The Bank for International Settlements defines operational risk as ‘‘The risk of direct or indirect loss resulting from inadequate or failed internal processes, people, and systems, or from external events.’’
The definition of operational risk varies considerably, and more important, measuring it can be even more difficult. The Basel Committee has conducted surveys of banks on operational risk. Based on Basel, the key types of operational risk are identified as follows.
(1) Physical Capital: the subsets of which are:
- damage to physical assets,
- business disruption,
- system failure,
- problems with execution and delivery, and/or
- process management
Technological failure dominates this category and here, the principal concern is with a bank’s computer systems. A crash in the computing system can destroy a bank. Most banks have a duplicate system which is backed up in real time, in a secret location, should anything go wrong with the main computer system.
However, banks take out insurance against the risk of fire or other catastrophes, and to this extent, they have already hedged themselves against the risk. To the extent they are fully hedged, there should be no need to set aside capital. Problems with physical capital may interfere with process management and contribute to a break down in execution and/or delivery.
(2) Human Capital: this type of risk arises from human error, problems with employment practices or employees’ health and safety, and internal fraud. An employee can accidentally enter too many (or too few) zeroes on a sell or buy order. Or a bank might find itself being fined for breach of health and safety rules, or brought before an employment tribunal accused of unfair dismissal. In addition, employees can defraud their bank.
(3) Legal: the main legal risk is that of the bank being sued. It can arise as a result of the treatment of clients, the sale of products, or business practices. There are countless examples of banks being taken to court by disgruntled corporate customers, who claim they were misled by advice given to them or business products sold. Contracts with customers may be disputed.
(4) Fraud: the fraud may be internal or external to the bank. An operational failure may created settlement and liquidity risks. Or if a borrower is granted a loan based on a fraudulent loan application and subsequently defaults, it will be recorded as a loan loss, and therefore, a credit risk issue, even though the fraud was the original source of the problem.
Classification issues alone make quantification of operational risk difficult, so it should come as no surprise that the ‘‘Basel 2’’ proposals for the treatment of the operational risk proved highly controversial.