Operational Risk

Organizational Structure

The Head of Operational Risk & Business Continuity Management chairs the Operational Risk Management Committee, which is a permanent sub-committee of the Risk Executive Committee and is composed of the operational risk officers from our business divisions and our infrastructure functions. It is the main decision-making committee for all operational risk management matters.

While the day-to-day operational risk management lies with our business divisions and infrastructure functions, the Operational Risk & Business Continuity Management function manages the cross divisional and cross regional operational risk as well as risk concentrations and ensures a consistent application of our operational risk management strategy across the bank. Based on this Business Partnership Model, which is also shown in the chart below, we ensure close monitoring and high awareness of operational risk.

Business Partnership Model of Operational Risk Management
Business Partnership Model of Operational Risk Management (graphics)

Managing Our Operational Risk

We manage operational risk based on a Group-wide consistent framework that enables us to determine our operational risk profile in comparison to our risk appetite and systematically identify operational risk themes and concentrations to define risk mitigating measures and priorities.

We apply a number of techniques to efficiently manage the operational risk in our business, for example:

  • We perform systematic risk analyses, root cause analyses and lessons learned activities for events above € 1 million to identify inherent areas of risk and to define appropriate risk mitigating actions which are monitored for resolution. The prerequisite for these detailed analyses and the timely information of our senior management on the development of the operational risk events and on single larger events is the continuous collection of all losses above € 10,000 arising from operational risk events in our “db-Incident Reporting System”.
  • We systematically utilize information on external events occurring in the banking industry to ensure that similar incidents will not happen to us.
  • Key Risk Indicators (“KRI”) are used to alert the organization to impending problems in a timely fashion. They allow the monitoring of the bank’s control culture as well as the operational risk profile and trigger risk mitigating actions. Within the KRI program we capture data at a granular level allowing for business environment monitoring and facilitating the forward looking management of operational risk based on early warning signals returned by the KRIs. We capture and monitor key operational risk indicators in our tool “db-Score”.
  • In our bottom-up Risk and Control Self Assessment (“RCSA”) process, which is conducted at least annually, areas with high risk potential are highlighted and risk mitigating measures to resolve issue are identified. In general, RCSAs are performed in our tool “db-SAT”. On a regular basis we conduct country risk workshops aiming to evaluate risks specific to countries and local legal entities we are operating in and take appropriate risk mitigating actions.
  • We conduct scenario analysis to amend internal and external loss information and derive actions from them. We also conduct stress testing on a regular basis to analyze the impact of extreme situations on our capital and the profit-and-loss account.
  • Regular operational risk profile reports at Group level for our business divisions, the countries we are operating in and our infrastructure functions are reviewed and discussed with the department’s senior management. The regular performance of the risk profile reviews enables us to early detect changes to the units risk profile as well as risk concentrations across the Group and to take corrective actions.
  • We assess the impact of changes to the Group’s risk profile as a result of new products, outsourcings and acquisitions.
  • Within our tracking tool “db-Track” we monitor risk mitigating measures identified via these techniques for resolution.
  • Due to the heterogeneous nature of operational risks in certain cases operational risks cannot be fully mitigated. In such cases operational risks are mitigated following the “as low as reasonably possible” principle by balancing the cost of mitigation with the benefits thereof and formally accepting the residual risk.
  • We perform top risk analyses in which the results of the aforementioned activities are considered. The top risk analyses mainly contribute into the annual operational risk management strategy and planning process. Besides the operational risk management strategic and tactical planning we define capital and expected loss targets which are monitored on a regular basis within the quarterly forecasting process.

Measuring Our Operational Risks

In 2010 we have integrated into our operational risk management processes Sal. Oppenheim (except for those parts which are in the process of being sold) and the commercial banking activities in the Netherlands acquired from ABN AMRO as well as Dresdner Bank’s global Agency Securities Lending business. Although Postbank manages its own operational risk, Postbank has also already been integrated into our economic capital calculation on a basis consistent with Deutsche Bank methodology. Limitations in data availability, however, may lead to portfolio effects that are not fully estimated and thereby resulting in over- or underestimation. The table below shows the economic capital usages for operational risk of our business segments for the periods specified.

in € m.

Dec 31, 2010

Dec 31, 2009

Economic capital usage (for operational risk)















Economic capital usage for operational risk increased by € 189 million, or 5 %, to € 3.7 billion as of December 31, 2010. The higher economic capital usage driven by acquisitions (Postbank, BHF-BANK, parts of the commercial banking activities in the Netherlands acquired from ABN AMRO and Sal. Oppenheim) was only partially offset by lower loss frequencies due to proactive operational risk management.

