Risk Management for Beginners: The Operational Risk Policy

Sergio Scandizzo

No matter the size or the business mix, no matter the organisational model or the approach chosen for operational risk management, the first building block to have in place is always an operational risk policy. The BCBS, in the second Basel Accord and other papers, as well as a variety of national regulators, spoke often about the need for “appropriate policies and procedures” in the management of operational risk. They refer potentially to a large number of documents governing, in principle, any activity that can cause an operational loss.

Operational risk is difficult, if not impossible, to manage separately from the day-to-day management of the business. In this chapter, by contrast, the term “operational risk policy” refers to a single document, approved and frequently updated by the board. This outlines the bank’s approach to operational risk and spells out definitions, appetite and responsibilities at a sufficiently high level to be understood unequivocally by everyone inside and outside the bank, but also with sufficient detail so as not to leave any doubt as to what the objectives of operational risk management are and who is responsible for what.

Although the

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: