CHAPTER 13Incident Data Collection


As a regulator once said: “Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events; and if you don't know your losses, you miss an essential point of operational risk management.” Rightly so, most firms consider incident data collection as the bedrock of their ORM framework. In 2000, the bank‐insurance company ING created its first representation of the ORM framework. It comprised four concentric circles: the loss database formed the center circle, RCSA the second circle, with KRIs forming the third circle. The final, outer, circle was “lessons learnt” from large incidents (Figure 13.1). This was a simple and effective representation of four essential activities in non‐financial risk management.

Illustration of the ORM framework comprising four concentric circles: the loss database forming the center circle, RCSA the second circle, with KRIs forming the third circle, and the “lessons learnt” forming the outermost circle.

FIGURE 13.1 ORM framework

Internal loss data are a component of the advanced measurement approach and together with external loss data are the largest driver of regulatory capital for many firms. The Basel Committee on Banking Supervision has refocused attention on the incident data collection process and data quality, and the standardized measurement approach reform, finally published in December 2017,1 applied an internal loss multiplier to the capital charge of banks, penalizing those with a history of large losses. ...

Get Operational Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.