The ORX Reference Taxonomy 2019
- 22 November 2019
New taxonomy for operational and non-financial risk published
“This is an excellent development that really clearly sets out a coherent industry view of the operational risks we face today. It provides a pragmatic common language that will allow the industry to discuss risks and share information for years to come."
Mark Cooke, ORX Chairman and Group General Manager at HSBC
Following our initial work in 2018 on an industry reference taxonomy, ORX has been working with Oliver Wyman to develop phase 2 of the ORX Reference Taxonomy for operational and non-financial risk. In line with our mission to improve operational risk management throughout the financial sector, we've made the taxonomy and summary report freely available.
About the ORX Reference Taxonomy
A strategic priority for the op risk community
There has been a substantial change in the operational risks faced in financial services over the last 15 years. Risks such as conduct, cyber and third party have risen in importance and now dominate boardroom agendas.
This changing risk profile, combined with a recent shift of focus away from capital measurement towards risk management, means that many organisations are updating their operational risk taxonomies. In doing so, they are deviating from the Basel Event Types and in the absence of a common standard, we have observed a great deal of divergence.
Creating an industry reference taxonomy
“Our strategic priority was to create a common point of reference for operational risk taxonomies, laying the foundations which allow industry debate and consistent industry sharing of insights and data going forward."
Simon Wills, Executive Director, ORX
It was in response to this divergence that we began work in 2018 to create an operational and non-financial risk taxonomy that the industry could use as a reference point. In November 2018 we published our first edition of the taxonomy, which went on to win industry initiative of the year at the Operational Risk Awards.
In 2019, we decided to build on this and create an updated version. Using information from 60 member firms who shared their taxonomies, our new reference taxonomy updates the level 1 risks proposed in our previous version and digs deeper into level 2 risks. The data we collected came from a wide range of financial institutions, allowing us to create a taxonomy that can be used by banks and insurers, no matter their size, around the world.
How can you use the ORX Reference Taxonomy?
“Comparability has suffered from the adjustments financial institutions have made to their internal taxonomies to reflect the significant changes in operational risk. This reference taxonomy aims to address this issue by providing a new common language for the industry.”
Evan Sekeris, Partner, Oliver Wyman
The taxonomy can be used as a key reference to benchmark against and to observe industry trends. We haven’t created the taxonomy as a standard specifically intended to be adopted wholesale. Instead, you can use our taxonomy to help develop your organisational taxonomies and to provide industry evidence to support change. Our hope is that the ORX taxonomy will allow firms to accelerate their thinking.
Top-level observations from the data
While reviewing the submitted taxonomies, we noticed several themes from across the data:
- An increase in level 1 size and use of risk "themes"
- The use of different "dimensions" to define level 2 risks
- Causes and/or control failures were often included
- There was clear divergence of practice between the taxonomies
To find out more and for a copy of the reference taxonomy, download the report, The ORX Reference Taxonomy for operational and non-financial risk.
Get in touch for further guidance on the taxonomy
We've also created guidance and deep dives to help the op risk community get the most from the new taxonomy, including:
- The full ORX Reference Taxonomy report that includes further analysis and information on the member taxonomy data collected, as well as deep dives on approaches to cyber, conduct and third party risk
- The Reference Taxonomy level 1 and level 2 risks with comprehensive definitions
- Guidance supporting users to understand the application of the ORX Reference Taxonomy
- A mapping of the taxonomy back to Basel Event types
The guidance is freely available to anyone who works at one of our member firms, and available on request to those who aren't members of ORX.
What next for the reference taxonomy?
Next year, we plan to produce a corresponding cause and impact taxonomy, in addition to progressing work on controls. This will enable us to provide an even more comprehensive resource for the industry. The ORX Reference Taxonomy will also be incorporated into the ORX News service.