Basel
ii in the United States of America
from the
Basel ii
Compliance Professionals Association (BCPA)
the largest association of Basel ii Professionals in the
world
Final Rule, USA: Risk-Based Capital Standards:
Advanced Capital Adequacy Framework — Basel II
Operational risk
A bank
must have operational risk management processes, data
and assessment systems, and quantification systems that
meet the qualification requirements in section 22(h) of
the final rule.
A bank
must have an operational risk management function that
is independent of business line management.
The
operational risk management function is responsible for
the design, implementation, and oversight of the
bank’s
operational risk data and assessment systems,
operational risk quantification systems, and related
processes.
The
roles and responsibilities of the operational risk
management function may vary between banks, but should
be clearly documented.
The
operational risk management function should have an
organizational stature commensurate with the bank’s
operational risk profile.
At a
minimum, the bank’s operational risk management function
should ensure the development of policies and procedures
for the explicit management of operational risk as a
distinct risk to the bank’s safety and soundness.
A bank
also must establish and document a process to identify,
measure, monitor, and control operational risk in bank
products, activities, processes, and systems.
This
process should provide for the consistent and
comprehensive collection of the data needed to estimate
the bank’s exposure to operational risk.
This
process must capture business environment and internal
control factors affecting the bank’s operational risk
profile.
The
process must also ensure reporting of operational risk
exposures, operational loss events, and other relevant
operational risk information to business unit
management, senior management, and to the board of
directors (or a designated committee of the board).
The
final rule defines an operational loss event as an event
that results in loss and is associated with any of the
seven operational loss event type categories.
Under
the final rule, the agencies have included definitions
of the seven operational loss event type categories,
consistent with the descriptions outlined in the New
Accord.
The
seven operational loss event type categories are:
(i)
internal fraud, which is the operational loss event type
category that comprises operational losses resulting
from an act involving at least one internal party of a
type intended to defraud, misappropriate property or
circumvent regulations, the law or company policy,
excluding diversity and discrimination-type events;
(ii)
external fraud, which is the operational loss event type
category that comprises operational losses resulting
from an act by a third party of a type intended to
defraud, misappropriate property or circumvent the law;
(iii)
employment practices and workplace safety, which is the
operational loss event type category that
comprises operational losses resulting from an act
inconsistent with employment, health,
or
safety laws or agreements, payment of personal injury
claims, or payment arising from
diversity or discrimination events;
(iv)
clients, products, and business practices, which is the
operational loss event type category that comprises
operational losses resulting from the nature or design
of a product or from an unintentional or negligent
failure to meet a professional obligation to specific
clients (including fiduciary and suitability
requirements);
(v)
damage to physical assets, which is the operational loss
event type category that comprises operational losses
resulting from the loss of or damage to physical assets
from natural disaster or other events;
(vi)
business disruption and systemfailures, which is the
operational loss event type category that comprises
operational losses resulting from disruption of business
or system failures; and
(vii)
execution, delivery, and process management, which is
the operational loss event type category that
comprises operational losses resulting from failed
transaction processing or process management or losses
arising from relations with trade counterparties and
vendors.
The
final rule does not require a bank to capture internal
operational loss event data according to these
categories.
However, unlike the proposed rule, the final rule
requires that a bank must be able to map such data into
the seven operational loss event type categories.
The
agencies believe such mapping will promote reporting
consistency and comparability across banks and is
consistent with expectations in the New Accord.
A
bank’s operational risk management processes should
reflect the scope and complexity of its business lines,
as well as its corporate organizational structure.
Each
bank’s operational risk profile is unique and should
have a tailored risk management approach appropriate for
the scale and materiality of the operational risks
present in the bank.
Return
to Table of Contents
Return to
Index
Read more
about our
Certified Basel
ii Professional (CBiiPro)
program
Read more
about our Certified Pillar 2 Expert
(CP2E)
program
Read more about our
Certified Pillar 3 Expert
(CP3E)
program
Read
more about our Certified
Stress Testing Expert (CSTE)
program
 | |
