Liberty Street Economics
Liberty Street Economics

« | Main | »

January 7, 2019

Coming to Terms with Operational Risk

Gara Afonso, Filippo Curti, and Atanas Mihov

LSE_Coming to Terms with Operational Risk

The term “operational risk” often evokes images of catastrophic events like hurricanes and earthquakes. For financial institutions, however, operational risk has a broader scope, encompassing losses related to fraud, rogue trading, product misrepresentation, computer and system failures, and cyberattacks, among other things. In this blog post, we discuss how operational risk has come into greater focus over the past two decades—to the point that it now accounts for more than a quarter of financial institutions’ regulatory capital.

The Origins of Operational Risk Capital

By the early 1990s, a series of high-profile operational losses had shaken the financial industry, bringing significant attention to the relatively unknown topic of operational risk. In 1995, a trader named Nick Leeson engaged in unauthorized transactions that resulted in losses of more than $1.3 billion, ultimately leading to the collapse of Barings Bank, then the world’s second oldest merchant bank. The incident, along with other rogue trading scandals from that time, helped set the stage for regulatory policy on operational risk in the years to come. The Basel Committee on Banking Supervision (BCBS) formally introduced the concept of operational risk in 1998 while working on its new framework (Basel II) and proposed to develop an explicit capital charge for operational risk a year later.

In those early years, the definition of operational risk evolved rapidly. At first, it was commonly defined as a catchall category that captured every type of unquantifiable risk faced by a banking organization—an approach that made operational risk hard to define. In 2004, the BCBS defined operational risk in the main Basel II framework directive as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.” That definition was later clarified to exclude reputational and strategic risks while including legal risk.

Despite refinements, operational risk remained a very broad loss category, covering everything from the physical damage caused by a terrorist attack (September 11, for example) to the financial damage wrought by corporate fraud (as seen in the Enron and WorldCom debacles). The breadth of the definition led the BCBS to further classify operational losses into loss event types and business lines to allow for more homogeneous categories of losses and more accurate estimations of banks’ exposure to operational risk.

By the early 2000s, operational risk had gained more recognition as a material risk for financial institutions and was assessed to be larger than market risk. For internationally active banks, it was estimated to be in the billions of U.S. dollars.

How Big Is Operational Risk Today?

Operational risk is currently a major risk category for U.S. bank holding companies, and it has grown both in dollar terms and relative to other risks in recent years. As of December 2017, operational risk accounted for 28 percent of total regulatory capital, on average, at the group of institutions that are subject to the Advanced Capital Adequacy Framework in determining their capital requirements. (Each firm in this group currently has $250 billion or more in consolidated total assets or $10 billion or more in consolidated total on-balance sheet foreign exposure.) This figure represents a significant amount of capital in comparison to the capital held against market and credit risk (6 percent and 66 percent of total regulatory capital, respectively). Furthermore, in the most recent Dodd-Frank Act Stress Test, the severely adverse scenario projected operational risk losses for the thirty-five participating BHCs of $135 billion, or 23 percent of the $578 billion in aggregate losses projected for these firms over the nine quarters ending in March of 2020.


Coming to Terms with Operational Risk

Exposure to operational risk, however, is not the same across bank holding companies. Studies show that larger and more complex banking organizations are more exposed to operational risk. In a recent research paper, Filippo Curti and Atanas Mihov show that larger banks have higher operational losses per dollar of total assets. Further, this result is largely driven by a specific type of loss: banks’ failure to meet professional obligations to clients or from the design of their products (an event category known as “Clients, Products, and Business Practices”). In another paper, Anna Chernobai, Ali Ozdagli, and Jianlin Wang discuss how banks’ operational risk increases with the complexity of their business—an outcome, they argue, that derives from managerial failure rather than strategic risk taking.

The Future of Operational Risk

Operational risk is intrinsic to financial institutions and poses a significant threat to their financial solvency. Developments in information systems and computing technology have facilitated improvements in the measurement and management of operational risk. However, the same technological advancements that are reshaping today’s business environment are also likely to expose banks to even greater operational risks in the future. It is therefore imperative that banks and supervisors continue to strengthen their approach to managing and mitigating operational risk.

Disclaimer

The views expressed in this post are those of the authors and do not necessarily reflect the position of the Federal Reserve Bank of New York, the Federal Reserve Bank of Richmond, or the Federal Reserve System. Any errors or omissions are the responsibility of the authors.


Afonso_garaGara Afonso is an assistant vice president in the Federal Reserve Bank of New York’s Research and Statistics Group.

Fin_econ_curti_pipbFilippo Curti is a financial economist at the Federal Reserve Bank of Richmond.

Fin_econ_mihov_pitbAtanas Mihov is a financial economist at the Federal Reserve Bank of Richmond.

How to cite this blog post:

Gara Afonso, Filippo Curti, and Atanas Mihov, “Coming to Terms with Operational Risk,” Federal Reserve Bank of New York Liberty Street Economics January 7, 2019, https://libertystreeteconomics.newyorkfed.org/2019/01/coming-to-terms-with-operational-risk.html.

RSS RSS Feed

Twitter Follow Liberty Street Economics

About the Blog

Liberty Street Economics features insight and analysis from New York Fed economists working at the intersection of research and policy. Launched in 2011, the blog takes its name from the Bank’s headquarters at 33 Liberty Street in Manhattan’s Financial District.

The editors are Michael Fleming, Andrew Haughwout, Thomas Klitgaard, and Asani Sarkar, all economists in the Bank’s Research Group.

Liberty Street Economics does not publish new posts during the blackout periods surrounding Federal Open Market Committee meetings.

The views expressed are those of the authors, and do not necessarily reflect the position of the New York Fed or the Federal Reserve System.

Economic Research Tracker

Image of NYFED Economic Research Tracker Icon Liberty Street Economics is available on the iPhone® and iPad® and can be customized by economic research topic or economist.

Economic Inequality

image of inequality icons for the Economic Inequality: A Research Series

This ongoing Liberty Street Economics series analyzes disparities in economic and policy outcomes by race, gender, age, region, income, and other factors.

View by Topic

Most Read this Year

  1. Credit Card Delinquencies Continue to Rise—Who Is Missing Payments?
  2. Deposit Betas: Up, Up, and Away?
  3. The Great Pandemic Mortgage Refinance Boom
  4. The Post-Pandemic r*
  5. Spending Down Pandemic Savings Is an “Only-in-the-U.S.” Phenomenon
Useful Links
Comment Guidelines

 

We encourage your comments and queries on our posts and will publish them (below the post) subject to the following guidelines:

Please be brief: Comments are limited to 1,500 characters.

Please be aware: Comments submitted shortly before or during the FOMC blackout may not be published until after the blackout.

Please be relevant: Comments are moderated and will not appear until they have been reviewed to ensure that they are substantive and clearly related to the topic of the post.

Please be respectful: We reserve the right not to post any comment, and will not post comments that are abusive, harassing, obscene, or commercial in nature. No notice will be given regarding whether a submission will or will
not be posted.‎

Comments with links: Please do not include any links in your comment, even if you feel the links will contribute to the discussion. Comments with links will not be posted.

Send Us Feedback

Disclosure Policy

The LSE editors ask authors submitting a post to the blog to confirm that they have no conflicts of interest as defined by the American Economic Association in its Disclosure Policy. If an author has sources of financial support or other interests that could be perceived as influencing the research presented in the post, we disclose that fact in a statement prepared by the author and appended to the author information at the end of the post. If the author has no such interests to disclose, no statement is provided. Note, however, that we do indicate in all cases if a data vendor or other party has a right to review a post.

Archives