Basel ii Association
Basel ii Distance Learning and Online Certification Program
Basel iii Accord
Basel ii for the Board of Directors
Basel ii Compliance Portal
Contact Us
 
 
Distance Learning and Online Certification Program - Certified Basel ii Professional (CBiiPro)
Distance Learning and Online Certification Program - Certified Pillar 2 Expert (CP2E)
Distance Learning and Online Certification Program - Certified Pillar 3 Expert (CP3E)
Distance Learning and Online Certification Program - Certified Stress Testing Expert (CSTE)
     
 
Basel ii in the United States of America
From the Basel ii Compliance Professionals Association (BCPA), the largest association of Basel ii Professionals in the world

Final Rule, USA
Risk-Based Capital Standards: Advanced Capital Adequacy Framework
Basel II

Operational risk
A bank must have operational risk management processes, data and assessment systems, and quantification systems that meet the qualification requirements in section 22(h) of the final rule.
 
A bank must have an operational risk management function that is independent of business line management.
 
The operational risk management function is responsible for the design, implementation, and oversight of the
bank’s operational risk data and assessment systems, operational risk quantification systems, and related processes.
 
The roles and responsibilities of the operational risk management function may vary between banks, but should be clearly documented.
 
The operational risk management function should have an organizational stature commensurate with the bank’s operational risk profile.
 
At a minimum, the bank’s operational risk management function should ensure the development of policies and procedures for the explicit management of operational risk as a distinct risk to the bank’s safety and soundness.
 
A bank also must establish and document a process to identify, measure, monitor, and control operational risk in bank products, activities, processes, and systems.
 
This process should provide for the consistent and comprehensive collection of the data needed to estimate the bank’s exposure to operational risk.
 
This process must capture business environment and internal control factors affecting the bank’s operational risk profile.
 
The process must also ensure reporting of operational risk exposures, operational loss events, and other relevant operational risk information to business unit management, senior management, and to the board of directors (or a designated committee of the board).
 
The final rule defines an operational loss event as an event that results in loss and is associated with any of the seven operational loss event type categories.
 
Under the final rule, the agencies have included definitions of the seven operational loss event type categories, consistent with the descriptions outlined in the New Accord.
 
The seven operational loss event type categories are:
 
(i) internal fraud, which is the operational loss event type category that comprises operational losses resulting from an act involving at least one internal party of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity and discrimination-type events;
 
(ii) external fraud, which is the operational loss event type category that comprises operational losses resulting from an act by a third party of a type intended to defraud, misappropriate property or circumvent the law;
 
(iii) employment practices and workplace safety, which is the operational loss event type category that comprises operational losses resulting from an act inconsistent with employment, health, or safety laws or agreements, payment of personal injury claims, or payment arising from diversity or discrimination events;
 
(iv) clients, products, and business practices, which is the operational loss event type category that comprises operational losses resulting from the nature or design of a product or from an unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability
requirements);
 
(v) damage to physical assets, which is the operational loss event type category that comprises operational losses resulting from the loss of or damage to physical assets from natural disaster or other events;
 
(vi) business disruption and systemfailures, which is the operational loss event type category that comprises operational losses resulting from disruption of business or system failures; and
 
(vii) execution, delivery, and process management, which is the operational loss event type category that
comprises operational losses resulting from failed transaction processing or process management or losses arising from relations with trade counterparties and vendors.
 
The final rule does not require a bank to capture internal operational loss event data according to these categories.
 
However, unlike the proposed rule, the final rule requires that a bank must be able to map such data into the seven operational loss event type categories.
 
The agencies believe such mapping will promote reporting consistency and comparability across banks and is consistent with expectations in the New Accord.
 
A bank’s operational risk management processes should reflect the scope and complexity of its business lines, as well as its corporate organizational structure.
 
Each bank’s operational risk profile is unique and should have a tailored risk management approach appropriate for the scale and materiality of the operational risks present in the bank.


Receive the New Member Orientation Newsletters. Understand Basel II
You will have the opportunity to learn what members registered before you have already learned. Understand better the Basel II environment, projects, careers, challenges and opportunities.

 

 Return to Table of Contents

Return to Index

 Read more about our Certified Basel ii Professional (CBiiPro) program

Read more about our Certified Pillar 2 Expert (CP2E) program

 Read more about our Certified Pillar 3 Expert (CP3E) program

 Read more about our Certified Stress Testing Expert (CSTE) program