How our work to create a new taxonomy can help improve operational risk management

Update

Since our work in 2018 on developing a new operational risk taxonomy, we've published a new level 1 and level 2 event type reference taxonomy for operational and non-financial risk. The taxonomy is free for everyone to download.

Download the ORX Event Type Taxonomy

Original article (May 2018)

This month we shared our initial work on developing an operational risk taxonomy with the wider industry. By clearly capturing relevant risks, the ORX taxonomy is intended to be a reference point for financial institutions across the globe, supporting them in their move from ‘passive’ to ‘active’ risk management.

Creating a useful reference for the industry

Our 2018 study on developing an industry reference taxonomy was built on the taxonomies of 44 banks and insurers. It gives us the basis for future phases of research aimed at providing an industry reference taxonomy for operational risk. We believe it is very important to treat this work as a reference, a resource to inform and learn from, not a hard standard to be inflexibly imposed.

While standards do form the basis of how we provide a platform for the industry to exchange information, we see no benefit in these being proprietary. As a not for profit industry association, whose mission is “to enhance the sound management of operational risk across the global financial services industry”, we aim to be as open as possible in sharing our work on taxonomies as it develops.

Standards are available and relevant to all

This is not the first time ORX has set about providing guidance to the wider industry. Since its inception, ORX has led the way in providing the reporting standards by which the industry views operational risk events. By bringing together a wealth of knowledge and experience from our community of members, we have produced Operational Risk Reporting Standards for both the banking and insurance industry.

Crucially, our standards have always been publicly available to anyone (get your copy here). Over the years, many thousands of individuals have requested copy, and many non-members of ORX, big and small institutions alike, have benefited from using them to support their operational risk event collection and reporting practices.

Reorienting existing taxonomies – a shared challenge

Throughout the last year, we’ve noticed a significant gain in momentum in the development of new operational risk taxonomies. Many institutions are now trying to shift tools and processes from regulatory reporting and capital calculation, towards supporting the growing focus on proactive operational risk management.

Taxonomies support a wide range of risk measurement and management activities, including risk control self-assessments (RCSAs), reporting, event management, scenario analysis and key risk indicators (KRIs). Used across a range of tools and processes, taxonomies are often influenced by committee and organisational structure.

Although all of this does make taxonomies difficult and costly to change, it also demonstrates how important they are to get right. Articulating the case for change needs to be both robust and considered.