In 1999, the Basel Committee created sensation among the banking community by announcing its intention to include operational risks in its new regulatory capital requirements,¹ along with traditional credit and market risks. Although at that time banks were already well aware of the increase in operational risks caused by the deregulation, computerization, and sophistication of their activities, they initially met the bank supervisors' proposal with skepticism. On one hand, banks claimed that operational risks were an inescapable part of doing business in the financial sector, in contrast to credit and market risks, which are taken purposely and can be hedged against. On the other hand, banks argued that operational risks were difficult to identify and monitor and that large losses were often the results of events not previously recognized as risks.

Yet, facing the growing materialization of operational risks,² the Basel Committee persisted, and in 2006, asked the banks to develop better frameworks for managing operational risks while introducing capital requirements for those risks. Though most of the credit institutions finally accepted and agreed with this decision, questions remained on how to measure operational risks and what risks were to be measured. Some of them will certainly remain unpredictable events against which banks can shield themselves ...