1. Introduction
Industry 4.0 refers to the concept that technology has permeated all areas of society: production, finance, services, transportation, and communications (
Cividino et al. 2019). The current global economy is constantly changing so that innovation and technological development are key issues in a sustainable approach. Industry 4.0 in banking system technologies is applied in digitizing assets, creating a digital identity, providing special offers to customers, and offering customization (
Nethravathi et al. 2020). Financial service providers are not only banks but also other financial institutions such as non-bank FinTech. Banking companies need to ensure that they keep up and take significant steps to compete effectively with financial institutions at the forefront of technology, such as FinTech and WealthTech companies. The introduction of next-generation technologies, such as application programming interfaces (API), artificial intelligence (AI), machine learning, and robotics, is demanded to bring the customer experience to a new level of convenience (
Mishra 2020;
Carbo-Valverde et al. 2020a). In this case, the focus is bank companies because the reach of customers from banking companies is greater than non-banks. In addition, financial transaction services offered by banks can be more comprehensive than non-banks. Therefore, banking companies must be able to develop digital technology to increase the advantages of financial transaction activities (
Carbo-Valverde et al. 2020b).
The development of new digital information technology in banking has a positive effect on financial activities in banks (
Rahman et al. 2018). The main positive impact is to make transactions easier for customers. Customers do not need to make financial transactions at the bank but only use their gadgets. This is also a good impact on post-COVID-19 life because digital banking has reduced direct interaction. The digital or electronic banking services include: (a) account statements for customers; (b) information on banking products (deposits, loans, securities); (c) applications for opening deposits and obtaining loans and bank cards; (d) internal transfers to bank accounts; (e) transfers to an account at another bank; (f) currency conversion; (g) bill payments; (h) online shopping payment instruments; (i) topping up e-money or e-wallets; (j) and a means of payment in conventional stores using a QR code (
Susanto et al. 2016;
Hernández-Murillo et al. 2010).
The first two types of services can be carried out using only cellular communication. Still, an Internet connection is usually required for the other services. With various digital services for customers to facilitate financial transactions, banking companies compete with FinTech or WealthTech. Banking companies must be able to provide a wider range of digital services so that customers are more interested in using banking services and the value of banking transactions will increase. Referring to the report of the Institute of International Finance, data digitization activities and bank financial operations also create around 70% of the digital risk for banks. The report also shows that 22% of banks worldwide have invested more than 25% of their annual budgets in digitizing risk management (
Institute of International Finance 2017).
The risk of digital financial transaction activities in a bank can be generalized by several indicators such as (a) risk of defects and system failure; (b) risk of losing data integrity and unauthorized access to customer data; (c) risk of the violation of technical systems in an information room; (d) risk of cyber-attack; and (e) risk of misuse of the system (
Zabala Aguayo and Ślusarczyk 2020;
Casaló et al. 2007;
Ojeniyi et al. 2019;
Sarma and Singh 2010).
Banking companies need to pay attention to the existence of risks related to digital financial transactions. Besides taking advantage of these new opportunities, banks must identify, measure, monitor, and control these risks with prudent principles (
Tanase and Serbu 2010). Based on the regulations of the Indonesian Financial Services Authority (OJK) number 7/POJK.03/2016 and the provisions of Law 2/No.10/1998, it is stated that Indonesian banks, in conducting their business, are based on economic democracy by using the principle of prudence. Because digital financial activities pose an increased risk, banks are required to apply prudential principles and risk management. As a consequence, one form of regulatory implementation is the real-time gross settlement (RTGS) system to minimize the risks of digital financial transactions (
Iman 2020;
Lubis et al. 2019). RTGS is implemented if there is a system failure during a transaction, in which case bank companies are required to send new transactions in real time. The new transaction must be executed immediately without waiting for a refund. The funds used in the new transaction are the bank’s own company funds. This makes it important to allocate reserve funds for operational risks (
Keister and McAndrews 2009;
Belás et al. 2016).
