Current market complexities within the operating environment calls for an imperative need for businesses to establish outward looking processes, confirms the Institute of Operational Risk (IOR). The sixth in its series of Sound Practice Guidance papers on the topic of External Loss Events published today, examines how external loss events are a collection of cautionary tales.

The paper describes all the elements required for effective external loss events and their use in the operational risk management framework. The paper looks in detail at the elements of external loss events, uses of external events and its use in operational risk capital modelling.
When an organisation looks only within its own four walls, or restricts its view to the closest identified peer organisations, it manages risk without using peripheral vision. As a result, it may fail to identify and address potentially catastrophic risks.

In order to add value beyond data points, a robust operational risk database should reflect the complexity of the operating environment. This includes not just a long list of indexing items, such as event type, product type, causation, control failings, but also a robust story line that provides insight into what went wrong, what controls failed, and what are the broader implications for the markets and peer institutions.

Operational events often are not one-off events and do not occur in isolation. An analysis of an operational risk event that incorporates business conditions and the internal operating environment of an institution that experienced the loss will provide relevant and robust content for scenarios and assessments that reflect the complexities of our current times. Attempting to reduce a discipline as complicated as operational risk to a set of data points will only provide a set of data points rather than leading to a greater understanding of causes, controls and effects.

The old position that “it can’t happen here” seems more redundant than ever given events over recent years. Many organisations were probably overlooking a rich source information that in the past was dismissed as not relevant. Increasingly external loss events are seen as important contributors to the operational risk framework, especially scenario analysis and risk and control assessment (RCSA).

Edward Sankey, chairman of the Council of the IOR, says: “Risk managers are expected to bring insight and a deep understanding of how serious events can arise and affect a firm immensely improves a firm’s preparedness. Central to this is monitoring major events wherever they occur, and drawing lessons for one’s own firm.”

Share Story: