This chapter explores the collection of operational risk event loss data. It explores the reasons for data collection and the methods used. The seven Basel operational risk categories and the Basel business line categories are described and their use in the framework is discussed. Operational risk event data standards are introduced, along with examples of regulatory expectations and best practices for the many elements of an operational risk event data collection process.

OPERATIONAL RISK EVENT DATA

Once governance, culture, awareness, and initial policies and procedures are in place, the four core elements of the operational risk program can be designed and launched. These four elements are:

1. Operational risk event (internal loss) data.
2. Risk and control self-assessments (RCSAs).
3. Scenario analysis.
4. Key risk indicators (KRIs).

The first of these is referred to as internal loss data in the Basel regulatory guidance, but is better named “operational risk event data,” as it refers not just to losses, but to a broader category of operational risk events.

A robust operational risk framework includes consideration of both internal and external operational risk events. Internal events are those that have happened in or to the firm. External events are those that have happened not in or to the firm but elsewhere in the industry.

INTERNAL LOSS DATA OR INTERNAL OPERATIONAL RISK EVENTS

Loss data is a key element in the operational ...