OM-1.1 OM-1.1 Overview
OM-1.1.1
Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and
reputational risk .OM-1.1.2
Operational risk is inherent in all types of banks' activities, and therefore all new products and services should be reviewed for operational risks prior to their implementation. As these risks are important and can result in substantial losses, bank auditors should include operational audits in the scope of all audits.
OM-1.1.3
The importance of operational risk has gained prominence as increasing reliance on sophisticated technology raises concerns of potential losses should unforeseen events cause technological failures. Banks have traditionally focused on controlling and mitigating credit and liquidity risks, however, enhanced levels of automation, while reducing costs and processing times, also pose potential risks. As such any one process or system failure may itself or through a series of systematic failures, could possibly cause financial or other losses to a bank. Therefore, it has become imperative that banks should establish policies and procedures to monitor and control operational risks.
OM-1.1.4
For detailed guidance on the management of operational risk within a bank, refer to the
Basel Committee paper 'Sound Practices for the Management and Supervision of Operational Risk' (see www.bis.org/publ/bcbs_wp96.htm).OM-1.1.5
The Agency will use the paper mentioned in paragraph OM-1.1.4 as a guideline in evaluation of the internal control systems of banks operating in Bahrain. Such evaluations will be made through the Agency's normal supervisory processes (e.g. meetings with management, on-site examinations (Module BR) and the use of reporting accountants (Module AU)).
