The Operational Risk Framework
This chapter introduces the important elements that are recommended for an operational risk framework. These elements include the foundations of governance, risk appetite, culture and awareness, and policy and procedure; the building blocks of data collection including loss data, risk and control self-assessment, scenario analysis, and key risk indicators; and the final capstones of calculation of capital and reporting.
OVERVIEW OF THE OPERATIONAL RISK FRAMEWORK
As discussed in Chapter 1, an operational risk program should ensure that operational risk is identified, assessed, monitored, controlled, and mitigated. The Basel Committee on Banking Supervision's 2011 “Sound Practices for the Management and Supervision of Operational Risk”1 provides helpful guidelines for best practices for operational risk departments. When meeting these standards, an operational risk framework needs to be developed that will fit with the culture of the bank and reflect best practice in the industry.
The main data building blocks of an operational risk framework are:
The framework must also address governance, provide policies and procedures, drive culture change, and respond to and inform risk appetite. In addition, the framework should feed data into any capital modeling and should feed data and analysis into risk reporting.
Figure 3.1 illustrates a possible framework ...