What is operational risk?

Unlike most other industries, banks earn income by taking risks, primarily by accepting exposures to credit and market risk.

Banks are, however, exposed to a range of other risks. Operational risk, for instance, can be found in all banking products, activities, processes, and systems.

The Basel Committee on Banking Supervision, or BCBS, defines operational risk as:

“…the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.”

The BCBS specifies that this definition includes legal risk, but excludes strategic and reputational risk. Operational risk can arise from many sources, including:

  • Internal and external fraud
  • Employment practices and workplace safety
  • Clients, products, and business practices
  • Damage to physical assets
  • Business disruption and systems failures, and
  • Execution, delivery, and process management

While all types of organization are exposed to operational risk, the management of it is more challenging for the banking industry than for most other industries.

Listen on Spotify

Listen on Amazon

Listen on Apple

Listen on YouTube

***

Get weekly insights from The Intuition Finance Digest. Elevate your understanding of the finance world with expertly-crafted articles and podcasts sent straight to your inbox every week. Click here: https://www.intuition.com/finance-insights-the-intuition-finance-digest/

***

Definition of operational risk: A closer look

The BCBS’s definition of operational risk was first published in the early 2000s. Prior to that, operational risk was generally viewed as any risk that was not credit or market risk. But this was too broad, so the Basel definition was soon widely adopted by the banking industry.

A key element of the definition is the reference to loss. The focus when managing operational risk is identifying and then accepting, mitigating, or avoiding potential losses. This contrasts with credit and market risks, which are accepted by banks in order to generate revenue.

The Basel definition identifies several broad areas that can lead to operational risk losses. These are:

  • Processes – losses arising from poorly-designed or implemented processes.
  • People – losses due to individuals making errors or poor decisions due to negligence, lack of skills/knowledge, or deliberate actions.
  • Systems – losses caused by systems that are flawed, incorrectly used, or compromised.
  • External events – losses arising from events external to a bank that mean a product or service cannot be produced or delivered.

The inclusion of legal risk in the BCBS definition ensures that poor drafting of legal documents, or the failure to execute them properly, is within scope. But poor decision-making at a strategic or business level (such as making acquisitions or entering new markets) is out of scope, as is reputational risk.

Some practical examples of operational risk events include:

  • Errors made by a bank when processing payments
  • Systems failures that result in bank customers being unable to use banking apps, online services, or withdraw cash from ATMs
  • Internal fraud committed by a bank’s employees (sometimes referred to as occupational fraud)
  • Hacking or other attacks committed by cybercriminals
  • Events such as fires or floods that damage bank buildings

Intuition Know-How, the world’s premier digital learning solution for finance professionals, offers a comprehensive course on operational risk. More details can be found below.

If you would like to speak to a member of our team about gaining access to this course, please fill in the form.

Operational risk is not new – it has existed ever since the first bank opened its doors for business. What is relatively new, however, is how modern-day financial institutions manage this risk type. Operational risk management has evolved into a discipline in its own right with specialized personnel, policies, procedures, reporting, measurement techniques, and related technology.

Intuition Know-How’s operational risk management course covers topics such as:

  • The various categories and subcategories of operational risk
  • The key components of a bank’s operational risk management framework (ORMF)
  • The measurement of operational risk, including regulatory capital calculations
  • The importance of operational risk reporting and the different types of report produced, including Pillar 3
  • The use of risk and control self-assessments (RCSAs) to identify operational risk
  • The role of risk ratings in assessing operational risk
  • The use of heat maps to present operational risks in a visual format
  • The importance of KRIs and other key indicators in monitoring operational risk
  • The contents of a risk register and its limitations as a monitoring tool
  • The role of loss data in identifying, managing, and monitoring operational risk
  • The key lessons learned from high-profile operational risk failures
  • The main emerging risks that banks are facing and their potential impact
  • The concept of operational resilience and the regulatory expectations in relation to it

Learner Profile

This course is aimed primarily at new recruits working in a commercial/wholesale banking environment. More experienced personnel looking for a refresher on the management and measurement of operational risk may also find the course useful.

Sign up the The Intuition Finance Digest to receive weekly finance articles straight to your inbox.