IMPORTANCE OF LOSS REPORTING AND REGULATORY REQUIREMENTS

As a regulator once said: “Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events; and if you don't know your losses, you miss an essential point of operational risk management.” Rightly so, most firms consider incident data collection as the bedrock of their ORM framework. In 2000, the bank‐insurance company ING created its first representation of the ORM framework. It comprised four concentric circles: the loss database formed the center circle, RCSA the second circle, with KRIs forming the third circle. The final, outer, circle was “lessons learnt” from large incidents (Figure 13.1). This was a simple and effective representation of four essential activities in non‐financial risk management.

Internal loss data are a component of the advanced measurement approach and together with external loss data are the largest driver of regulatory capital for many firms. The Basel Committee on Banking Supervision has refocused attention on the incident data collection process and data quality, and the standardized measurement approach reform, finally published in December 2017,¹ applied an internal loss multiplier to the capital charge of banks, penalizing those with a history of large losses. ...