Operational risk refers to the risk of loss resulting from inadequate or failed processes or systems, from personnel or from external events. This definition includes compliance risk but excludes risks resulting from strategic decisions. The risks may realize for instance as a consequence of:
- Internal misconduct
- External misconduct
- Insufficient human resources management
- Insufficiencies in operating policies as far as customers, products or business activities are concerned
- Damage to physical property
- Interruption of activities and system failures
- Defects in the operating process.
Materialized operational risks can cause an immediate negative impact on the financial results due to additional costs or loss of earnings. In the longer term, materialized operational risks can lead to a loss of reputation and, eventually, a loss of customers which endangers the company’s ability to conduct business activities in accordance with the strategy.
Compliance risk is the risk of legal or regulatory sanctions, material financial losses or loss of reputation resulting from a company’s failure to comply with laws, regulations and administrative orders as applicable to its activities. A compliance risk is usually the consequence of internal misconduct and hence it can be seen as a part of operational risk.