operational risk management
361
Basel II is the second of the Basel Accords that set out recommendations on banking 
laws and regulations, as issued by the Basel Committee on Banking Supervision.
The purpose of Basel II (2004) is to create an international standard that banking 
regulators can use when creating regulations about how much capital banks need
to put aside to guard against the types of financial and operational risks they face. 
Basel III requirements have been developed, although it is not anticipated that Basel III 
will come fully into force until 2019.
Definition of operational risk
Operational risks faced by banks and other financial institutions represent essen-
tially the same types of disruptive hazard risks that are faced by other organizations, 
although the definition may be broader and the terminology slightly different. The 
specific point in the case of operational risk for financial institutions is that the level 
of operational risk needs to be quantified, because the level of risk has to be covered 
by available capital within the institution. This leads to an imperative for the bank 
to reduce the level of operational risk to the lowest level that is cost-effective.
Banks have long been concerned with market risk and credit risk (and insurance 
companies with underwriting risk as well), but the advent of Basel II and Solvency II 
requires financial institutions to consider broader operational risk exposures. Opera-
tional risk was initially defined as being any form of risk that was not market risk or 
credit risk. This imprecise definition was replaced by Basel II with a definition of 
operational risk as: ‘the risk of loss resulting from inadequate or failed internal pro-
cesses, people and systems or from external events’.
The Basel II definition includes legal risk, but excludes strategic and reputational 
risk. The types of risks associated with the Basel II definition include the following:
●
●
internal fraud, including misappropriation of assets, tax evasion and bribery;
●
●
external fraud including theft, hacking and forgery;
●
●
employment practices and workplace safety;
●
●
clients, projects and business practices;
●
●
damage to physical assets;
●
●
business interruption and systems failures;
●
●
execution, delivery and process management.
However, there is also recognition that operational risk is a term that has a variety 
of meanings and that certain financial institutions use a different term or a broader 
definition. The Basel II definition identifies four types of risk categories: people,
process, system and external risks. People risks include failure to comply with pro-
cedures and lack of segregation of duties. Process risks include process failures and 
inadequate controls. System risks include failure of applications systems to meet user 
requirements and the absence of built-in control measures. Finally, external risks 
include action by regulators (change of regulation, but excluding enforcement or 
disciplinary action), unsatisfactory performance by service providers and fraud, both 

Download 3.45 Mb.

Do'stlaringiz bilan baham: