Operational Risk
- 03:30
Operational Risk
Downloads
No associated resources to download.
Glossary
Operational RiskTranscript
Operational Risk, covers a wide range of issues faced in a modern, complex financial institution. A very common definition of operational risk is that, "It is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events." Operational risk can manifest itself in many ways, including clients, products and practices. For example, selling an inappropriate banking product to a client who may not fully understand that product in order to boost the bank's revenue. Execution and delivery. This could include making errors when implementing a new technology platform. System failure, for example, a payment system going down so customers cannot use their credit cards. Employment practices such as, constructing remuneration policies in such a way that discourages employees making decisions based on the long-term good of the bank and its customers. Fraud, for example, a customer submitting fake invoices in order to get a loan from a bank. Physical asset damage and contingency failure which could include an earthquake, shutting down a trading floor. Model risk, which relates to a model being used to make decisions that were not part of the original model design process. Operational risk covers a very wide range of factors ranging from the small, frequent everyday losses to much larger potentially catastrophic losses, which occur much less frequently. This makes it much more complicated, if not impossible, to quantify operational risk in the same way that credit risk and market risk can be quantified. When a bank is deciding how much resource to dedicate to managing different operational risks, this matrix is a widely used approach. It is important to remove or mitigate for any events that occur frequently and have a high impact as they pose an existential threat to the bank. If any such risks are identified, action needs to be taken to reduce the likelihood or severity of the risk quickly. An event that happens infrequently and poses no material threat to the bank does still need to be managed but the bank doesn't need to invest a lot of time and resource into its management. Since even if the event does occur, it's unlikely to significantly impact on a bank's ability to continue trading. The other two quadrants also need to be managed. A low frequency high impact event could be a hacker gaining access to a bank's customer database or a rogue trader causing the bank's significant trading losses. A high frequency low impact event might include people not being able to get to the bank to fulfill their duties due to weather or travel disruption. Since these could both have substantial financial consequences, either through the high severity of impact or the high degree of frequency it is worth the bank spending time and resource in these areas to reduce the likelihood of adverse outcomes for the bank through improved processes, monitoring or insurance.