Skip to main content
Version date: 31 March 2021 - onwards

3. Operational risk management (paras. 1-13)

1. Operational risk is defined in the capital framework as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk.

2. Operational risk is inherent in all banking products, activities, processes and systems, and the effective management of operational risk is a fundamental element of a bank's risk management programme. Sound operational risk management is a reflection of the effectiveness of the board of directors and senior management in administering their portfolio of products, activities, processes and systems. Where appropriate, strategic and reputational risks should be considered by banks' operational risk management.

3. Although operational risk management and operational resilience address different goals, they are closely interconnected. An effective operational risk management system and a robust level of operational resilience work together to reduce the frequency and the impact of operational risk events.