Overview of Operational Risk

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.

Legal risk includes, but is not limited to, exposure to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements.

Sources of Operational Risk

The definition refers to loss resulting from the following four sources, which are now explained in more detail in order to aid understanding of the definition:

Inadequate or failed internal processes: Financial institutions operate a myriad of processes to deliver their products to customers. Process risk can arise at any stage of an end to end process in the value chain. For example, marketing material can be mailed to the wrong customers, account opening documentation can turn out not to be robust, transactions can be processed incorrectly, etc.

People: Operational risk losses can occur due to worker compensation claims, violation of employee health and safety rules, organized labour activities and discrimination claims. People risks can also include inadequate training and management, human error, lack of segregation, reliance on key individuals, lack of integrity, honesty, etc.

Systems: The growing dependence of financial institutions on IT systems is a key source of operational risk.

Data corruption problems, whether accidental or deliberate, are regular sources of embarrassing and costly operational mistakes.

External events: This source of operational risk has at least two discernible dimensions to it, firstly the extent to which a chosen business strategy pursued by a bank may expose it to adverse external events, and secondly external events that impact it independently, emanating from the business environment in which it operates.

Operational Risk Classification

For the purpose of collecting and organizing data, Basel Committee recommends that operational losses are estimated as per different banking business lines and types of risk.