Operational Risk - a continuous challenge facing management

The start of the new millennium was marked by a profound debate on Operational Risk within the banking industry in which Operational Risk was defined as encompassing all residual risk that is not to be classified as market or credit risk.

The discussion concerning the adequate differentiation and management of Operational Risk in banks culminated in 2004 in the more precise definition articulated in Basel II: „Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk“.

Basel regulation regarding Operational Risk thus made its way into other regulation (CRD, CRR and country specific regulation as MaRisk or SolvV) and further served insurances as a blueprint for the inclusion in their own regulatory framework such as Solvency II.

Currently the Basel Committee has published a new Standardised Measurement Approach (BCBS355) that is applicable to all institutions. In comparison to the revision proposed with BCBS291, this approach is not only to supersede simpler measurement approaches in Operational Risk; it also scraps the Advanced Measurement Approaches (AMA). Further details can be found here.

Additionally, the challenge with managing Operational Risk continues to lie in breathing life into those regulations which were drafted with the intention of not being too restrictive. Efficiently integrating the chosen definition into existing risk management processes and systems also remains a major challenge.

Support throughout all phases from a concept’s inception to its implementation

d-fine has been consulting clients in the banking, insurance, asset management and industrial sector for many years concerning various topics in Operational Risk Management:

  • Composition of a risk map in connection with a company-wide risk inventory
  • Selection and analysis of risk indicators
  • Execution of self-assessments and scenario analysis
  • Conceptual design of a risk catalogue on internal control questions
  • Set-up of internal loss databases and integration thereof into internal processes
  • Development of tailor-made reporting solutions
  • Catering for fat tail problematics in connection with the choice of an AMA-model

Currently the focus is put on issues regarding the Supervisory Review Process (SERP) and market transparency:

  • How is Operational Risk capital allocation to be done concisely in the framework of the internal risk bearing calculation?

Even if no AMA-compliant model was applied (yet): Would implementing an „AMA light“ for internal purposes make sense - for instance by means of a Loss Distribution Approach (LDA)?

In addition to these regulatory issues, the proper integration of Operational Risk Management into the bank-wide risk management processes is becoming increasingly important - especially with respect to efficiency and effectiveness:

  • Where and how does Operational Risk and its management overlap with Business Continuity Management (BCM), Compliance and IT-security?
  • How can I differentiate between strategic risk, reputational risk, model risk and Operational Risk?
  • How are (the various) methods used for the design of an integrated risk management system to be consolidated?

Recent efforts have been directed towards optimising processes in terms of legal risk and conduct risk. Likewise the validation of single model components is rising in demand.

Our experts will assist you in answering these questions and realising the revised standard approach. We will support you throughout the entire process chain, from conceptual design to providing solutions on IT concerns such as software selection, system implementation and definition of management reports. Tap into our extensive knowledge and experience in Operational Risk Management!


If you have any questions or are interested in additional information, you are welcome to contact us at +49 69 907370 or at info@remove-this.d-fine.com, subject line “Operational Risk”.