This chapter examines the definition of operational risk and its role in the management of risks in the financial services sector, including fintechs and digital and traditional banks. It outlines the formal adoption of operational risk management for regulated banks under the Basel II framework. The requirements to identify, assess, control, and mitigate operational risk are introduced, along with the four causes of operational risk—people, process, systems, and external events—and the seven risk types. The definition is tested against the 2012 London Olympics. The different roles of operational risk management and measurement are introduced, as well as the role of operational risk in an enterprise risk management framework.

THE DEFINITION OF OPERATIONAL RISK

What do we mean by operational risk?

Operational risk management had been defined in the past as all risk that is not captured in market and credit risk management programs. Early operational risk programs, therefore, took the view that if it was not market risk, and it was not credit risk, then it must be operational risk. However, today a more concrete definition has been established, and the most commonly used of the definitions can be found in the Basel II regulations. The Basel II definition of operational risk is:

… the risk of loss resulting from inadequate or failed processes, people and systems or from external events.

This definition includes legal risk, ...