The 7 Basel II Level 1 Operational Risk Categories

What is Basel II

According to Investopedia, Basel II is a set of international banking regulations put forth by the Basel Committee on Bank Supervision, which leveled the international regulation field with uniform rules and guidelines. Basel II expanded rules for minimum capital requirements established under Basel I, the first international regulatory accord, and provided the framework for regulatory review, as well as set disclosure requirements for assessment of capital adequacy of banks. The main difference between Basel II and Basel I is that Basel II incorporates credit risk of assets held by financial institutions to determine regulatory capital ratios.

OpRisk Loss Event Categories

Basel II provides 7 categories of level 1 loss events that most firms have adopted to meet their own operational risk (OpRisk) framework requirements. OpRisk models are designed to deal with identifying and mitigating operational risks of the firm that are a function of people, systems, and external events.

The 7 Basel II event risk categories intended to capture all potential operational risks. Every loss event should be mapped to the risk event categories outlined in the firms operational risk management policies and procedures. Some loss can fall into more than one categories.

The 7 categories are:

  • Internal Fraud – misappropriation of assets, tax evasion, intentional mismaking of positions, bribery
  • External Fraud – theft of information, hacking damage, third-party theft and forgery
  • Employment Practices and Workplace Safety – discrimination, workers compensation, employee health and safety
  • Clients, Products, and Business Practice – market manipulation, antitrust, improper trade, product defects, fiduciary breaches, account churning
  • Damage to Physical Assets – natural disasters, terrorism, vandalism
    Business Disruption and Systems Failures – utility disruptions, software failures, hardware failures
  • Execution, Delivery, and Process Management – data entry errors, accounting errors, failed mandatory reporting, negligent loss of client assets

Evaluating Operational Risk

When evaluating OpRisk event, it’s critical to understand that severity and frequency both contribute to the greatness of the loss. For example, loss events are small but occur very frequently in the Execution, Delivery, and Process Management category. Whereas, losses are much less frequent but typically have a large dollar amount in the Clients, Products, and Business Practices category as these loss events commonly arise from substantial litigation suits.

The modeling of loss event data differs for each category. Thus, it is important to make sure every event is placed in the appropriate group. When assigning loss events in OpRisk, consistency is more important than accuracy. Effective operational risk management requires that similar events are consistently categorized the same way. If mistakes are made classifying risks in past years it will impact the risk management control process and reporting to regulators.

In order to properly classify risks, it is important for the firm to perform a comprehensive risk mapping exercise that details every major process of the firm. The process of identifying and classifying risks is commonly referred to as OpRisk taxonomy.