LO 37.2: Summarize the fundamental principles of operational risk management

LO 37.2: Summarize the fundamental principles of operational risk management as suggested by the Basel committee.
Operational risks must be proactively managed by a banks board of directors and senior managers as well as its business line managers and employees. The 11 fundamental principles of operational risk management suggested by the Basel Committee are: 1. The maintenance of a strong risk management culture led by the banks board of
directors and senior managers. This means that both individual and corporate values and attitudes should support the banks commitment to managing operational risks.
2. The operational risk framework (referred to as the Framework in this topic) must
be developed and fully integrated into the overall risk management processes of the bank.
3. The board should approve and periodically review the Framework. The board should also oversee senior management to ensure that appropriate risk management decisions are implemented at all levels of the firm.
Page 2
2018 Kaplan, Inc.
Topic 37 Cross Reference to GARP Assigned Reading – Basel Committee on Banking Supervision
4. The board must identify the types and levels of operational risks the bank is willing to
assume as well as approve risk appetite and risk tolerance statements.
3. Consistent with the banks risk appetite and risk tolerance, senior management must
develop a well-defined governance structure within the bank. The structure must be implemented and maintained throughout the banks various lines of business, its processes, and its systems. The board of directors should approve this governance structure.
6. Senior management must understand the risks, and the incentives related to those
risks, inherent in the banks business lines and processes. These operational risks must be identified and assessed by managers.
7. New lines of business, products, processes, and systems should require an approval
process that assesses the potential operational risks. Senior management must make certain this approval process is in place.
8. A process for monitoring operational risks and material exposures to losses should be put in place by senior management and supported by senior management, the board of directors and business line employees.
9. Banks must put strong internal controls, risk mitigation, and risk transfer strategies in
place to manage operational risks.
10. Banks must have plans in place to survive in the event of a major business disruption.
Business operations must be resilient.
11. Banks should make disclosures that are clear enough that outside stakeholders can
assess the banks approach to operational risk management.
The Role of the Board and Senior Management