Expect the unexpected
The first time I read The Black Swan, I must confess I read it very quickly. I had to introduce Nassim Nicholas Taleb at our OpRisk USA conference and had run out of time. So this summer I've picked up his book again and found in its pages some real surprises.
In the field of operational risk, Taleb's land of 'Mediocristan' is expected loss. 'Extremistan' is unexpected loss, and is the bit of operational risk that most people are really interested in. Unfortunately for op risk execs, Taleb's conclusion is that the Extremistan 'Black Swan' losses are impossible to predict, no matter how much data we have and how fancy our models are. Taleb adds that attempting to predict these losses can be harmful, as the process of forecasting could blind firms to where losses might come from. Particularly when statisticians, economists and analysts are involved.
Now, Taleb's seeming dislike of professional prognosticators is very entertaining - one of my first jobs was tracking equity analyst predictions for a newsletter, and I remember how low the hit rate was. But if we can't predict what will happen in the face of terrifying potential losses, what is the point of operational risk?
Taleb goes on to say that, although "the probabilities of very rare events are not computable; the effect of an event on us is considerably easier to ascertain ... we can have a clear idea of the consequences of an event, even if we do not know how it is likely to occur ... You can build an overall theory of decision-making on this idea. All you have to do is mitigate the consequences."
This seems like such sensible advice to me. This is what business continuity executives do - they focus on having a disaster recovery plan in place that will work no matter what actually happens. What can firms put in place to manage and mitigate large operational risks - no matter what loss event occurs?
I'll stick my head above the parapet even more ... What can firms put in place to prevent large operational risks happening, no matter what type of operational risk event it is?
Basel II's advanced measurement approach is perhaps focused too much on historical loss events and highly latent internal data. For operational risk to move forward, we need to turn this focus on data on its head, and perhaps go for a swim with a Black Swan or two.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Risk management
Op risk data: HSBC hit with $400m external fraud loss
Also: China’s unlicensed trading clampdown; SocGen’s insurance mis-selling woes. Data by ORX News
Clearers face heavy lift on CME-FICC cross-margin service
Dual registration and regulation plus uncertainty over close-outs all weigh on client offering
Appetite breaches climb for top op risks
Risk Benchmarking: Low tolerance and heightened threat environment combine to test banks’ limits for cyber, resilience, third-party risk
How gatecrashers could spoil the tokenisation party
Blockchain can curb settlement risks, but that could come at the expense of new third-party risks
Op Risk Benchmarking: Banks seek a home for AI risk
Risk.net’s 2026 study sees record participation and collective unease, as banks race to incorporate AI into op risk frameworks
Contract negotiation tops tech sovereignty for banks in Asia
Regulatory pressure is rising, but industry still focused on service agreements with third parties
The SaaSpocalypse shows private markets need risk models
Investors have little idea how bad the losses in private credit are going to be
Crisis? Which crisis? How ECB stress test failed to see Strait
Banks were told to design geopolitical shock scenarios, but some focused mainly on tariffs
