabilities and competitiveness in the financial market MSB executives emphasized that achieving superior global risk management standards hinges on fulfilling all three Basel II pillars However, the State Bank of Vietnam (SBV) noted that risk analysis remains inadequate, with management often inexperienced and credit assessments overly reliant on collateral, while financial supervision has not kept pace Despite having risk management committees, these banks primarily focused on credit and liquidity risks, neglecting operational risk (OR).
Table Error! Use the Home tab to apply 0 to the text that you want to appear here.4.1: Charter capital & CAR in each type of banks in October 2022
Source: State Bank of Vietnam
As of October 2022, State-Owned Commercial Banks in Vietnam reported a 15.23% year-to-date increase in equity capital, reaching 422.786 billion VND, with a Capital Adequacy Ratio (CAR) of 9.04% In contrast, Joint Stock Commercial Banks saw an 18.52% surge in total equity to 722.854 billion VND, with a CAR 3.25% higher than that of state-owned banks Notably, international banks with branches in Vietnam boasted the highest CAR at 18.61%, more than double the 8% minimum requirement set by Circular No 41.
Figure 4.1: Capital Adequacy Ratio (CAR) at Quarter IV/ 2022 of 17 bank (%)
Source: Combined by the Author
As of December 31, 2022, the Capital Adequacy Ratio (CAR) of foreign banks operating in Vietnam, such as Shinhan Bank and HSBC, significantly surpassed that of domestic commercial banks (CBs), with rates of 17.09% and 16.12%, respectively Among Vietnamese CBs, Techcombank led with a CAR of 15.2%, maintaining this impressive figure for 16 consecutive quarters, nearly double the minimum requirement set by the State Bank of Vietnam (SBV) in Circular No 41 Additionally, VPBank and SeABank reported CARs of 14.9% and 14.66%, respectively, while Eximbank followed closely at 14.64% Nine other banks, including HDBank (13.4%) and ACB (12.8%), fell within the CAR range of 10% to 14% In contrast, state-owned banks like Vietinbank and BIDV had the lowest CARs on the Ho Chi Minh Stock Exchange (HOSE), despite exceeding the 8% threshold mandated by Circular No 41.
Recent trends indicate a decline in the Capital Adequacy Ratio (CAR) for Vietnamese commercial banks, as reported by VNDirect Security Joint Stock Company In response, these banks are actively seeking strategies to enhance both Tier 1 and Tier 2 capital to bolster their equity This shift is largely due to the diminishing attractiveness of mobilizing investment capital compared to previous years.
In the current capital market downturn, banks face challenges in acquiring Tier 1 capital, leading many to prioritize Tier 2 capital through bond issuance To adapt to Basel III regulations, banks are focusing on maintaining a robust capital buffer to support lending expansion If this trend continues, central banks will enhance their ability to manage capital and risk effectively.
Figure 4.2: Capital Adequacy Ratio (CAR) of banks in ASIA in 2022 (%)
Vietnam's average Capital Adequacy Ratio (CAR) is lower than that of its Asian competitors, with state-owned commercial banks (CBs) having a CAR that is only slightly above the minimum required rate, according to VNDirect In contrast, CBs with 100% private capital boast higher CARs Notably, Indonesia leads with the highest average CAR at 22.6%, followed by Thailand at 19.6% and Malaysia at 18.5% Unfortunately, Vietnam ranks 8th in CAR ratings among these countries.
Recent research by BIDV and Dr Can Van Luc reveals that the Capital Adequacy Ratio (CAR) of Vietnamese banks has not seen significant improvement, placing them eighth in the region and presenting a challenge for 2023 While Vietnamese commercial banks are in the process of implementing the Basel II framework, many countries in the area have already adopted Basel III, either partially or fully.
Operational risk management incidents of Vietnamese commercial banks
Operational risk cases at Vietnamese commercial banks are reported in the thousands, with a significant focus on human and external risks that continue to occur frequently in recent years In contrast, incidents related to processes and systems have notably declined, as many root causes have been addressed Due to capacity and time limitations, this article will highlight only a few notable cases and incidents from the past several years.
Customer deposits of nearly 47 billion VND at Sacombank - Khanh Hoa branch suddenly lost (2022)
In May 2022, a notable incident occurred involving Ms Ho Thị Thuy Duong, a resident of Cam Ranh City in Khanh Hoa province, who made a deposit at the Khanh Hoa branch of Sacombank, only to misplace the deposit slip, sparking a series of events.
Ms Duong, a long-time depositor at the bank, trusted its reputation until she discovered that her account had been compromised Promptly, she visited the bank to request a copy of her account statement upon realizing that her funds had been stolen.
40 days of May 4, 2022, there were a total of 12 alleged transactions in this, including
3 transactions via bank accounts and the remaining were cash withdrawals from ATMs, totaling up to 46.9 billion VND The share in common of all suspicious
47 transactions occurred after office hours between 6 p.m and 9 p.m and she didn’t receive any notifications about balance changes during that time
In November 2022, the Khanh Hoa Provincial Police Department prosecuted and detained Nguyen Thi Thanh Ha, a former deputy head of the Sacombank Cam Ranh Transaction Office, along with Ngo Thi Hong Nhan, the head of the office's fund, for their involvement in a property theft case Additionally, former tellers Nguyen Tra My and Ngo Nu Hong Hai were also prosecuted for the same offense but were released on bail Investigations revealed that starting in May 2022, Thanh Ha misused customer information to create false credit records, intending to generate fraudulent closing documents instead of directly withdrawing from customers' savings This scheme resulted in the theft of significant amounts of money, with reports indicating that 46.9 billion VND was taken from client accounts.
Sacombank has yet to refund Ms Duong, prompting her to file a complaint with the State Bank of Vietnam (SBV) and the Ministry of Public Security on January 4 While awaiting the agency's response, Sacombank offered an advance of VND 15 billion through a lawyer, which Ms Duong declined, citing it as insufficient compared to her significant losses Investigations indicate that she is not the only client affected by financial losses at the Cam Ranh Transaction Office.
Lawyer Truong Thanh Duc stated that once the investigation concludes, if the customer is found to have no mistakes, the bank will be fully accountable Conversely, if any errors are identified on the customer's part, the bank will share a portion of the responsibility.
48 other case, if the customer intentionally causes trouble or colludes with the bank staff, both parties must participate in the settlement, not just one party
A customer claimed to lose saving accounts of nearly 6 billion VND at OCB
In September 2011, Ms Huynh Tuyet Hang opened a savings account at Orient Commercial Joint Stock Bank (OCB) in Ho Chi Minh City, holding a total of 5.7 billion VND in savings with her husband Despite regularly depositing money and expecting monthly interest, she discovered in 2019 that she had not received any payments since 2018 Upon investigation, OCB confirmed that her savings books were fraudulent, with evidence of fake documentation and signatures The case revealed that Ms Vu Phuong Thao, a former bank employee, had exploited her relationships to deceive multiple clients, leading to a police investigation for property theft and forgery.
In response to recent developments, OCB recommends that clients conduct all transactions for creating savings accounts directly at official branch counters Customers can also verify details of their existing savings accounts at the bank's counter or online via the OCB OMNI website and app, ensuring a transparent deposit process for both consumers and bank staff.
In every bank, clients must adhere to established procedures to avoid potential risks, as the bank will not be liable for any unfortunate incidents that arise from non-compliance Lawyer Truong Thanh Duc emphasizes that when customers engage in transactions with authorized personnel, there is no need for them to understand the intricate processes, as qualified bank staff provide necessary guidance In the event of any errors, the bank is held accountable for ensuring the transaction is conducted correctly.
Several Vietcombank ATMs in some areas of Hoan Kiem district temporarily stopped functioning (2018)
On February 1, 2018, a Vietcombank client, Mr K, attempted to withdraw cash in Hoan Kiem district, Hanoi, but found both ATMs at St Tran Hung Dao and St Phan Chu Trinh temporarily shut down, displaying an apology to customers He then tried using his Vietcombank ATM card at a Techcombank ATM, only to encounter the same issue.
A Hanoi resident, Mr K, reported attempting to withdraw cash from six different ATMs located in various bank transaction locations across Hoan Kiem district, only to be met with failure at each location, highlighting a concerning issue with the city's banking infrastructure.
A representative from Vietcombank's communications department confirmed that the bank proactively sought additional information following customer feedback regarding a recent issue The bank promptly dispatched technical experts to investigate the matter The representative identified the primary cause as a transition phase in the system, coinciding with a high volume of end-of-day transactions, which led to decreased processing efficiency Additionally, issues with using a Vietcombank ATM card at other banks' ATMs may arise if those machines are experiencing similar problems or undergoing maintenance The customer service department also reached out to Mr K to inform him about the suspension of transaction services at the affected ATMs.
Vietcombank has recently upgraded its software and integrated modern functions to enhance the ATM transaction experience for users This decision comes in response to numerous complaints from clients about transaction difficulties at ATMs, particularly in the Cau Giay district, where one customer faced issues for four months due to a temporary disconnection in the system's transmission line The improvements aim to ensure smoother and safer transactions for all users.
Super fraud situation “Ha Thanh” fueled by the lack of responsibilities in appraisal regulations from bank staff (2018)
Ha Thanh defaulted on payments from June to November 2018, prompting her to exploit connections with affluent individuals to secure bank loans under their names These individuals were instructed to forge signatures on loan documents from various financial institutions, including PVcomBank, National Citizen Bank, and Vietnam Asia Commercial Joint Stock Bank, resulting in the embezzlement of over 433 billion VND The investigation revealed that the involvement of bank employees played a crucial role in facilitating Thanh's extensive fraud and enabling her to misappropriate substantial funds.
In a fraudulent scheme involving PVcomBank, Thanh mortgaged a savings book lent by Mr Toan and forged his signature to secure a loan, which he then misappropriated Mr Duc, the Customer Development Director, entrusted the appraisal process to his subordinate, Mr Tuan Tuan, unaware of the forgery, approved the documents and facilitated Duc's signature for credit approval and disbursement.
Discussion of the current situation of operational risk management in
Charter Capital: 50.585 billion VND (on December 31, 2022)
BIDV prioritizes a robust risk control culture by implementing regular training programs and ensuring compliance with the Handbook of Culture and Building a Workplace Environment, as well as the Code of Professional Ethics and Conduct In the past year, the bank introduced a comprehensive plan to execute the 2022 Resolution on Risk Control Culture and organized a system-wide Risk Control Culture Contest to reinforce these initiatives.
BIDV has successfully fostered a risk control culture by hosting a Conference to summarize its Basel II Implementation Program, enhancing its reputation in the banking sector Following the containment of the Covid-19 pandemic, BIDV continued to prioritize training, organizing over 485 classrooms for approximately 140,000 students, surpassing its annual goals by more than 102% in classes and 305% in student participation, reflecting a 1.6-fold increase compared to 2021.
Figure 4.4: Operational risk management model of BIDV
: Inspect and Supervise : Direct and Report
Source: BIDV fundamental risk managerial training documents
BIDV's Operational Risk Management (ORM) system features a comprehensive organizational structure that spans from the Board of Directors to the risk management departments at both the head office and branches This framework is designed to align with the internal control system's three-tiered protection strategy, ensuring effective management of operational risks across all levels of the organization.
BIDV is the pioneering commercial bank in Vietnam to define its risk appetite, aligning its operational risk (OR) appetite with State Bank regulations, business strategies, and evolving risk management policies To meet Basel II requirements set by the State Bank of Vietnam, BIDV employs the Basic Indicator Approach (BIA) for calculating the minimum capital necessary for operational risk.
Table 4.2: Business results report of BIDV
Source: Combined by the Author
Overall, key financial indexes have shown consistent growth over the years, with the Capital Adequacy Ratio (CAR) exceeding the required 8% In 2022, the Return on Equity (ROE) reached 19.34%, marking a notable increase of 6% from the previous year Additionally, the required capital for Operational Risk (OR) experienced substantial growth, rising by approximately 147 billion VND in 2022.
There are four steps in the process of ORM at BIDV, adhering to the Basel II Treaty regulated by BCBS, including four steps:
BIDV is implementing a comprehensive ORM system that includes Risk Control Self Assessment (RCSA), Key Risk Indicators (KRIs), and the collection and analysis of internal and external operational risk events Additionally, BIDV promotes research on ORM for new products and markets, outsourcing operations, and Business Continuity Plans (BCP), while also utilizing insurance options like BBB/ECC and O&D to mitigate operational risks and calculate necessary capital in accordance with Basel II standards This approach enhances the bank's ability to quantify and warn against potential risks, thereby minimizing their impact.
There are two main types of reports: internal reports and reports for the State Bank of Vietnam (SBV) These reports are generated regularly or irregularly, ensuring compliance with internal regulations and SBV requirements.
BIDV has demonstrated significant improvement in its operational performance over the past four years, with a growing emphasis on Operational Risk Management (ORM) culture The bank adopts a three-tiered protection model, ensuring effective ORM practices from top management down to lower departments By prioritizing the integration of advanced technology into its internal information systems, BIDV has streamlined the process of collecting and storing operational risk data Although the frequency of operational risk incidents has increased, they have not led to substantial losses, highlighting the complexity of new services and customer interactions To ensure sustainable growth, the bank must develop treatment and preventive strategies, along with predictive measures to address these evolving risks.
Charter Capital: 34.446 billion VND (on December 31, 2022)
The campaigns "Building and developing the Agribank brand and culture" and
Last year, Agribank successfully implemented an office culture among civil servants by transforming its organizational model into various banking blocks at the Head Office This initiative aims to strengthen governance, enhance customer service, ensure network information security, and progressively improve the risk management model to align with the State Bank's requirements.
In 2022, Agribank adeptly navigated the challenges posed by the epidemic, conducting over 70 training classes with participation from 6,500 staff members Notably, more than 60% of these sessions were held online, ensuring uninterrupted training activities across the organization This approach not only fostered skill development and critical thinking but also optimized costs and time while adhering to regulatory standards.
Figure 4.5: Operational risk management model of Agribank
Source: Agribank fundamental risk managerial training documents
Risk prevention and Treatment Center
In the digital era, Online Reputation Management (ORM) is vital for banking operations, prompting Agribank to enhance its risk management model through a three-tiered protection system In 2021, Agribank established specialized risk management departments as a second line of defense, overseen by the Non-Credit Risk Management Center This development has significantly improved risk control, yielding positive outcomes for the bank's business operations.
Agribank utilized a downward approach to gather insights from relevant stakeholders, aiming to develop a strategy and risk appetite suitable for Operational Risk Management (ORM) This process ensured that the Executive Division aligned on a consistent risk appetite while simultaneously establishing minimum criteria for various events and risk categories The bank identified 14 risk appetite indicators, which are categorized into three primary groups: (i) Income indicators, (ii) Capital Adequacy Ratio (CAR), and (iii) additional indicators relevant to Agribank's operations.
Table 4.3Error! Use the Home tab to apply 0 to the text that you want to appear here.: Business results report of Agribank
Source: Combined by the Author
The indexes indicate a consistent upward trend, with all CAR figures meeting the SBV's requirement of over 8% In 2022, the ROE reached 22.12%, showing a significant increase of nearly 6% from 2021 Additionally, the required capital for OR in 2022 rose substantially to 9,469 billion VND.
The ORM process of Agribank adhered to the Basel II Treaty regulated by BCBS, including four steps:
Agribank experienced several obstacles in OR measurement and assessment due to a lack of ORM tools:
The limitations of Basel II methods, particularly in utilizing the Loss Data Collection (LDC) tool for capital calculation, stem from inadequate data collection and reporting on loss details Consequently, when events occur, the lost data often goes undisclosed, unlike competitors such as Vietcombank, BIDV, and TP Bank.
