ORX Event Type Operational Risk Reference Taxonomy

Are you an ORX Member? Log in here for the full taxonomy and guidance (check if your firm is a member) 

“This is an excellent development that really clearly sets out a coherent industry view of the operational risks we face today. It provides a pragmatic common language that will allow the industry to discuss risks and share information for years to come."
Mark Cooke, former ORX  Chairman and Group General Manager at HSBC

Following our initial work in 2018 on an industry reference taxonomy, ORX worked with Oliver Wyman in 2019 to develop the ORX Event Type Taxonomy for operational and non-financial risk. In line with our mission to improve operational risk management throughout the financial sector, we've made the taxonomy and summary report freely available. We've also created guidance that you can purchase to help you use the taxonomy to its fullest advantage.

About the ORX Event Type Reference Taxonomy

A strategic priority for the operational risk community

There has been a substantial change in the operational risks faced in financial services over the last 15 years. Risks such as conduct, cyber and third party have risen in importance and now dominate boardroom agendas.

This changing risk profile, combined with a recent shift of focus away from capital measurement towards risk management, means that many organisations are updating their operational risk taxonomies. In doing so, they are deviating from the Basel Event Types and in the absence of a common standard, we have observed a great deal of divergence.

Creating an industry reference taxonomy

“Our strategic priority was to create a common point of reference for operational risk taxonomies, laying the foundations which allow industry debate and consistent industry sharing of insights and data going forward."
Simon Wills, Executive Director, ORX

It was in response to this divergence that we began work in 2018 to create an operational and non-financial risk taxonomy that the industry could use as a reference point. In November 2018 we published our first edition of the taxonomy, which went on to win industry initiative of the year at the Operational Risk Awards.

In 2019, we decided to build on this and create an updated version. Using information from 60 member firms who shared their taxonomies, our new reference taxonomy updates the level 1 risks proposed in our previous version and digs deeper into level 2 risks. The data we collected came from a wide range of financial institutions, allowing us to create a taxonomy that can be used by banks and insurers, no matter their size, around the world.

How can you use the ORX Reference Taxonomy?

“Comparability has suffered from the adjustments financial institutions have made to their internal taxonomies to reflect the significant changes in operational risk. This reference taxonomy aims to address this issue by providing a new common language for the industry.”
Evan Sekeris, Partner, Oliver Wyman

The taxonomy can be used as a key reference to benchmark against and to observe industry trends. We haven’t created the taxonomy as a standard specifically intended to be adopted wholesale. Instead, you can use our taxonomy to help develop your organisational taxonomies and to provide industry evidence to support change. Our hope is that the ORX taxonomy will allow firms to accelerate their thinking.

Top-level observations from the data

While reviewing the submitted taxonomies, we noticed several themes from across the data:

1. An increase in level 1 size and use of risk "themes"
2. The use of different "dimensions" to define level 2 risks
3. Causes and/or control failures were often included
4. There was clear divergence of practice between the taxonomies

Guidance available to help you use the ORX Reference Taxonomy 

Together, the Cause and Impact Taxonomy and the Event Type Taxonomy make up the ORX Operational Risk Reference Taxonomy. To help the operational risk community get the most from the ORX Reference Taxonomy, we've created guidance which is available to purchase alongside it.

The guidance includes examples and provides more detail about the taxonomies and how you can use them. It gives you detailed guidance on each level 1 risk, explains how to use flags and risk themes to add further context and insights to your data, provides information and definitions for specific cause categories and more.