How our reference taxonomy can help the industry improve operational risk management
- 15 July 2019
This month we shared our initial work on developing an operational risk taxonomy with the wider industry. By clearly capturing relevant risks, the ORX taxonomy is intended to be a reference point for financial institutions across the globe, supporting them in their move from ‘passive’ to ‘active’ risk management.
Creating a useful reference for the industry
Our 2018 study on developing an industry reference taxonomy was built on the taxonomies of 44 banks and insurers. It gives us the basis for future phases of research aimed at providing an industry reference taxonomy for operational risk. We believe it is very important to treat this work as a reference, a resource to inform and learn from, not a hard standard to be inflexibly imposed.
While standards do form the basis of how we provide a platform for the industry to exchange information, we see no benefit in these being proprietary. As a not for profit industry association, whose mission is “to enhance the sound management of operational risk across the global financial services industry”, we aim to be as open as possible in sharing our work on taxonomies as it develops.
Standards are available and relevant to all
This is not the first time ORX has set about providing guidance to the wider industry. Since its inception, ORX has led the way in providing the reporting standards by which the industry views operational risk events. By bringing together a wealth of knowledge and experience from our community of members, we have produced Operational Risk Reporting Standards for both the banking and insurance industry.
Crucially, our standards have always been publicly available to anyone (get your copy here). Over the years, many thousands of individuals have requested copy, and many non-members of ORX, big and small institutions alike, have benefited from using them to support their operational risk event collection and reporting practices.
Reorienting existing taxonomies – a shared challenge
Throughout the last year we’ve noticed a significant gain in momentum in the development of new operational risk taxonomies. Many institutions are now trying to shift tools and processes from regulatory reporting and capital calculation, towards supporting the growing focus on proactive operational risk management.
Taxonomies support a wide range of risk measurement and management activities, including risk control self-assessments (RCSAs), reporting, event management, scenario analysis and key risk indicators (KRIs). Used across a range of tools and processes, taxonomies are often influenced by committee and organisational structure.
Although all of this does make taxonomies difficult and costly to change, it also demonstrates how important they are to get right. Articulating the case for change needs to be both robust and considered.
Our work so far has focused on understanding the coherence of taxonomies across the industry at the top level (level 1). We plan to expand the scope and detail of this work in early 2019.
Update July 2019
We've now started the next part of our work on taxonomies – find out more about phase two where we'll be exploring level 2 risks in more detail.