Categories: Risk

Operational Risk Management under the Basel accord

4 mins read

Operational Risk Management under Basel accord

Operational Risk (OR) is the risk of direct and indirect loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk but excludes reputational and strategic risks.

According to the Basel II accord, a financial institution, based on the level of sophistication of their operational risk management systems and practices, has the option of using one of the following approaches to calculation their operational risk capital charge:

  1. The Basic Indicator approach under which capital is calculated as the average over the past three years of a fixed percentage, or alpha, equal to 15% times the enterprise – level positive gross income. Negative gross incomes incurred during this period are excluded from the calculation of the average.
  2. The Standardized approach where fixed percentages, called betas, of 12%, 15%, or 18% depending on the business line, are applied to that line’s gross income, positive or negative. The sum across business lines is floored at zero. The average of this result over the previous three years is the capital charge.

    There is an alternative to the Standardized Approach called the Alternative Standardized Approach that is available to entities that demonstrate that the use of this measure produces a better and improved risk charge. Under this alternative approach, the operational risk capital charge/methodology is the same as for the Standardized Approach except for two business lines — retail banking and commercial banking. For these business lines, loans and advances — multiplied by a fixed factor ‘m’ — replaces gross income as the exposure indicator.

  3. The Advanced Measurement approach (AMA) is calculated using the banks own internal operational risk measurement system. The internal operational risk measurement system must consist of the following four data elements:
    1. Internal loss data,
    2. External loss data,
    3. Scenario analysis, and
    4. Business environment and internal control systems factors.

The next two section review the current definition of Business lines, activities and loss events.

Operational Risk Management – Business lines and activities

According to Basel II, all activities of the entity are mapped in a mutually exclusive and jointly exhaustive manner in one of eight business lines:



Activity groups

Corporate Finance

Corporate Finance



Merchant Banking

Advisory Services

Mergers and acquisitions, underwriting, privatisations,

securitisation, research, debt (government, high yield), equity,

syndications, IPO, secondary private placements

Trading and Sales


Market Making

Proprietary positions


Fixed income, equity, foreign exchanges, commodities, credit,

funding, own position securities, lending and repos, brokerage,

debt, prime brokerage

Retail Banking

Retail Banking

Retail lending and deposits, banking services, trust and estates

Private Banking

Private lending and deposits, banking services, trust and

estates, investment advice

Card Services

Merchant/commercial/corporate cards, private labels and retail

Commercial Banking

Commercial Banking

Project finance, real estate, export finance, trade finance,

factoring, leasing, lending, guarantees, bills of exchange

Payment and Settlement

External Clients

Payments and collections, funds transfer, clearing and


Agency Services


Escrow, depository receipts, securities lending (customers)

corporate action

Corporate Agency

Issuer and paying agents

Corporate Trust

Asset Management

Discretionary Fund Management

Pooled, segregated, retail, institutional, closed, open, private equity

Non-discretionary Fund Management

Pooled, segregated, retail, institutional, closed, open

Retail Brokerage

Retail Brokerage

Execution and full service

Operational Risk Management – Loss event and activities

According to Basel II (Annex 9 of, loss events fall into one of seven categories. These categories are further divided by sub category and activities.

Other loss types

Besides the losses defined in the table below there may also be other loss types which are important for risk management but are not generally considered in the quantification of operational risk charge. These items are useful for detecting failures and errors in processes and internal control systems. They include:

  • Exceptions: Actions done in breach of the laid down policies intentionally, due to extraordinary circumstances and with due approval
  • Near Misses: Operational risk events that do not lead to a loss.
  • Transactions in Difficulty: (TIDs) transactions that could potentially have operational loss as a probable outcome
  • Operational risk gain events”: operational risk events that generate a gain
  • Opportunity costs/lost revenues: operational risk events that prevent undetermined future business from being conducted (eg unbudgeted staff costs, forgone revenue and project costs related to improving processes).

