OPERATIONAL RISK– this is any risk that is neither credit risk nor market risk.
Basel
Banks business areas
If a firm experiences any form of operational risk then it is likely that this will not satisfy the regulators so therefore any sub-standard operational risk management approach may well lead to what we could call regulatory risk.
Basel defines seven general categories of loss events - Flesh OUT!!!!
Basel's Definition of operational risk
Reputational risk can also be caused without the regulators getting involved as a result of customers receiving sub-standard service and deciding to join another supplier and for many other reasons. I
The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.
Internal fraud
External fraud
Employee practices and workplace safety
Clients, products and business practice
Damage to physical assets
Business disruption and system failures
Execution, delivery and process management
Corporate finance
Trading and sales
Retail banking
Commercial banking
Payment and settlement
Agency services
Asset management
Retail brokerage
Operational risk policy
Risk Management principles
Business management is accountable for all the risks they assume and are therefore responsible for the continuous and active management of risk exposures to ensure that risks and return are balanced. Therefore it is not acceptable to delegate the management of risk to an Operational Risk Department.
An independent control process should be in place with respect to short-term profit incentives and longer-term interests. This has been on the public agenda when discussing the incentive schemes operated before the banking crisis and how much this focus on short-term rewards contributed to the crisis.
Risk disclosure – a procedure whereby comprehensive, transparent and objective statements are made with respect to senior management, the firm’s board, its shareholders, regulators and any other stakeholders.
Protection of earnings by controlling risk at the level of exposures wherever and of whatever size taken.
Protection of the firm’s reputation by managing and controlling risks incurred in the course of business.
The risk management policies should include and define the following:
Level of reporting of risk events
To whom risk events should be reported
What should be reported
Investigation procedures
Treatment of unexpected profits and near misses
Risk appetite definition
New business risk
Risk limits
KRI policy
Risk Management is firm wide & the board as well as all staff are responsible for implementation
Employ a methodology that identifies and categorises all the operational risks that exist in the organisation
Employ a methodology for measuring and assessing the significance of all the identified risks
Work with line managers to agree the mitigating action required to reduce the risk exposure to acceptable levels
Monitor the effects of the mitigating action to ensure its success
Report and escalate risk issues to all levels of the organisation; this ensures that there is transparency and aids the decision-making process
A common operational policy and terminology,
which exists globally and across all functions, allows
A meaningful overall capital adequacy assessment to be performed across the organisation
Objectivity when risk prioritisation needs to be performed
A sense of fairness when rewarding or penalising risk performance
Because the risk policy takes a firm-wide approach and cuts across departmental boundaries,there should be a central, independent risk management role responsible for the co-ordination and implementation of risk policies and procedures.
In order to control and manage procedures effectively, the firm will need to ensure explicit segregation of duties between the trading and support functions, such as front office, operations, accounting and risk monitoring.
The operational risk management framework 
Practical constraints of implementing an operational risk management framework
Data collection and management constraints: In practice, it is very difficult to build a truly comprehensive data set – apart from the general lack of data, system constraints and a lack of standardisation mean that the required data feeds from disparate sources cannot be easily developed. This is particularly so in a large organisation. There is also relatively little availability of industry-wide data, as this depends on firms self-reporting and, by definition, it is not straightforward to gain an understanding of high impact, low-frequency events. Firms may also not be allowed to report for legal disclosure reasons.
Cultural constraints: Operational risk managers used to find that building momentum and demand for operational risk practices across the business was a constant struggle, but this is no longer the case as firms are capturing data more frequently. Business heads need to be convinced of the value that operational risk management will bring. If not implemented in a well-structured manner it is often seen as a cost to the business, and even a nuisance, rather than a real asset. Consequently, many firms have rolled out risk management frameworks piece by piece, attempting to gain the confidence and support of one area before moving on to another, as it may be that incremental change is easier to embed than structural change.
Resource and cost constraints: Firms continually underestimate the amount of time and resources required to implement identification and measurement systems. In an era of tight cost controls, resource constraints put a limit on how quickly or comprehensively implementation is carried out.
Indicator constraints: It can be difficult to design risk indicators that monitor the full range of risks. There is a natural tendency to use indicators that are already available (such as existing management information) but these are often designed to monitor performance rather than risk. The extra cost and time required to design and maintain a truly comprehensive set of risk indicators is often prohibitive.
The benefits of operational risk management
A reduction of operating losses
Lower compliance/auditing costs
The early detection of unlawful activities
Reduced exposure to future risks
A lower capital charge under the regulatory environment in line with Basel recommendations
Better decision making
Improved rating, share price and reputation
Improved decision making and operational risk governance
Improvements to risk and control assessment
Better data capture, record keeping and analysis
Improvements in stress and scenario testing leading to better modelling
Better reporting and priority setting
Greater clarity over risk appetite and tolerance
Ability to use risk indicators more effectively