Basel Committee reports shortcomings in banks’ risk management

The report notes that some systemically important banks haven’t implemented all of the principles and don’t deploy the full range of operational risk management tools. “Therefore, these banks may not be adequately identifying and managing their operational risk exposures,” it warns. “Failure to fully implement appropriate operational risk identification and management practices may result in direct and material financial losses, or reputational and consequential losses, and could lead to a systemic impact on other banks, customers, counterparties and the financial system.”

Four principles are highlighted in the report as being the least thoroughly implemented, including: operational risk identification and assessment; change management; operational risk appetite and tolerance; and, disclosure.

The committee calls on banking regulators to work with the banks under their supervision to improve compliance. And, it makes several recommendations for the banks, including that they improve the implementation of the operational risk identification and assessment tools; enhance the implementation of change management programs and processes and ensure their effective monitoring; strengthen the implementation of the three-lines of defence (business line management, independent corporate operational risk management, and an independent review), especially by refining the assignment of roles and responsibilities; and, improve board and senior management oversight, articulation of operational risk appetite and tolerance statements, and risk disclosures.

At the same time as it published its review, the Basel Committee also released a revised standardized approach for measuring operational risk capital for consultation, which aims to streamline and enhance the framework that sets out different approaches that banks can use to calculate their operational risk capital requirement. Comments on the consultation are due by Jan. 6, 2015.