Journal of Operational Risk

Risk.net

Ten laws of operational risk

Michael Grimwade

Understanding operational risk is fundamental to its effective management. This paper sets out ten laws that govern the behavior of operational risk relating to the occurrence and detection/duration of events; the rapidity with which firms suffer losses; the lags in crystallization of losses; and internal and external drivers of concentration. The paper also considers the transference and conservation of risk; risk homeostasis (ie, control expenditure will respond to increased risk to return firms to within appetite); and the proactive taking of operational risk by firms in order to obtain fee and commission income. These laws are underpinned by event, causal and impact taxonomies. Each of the laws is illustrated through the analysis of loss and financial data for thirty-one current and former global systemically important banks, before and after the global financial crisis. Finally, the paper briefly considers the impacts of these laws on how firms should undertake stress testing and risk and controls self-assessments, and select predictive key risk indicators, and also the extent to which these laws make predictions as to the outcomes of three emerging threats.

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to Risk.net? View our subscription options

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here