call us: 877-476-6411


Financial Institutions - Operational Risk Management Mitigation

Chris D. Brown - Global Industry Practice Leader, Financial Institutions

Regulators worldwide are assessing the capital adequacy of banks and financial institutions. At present, a financial institution’s operational risk capital adequacy (as distinct from its credit risk and market risk capital adequacy) can be reduced or mitigated by insurance. Global regulatory authorities recognize insurance as an acceptable platform for reducing the institution’s operational risk burden. Operational risk is defined as a financial institution’s adverse-capital loss “as a result of inadequate or failed processes, people and systems or from external events.”

Guidelines for the assessment of operational risk for global banks are set forth by The Bank for International Settlements (BIS), based in Switzerland. BIS, comprised of sixty member central banks, is empowered “to foster international cooperation in the central banks’ pursuit of monetary and financial stability.”  While capital requirements to meet regulatory standards have been in place for more than ten years, operational risk management methodologies continue to evolve.

Operational risk management methodologies vary from one institution to another, thereby creating difficulties in accurately evaluating risk capital resilience. 

The Advanced Measurement Approach, or AMA, is one of three methods used by banks to calculate capital adequacy requirements under Basel II. Financial institution AMA accreditation is considered to be the highest standard of operational risk measurement. To achieve AMA accreditation, the institution must have received approval from its own regulator. 

Banks adopting the AMA framework must produce evidentiary data to address four primary elements: external data, internal loss data, business environment exposures and internal governance control factors. The very scope and complexities of operational risk open the definition to different interpretations, thus permitting institutions and various national regulators to choose the sophistication of the model.   

The modeled output is used to calculate the capital adequacy required for operational risks as determined by the regulators. The regulators rely on model criteria to determine that an institution’s AMA framework is capturing and representing its operational risk profile. AMA accreditation is firmly grounded in the quality of the output to satisfy supervisory requirements. The models must be proved to authorities’ satisfaction that the risk data model is robust, which tends to be subjective within various jurisdictions. This has led to some questioning whether the AMA approach is fit for purpose.  It may be for this reason that on the 4th March 2016, the Basel Committee on Banking Supervision (BCBS) released a consultation paper proposing the abolition of the three existing approaches and replacing them with a single Standardised Measurement Approach. Interested parties have until 3rd June 2016 to respond.       

Risk mitigation strategies – in the form of insurance cover – are currently recognized by some regulatory authorities as providing satisfactory financial protection in the event of a loss.  Models incorporating insurance solutions that “capture all of the relevant elements” can receive discounts or “haircuts” off risk capital requirements by as much as 20 percent.  

Regulatory approval of an “insurance risk mapping process” imbedded in the models aligns the in-place insurance coverage with the institutional risk profile. The insurance mapping methodology is intended to reveal potential exposure to loss due to fraud, business interruption, product recall, employment practices, cyber and professional liability risks, among others. Institutions must demonstrate the adequacy of insurance coverage and verify the financial stability of the carrier to justify the discounts and benefit from reduced capital requirement levels.

Insurance offers solutions to enable financial institutions in many jurisdictions around the world to mitigate regulatory requirements for operational risk capital adequacy.


Please visit for all legal disclaimers.