Operational Risk Management: What Every FRM Candidate Needs to Know

Operational risk has become one of the most important areas in risk management, with events like cyberattacks, rogue trading, and pandemic disruptions highlighting its significance.

Basel Definition

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, systems, or external events. This includes legal risk but excludes strategic and reputational risk.

The Seven Loss Event Types

Internal Fraud: Unauthorized trading, theft, intentional misreporting
External Fraud: Cybercrime, robbery, forgery
Employment Practices: Discrimination claims, workplace safety violations
Clients, Products & Business Practices: Mis-selling, money laundering, market manipulation
Damage to Physical Assets: Natural disasters, terrorism, vandalism
Business Disruption & System Failures: IT outages, software failures, utility disruptions
Execution, Delivery & Process Management: Data entry errors, failed settlements

Risk Assessment Tools

RCSA (Risk and Control Self-Assessment): Business units assess their own risks
KRIs (Key Risk Indicators): Forward-looking metrics providing early warnings
Scenario Analysis: Expert-driven assessment of extreme but plausible events
Loss Data Collection: Systematic recording of operational losses

Capital Approaches

Under Basel III.1, the new Standardized Approach replaces all previous approaches:

Business Indicator Component (BIC) — based on size and complexity
Internal Loss Multiplier (ILM) — based on historical losses
Replaces BIA, TSA, and AMA

Emerging Operational Risks

Cyber Risk

The top operational risk concern for financial institutions:

Data breaches, ransomware, DDoS attacks
Sophisticated threat actors (state-sponsored, criminal)
Interconnected systems amplifying impact

Operational Resilience

Moving beyond traditional BCP/DR:

Focus on critical business services
Set impact tolerances
Test ability to operate through disruption

Third-Party Risk

Outsourcing doesn't transfer risk:

Due diligence, monitoring, exit planning
Cloud concentration risk
Fourth-party risks (vendors of vendors)

Practice operational risk questions to prepare for this high-weight FRM topic!

Frequently Asked Questions

What is operational risk according to Basel?▼

Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, systems, or from external events. It includes legal risk but excludes strategic and reputational risk.

What are the 7 Basel operational risk loss event types?▼

The seven types are: (1) Internal Fraud, (2) External Fraud, (3) Employment Practices & Workplace Safety, (4) Clients Products & Business Practices, (5) Damage to Physical Assets, (6) Business Disruption & System Failures, (7) Execution Delivery & Process Management.

How is operational risk capital calculated under Basel III.1?▼

Under Basel III.1, the new Standardized Approach uses the Business Indicator Component (BIC) based on bank size and an Internal Loss Multiplier (ILM) based on historical losses, replacing all previous approaches (BIA, TSA, AMA).

What is operational resilience?▼

Operational resilience is the ability of a firm to deliver critical business services through disruption. It shifts focus from preventing failures to ensuring the organization can operate within impact tolerances during severe events.

Operational Risk Management: What Every FRM Candidate Needs to Know

Basel Definition

The Seven Loss Event Types

Risk Assessment Tools

Capital Approaches

Emerging Operational Risks

Cyber Risk

Operational Resilience

Third-Party Risk

Frequently Asked Questions

Related Articles

FRM Part 1 vs Part 2: Key Differences and Study Strategies

Credit Risk Management Fundamentals for FRM Candidates

Market Risk Measurement and Management: FRM Part 2 Deep Dive

Start Practicing Today