Related to the operational risks and the need to measure the reserve fund allocation, it is necessary to calculate the maximum potential losses. The method used to calculate the maximum potential losses is value-at-risk (VaR), with extreme value theory (EVT) for extreme risks. In economics and finance, the risk of loss can be measured using VaR. If the economic phenomenon shows an extreme event, an EVT approach is needed to represent it. VaR is the maximum loss that will not be passed for a probability defined as the confidence level over a certain time (
Esterhuysen et al. 2008). Securities institutions or banks usually use VaR to measure the risk of their asset portfolio or the company’s operational risk (
Boudt et al. 2013;
Aebi et al. 2012). The VaR analyzed by EVT can be called extreme value-at-risk (EVaR) (
Muteba Mwamba and Mhlanga 2013). If more than one risk is analyzed, the EVaR needs to be measured with a portfolio approach to obtain a combination of risks based on the weight of each risk. Therefore, the EVaR obtained is a weighted result that represents each risk (
Gilli and Këllezi 2006). One study that carried out the calculation or modeling of bank reserve funds was conducted by Schalkwyk and Witbooi (
van Schalkwyk and Witbooi 2017), who considered the spread model of bank reserves to cover the maximum potential loss due to banking risks. They formulated optimal stochastic control problems related to minimizing the risk of deposits and the reserve process, net cash flow from storage activity, and the cumulative costs of the bank’s strategic sector.
Several relevant studies on the problem of EVT and EVaR analysis and its relationship to banking have been conducted.
Abbate et al. (
2009) conducted data modeling with big data tails using EVT and introduced the copula theory. They showed that VaR with EVT becomes the measurement of the risk that occurs. In addition, the results show that the use of standard VaR is not appropriate for risk asset diversification involving a mean-infinite distribution (representing extreme events). Therefore, the EVT approach is needed to determine VaR in extreme events.
Baran and Witzany (
2011) conducted a study comparing EVT with standardized estimation methods (variance, covariance, historical simulations) to produce value-at-risk. This value-at-risk search method is compared with backtesting procedures and produces variated volatility returns in a given period of time.
Gilli and Këllezi (
2006) applied the EVT to measure risk. EVT is considered to provide the basis for extreme statistical modeling. Many science and modern engineering fields must deal with rare events that have significant consequences and are usually called extreme events. That study was intended to explain the basics of EVT and the tactical aspects of predicting and evaluating the statistical models for measuring risk from extreme incidents.
Furthermore, risk measures for the banking sector have been discussed in several studies.
Esterhuysen et al. (
2008) performed EVaR management in financial institutions through robust calculation techniques and the effect of this value on the capital owned by the bank for operational risk. The robust calculation, among others, collected the operational loss data, then tracked operational loss data and used a robust internal risk control system. They illustrated the differences of an internal risk control system in regulatory capital when using the advanced measurement approach (AMA) and the standardized approach (SA) by using examples of banking problems.
Yao et al. (
2013) observed that operational risk management plays an important role in decision making for banks. The conditional value-at-risk (CVaR) model based on the peak value method from the EVT analysis is used to measure operational risk. Bank loss data are used with empirical analyses. Tests are conducted using the EVaR and CVaR EVT calculation models at 95% and 99% confidence levels, respectively, to assess expected and unexpected losses in operational risk.
After conducting the literature review, the study suggested the gaps between the previous and present studies, as summarized in
Table 1.
Based on
Table 1, previous research has implemented the VaR, EVT, and portfolio diversification measures. However, in the research of
Gilli and Këllezi (
2006), the application of the EVT method is carried out for several markets but only for one form of risk, namely daily returns. Then, the research of
Esterhuysen et al. (
2008) focused on the data of several operational risks but only used VaR without implementing EVT. Meanwhile, operational risks are generally large in number but rarely by occurrence or vice versa. Therefore, it is worth implementing the EVT because of these operational risk characteristics.
Yao et al. (
2013) realized the importance of EVT for measuring operational risk. However, the processing of some risks was carried out through data grouping. This data grouping method cannot be representative of several types of risk that are measured directly. Another method is needed to represent the weight of each risk, one of which is the portfolio approach.
van Schalkwyk and Witbooi (
2017) carried out a portfolio approach to determine the allocation strategy in risk management. However, risk measurement is based on stochastic modeling. Stochastic modeling is not suitable for measuring operational risk due to specific characteristics.
Therefore,
Table 1 shows the gap between previous studies and the current research. Previous studies did not measure EVaR based on multiple risks with a portfolio approach, as this study has. In addition, there has been no previous research that uses digital banking transaction risk data as this study has.
Based on the research gap, this study intends to determine the maximum potential loss for the operational risk of digital banking transactions using the extreme value-at-risk (EVaR) method. The EVaR method is thought to be able to accurately measure risk for extreme events of digital banking risk loss. This is due to the extreme modeling approach suited to operational risk characteristics of digital banking as an extreme event (
Abbate et al. 2009). This study promotes advantages over other studies because it performs EVaR analysis based on a combination of risk with a portfolio approach. The EVaR results represent several risks at once. This research’s contribution is to provide banks with advice and materials for consideration and evaluation in digital transaction risk management activities. The results of this study can be used as material for calculating the allocation of operational risk reserve funds to avoid collapse due to potential losses.
