Journal of Operational Risk

Risk.net

An emergent taxonomy for operational risk: capturing the wisdom of crowds

Luke Carrivick, Steve Bishop, Tom Ivell, Valerie Wong and Ramy Farha

There has been a substantial change in the operational risks faced by financial services firms over the last fifteen years. Risks such as conduct, cyber and third party have risen in importance and now dominate boardroom agendas. How organizations think about this expanding portfolio of threats and manage them in a consistent way is underpinned by their risk taxonomy. This changing risk profile, combined with a recent shift of focus away from capital measurement toward risk management, means that many organizations are actively revising their operational risk taxonomies. In doing so, they are deviating from Basel Committee on Banking Supervision event types, but without a common standard for which to aim. In this paper, we take a data-driven approach and combine the individual active taxonomies of sixty large financial institutions (fifty-eight for construction and two for validation) to create a coherent new reference taxonomy: the ORX reference taxonomy for operational and nonfinancial risk. This combines both the theoretical and the practical wisdom of the crowd. The resultant taxonomy is a two-layered hierarchy of risks, with sixteen risks at level 1 and sixty-one risks at level 2. As part of this work, we look at some of the contemporary concerns that have shaped how institutions think about their risks. Constructing a mutually exclusive and collectively exhaustive taxonomy driven by data is not without its challenges, and the careful narrowing of scope and separation of risks, in partnership with industry experts, was sometimes needed. The Basel event types provide a central point of comparison, as they are universally adopted, have longevity and provide a basis for the ways in which institutions share data and provide insights into operational risks. The desired contribution of this ORX initiative was to create a common point of reference and thereby solid ground for industry discussion about developing operational risk taxonomies with the aim of laying the foundations that will allow consistent industry sharing of insights and data over the coming years.

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: