operational-risk
Installation
SKILL.md
Operational Risk
Core Concepts
Operational Risk Framework
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. The Basel Committee's seven event-type categories map to trading operations as follows:
| Basel event type | Trading-operations examples |
|---|---|
| 1. Internal fraud | Unauthorized trading, intentional position mismarking, fictitious trade booking, front-running |
| 2. External fraud | Account takeover, phishing for trade credentials, wire fraud in settlement instructions, counterparty manipulation |
| 3. Employment practices and workplace safety | Inadequate operations training, key-person dependency, error-inducing workload |
| 4. Clients, products, and business practices | Suitability failures, improper execution, best execution violations, failure to follow client instructions |
| 5. Damage to physical assets | Data center or trading floor damage from natural disasters or civil disruption |
| 6. Business disruption and system failures | OMS outages, market data feed failures, connectivity loss, exchange gateway and clearing system downtime |
| 7. Execution, delivery, and process management | Trade errors, settlement fails, reconciliation breaks, failed corporate action processing, incorrect margin calculations (typically the largest loss category) |
Risk identification involves cataloging all operational risk exposures through process mapping, risk and control self-assessments (RCSAs), loss event analysis, scenario analysis, and audit findings. Risk assessment scores each risk on likelihood and impact dimensions, typically using a 5x5 heat map. Risk monitoring tracks KRIs, loss events, and control effectiveness. Risk mitigation applies controls (preventive and detective), process redesign, technology solutions, insurance, and business continuity planning.