MetricStream Webinar 28 November 2012
Patricia Jalleh Executive Director RiskBusiness International
Agenda • The importance of loss management • Critical success factors for managing loss events • Integrating loss management and operational risk management
2
Basel Definition of Operational Risk Operational risk is defined as the risk of loss resulting from inadequate or failed Internal processes People Systems or from External Events. This definition includes legal risk and compliance risk but excludes strategic risk and reputational risk.
3
When is a Loss an Operational Risk Loss? When the underlying cause of the loss or harm is due to operational risk – i.e. Caused by inadequate or failed Internal processes People Systems or from External Events.
Some credit risk and market risk losses have operational risk as the underlying root cause
4
How do Operational Risk Losses Happen? Internal Controls
Threats Threats Threats Threats Threats Threats
LOSSES
(Financial / Reputational)
Control Gaps / Weaknesses = Vulnerability
Risk Events or Losses occur when Threats successfully exploit Vulnerabilities
5
Loss Events, Causal Factors and Effects
Causal Factors 1. People Process Systems External Factors 6. 7. 5. 4. Basel 2 Event Categories Internal Fraud 2. External Fraud 3. Employment Practices & Workplace Safety Clients Products & Business Practices Effects Financial Loss Regulatory sanctions Legal suits Lost productivity Reputational Loss Loss of investor and customer confidence
Damage to Physical Assets
Business Disruption & System Failure
Execution Delivery and Process Management
6
Importance of a Taxonomy for better loss analysis
• • • • • • • • • • •
Geography Legal Entity Business line Business function or customer segment Product/service category Process category Risk event category Risk causal category Risk impact category Control