What is Operational Risk?
What is Operational Risk?
Operational risk is the probability of loss occurring from the internal inadequacies of a firm or a breakdown in its controls, operations or procedures. Operational risk is the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or external events (including legal risk), differ from the expected loss.
Operational risk affects client satisfaction, reputation and shareholder value, all while increasing business volatility. Contrary to other risks ( e.g credit risk, market risk, insurance risk) operational risk are usually not willingly incurred nor are they revenue driven. They are not diversifiable and cannot be totally laid off. This means that as long as people, systems, and processes remain imperfect, operational risk cannot be fully eliminated.
Operational risk is however manageable as to keep losses within some level of risk tolerance, that is the amount of risk one is prepared to accept in the pursuit of his objectives, and this is determined by balancing the costs of improvement against the expected benefits.
Operational Risk: It refers to the risk that arises from inadequate or poor internal policies. or it can be defined as any loss occurring from the internal inadequate policies of a firm or due to poor controls, operations, or procedures. basically its very broad concept and it is hard to find a definition that can fit everyone's need.
Defination of Internal Risk as in Basel II
'The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." It is a broad definition but strategic and reputational risk I not covered in it. to understand it better we need to have a look at the risks that might arise,
Internal risks include; Systems & Process, Health & Safety, Environmental, Fraud & Reputation, Strategic Risk, External event risks include; Accidental, Intentional, Disease, Geological, Weather and environmental.
Operational risk is the risk of loss caused by failure or inadequate internal, human and system processes, or as a result of external events.
Operational risk is mainly related to various problems that can be caused by failure of the process at the bank. However, operational risks not only affect banking business activities but also various other types of business activities. For example, car manufacturers can suffer operational losses if they do not implement strict quality control measures for their new models.
Operational risk is the most important risk that can affect customers daily. This causes banks to focus more on processes, procedures and controls related to operational risk. During the last 20 years, improper operational risk management has caused losses to banks whose magnitude is equal to or even greater than the losses incurred by credit risk and market risk.
The above definition is contained in the Basel II framework. Operational risks can be divided into several sub-categories, such as the risks associated with:
Over the past 15 years, there have been quite a number of operational risk events which have resulted in large losses for the companies involved. The following two examples emphasize different types of operational risk failure categories.
- internal process
- external event
- law and regulation (legal risk).
Example : Control failure: Barings
In 1995 Baring Brothers and Co. Ltd. (Barings), London, fell after suffering a loss of GBP 827 million due to failure of its internal control processes and procedures.
A trader in Singapore who works at the Singapore Futures Exchange is able to hide losses in trading positions that have continued to grow for more than two years until finally they cannot be covered up again. Due to the lack of control, the trader can act as the managing manager and settlement registrar, so that he can authorize transactions that he himself does. Although this event is often said to be the result of a trader rouge, it must be admitted that this situation is actually a case of failure of internal control.
bit by bit, over time... it will accumulate into a mountain..!
perational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". This definition, adopted by the European Solvency II Directive for insurers, is a variation from that adopted in the Basel II regulations for banks. In October 2014, the Basel Committee on Banking Supervision proposed a revision to its operational risk capital framework that sets out a new standardized approach to replace the basic indicator approach and the standardized approach for calculating operational risk capital.
It can also include other classes of risks, such as fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks.
The study of operational risk is a broad discipline, close to good management and quality management.
In similar fashion, operational risks affect client satisfaction, reputation and shareholder value, all while increasing business volatility.
Contrary to other risks (e.g. credit risk, market risk, insurance risk) operational risks are usually not willingly incurred nor are they revenue driven. Moreover, they are not diversifiable and cannot be laid off. This means that as long as people, systems, and processes remain imperfect, operational risk cannot be fully eliminated.
Operational risk is, nonetheless, manageable as to keep losses within some level of risk tolerance (i.e. the amount of risk one is prepared to accept in pursuit of his objectives), determined by balancing the costs of improvement against the expected benefits.
Wider trends such as globalization, the expansion of the internet and the rise of social media, as well as the increasing demands for greater corporate accountability worldwide, reinforce the need for proper operational risk management.
Until Basel II reforms to banking supervision, operational risk was a residual category reserved for risks and uncertainties which were difficult to quantify and manage in traditional ways – the "other risks" basket.
Such regulations institutionalized operational risk as a category of regulatory and managerial attention and connected operational risk management with good corporate governance.
Of course, businesses in general, and other institutions such as the military, have been aware, for many years, of hazards arising from operational factors, internal or external. The primary goal of the military is to fight and win wars in quick and decisive fashion, and with minimal losses. For the military, and the businesses of the world alike, operational risk management is an effective process for preserving resources by anticipation.
Two decades (from 1980 to the early 2000s) of globalization and deregulation (e.g. Big Bang (financial markets)), combined with the increased sophistication of financial services around the world, have introduced additional complexities into the activities of banks, insurers and firms in general and therefore their risk profiles.
Since the mid-1990s, the topics of market risk and credit risk have been the subject of much debate and research, with the result that financial institutions have made significant progress in the identification, measurement, and management of both these forms of risk.
However, the near collapse of the U.S. financial system in September 2008 is an indication that our ability to measure market and credit risk is far from perfect and eventually led to the introduction of new regulatory requirements worldwide, including Basel III regulations for banks and Solvency II regulations for insurers.
Events such as the September 11 terrorist attacks, rogue trading losses at Société Générale, Barings, AIB, UBS, and National Australia Bank serve to highlight the fact that the scope of risk management extends beyond merely market and credit risk.
These reasons underscore banks' and supervisors' growing focus upon the identification and measurement of operational risk.
The list of risks (and, more importantly, the scale of these risks) faced by banks today includes fraud, system failures, terrorism, and employee compensation claims. These types of risk are generally classified under the term 'operational risk'.
The identification and measurement of operational risk is a real and live issue for modern-day banks, particularly since the decision by the Basel Committee on Banking Supervision (BCBS) to introduce a capital charge for this risk as part of the new capital adequacy framework (Basel II).