Agribank is encountering difficulties in operational risk management across multiple departments, such as human resources, card services, treasury currency, e-banking, payment systems, IT, and capital mobilization This challenge is primarily due to the absence of the Risk and Control Self-Assessment (RCSA) tool, which has been effectively adopted by other banks.
Summary
This chapter presents findings from various online sources regarding the management of Operational Risk (OR) and its effectiveness in Vietnamese Commercial Banks (CBs) The evaluation of Operational Risk Management (ORM) in each bank was conducted using key metrics such as Return on Equity (ROE), Capital Adequacy Ratio (CAR), and Required Capital Additionally, the author highlights significant ORM incidents from recent years, categorizing their causes to identify root issues and facilitate timely responses to operational risks.
In the banking sector, the author has selected three Vietnamese commercial banks—BIDV, Agribank, and VPBank—highlighting their unique characteristics as discussed in Chapter 3 These banks were analyzed based on their organizational resilience culture, administrative models, risk appetites, managerial process measurement tools, and reporting systems The findings reveal both achievements and challenges for each bank, emphasizing the necessity of proposing suitable solutions, which are detailed in Chapter 5.
SUMMARY OF FINDINGS, RECOMMENDATIONS AND
Summary of findings
Recent years have seen a notable decline in operational risk (OR) events, despite their ongoing occurrence While commercial banks (CBs) have generally adopted measures to align with the three pillars of Basel II, only about one-third have fully implemented the standard The average capital adequacy ratio (CAR) among these banks meets the State Bank of Vietnam's (SBV) minimum requirement of 8% and has shown gradual improvement Overall, the CB system in Vietnam demonstrates compliance with the Basel II Treaty and SBV regulations by establishing their own operational risk management (ORM) frameworks, cultures, risk appetites, processes, tools, and reporting systems in line with their business strategies.
In recent years, the consistency of Operational Risk Management (ORM) has improved significantly The Risk Management Board has effectively fulfilled its responsibilities by providing comprehensive internal documents that are regularly updated to align with current operating conditions, ensuring strict compliance with established processes across each bank.
Despite efforts from the Operational Risk (OR) department in various banks to provide training and enhance communication, a significant weakness remains in the ORM culture Bank staff possess theoretical knowledge of OR from numerous internal training sessions; however, they struggle to apply these lessons in practice, hindering their ability to proactively identify operational risks.
Many banks have adopted advanced risk management tools that leverage the latest technology for accurate data and forecasts However, Agribank and a few others still rely on manual risk management reporting, which demands considerable human resources and time, posing certain risks in the process.
Recommendations
In order to improve the ORM in the Vietnamese commercial banking systems and complete the Basel II implementation plan on schedule, there must be facilitation
65 and assistance of the Government, the SBV and the action of CBs in Vietnam Then, the author proposes some following recommendations for each party:
To foster comprehensive economic development across all sectors, the Government and relevant Ministries must establish a robust legal framework, implement supportive policies, and regularly update necessary laws to align with the evolving economic landscape.
To enhance deterrence and decrease incidents in the financial-banking sector, it is crucial to enforce strict penalties and impose severe measures against crimes, especially in the context of modernization and global economic integration.
To enhance operational risk management (ORM) in banks, it is essential to facilitate international exchanges, enabling specialists from foreign countries to share expertise and collaborate on training human resources This cross-cultural exchange allows banks to learn from each other's best practices and work together to strengthen risk management Additionally, implementing reward and punishment systems through formal documentation can motivate bank staff to improve ORM, driving a culture of accountability and excellence within the organization.
5.2.2 To the State Bank of Vietnam
Perfect the legal framework, promulgate the specific circulars and regulations
The State Bank of Vietnam (SBV) established the foundational framework of the Basel II Treaty through Circulars No 13 and 41, focusing on three key pillars However, several critical areas require further clarification and implementation, including the development of a dedicated legal document for Operational Risk Management (ORM), enhanced inspection and supervision by the SBV, stringent penalties for commercial banks (CBs) that violate regulations, and a clear document outlining information disclosure aligned with Principle 11 of the Basel II Treaty.
