Skip to main content

Operational Risk

Operational Risk is defined by the Bank of International Settlements (BIS) as

the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events (strategic and reputational risk is not included in this definition for the purpose of a minimum regulatory operational risk capital charge)

Legal risk is included in this definition. Operational risk is therefore the sum of Operating Risk, Information Systems, Compliance and Legal Risk.


Simply put, operational risk represents the “real” cost of doing things wrong: a firm might fail to adhere to regulation;  a firm might fail to follow a formal process and have up to date documentation on it; a firm might endure severe losses due to old or non resilient IT systems – there can be many reasons.

It is crucial that firms learn from from past mistakes, aiming to reduce the likelihood of recurrence and the impact in the organisation, from a financial, reputational, legal and regulatory perspective. Operational risk events might result in a profit, a loss or a near miss. Firms are required by the regulator (e.g. FCA) to maintain a formal and robust loss database.

The Sergio Galanti Operational Risk Puzzle
The Sergio Galanti Operational Risk Puzzle


Our recent articles about Operational Risk