2. THE BASEL II COMMITTEE DEFINES OPERATIONAL RISK
AS:
• The risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. This
definition includes legal risk, but excludes strategic and
reputational risk.
3. BASEL II SEVEN EVENT TYPE CATEGORIES
• Internal Fraud – misappropriation of assets, tax evasion, intentional
mismarking of positions, bribery
• External Fraud – theft of information, hacking damage, third-party theft
and forgery
• Employment Practices and Workplace Safety – discrimination, workers
compensation, employee health and safety
• Clients, Products, and Business Practice – market manipulation, antitrust,
improper trade, product defects, fiduciary breaches, account churning
4. • Damage to Physical Assets – natural disasters, terrorism, vandalism
• Business Disruption and Systems Failures – utility disruptions,
software failures, hardware failures
• Execution, Delivery, and Process Management – data entry errors,
accounting errors, failed mandatory reporting, negligent loss of
client assets
5. OPERATIONAL RISK
• Operational risk is "the risk of a change in value caused by the fact that
actual losses, incurred for inadequate or failed internal processes, people and
systems, or from external events (including legal risk), differ from the
expected losses".
6. • It can also include other classes of risks, such as fraud, security, privacy
protection, legal risks, physical (e.g. infrastructure shutdown) or
environmental risks.
• he study of operational risk is a broad discipline, close to good management
and quality management
7. TECHNOLOGY RISKS
• Technology risk is a subset of operational risk that can significantly impact the
overall success of a licensee. Risks left unaddressed could significantly impact
the confidentiality, integrity and system availability of a licensee’s data.
8. • Technology Risks are risks related to any adverse outcome, damage, loss, disruption,
violation, irregularity or failure arising from the use of or reliance on computer
hardware, software, electtelecommunications systems. These risks can also be
associated with systems failures, processing errors, software defects, operating
mistakes, hardware breakdowns, capacity inadequacies, network vulnerabilities,
control weaknesses, security shortcomings, malicious attacks, hacking incidents,
fraudulent actions and inadequate recovery capabilities.ronic devices, online
networks, and