This chapter introduces the important elements that are recommended for an operational risk framework. These elements include the foundations of governance, risk appetite, culture and awareness, and policy and procedure; the building blocks of data collection including loss data, risk and control self-assessment, scenario analysis, and key risk indicators; and the final capstones of calculation of capital and reporting.

OVERVIEW OF THE OPERATIONAL RISK FRAMEWORK

As discussed in Chapter 1, an operational risk program should ensure that operational risk is identified, assessed, monitored, controlled, and mitigated.

If a fintech or bank can successfully establish and maintain these elements, then it has the opportunity to avoid unnecessary operational risk and its resulting financial and reputational damage.

The Basel Committee on Banking Supervision's 2021 “Revisions to the Principles for the Sound Management of Operational Risk”¹ provides helpful guidelines for best practices for operational risk departments. When meeting these standards, an operational risk framework needs to be developed that will fit with the culture of the bank or fintech and reflect best practice in the industry.

The main data building blocks of an operational risk framework are:

• Loss data collection.
• Risk and control self-assessment.
• Scenario analysis.
• Key risk indicators.

The framework must also address governance, ...