What is the Operational Risk?
The Basel Committee has been defined Operational Risk as the risk of loss resulting from inadequate or failed internal processes, people, and systems or external events.
The International Association of Insurance Supervisors defines operational risk similarly as
The risk of adverse change in the value of capital resources resulting from operational events such as inadequacy or failure of internal systems, personnel, procedures or controls, and external events.
Examples of Operational Risk:
Seven categories of operational risk have been identified by the Basel Committee:
- Internal fraud: Acts of a type intended to defraud, misappropriate property or circumvent regulations, the law, or company policy (excluding those concerned with diversity or discrimination) involving at least one internal party. Examples include intentional misreporting of positions, employee theft, and insider trading on an employee’s account.
- External fraud: Acts by a third party of a type intended to defraud, misappropriate property, or circumvent the law. Examples include robbery, forgery, check to kite, and damage from computer hacking.
- Employment practices and workplace safety: Acts inconsistent with employment, health or safety laws or agreements, resulting in payment of personal injury claims or claims relating to diversity or discrimination issues. Examples include workers’ compensation claims, violation of employee health and safety rules, organised labor activities, discrimination claims, and general liability (for example, a customer slipping and falling at a branch office).
- Clients, products, and business practices: Unintentional or negligent failure to meet a professional obligation to clients and the use of inappropriate products or business practices. Examples are fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and the sale of unauthorised products.
- Damage to physical assets: Loss or damage to physical assets from natural disasters or other events. Examples include terrorism, vandalism, earthquakes, fires, and floods.
- Business disruption and system failures: Disruption of business or system failures. Examples include hardware and software failures, telecommunication problems, and utility outages.
- Execution, delivery, and process management: Failed transaction processing or process management and disputes with trade counterparties and vendors. Examples include data entry errors, collateral management failures, incomplete legal documentation, unapproved access to clients’ accounts, non-client counterparty misperformance, and vendor disputes.