We calculate and measure the economic and regulatory capital for operational risk using the internal AMA methodology. Economic capital is derived from the 99.98 % quantile and allocated to the businesses and used in performance measurement and resource allocation, providing an incentive to manage operational risk, optimizing economic capital utilization. The regulatory capital operational risk applies the 99.9 % quantile. Our internal AMA capital calculation is based upon the loss distribution approach. Gross losses adjusted for direct recoveries from historical internal and external loss data (Operational Riskdata eXchange Association (ORX) consortium data and a public database), plus scenario data are used to estimate the risk profile (that is, a loss frequency and a loss severity distribution). Thereafter, the frequency and severity distributions are combined in a Monte Carlo Simulation to generate losses over a one year time horizon. Finally, the risk mitigating benefits of insurance are applied to each loss generated in the Monte Carlo Simulation. Correlation and diversification benefits are applied to the net losses in a manner compatible with regulatory requirements to arrive at a net loss distribution at the Group level covering expected and unexpected losses. Capital is then allocated to each of the business divisions and both a qualitative adjustment (“QA”) and an expected losses deduction are made.

The QA reflects the effectiveness and performance of the day-to-day operational risk management activities via KRIs and RCSAs focusing on the business environment and internal control factors. QA is applied as a percentage adjustment to the final capital number. This approach makes qualitative adjustment transparent to the management of the businesses and provides feedback on their risk profile as well as on the success of their management of operational risk. It thus provides incentives for the businesses to continuously improve Operational Risk Management in their areas.

The expected loss for operational risk is based on historical loss experience and expert judgment considering business changes denoting the expected cost of operational losses for doing business. To the extent it is considered in the divisional business plans it is deducted from the AMA capital figure.

The unexpected losses for the business divisions (after QA and expected loss) are aggregated to produce the Group AMA capital figure.

Since 2008, we have maintained approval by the BaFin to use the AMA. We are waiting for regulatory approval to integrate Postbank into our regulatory capital calculation.

Our Operational Risk Management Stress Testing Concept

Within our Stress Testing concept we ensure that operational risks are sufficiently and adequately stressed. Our AMA methodology already incorporates stress testing elements such as external data containing extreme data points and an over 25 year loss history both used to model the severity distribution. Additionally, we perform complementary sensitivity analysis and contribute to firm wide stress tests including reverse stress testing.

Role of Corporate Insurance/Deukona

The definition of our insurance strategy and supporting insurance policy and guidelines is the responsibility of our specialized unit Corporate Insurance/Deukona (“CI/D”). CI/D is responsible for our global corporate insurance policy which is approved by our Management Board.

CI/D is responsible for acquiring insurance coverage and for negotiating contract terms and premiums. CI/D also has a role in the allocation of insurance premiums to the businesses. CI/D specialists assist in devising the method for reflecting insurance in the capital calculations and in arriving at parameters to reflect the regulatory requirements. They validate the settings of insurance parameters used in the AMA model and provide respective updates. CI/D is actively involved in industry efforts to reflect the effect of insurance in the results of the capital calculations.

We buy insurance in order to protect ourselves against unexpected and substantial unforeseeable losses. The identification, definition of magnitude and estimation procedures used are based on the recognized insurance terms of “common sense”, “state-of-the-art” and/or “benchmarking”. The maximum limit per insured risk takes into account the reliability of the insurer and a cost/benefit ratio, especially in cases in which the insurance market tries to reduce coverage by restricted/limited policy wordings and specific exclusions.

We maintain a number of captive insurance companies, both primary and re-insurance companies. However, insurance contracts provided are only considered in the modeling/calculation of insurance-related reductions of operational risk capital requirements where the risk is re-insured in the external insurance market.

The regulatory capital figure includes a deduction for insurance coverage amounting to € 467 million. Currently, no other risk transfer techniques beyond insurance are recognized in the AMA model.

CI/D selects insurance partners in strict compliance with the regulatory requirements specified in the Solvency Regulations and the Operational Risks Experts Group recommendation on the recognition of insurance in advanced measurement approaches. The insurance portfolio, as well as CI/D activities are audited by Group Audit on a periodic basis.

Operational Risk at Postbank

Postbank’s approach to Operational Risk Management is largely comparable to Deutsche Bank’s approach. The Management Board of the Postbank is solely responsible for the management, control, and monitoring of operational risk. The Operational Risk Committee (ORK) commissioned by the Postbank Management Board defines the strategy and framework for controlling operational risk. Day-to-day management of operational risk is the responsibility of the individual units within the Postbank. Strategic parameters for managing operational risk, both qualitative as well as quantitative, are part of the overall strategy.

At Postbank the economic capital requirements for operational risk both for the Postbank as a whole and for the four business divisions individually have been determined using a standalone internal capital model to calculate capital requirements for operational risk. Postbank received the approval by the BaFin for their AMA in December 2010.

Within the consolidation of Postbank the results of the economic capital requirements for operational risk have been recalculated using Deutsche Bank’s economic capital methodology for operational risk based upon pooled data from Deutsche Bank Group and Postbank and are reported in aggregate in section “Overall Risk Position” of this report.

Key figures comparison

Compare key figures of the past years. more

Signs and Symbols
  • Save section as pdf file
  • Save table as xls file
  • Print page
  • Add file to file library
  • Glossary
  • Link to a page outside of this report
  • Link to a page within this report
  • Compare to 2009
  • Corresponding page at the PDF version of this report

Explanations to make the best possible use of the information provided and the various service features can be found here.