4. Recommendations
Failure to fully implement appropriate operational risk identification and management practices may result in direct and material financial losses, or reputational and consequential losses, as well as systemic impacts on other banks, customers, counterparties and the financial system. As shown in this report, banks are at varying stages of implementing the Principles. The peer review also highlighted several principles for which, overall, banks had not adequately implemented or addressed the relevant risk management response.
See comments in the executive summary.
The following summarises the specific areas of operational risk management practice where, overall, the most scope for improvement exists [While the Committee expects banks to implement all these recommendations, their implementation may be prioritised in the order shown here if resources are limited.].
Banks are encouraged to:
(a) Risk identification and assessment
(i) increase their use of external data for the purposes of risk management;
(ii) participate in industry consortia, to enhance the availability of external loss data for all jurisdictions;
(iii) further implement the use of business process mapping as an operational risk management tool;
(iv) further implement the use of key risk and performance indicators;