Role of disclosure (paras. 66-68)
Principle 12: A bank's public disclosures should allow stakeholders to assess its approach to operational risk management and its operational risk exposure.
66. A bank's public disclosure of relevant operational risk management information can lead to transparency and the development of better industry practice through market discipline. The amount and type of disclosure should be commensurate with the size, risk profile and complexity of a bank's operations, and evolving industry practice.
67. Banks should disclose relevant operational risk exposure information to their stakeholders (including significant operational loss events), while not creating operational risk through this disclosure (eg description of unaddressed control vulnerabilities). [Internationally active banks are required to comply with the Basel III Pillar 3 operational risk disclosure requirements.], [The recommendation to disclose significant operational loss events does not include disclosure of confidential and proprietary information, including information about legal reserves.] A bank should disclose its ORMF in a manner that allows stakeholders to determine whether the bank identifies, assesses, monitors and controls/mitigates operational risk effectively.