Reinventing Operational Risk Regulation for a World of Climate Change, Cyberattacks, and Tech Glitches
68 Pages Posted: 6 Feb 2023
Date Written: January 28, 2023
Abstract
Around 30 years ago, banking regulators began to construct the concept of “operational risk,” and devise rules to manage this newly-created risk category. This “invention” of operational risk assembled a grab-bag of otherwise uncategorized risks associated with banking operations; this Article argues that the resulting operational risk regulation framework isn’t very well suited to some of those risks. In particular, this Article demonstrates that the existing operational risk regulation framework is becoming an increasingly inadequate response to banks’ exposure to operational losses following damage to their physical assets and business disruption and system failures. This is so for two reasons. First, the current iteration of operational risk regulation does not respond to the significant uncertainty affecting the banking system as a result of trends like increasing technological complexity, cyberattacks, and climate change. Second, existing regulation doesn’t contemplate that operational risks can be transmitted to and from banks through technological and other non-financial channels, and so the potential for systemic contagion is underestimated.
This Article therefore sketches the beginnings of a “reinvented” approach to regulating for the operational threats of damage to physical assets and business disruption and system failures. The proposed framework places much less emphasis on risk-weighted capital regulation, favoring the alternative of simple buffers of equity that are more robust to uncertainty. In the absence of risk-weighted capital regulation, banking supervision will take on even greater importance. This Article therefore provides some guidance on what a “macro-operational” approach to banking supervision might look like, taking into account the possibility of technological and other forms of transmission of operational risk among banks. The Article concludes by recognizing that macro-operational supervision will not succeed in preventing all operational problems, and therefore considers what new types of operations-specific emergency tools might need to be devised as a response.
Suggested Citation: Suggested Citation