Introduction

Guidance

(1) This chapter sets out the regulatory requirements in respect of a Bank’s obligation to manage effectively its Operational Risk exposures. Operational Risk refers to the risk of incurring losses due to inadequate or failed internal systems, processes, and people, or from external events. Operational Risk losses also include losses arising out of legal risk but excludes strategic and reputational risk. This chapter aims to ensure that a Bank has a robust Operational Risk management framework commensurate with the nature, scale and complexity of its operations and that it holds sufficient regulatory capital against Operational Risk exposures.

(2) This chapter includes requirements that a Bank:

• (a) implement a comprehensive Operational Risk management framework to manage, measure and monitor its operational Risk exposures commensurate with the nature, scale and complexity of its operations;
• (b) address specific elements of an Operational Risk management framework relating to IT systems, information security, outsourcing, business continuity and disaster recovery and the management of Operational Risks in trading rooms; and
• (c) calculate and hold the Operational Risk Capital Requirement, according to the methodologies provided in the BPG issued by the AFSA.

(3) The detailed requirements specifying the calculation methodologies, parameters, metrics and formulae in respect of the primary requirements outlined in this Chapter are provided in the BPG issued by the AFSA. The BPG also provides detailed guidance on the elements to be included in the policies, systems and controls for managing operational risk, qualitative guidance and standards to be followed in addressing specific components of operational risk like Business continuity risk, detailed parameters, formulae and methodology for calculation of Operational risk capital requirements mandated by this Chapter.