Event- Type Category (Level 1)


Categories (Level 2)

Activity Examples (Level 3)

Internal Fraud

Losses due to acts of a type intended to defraud,

misappropriate property or circumvent regulations,

the law or company policy, excluding diversity/

discrimination events, which involves at least one

internal party

Unauthorized Activity

Transactions not reported (intentional)

Transaction type unauthorized (w/monetary loss)

Mismarking of position (intentional)

Theft and Fraud

Fraud / credit fraud / worthless deposits

Theft / extortion / embezzlement / robbery

Misappropriation of assets

Malicious destruction of assets


Check kiting


Account take-over / impersonation / etc.

Tax non-compliance / evasion (willful)

Bribes / kickbacks

Insider trading (not on firm’s account)

External Fraud

Losses due to acts of a type intended to defraud,

misappropriate property or circumvent the law, by a third party

Theft and Fraud



Check kiting

Systems Security

Hacking damage

Theft of information (w/monetary loss)

Employment Practices & Workplace Safety

Losses arising from acts inconsistent with

employment, health or safety laws or agreements,

from payment of personal injury claims, or from

diversity / discrimination events

Employee Relations

Compensation, benefit, termination issues

Organized labor activity

Safe Environment

General liability (slip and fall, etc.)

Employee health & safety rules events

Workers compensation

Diversity & Discrimination

All discrimination types

Clients, Products & Business Practices

Losses arising from an unintentional or negligent

failure to meet a professional obligation to specific

clients (including fiduciary and suitability

requirements), or from the nature or design of a


Suitability, Disclosure & Fiduciary

Fiduciary breaches / guideline violations

Suitability / disclosure issues (KYC, etc.)

Retail customer disclosure violations

Breach of privacy

Aggressive sales

Account churning

Misuse of confidential information

Lender liability

Improper Business or Market Practices


Improper trade / market practices

Market manipulation

Insider trading (on firm’s account)

Unlicensed activity

Money laundering

Product Flaws

Product defects (unauthorized, etc.)

Model errors

Selection, Sponsorship & Exposure

Failure to investigate client per guidelines

Exceeding client exposure limits

Advisory Activities

Disputes over performance of advisory activities

Damage to Physical Assets

Losses arising from loss or damage to physical

assets from natural disaster or other events.

Disasters and other events

Natural disaster losses

Human losses from external sources (terrorism,


Business Disruption and System Failures

Losses arising from disruption of business or system






Utility outage / disruptions

Execution, Delivery & Process Management

Losses from failed transaction processing or process

management, from relations with trade

counterparties and vendors

Transaction Capture, Execution &



Data entry, maintenance or loading error

Missed deadline or responsibility

Model / system misoperation

Accounting error / entity attribution error

Other task misperformance

Delivery failure

Collateral management failure

Reference Data Maintenance

Monitoring and Reporting

Failed mandatory reporting obligation

Inaccurate external report (loss incurred)

Customer Intake and Documentation

Client permissions / disclaimers missing

Legal documents missing / incomplete

Customer / Client Account Management

Unapproved access given to accounts

Incorrect client records (loss incurred)

Negligent loss or damage of client assets

Trade Counterparties

Non-client counterparty misperformance

Misc. non-client counterparty disputes

Vendors & Suppliers


Vendor disputes

Published by
Jawwad Farid

Recent Posts

Evaluating portfolio performance. A single metric to rule them all?

What is the best way of evaluating portfolio performance allocation strategies? Should we just compare risk, return or risk adjusted…

February 5, 2019 12:51 pm

Project Plain speak – Sense making for the financial world.

6 mins read Introducing Project Plain speak. Currently a work in progress Plain speak focuses on bringing intelligent financial reporting…

January 22, 2019 6:08 am

Oil markets time machine. Past, present and future.

9 mins read What can we learn about oil markets from the last ten years? The next decade. The final…

January 19, 2019 3:47 pm

Signals in the data. Oil prices, tea leaves and crude price direction.

5 mins read What does the data say about future direction of crude oil markets. We look at OPEC spare…

January 19, 2019 12:44 pm

Building a supply side model for crude oil

5 mins read What factors would impact crude oil supply side equation in 2019? Russian non compliance, lower breakeven for…

January 19, 2019 5:14 am

Modeling demand for liquid fuels

5 mins read How would you model demand for crude oil? What are the key components? What is the long…

January 18, 2019 4:46 pm

This website uses cookies.