Development of an ORM model as part of a regulatory and economic capital framework is complex and takes time.
Effective management of operational risk requires diverse information from a variety of sources-including, for example, risk reports, risk and control profiles, operational risk incidents, key risk indicators, risk heat maps, and rules and definitions for regulatory capital and economic capital reporting.
A well-structured operational risk framework requires development of business-line databases to capture loss events attributable to various categories of operational risk. Basel II specifically requires a minimum of three years of data for initial implementation and ultimately five years for the Advanced Measurement Approaches (AMA). The need for historical data (including external data) has been a cause for concern for many enterprises.
Effective risk management program starts with “The Tone at the Top”- driven by the top management and adhered by the bottom line. However, if bank’s top leaders perceive operational risk management solely as a regulatory mandate, rather than as an important means of enhancing competitiveness and performance, they may tend to be less supportive of such efforts. Management and the board must understand the importance of operational risk, demonstrate their support for its management, and designate an appropriate managing entity and framework – one that is part of the financial institution’s overall corporate governance framework.