Over 60 taxonomies analysed for new reference taxonomy

  • 28 August 2019

For the last couple months we've been working with Oliver Wyman to build on our 2018 industry reference taxonomy. While our work last year focused on level 1 risks, phase two includes examining level 2 risks in more detail.. 

More than 60 of our member firms submitted their taxonomies to be analysed, and we've now developed our first draft of the enhanced taxonomy. I'm delighted to be able share a few top level highlights and outcomes from the initial review with you.

Some small changes to the L1 risks

The level 1 risks have remained largely unchanged from the 2018 version – for example topics such as business continuity, legal and people are all still present. However, the advisory group have been discussing the need to separate internal and external fraud. They have also been working on redefining and re-evaluating these three risks in light of the taxonomy data that has been collected:

  1. Information security
  2. Data management
  3. Technology

We noticed that there are a number of boundary cases between these risks in particular. We also saw some differences in how firms are distinguishing between different types of data, such as employee data versus client data, which could be mapped to separate level 1 risks.

L2 risks have more areas of divergence

We are currently looking at approximately 75-80 level 2 risks to support the level one risks. There is divergence in the submitted data on a number of these, making it harder to develop common level 2 risks. These areas, which include conduct, information security and third party among others, are now the focus of the advisory group, who are currently proposing and testing solutions.

Guidance and deep dives to focus on key risks

As part of this work, we will produce guidance that defines the level 1 and level 2 risks. This guidance will include examples of the logic behind the construction of the taxonomy, and supporting examples to make the enhanced taxonomy easier to use. This will include this mapping categories back to the Basel event types. The advisory group will also identify risks which they think would most benefit from further guidance – typically the areas where there is the most difference in practice – for us to produce deep dives on.

A new standardised taxonomy for op risk

We're aiming to publish the finalised taxonomy in October. If you want to be notified when it's available, sign up to our newsletter, or follow us on LinkedIn or Twitter.