Legal Risk

From Open Risk Manual


Legal Risk is the risk of losses arising from an unintentional or negligent failure to meet a professional (legal) obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product.

It is a recognized risk category in regulatory frameworks worldwide (Basel II/III standards) usually denoted as Clients, Products and Business Practices.

Basel Level 2 & 3 Event Type Classification

  • Suitability, Disclosure & Fiduciary
    • Fiduciary breaches / guideline violations
    • Suitability / disclosure issues (KYC, etc.)
    • Retail consumer disclosure violations
    • Breach of privacy
    • Aggressive sales
    • Account churning
    • Misuse of confidential information
    • Lender Liability
  • Improper Business or Market Practices
    • Antitrust
    • Improper trade / market practices
    • Market manipulation
    • Insider trading (on firm’s account)
    • Unlicensed activity
    • Money laundering
  • Product Flaws
    • Product defects (unauthorised, etc.)
    • Model errors
  • Selection, Sponsorship & Exposure
    • Failure to investigate client per guidelines
    • Exceeding client exposure limits
  • Advisory Activities
    • Disputes over performance of advisory activities

Examples by Business Line

Types of legal risk vary by business line. An indicative list:

  • General Business Line: Regulatory breaches, Compromised customer information, Fiduciary breach
  • Retail Banking: Mis-selling, Client Suitability
  • Commercial Banking: AML Non Compliance


Legal Risk is mitigated with strong internal controls and supported by the firm's risk culture embedded in employees

Issues and Challenges

  • As with all operational risks, difficult to obtain objective measures of actual risk, both before and after the application of controls

External Links