The State Bank of Vietnam (SBV) should develop a comprehensive plan for implementing Basel III regulations as commercial banks (CBs) complete Basel II, ensuring they understand the new requirements Furthermore, it is crucial for the SBV to choose suitable pilot banks to effectively evaluate the application of Basel III.
Bolster sanctions with operational risk management initiatives
The State Bank should enforce sanctions for misconduct and promote compliance among bank staff following the establishment of a legal framework for operational risk management Depending on the severity of the violations, the SBV may impose administrative fines, issue warnings, or limit the scope of activities Additionally, it is crucial that the handling of violations is carried out transparently within the banking system to enhance deterrence and provide valuable lessons for others.
Create a central database among commercial banks
Establishing a comprehensive database for operational research (OR) is crucial for the State Bank of Vietnam (SBV) to enhance information sharing among Vietnamese commercial banks (CBs) This initiative will empower banks to access additional resources for deeper investigations and mitigate information shortages.
The SBV must provide more reliable information and data, enabling banks to make accurate assessments and respond swiftly to operational risk events, while ensuring consistency in their processes.
Strengthen monitoring and inspection initiatives
The SBV should collaborate with inspection organizations to conduct unannounced inspections and supervision, ensuring strict adherence to commercial banking regulations in ORM Regular monitoring, both remote and on-site, is essential to adapt to the evolving banking landscape, enhancing services and implementing advanced technologies As the transition from Basel II to Basel III progresses, prioritizing resources for timely detection and correction of inappropriate activities is crucial This approach will enable commercial banks to develop effectively with suitable ORM strategies.
5.2.3 To the commercial banking system in Vietnam
In terms of human resources:
Enhance bank staff training/ coaching
Human actions significantly contribute to operational risk (OR) in the banking sector Consequently, commercial banks (CBs) should implement training and coaching programs focused on operational risk management (ORM) and ethics for all employees.
To enhance job performance in operational risk (OR) identification and prevention, training courses should focus on sharing experiences and exchanging information among staff, while leadership adapts regulations to current situations to minimize OR Organizing annual exams is recommended to assess knowledge and evaluate risk management performance based on qualifications, experience, discipline, and customer feedback, allowing for appropriate role placements Given that most operational risk management research is in English, it is essential for employees to obtain standardized English language certifications for further study Additionally, the executive department should implement a balanced system of rewards and punishments to motivate bank staff to excel in their roles through knowledge sharing and adherence to established protocols.
To effectively oversee the dynamic landscape of operational risk management within a branch or head office, leader rotation is crucial Each leader brings unique skills that enhance the process, facilitate error resolution, and offer optimal solutions for managing operational risks.
In terms of Operational risk management framework:
Raise awareness for Executive Department
Enhancing the significance of Operational Risk (OR) is crucial for the Administrative Council and Board of Directors, who are pivotal in overseeing and managing OR Management should consistently update and engage in discussions regarding the OR assessment process, particularly during key events like the launch of new products or the implementation of new business strategies Furthermore, it is essential to maintain a strong Operational Risk Management (ORM) culture and ensure that all bank employees remain committed to their ORM responsibilities.
Improve the efficacy of internal audit in managing Operational risk
The internal audit department should prioritize the evaluation of Operational Risk Management (ORM) and recommend strategies for the Executive department to verify and address these risks, moving beyond traditional focuses such as credit and accounting.
The department's expertise in ORM, combined with ongoing research and participation in relevant seminars and training, enhances its effectiveness Compliance with established processes and regulations is essential for identifying potential risks and weaknesses in risk management By providing timely solutions and minimizing losses, the department can regularly update its inspection activities in line with international principles, standards, and the latest findings in banking supervision.
In terms of process and regulations:
Modify the quality to satisfy customers’ demand
Conduct an overall review and assessment of the services and products quality and effectiveness that customers are using, paying particular attention to the question: