Reinventing Operational Risk Regulation for a World of Climate Change, Cyberattacks, and Tech Glitches

68 Pages Posted: 6 Feb 2023

See all articles by Hilary J. Allen

Hilary J. Allen

American University - Washington College of Law

Date Written: January 28, 2023

Abstract

Around 30 years ago, banking regulators began to construct the concept of “operational risk,” and devise rules to manage this newly-created risk category. This “invention” of operational risk assembled a grab-bag of otherwise uncategorized risks associated with banking operations; this Article argues that the resulting operational risk regulation framework isn’t very well suited to some of those risks. In particular, this Article demonstrates that the existing operational risk regulation framework is becoming an increasingly inadequate response to banks’ exposure to operational losses following damage to their physical assets and business disruption and system failures. This is so for two reasons. First, the current iteration of operational risk regulation does not respond to the significant uncertainty affecting the banking system as a result of trends like increasing technological complexity, cyberattacks, and climate change. Second, existing regulation doesn’t contemplate that operational risks can be transmitted to and from banks through technological and other non-financial channels, and so the potential for systemic contagion is underestimated.

This Article therefore sketches the beginnings of a “reinvented” approach to regulating for the operational threats of damage to physical assets and business disruption and system failures. The proposed framework places much less emphasis on risk-weighted capital regulation, favoring the alternative of simple buffers of equity that are more robust to uncertainty. In the absence of risk-weighted capital regulation, banking supervision will take on even greater importance. This Article therefore provides some guidance on what a “macro-operational” approach to banking supervision might look like, taking into account the possibility of technological and other forms of transmission of operational risk among banks. The Article concludes by recognizing that macro-operational supervision will not succeed in preventing all operational problems, and therefore considers what new types of operations-specific emergency tools might need to be devised as a response.

Suggested Citation

Allen, Hilary J., Reinventing Operational Risk Regulation for a World of Climate Change, Cyberattacks, and Tech Glitches (January 28, 2023). Available at SSRN: https://ssrn.com/abstract=4347577 or http://dx.doi.org/10.2139/ssrn.4347577

Hilary J. Allen (Contact Author)

American University - Washington College of Law ( email )

4300 Nebraska Ave NW, Washington, DC
4300 Nebraska Ave NW, Washington, DC
Washington, DC 20016
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
248
Abstract Views
1,143
Rank
241,236
PlumX Metrics