......our answer to all your banking needs

Follow AllBankingSolutions


    Follow allbanking on Twitter

  • Ads by Google

  • Ads by Google

Best Viewed in 1024 X 768 Screen Resolution

Latest Indian Business News Financial World - Latest Articles Latest World News


What is Operational Risk ?

Operational risk has been defined by the Basel Committee on Banking Supervision1 as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition is based on the underlying causes of operational risk. It seeks to identify why a loss happened and at the broadest level includes the breakdown by four causes: people, processes, systems and external factors.

Management of specific operational risks is not a new practice; it has always been important for banks to try to prevent fraud, maintain the integrity of internal controls, reduce errors in transaction processing, and so on.     However, what is relatively new is the view of operational risk management as a comprehensive practice comparable to the management of credit and market risk.

Growing number of high-profile operational loss events worldwide have led banks and supervisors to increasingly view operational risk  management as an inclusive discipline.  OR can arise from internal and external fraud, failure to comply with employments laws or meet workplace safety standards, policy breaches, compliance breaches, key personnel risks, damage to physical assets, business disruptions and system failures, transaction processing failures, information security breaches and the like.

The Basel Committee on Banking supervision has recognized that managing OR is becoming an important feature of sound risk management practice in modern financial markets. The Committee has noted that the most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error,  fraud or failure to perform within accepted time-lines or cause the interests of the bank to be compromised in some other way, for example by its dealers, lending officers or other staff exceeding their authority or conducting business in an unethical or risky manner. Other aspects of operational risk include major failure of information technology systems or events such as major fires or other disasters.

The Basel Committee has identified  the following types of operational risk events as having the potential to result in substantial losses:-

  •  Internal fraud. For example, intentional misreporting of positions, employee theft, and insider trading on an employee’s own account.

  •  External fraud. For example, robbery, forgery, cheque kiting, and damage from computer hacking.

  •  Employment practices and workplace safety. For example, workers compensation claims, violation of employee health and safety rules, organised labour activities, discrimination claims, and general liability.

  • Clients, products and business practices. For example, fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and sale of unauthorised products.

  • Damage to physical assets. For example, terrorism, vandalism, earthquakes, fires and floods.

  • Business disruption and system failures. For example, hardware and software failures, telecommunication problems, and utility outages.

  • Execution, delivery and process management. For example: data entry errors, collateral management failures, incomplete legal documentation, and unauthorized access given to client accounts, non-client counterparty mis-performance, and vendor disputes.

Several recent cases demonstrate that inadequate internal controls can lead to significant losses for banks. The types of control break-downs may be grouped into five categories:

  • § Lack of Control Culture - Management’s inattention and laxity in control culture, insufficient guidance and lack of clear management accountability.

  • § Inadequate recognition and assessment of the risk of certain banking activities, whether on-or-off-balance sheet. Failure to recognise and assess the risks of new products and activities or update the risk assessment when significant changes occur in business conditions or environment. Many recent cases highlight the fact that control systems that function well for traditional or simple products are unable to handle more sophisticated or complex products.

  • § Absence/failure of key control structures and activities, such as segregation of duties, approvals, verifications, reconciliations and reviews of operating performance.

  • § Inadequate communication of information between levels of management within the bank – upward, downward or cross-functional.

  • § Inadequate /effective audit/monitoring programs.

Measuring Operational Risk

Operational risk is more difficult to measure than market or credit risk due to the non-availability of objective data, redundant data, lack of knowledge of what to measure etc.  Operational risk, however, is an ill-defined “inside measurement,” related to the measures of internal performance, such as internal audit ratings, volume, turnover, error rates and income volatility, interaction of people, processes, methodologies, technology systems, business terminology and culture.

Risk Management Tools

A robust operational risk management process consists of clearly defined steps which involve

While sophisticated tools for measuring and managing operational risks are still to evolve, the current practices in this area are based on self-assessment. The starting point is the development of enterprise-wise generic standards for OR which includes Corporate Governance standards. It is extremely important for a robust risk management framework that the operational risks are managed where they originate. Risk management and compliance monitoring is a line management function and the risk culture has to be driven by the line Manager. It is, therefore, the line manager’s responsibility to develop the generic operational risk standards applicable to his line of business. The purpose of this tool is to set minimum operational risk standards for all business and functional units to establish controls and monitor risks through Control Standards and Risk Indicators. Once the standards are set, the line manager has to undertake a periodic operational risk self assessment to identify key areas of risk so that necessary risk based controls and checks can be developed to monitor and mitigate the risks. Control Standards set minimum controls and minimum requirements for self-assessment of effectiveness of controls for the key processes.

The Risk indicators identify operational risks and control weaknesses through statistical trend analysis. The Risk Indicators are reviewed periodically to ensure that they are constantly updated. Reporting is a very important tool in the management of operational risks since it ensures timely escalation and senior management overview. Reporting should include significant operational risk exceptions, corporate governance exceptions, minutes of meetings of Operations Risk Committee and real time incident reports.


Operational Risk management is one of the most complex and fastest growing areas in banking across the world. The methods  to quantify the risk are evolving rapidly but though they are still far away from the desired levels.   Nevertheless, it is extremely important that the significance and impact of this risk area on the overall viability of a banking enterprise is given due recognition so that there are strong incentives for banks to continue to work towards developing models to measure operational risks and to hold the required capital buffers for this risk.