What is Severity of Loss?
Severity of Loss is equal to the size of losses, and is a component of operational risk and a component of aggregate loss.
What is Frequency of Events?
Frequency of Events is a component of operational risk management and a component of aggregate loss; it is equivalent to the number of loss events.
How is Operational Risk Measured?
Operational Risk is measured in terms of Aggregate Loss. There are two components to operational risk, and these are Frequency of Events & Severity of Loss.
What is External Loss Data?
External Loss Data includes both External Pooled Data and External Public Data.
External Pooled Data: Public and non-public data drawn from a loss data sharing consortium.
External Public Data: Data drawn from public sources, less relevant than internal data, but contains a larger set of tail events, and is subject to numerous biases.
What is Internal Loss Data?
Internal Loss Data are actual losses that have taken place in an organization. This is a key informational element of an ORM program.
What is a Risk Control Self Assessment?A Risk Control Self Assessment (RCSA) is a method by which a company collectively identifies and evaluates is business objectives, risks and controls across all levels of the organization. This technique adds value by increasing operating units involvement in identifying risk exposures and determining corrective action.
What is a Key Risk Indicator?
A Key Risk Indicator (KRI) is a regular measurement based on data which indicates the operational risk profile of a particular activity or activities. Risk indicators may allow for a trend analysis over time and can incorporate escalation procedures once a particular threshold or trigger level has been exceeded.
What are Loss Events?
While Loss Events are applicable for any company and not just limited to banks, the Basel Committee on Banking Supervision breaks down loss events into seven general categories:
Loss due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity, discrimination events, which involves at least one internal party.
Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party. These activities include theft, robbery, hacking or phishing attacks.
Employment Practices and Workplace Safety
Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination.
Clients, Products & Business Practice
Losses arising from unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature of design of a product.
Damage to Physical Assets
Losses arising from loss or damage to physical assets from natural disaster or other events. See disaster recovery or business continuity planning.
Business Disruption & Systems Failures
Losses arising from disruption of business or system failures. This includes loss of due to failure of computer hardware, computer software, telecommunications failure or utility outage and disruptions.
Execution, Delivery & Process Management
Losses from failed transaction processing or process management, from relations with trade suppliers and vendors. This includes Transaction Capture, Execution & Maintenance Miscommunication, Data entry, maintenance or loading error Missed deadline or responsibility, Model / system misoperation Accounting error, entity attribution error, Delivery failure, Collateral management failure Reference data maintenance, Monitoring & Reporting Failed mandatory reporting obligation, Inaccurate external report (loss incurred), Customer Intake & Documentation Client permissions / disclaimers missed Legal documents missing / incomplete, Customer / Client Account Management Unapproved access given to accounts, Incorrect client records (loss incurred), Negligent loss or damage of client assets, Trade partners, non-client vendor misperformance and vendor disputes.
What is Operational Risk?
Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of a company's activities.
What is Operational Risk Management?
Operational Risk Management (ORM) is the oversight of many forms of day-to-day operational risk including the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Neither Operational Risk nor Operational Risk Management includes market risk or credit risk.