Operational risk

Operational risk is "the risk of a change in value caused by the fact that actual losses, incurred for inadequate or failed internal processes, people and systems, or from external events (including legal risk), differ from the expected losses". This definition, adopted by the European union Solvency II Directive for insurers, is a variation from that adopted in the Basel II regulations for banks. In October 2014, the Basel Committee on Banking Supervision proposed a revision to its operational risk capital framework that sets out a new standardized approach to replace the basic indicator approach and the standardized approach for calculating operational risk capital.

It can also include other classes of risk, such as fraud, security, privacy protection, legal risks, physical (e.g. infrastructure shutdown) or environmental risks.

Operational risk is a broad discipline, close to good management and quality management.

In similar fashion, operational risks affect client satisfaction, reputation and shareholder value, all while increasing business volatility.

Contrary to other risks (e.g. credit risk, market risk, insurance risk) operational risks are usually not willingly incurred nor are they revenue driven. Moreover, they are not diversifiable and cannot be laid off, meaning that, as long as people, systems and processes remain imperfect, operational risk cannot be fully eliminated.

Operational risk is, nonetheless, manageable as to keep losses within some level of risk tolerance (i.e. the amount of risk one is prepared to accept in pursuit of his objectives), determined by balancing the costs of improvement against the expected benefits.

Wider trends such as globalization, the expansion of the internet and the rise of social media, as well as the increasing demands for greater corporate accountability worldwide, reinforce the need for proper operational risk management.

Until Basel II reforms to banking supervision, operational risk was a residual category reserved for risks and uncertainties which were difficult to quantify and manage in traditional ways – the "other risks" basket.

Such regulations institutionalized operational risk as a category of regulatory and managerial attention and connected operational risk management with good corporate governance.

Of course, businesses in general, and other institutions such as the military, have been aware, for many years, of hazards arising from operational factors, internal or external. The primary goal of the military is to fight and win wars in quick and decisive fashion, and with minimal losses. For the military, and the businesses of the world alike, operational risk management is an effective process for preserving resources by anticipation.

...
Wikipedia