5. Discussion
Today’s banking activities are increasingly shifting toward digital transactions. Digital banking presents a special type of operational risk. The global financial crisis has awakened the importance of studying extreme events, and the implementation of EVT is the main step in mitigating operational risk. However, operational risk management still cannot be handled effectively. One reason is that operational risk is more complex, involves many types of risk, and is not always easy to measure (
Aebi et al. 2012;
Yanagawa 2020;
Beccalli 2007;
SOFIA 2017).
Digital banking risk analysis can use QQ plots, as in
Figure 1. The fat-tailed shape of the QQ plot indicates an extreme data case. The data identification results follow the risk data in the banking industry. Cases of banking losses due to digital transactions occur in a fairly rare time. However, the nominal loss is potentially large in every risk case. This is reinforced based on the Global Financial Stability Report by the International Monetary Fund (IMF), which states that one source of threats to the stability of the financial system is digital risk. In addition, the survey results of The Depository Trust & Clearing Corporation (DTCC)’s 2017 Systemic Risk Barometer in the first quarter put digital risk in the first place as a banking threat (
DTCC 2017). The survey results of systemic risk barometer can be seen in
Figure 2.
Furthermore, the results of extreme risk analysis using extreme value theory result in the distribution of data in the GPD. The estimated GPD parameters in
Table 5 serve as the basis for analyzing the EVaR risk measure. The EVaR risk measure in
Table 6 shows that “downtime risk” is greater than “timeout risk.” This is in line with the technical analysis of digital banking. “Downtime risk” in the digital banking system is a common risk that causes operational losses. Based on the initial sample data on digital banking risk losses, the value of downtime losses is greater than the timeout. In addition, in the digital banking system, downtime is bound to occur due to the need for service maintenance. This is the reason why downtime has a higher risk value than timeout. When there is downtime, all transactions cannot run, and it causes a system failure. In recent years, there was a failure of the banking system in the U.K. market, which made headlines. This can lead to big losses, even making active customers switch to competing banks. In addition, survey results from private bank customers in Indonesia show concern about the risks of the digital banking system. Surveys from customers stated that the risk of the system causing service disruptions caused them to become skeptical of digital banking (
DTCC 2017).
The operational risks of digital banking can cause prolonged company losses. Risk management to overcome these losses can be carried out through the allocation of reserve funds. Reserve funds must be able to cover the maximum potential loss from these risks. The result of the estimation of the maximum potential loss from digital banking risks is IDR144,357,528,750.94, which is equivalent to USD 10,014,601.46. This huge value shows the number of potentially large losses from digital banking risks. This needs to be interpreted as a preparation for risk mitigation. Banks and other financial institutions must evaluate and manage operational risk through various tools and mitigation strategies. The main strategic step is to detect potential operational risks, collect operational risk data, then track the losses incurred. After that, the mitigation process is carried out by determining the size of the risk as an expectation of loss. This process has been carried out in this research. Furthermore, it is necessary to interpret the results of maximum potential losses as a measure of reserve funds, which can help banks prepare to manage digital banking risks. This will help ensure that bank companies are ready to face the possibility of risks through these mitigation strategies.
The estimated risk of digital banking with a large nominal loss has significantly increased with the data on the number of transactions in recent years. Data on many digital financial transactions in the annual report of one of the banks in Indonesia in 2020 shows an increase of 132.20% (YoY) to 2.72 billion transactions compared to the 1.17 billion transactions in 2019 (
BRI 2020). The increase in the number of digital transactions makes the possibility of risk even greater. Based on a report from Bank Indonesia (BI), the volume of digital banking transactions throughout Indonesia in 2021 increased by 21.5% to IDR39,130 trillion. In addition, BI forecasts that the projection of digital banking transactions in 2022 will reach more than IDR48,000 trillion, or an increase of around 22.6% (
Bank Indonesia 2020). The graph of the projection of digital banking transactions in Indonesia can be seen in
Figure 3. Based on these projections, the importance of a risk mitigation strategy is illustrated since the probability for risk to occur is directly proportional to the volume of digital banking transactions. Risk mitigation for the next year can be started today. One of these mitigation measures is to estimate the maximum potential loss from digital banking risks. As has been conducted in this study, the results of the estimation of the maximum potential loss can be used by banking companies as a risk mitigation measure for digital banking transactions. With the preparation of the estimation of maximum potential loss, the company can take a better risk management strategy.
