Operational Risk Identification, Measurement, and Control
23.1 OPERATIONAL RISK IDENTIFICATION APPROACH
The operational risk identification procedure should capture operational risk from all types of business activities, products, and services rendered by banks. In the past, operational risk was managed by banks, usually through a control mechanism that was supported by an internal audit function. No systematic approach was followed to identify operational risk in a comprehensive manner. Two documents released by the Basel Committee on Banking Supervision, “Sound Practices for Management and Supervision of Operational Risk, December 2001” and “International Convergence of Capital Measurement and Capital Standards: A Revised Framework— Comprehensive Version, June 2006” have underlined the need for comprehensive treatment of operational risk.
The identification procedure should be comprehensive and cover enterprise-wide operational risk from business activities, products, and other sources as indicated here.
Business activities are granting credit, accepting deposits, borrowing funds, purchasing securities, issuing credit cards, transferring funds, providing custodial services, and providing agency services.
Products are service delivery instruments through which activities are carried out, and are of different types like deposit and credit products, bill purchase and discount products, financial guarantee and commitment products, and credit ...