Sound Management of Operational Risk

From Open Risk Manual

Definition

"Sound Management of Operational Risk" is a collection of principles that has been developed over the years by the Basel Committee on Banking Supervision[1] for the purpose of guiding firms in the financial services industry and their regulators to establish sound practices for the management of Operational Risk.

Principle 1

The board of directors should take the lead in establishing a strong Risk Management Culture. The board of directors and senior management should establish a corporate culture that is guided by strong risk management and that supports and provides appropriate standards and incentives for professional and responsible behaviour. In this regard, it is the responsibility of the board of directors to ensure that a strong operational risk management culture exists throughout the whole organisation

Principle 2

Firms should develop, implement and maintain a Risk Framework that is fully integrated into the firms’s overall risk management processes. The Framework for operational risk management chosen by an individual firm will depend on a range of factors, including its nature, size, complexity and risk profile.

Principle 3

The board of directors should establish, approve and periodically review the Framework. The board of directors should oversee senior management to ensure that the policies, processes and systems are implemented effectively at all decision levels.

Principle 4

The board of directors should approve and review a Risk Appetite and tolerance statement for operational risk that articulates the nature, types, and levels of operational risk that the bank is willing to assume.

Principle 5

Senior management should develop for approval by the board of directors a clear, effective and robust Governance Structure with well defined, transparent and consistent lines of responsibility. Senior management is responsible for consistently implementing and maintaining throughout the organisation policies, processes and systems for managing operational risk in all of the firms’s material products, activities, processes and systems consistent with the risk appetite and tolerance.

Principle 6

Senior management should ensure the Risk Identification and Risk Assessment of the operational risk inherent in all material products, activities, processes and systems to make sure the inherent risks and incentives are well understood.

Principle 7

Senior management should ensure that there is an approval process for all new products, activities, processes and systems that fully assesses operational risk.

Principle 8

Senior management should implement a process to regularly monitor operational risk profiles and material exposures to losses. Appropriate reporting mechanisms should be in place at the board, senior management, and business line levels that support proactive management of operational risk.

Principle 9

Firms should have a strong control environment that utilises policies, processes and systems; appropriate Internal Control; and appropriate Risk Mitigation and/or Risk Transfer strategies.

Principle 10

Firms should have business resiliency and Business Continuity Plan in place to ensure an ability to operate on an ongoing basis and limit losses in the event of severe Business Disruption.

Principle 11

A firm’s public disclosures (where applicable) should allow stakeholders to assess its approach to operational risk management.

References

  1. BCBS, Principles for the Sound Management of Operational Risk