Responding to the importance of banking risk mitigation measures in Indonesia, OJK issued prudential regulations based on the authority delegated to it by Law No. 21/2011. The regulation requires the application of the Basel framework to all conventional commercial banks in Indonesia. Based on OJK regulations, the mitigation process to measure risk is carried out using the standard Basel approach, namely the basic indicator approach (BIA). The use of the BIA method for commercial banks in Indonesia is further explained in POJK Regulation No. 11/POJK.03/2016 (
Bank for International Settlements 2016).
However, OJK regulations currently in force in Indonesia still need to be adjusted, especially regarding operational risk mitigation. Based on the report on the assessment of Basel III risk-based capital regulations in Indonesia, there are things that the OJK must consider. The first thing is that the explanation of indicators in calculating gross income for the BIA method is not explicitly specified in the regulations. Furthermore, OJK needs to describe the scope of operational risk that is clearer and consistent with Basel standards. In addition, OJK does not implement the AMA method for measuring operational risk (
Bank for International Settlements 2016). This is unfortunate because the BIA method is a very simple traditional approach compared to the AMA.
The AMA method demands that banks use internal loss data to calculate the EVaR of operational risk. The size of the operational loss will be in line with the state of risk in the banking company. If the banking company has implemented operational risk prevention well, then the value of the potential loss is lower. This is related to historical data on operational risk losses from the company. However, this is not the case with the BIA method, which is not influenced by a strong operational risk management environment.
The results of this study provide a comparison of the measurement of operational risk between the AMA and BIA methods. The BIA method measures operational risk capital requirements based only on gross income from the bank, so it is not sensitive to operational risk. The BIA formula is
, with
. The BIA formula is very simple when compared to the EvaR formula in Equation (10). BIA, which uses gross income as an indicator of operational risk exposure, can be categorized as a traditional measure. Meanwhile, the maximum potential loss value with EVaR is included in the advanced measurement approach (AMA). EVaR performs an operational risk assessment based on the distribution of loss data. This adds to the security of operational risk estimates. The results obtained in the AMA method tend to be smaller than the BIA method (
Zhu et al. 2019). Smaller yields can be leveraged for the minimum optimal backup value. The minimum optimal reserve fund will make capital diversification better. The remaining excess capital can be used for the company’s investment interests. Thus, banking companies can have more sources of income.
On the other hand, one of the most visible impacts of implementing EVaR in the AMA approach to operational risk management is the positive impact on reputation and stakeholder perceptions. A better risk calculation process certainly provides shareholders, clients, rating agencies, and the market with clear information on safety risk management. This certainty is very important and provides comfort for stakeholders, especially in times of economic turmoil and uncertainty. Therefore, this is a very useful approach for the sustainability of the company that is safe against risk, especially when it comes to the operational system of digital banking.
6. Conclusions
This study discusses the analysis of the maximum potential loss from digital banking transactions. The analysis result shows the maximum potential loss from the risk of digital banking transactions is IDR144,357,528,750.94 with a 95% confidence level. The extreme value-at-risk (EVaR) method used in this study uses the generalized Pareto distribution (GPD) method. The GPD is interpreted as a distribution that describes extreme data. Digital banking risk is an extreme risk. Therefore, the analysis results of this study are in accordance with the characteristics of the risk. Thus, the result of the maximum potential loss value becomes a reference for mitigating digital banking risk. Banking companies need to provide reserve funds that can cover these potential losses. If banks cannot provide these reserve funds, it is feared that a collapse will occur. In particular, unexpected extreme events such as a global financial crisis can occur at any time. If this occurs, the unpreparedness of reserve funds can certainly make the bank company collapse. Therefore, the potential for maximum loss is an important concern for risk mitigation efforts.
This study still has limitations related to the exploration of digital banking risk data. For further studies, attention can be paid to more types of digital banking risks, one of which is the risk of digital banking from the customer’s point of view as a user. There are digital banking risks that arise from users, such as transaction errors. In addition, the leakage of customer account data is also a calculated risk. The leakage of customer account data can be misused by irresponsible parties. The misuse of customer data can harm banking companies, so data security also needs to be a risk management concern. Therefore, further research can explore digital banking risks. Risk exploration is expected to strengthen the estimated loss, and better loss estimation will make risk management safer.