top of page
Op risk.png

The (Operational) Risk Management Framework

The Operational Risk Management Framework is a comprehensive structured playbook for what an operational risk manager must do. An operational risk manager

  • identifies exposures to operational potential financial and reputational losses (risk),

  • creates and implements controls to keep potential financial and reputational losses within the Risk Appetite, and

  • ensures that there is financial and operational resilience to rapidly recover after a loss happens, and

  • establishes a sound governance structure (the who what and by when) to effectively manage the entire process and meet regulatory requirements.

​

This framework will often be referred to as the ECRG. This framework applies to all risk types, including market, credit, and liquidity risk. the specific terminology may vary but the elements and principles are the same. For example in Marlet risk controls are called hedges. 

exposure 3.png

Click on image for Exposure Page

Exposure

Exposure is the potential to experience financial and reputational losses, in normal and stress situations, arising, according to Basel*, from inadequate or failed internal processes, people, systems, or external events.  This is too general to be useful in managing operational risk. 

 

As a result, Basel through consultation with the Industry developed a hierarchal 3 level list of 7 types of events that give rise to operational risk losses. Each level provides more specificity for each of these types.

The 7 Operational Risk types are :

  • Internal fraud

  • External fraud

  • Employment practices and workplace safety

  • Clients, products, and business practices

  • Damage to physical assets

  • Business disruption and system failures

  • Execution, delivery and process management

for details on the 2 sublevels which provide details on what is included in each of these types see 

PDF.png

Controls

Controls are processes executed by people or systems to keep potential losses within the Risk Appetite by either reducing the frequency or severity of a potential loss.

​

Preventative controls reduce the frequency of losses and detective controls reduce the severity of the losses.

Controls2.png

An example of controls for Trading is 

segregation of duties: Separating the roles of those who authorize trades, execute trades, and manage the settlement and reconciliation process. This can prevent a single person from having too much power over the trading process, reducing the risk of fraud or unauthorized trades.

​

Another example is trading limits. Trading limits put a cap on potential trading losses by restricting the size, volume, frequency, and types of trades that can be transacted. 

resilience2.png

Resilience

Since controls are not perfect, unexpected losses will sometimes occur.  Resilience is the ability and capability to rapidly recover from a financial or reputational loss. Resilience is achieved by having the right plan and resources to rapidly recover from an operational loss and includes having sufficient capital to absorb the loss, insurance to transfer all or a portion of the loss, and having a Continuity of Business plan to recover from business disruptions caused by the loss

Goverance

Governance is about having the right policies,  roles, and responsibilities for the Board of Governors, Senior Management, Business Management, Risk management, and Internal Audit to ensure that all the components work the Operational Risk Management Framework are function properly

Goverance2.png

Operational Risk Management That Works

brought to you by

MLX logo 2018.png

©2022 by Operational Risk Management That Works. Proudly created with Wix.com

bottom of page