Risk Management
Article Index
Risk Management
Operational Risk
Credit Risk Management
Market Risk Management
Foreign Exchange Risk Management
Liquidity Risk Management
Supervisory Review

Operational Risk

Operational risk is the risk of loss resulting from inadequate internal processes, people, and systems, or from external events. Operational risk itself is not a new concept, and well run banks have been addressing it in their internal controls and corporate governance structures. However, applying an explicit regulatory capital charge against operational risk is a relatively new and evolving idea. Basel II requires banks to hold capital against the risk of unexpected loss that could arise from the failure of operational

The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error, fraud, or failure to perform in a timely manner or cause the interests of the bank to be compromised in some other way, for example, by its dealers, lending officers or other staff exceeding their authority or conducting business in an unethical or risky manner.

Other aspects of operational risk include major failure of information technology systems or events such as major fires or other disasters. The failure to properly manage operational risk can result in a misstatement of an institution’s risk/return profile and expose the institution to significant losses. Gross income, used in the Basic Indicator Approach is only  a proxy for the scale of operational risk exposure of a bank and can in some cases underestimate the need for capital.

Therefore NIBL has developed a framework for managing operational risk and evaluating the adequacy of capital covering the bank’s appetite and tolerance for operational risk, as specified through the policies for managing this risk, including the extent and manner in which operational risk is transferred outside the bank. It also includes policies outlining the bank’s approach to identifying, assessing, monitoring and controlling/mitigating the risk.


// // // //