Control your operational risk

Operational risk is the broad discipline focusing on the risks arising from the people, systems and processes through which a company operates. It can also include other classes of risk, such as fraud, legal risks, physical or environmental risks.

Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement and management of both these forms of risk. However, it is worth mentioning that the near collapse of the U.S. financial system in September 2008 is a clear indication that our ability to measure market and credit risk is far from perfect.

Globalization and deregulation in financial markets, combined with increased sophistication in financial technology, have introduced more complexities into the activities of banks and therefore their risk profiles. These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.

The Guidelines introduce principles and implementation measures for the identification, assessment, control and monitoring of operational risk in market-related activities. In particular, they aims to highlight supervisory expectations relating to specific arrangements, procedures, mechanisms and systems in trading areas that could prevent or mitigate operational risk events.

Operational risk management differs from other types of risk, because it is not used to generate profit (e.g. credit risk is exploited by lending institutions to create profit, market risk is exploited by traders and fund managers, and insurance risk is exploited by insurers). They all however manage operational risk to keep losses within their risk appetite - the amount of risk they are prepared to accept in pursuit of their objectives. What this means in practical terms is that organisations accept that their people, processes and systems are imperfect, and that losses will arise from errors and ineffective operations. The size of the loss they are prepared to accept, because the cost of correcting the errors or improving the systems is disproportionate to the benefit they will receive, determines their appetite for operational risk.

A widely used definition of operational risk is the one contained in the Basel II regulations. This definition states that operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

By contrast it is relatively difficult to identify or assess levels of operational risk and its many sources. Historically organizations have accepted operational risk as an unavoidable cost of doing business. Many now though collect data on operational losses - for example through system failure or fraud - and are using this data to model operational risk and to calculate a capital reserve against future operational losses. In addition to the Basel II requirement for banks, this is now a requirement for European insurance firms who are in the process of implementing Solvency II, the equivalent of Basel II for the banking sector.

The Guidelines introduce principles and implementation measures for the identification, assessment, control and monitoring of operational risk in market-related activities. In particular, they aims to highlight supervisory expectations relating to specific arrangements, procedures, mechanisms and systems in trading areas that could prevent or mitigate operational risk events. Status: Final

The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.

These Guidelines provide guidance on the recognition of risk transfer instruments within the AMA. The Guidelines are structured in three main sections addressing first the general conditions that should be fulfilled for the recognition of operational risk mitigation instruments, both insurance contracts and Other Risk Transferred Mechanisms.

/Nemer Haddad