Speaker 1: Risks are inherent in any kind of business including banking. Risks and uncertainties form an integral part of banking industry, which by nature, entails taking risks. Operational risk is, perhaps, one of the most significant components of risk faced by banks According to Basel Committee on Banking Supervision, operational risk results from inadequate or failed internal processes, people, systems, and external events Examples of operational risks include, a risk of loss arising from various types of human or technical error, business interruption by riots, risk of fraud by employees,

Speaker 2: unauthorized transaction by employees, hacking bank system by outsider, etc.

Speaker 1: Some of the banks and financial institutions lost their existence in the past whilst others have undergone major transformations as a consequence of operational risk events. For example, Barings Bank collapsed in 1995 due to loss amount exceeding U.S. $1.4 billion incurred as a consequence of action of a single rogue trader. Saucier Tay General lost over U.S. $7 billion during 2007-2008 due to unauthorized trading activities of another rogue trader. Basel Committee on Banking Supervision requires banks to classify operational risk under seven event types, which are, internal fraud, external fraud, employment practices, and workplace safety, clients, products, and business practices, damage to physical assets, business disruption, and system failures, and execution, delivery, and process management Banks classify and report operational risks under seven events and eight business lines, which are, corporate finance, trading, and sales, retail banking, commercial banking, payment, and settlement, agency services, asset management, and retail brokerage Banks classify and report operational risks under seven events and eight business lines accordingly. Out of three pillars of Basel II, the Capital Adequacy Requirements pillar sets out minimum capital requirement for credit risk, market risk, and operational risk. Capital charge for operational risk has been prescribed under three distinct approaches, basic indicator approach, standardized approach, and, advanced measurement approaches. The first two approaches are also called top-down approach whilst the last approach is called bottom-up approach. Advanced measurement approaches are classified into internal measurement approach, scorecard approach, and loss distribution approach. The quantification of operational risk is difficult, as it is difficult to build a clear mathematical or statistical link between individual risk factors and the likelihood of a loss. So, banks generally assess this risk based on its likelihood, and significance. Likelihood is further classified into five categories, rare, unlikely, possible, likely, and certain. Significance is classified into insignificant, minor, significant, major, and catastrophic. Operational risk heatmaps are created to give readily accessible and visual representation of the risk profile of a bank or business unit. The heatmap shows low risk as represented by green color, moderate risk represented by yellow color, high risk represented by light red color and extreme risk represented by dark red color.

Speaker 2: The heatmap helps management to concentrate more on high-risk areas. Whenever there is operational risk, we need to look back its cause as well as potential impact.

Speaker 1: If the impact is significant, we need to mitigate the risk. Operational risk is mitigated by designing effective controls. The control could be preventive, detective, corrective and directive.