Operational risk glossary and definitions

Archived from http://www.riskdimensions.com/resources/glossary - as the original is no longer available.

Operational risk glossary and definitions

This library is divided into the following areas:

Risk Categories
Operational Risk Terminology
Basel Event types

Risk Categories

Compliance Risk (Integrity Risk): The Basel Definition ... "The risk of legal or regulatory sanctions, financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with all applicable laws, regulations, codes of conduct and standards of good practice (together, "laws, rules and standards").
Credit Risk: The risk due to uncertainty in the ability of a counterparty to meet its contractual obligations.
Business Risk: The risk of volatility in revenues due to market drivers (causal factors include economic/business cycles and market competition).
Legal risk: 1. The risk of loss from a contract that cannot be legally enforced. It arises through uncertainty in laws, regulations, and legal actions. Sources of legal risk include capacity and enforceability issues, as well as the legality of financial instruments and exposure to unanticipated changes in laws and regulations.; 2. The risk stemming from non-compliance with the legal and/ or judicial framework due to ignorance, negligent interpretation or handling and / or late adoption. It is a subset of OR. The risk of a changing legal environment or case law does not constitute an OR but a � business risk.
Liquidity Risk: The risk due to inability to trade or transfer funds to due liquidity. This can be caused by credit downgrades or trading in products which have low liquidity.
Market Risk: The risk of loss due to adverse movements of securities.
Operational Risk: The Basel Definition: �� the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.� This includes legal risk, but excludes strategic and reputational risk.
Regulatory Risk: The risk associated with the potential for the revoking of investment and banking licenses and regulatory fines by the prudential supervisor. This can be caused by non-compliance and changing regulatory environment issues (i.e. Basel II and IAS requirements). This is a subset of legal risk.
Reputational Risk: The risk of potential damage to a firm due to deterioration of reputation. This damage results from missed future opportunity, � foregone (future) revenues and customers. Reputational Risk is a secondary risk, which is not a part of Basel II definition of operational risk.
Strategic Risk: 1. The risk of losses or reduced earnings due to inappropriate senior management actions caused by faulty, unprepared or simply misjudged strategic decisions.; 2. The risk to revenues, earnings, market share and product offering as a result of poor decision making or implementation of those decisions.

Operational Risk Terminology

Back Testing: A methodology for the validation of capital allocation / models through the use of loss data.
Benchmarking: A value or set of values which are used to compare the condition in one organisation with the condition in other organisations (external benchmarking) or between organisational units within one organisation (internal benchmarking).
Business Continuity Planning (BCP): A plan of action to be followed when an OR event occurs that threatens to disrupt or destroy the continuity of normal business activities and which seeks to restore operational capabilities through contingency plans.
Cause (Causal Elements, Risk Factors): The underlying reason(s) giving rise to an OR event.
Control (Risk) Self Assessment (CSA): A formalised, documented and committed approach to the regular, fundamental and open review by managers and staff of the strength of control systems designed and operated to achieve business objectives and guard against risks within their sphere of influence�.
Direct Risks / Losses: The immediate risk or loss caused by a particular operational activity.
Disaster Recovery: A plan of action to recover from an unlikely event of a severe or catastrophic business disruption
Economic Capital: 1. Capital held by an organisation to protect against the potential risks involved in conducting business.; 2. The amount of capital at risk within a given confidence interval.
Effect: The financial or non-financial result of an operational risk event.
Event Types (Loss Events): Standardised loss category treated as one group depending on similarities in cause or effect (refer to Basel II for regulatory categorisations).
Expected Loss (EL): The expected losses associated with the performing business activities. This is a subset of the 'cost of doing business'.
Exposure: The amount of operational risk faced by a business line / firm.
Exposure Indicator (EI): A measure reflecting the exposure of a business line / firm (used for scaling or relevance adjustments).
External Data: The collection of operational risk loss data from other financial institutions and industries. External loss data can be used either to supplement internal data or used as an input for scenario creation. The BBA Global Operational risk Loss Database (GOLD), Opvantage F1RST and ORX are examples of external databases and industry consortiums for the collection of loss data.
Extreme Value Theory (EVT): A branch of statistics dealing with the extreme deviations from the mean of probability distributions. Extreme value theory has been extensively applied to actuarial modelling of low probabilistic events.
Gross Losses: The monetary value of losses incurred without incorporating recoveries such as insurance.
Indirect Risks / Losses: This includes secondary risks /losses (e.g. reputation, goodwill, ...) and opportunity costs caused by operational risk events.
Key Performance Indicator (KPI): A regular measurement based on data which indicates the performance of a process or a business line. Performance indicators may allow for a trend analysis over time and could incorporate escalation procedures once a particular threshold or trigger level has been exceeded.
Key Risk Indicator (KRI): A regular measurement based on data which indicates the operational risk profile of a particular activity or activities. Risk indicators may allow for a trend analysis over time and could incorporate escalation procedures once a particular threshold or trigger level has been exceeded.
Loss Given Event (LGE): The average loss given a particular operational risk event occurs.
Near Misses: An operational risk event that could have but did not result in a loss. E.g. Payment system downtime out of hours.
Net Losses: The monetary value of losses adjusted with recoveries (incl. insurance payments and reimbursements).
Opportunity Costs: Income that would have been earned in the absence of an operational risk event.
OpVaR: The Value at Risk calculation used to calculate economic and regulatory capital.
Probability of Event (PE): Probability of a particular event occurring. Used in the calculation of IMA and LDA capital models.
Regulatory Capital: Capital held to meet legislative and regulatory requirements.
Residual Risk/Loss: The net risk/loss remaining after applying adjustments for controls, insurance and other risk mitigation tools. Also defined as the minimum amount of OR at which a business line or firm can operate.
Risk Culture: The FSA definition: �� a firm's risk culture encompasses the general awareness, attitude and behaviour of its employees to risk and the management of risk within the organisation.�
Risk Factor: Refer to Cause and Causal Elements.
Risk Map: A graphical representation of the operational risk types structured by severity, frequency, complexity and other dimensions pertinent to the nature of the risks.
Risk Profile: The level of operational risk across a business line / firm. This can be done by looking at the risk levels within each risk category or class.
Scenario: A tangible future outcome or course of events based on a set of clearly evaluated risk factors.
Scorecard: An evaluation tool based on a number of key measures used to assess the level of performance or risk. Scorecards are applied in self assessment and capital modelling of operational risk.
Unexpected Loss (UL): The unexpected loss attributed to deviations with the normal operations of a business line / firm. Mathematically, calculated as a high confidence interval (99% or 99.9%) of the loss distribution.

Basel Event Types

Internal Fraud: Losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/ discrimination events, which involves at least one internal party.
External Fraud: Losses due to acts of a type intended to defraud, misappropriate property or circumvent the law, by a third party.
Employment Practices and Workplace Safety: Losses arising from acts inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims, or from diversity / discrimination events.
Clients, Products & Business Practices: Losses arising from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product.
Damage to Physical Assets: Losses arising from loss or damage to physical assets from natural disaster or other events.
Business Disruption and System Failures: Losses arising from disruption of business or system failures
Execution, Delivery & Process Management: Losses from failed transaction processing or process management, from relations with trade counterparties and vendors.