The role of insurance in operational risk mitigation. (Operational Risk Management).

Based on Daniel Butler's presentation at RMA's Third Annual Operational Risk Forum, this article presents Aon's five-step approach to risk mitigation and shows what a financial institution needs to know before attempting to integrate insurance into its capital framework.

It does sound fearsome: "...loss resulting from inadequate or failed internal processes, people, and systems or from external events." The Basel Committee's Revised Working Paper of September 2002 makes operational risk sound like loss and failure. No one wants to be labeled "inadequate" or a "failure." Of course, that also means everyone wants to have a handle on mitigating operational risks. And that's where the challenges begin.

Banks have developed a range of risk management techniques for credit and market risk. It is on these risks that banks have traditionally focused their risk management resources. Although not new, operational risk management in banking is an evolving and challenging discipline. Operational risks can come from practically anywhere within the organization. The nature of these risks makes them hard to measure as well; so while we may insure against a certain risk, we really don't know if we're underinsured or overinsured. It's hard even to tell exactly what certain insurances cover. Anyone attempting to deal with operational risk management will agree that the data just isn't there...yet. Add to that its evolving nature and the fat-tail tendencies toward highly unlikely but highly disastrous events, and operational risk begins to look as formidable as the Basel Committee has painted it.

Aon takes a five-step approach to effective operational risk mitigation for institutions:

1. Identification and risk mapping, which begins with setting forth the …