“Operational risk is the risk of loss arising from fraud, unauthorised activity, errors, oversights, inefficiencies or failures in systems, or outside events.” It is inherent in all entities and covers a wide range of subjects/events.
Risks related to credit, markets, insurance and reputation and strategic risk are excluded from this definition.
The above reference to errors, oversights and inefficiencies reflects failings in processes and the role of human error.
The main categories in which operational risk has historically led to losses are as follows:
- Fraudulent activity and other outside criminal activity
- Failings in processes and procedures due to human error, poor assessment or malicious intent
- Terrorist attacks
- Systems failure or unavailability
- In some parts of the world, vulnerability to natural disasters
Financial institutions must remain vigilant as to the likelihood of rare but extreme events, whether or not listed above.
