As the characteristics and nature of banks change, the complexity of IT solutions used in such institutions increases. This has created an urgent need to deal with the issue of operating risk. Operating risk was defined in the New Basel Capital Accord consulting paper, developed in January 2001 by the Basel Committee on Banking Supervision. The document defines operating risk as the "risk of a loss resulting from incorrect or unreliable processes, people and systems, or from external events". The definition also includes legal risks, but excludes the strategic risk and the goodwill risk. Banks are obliged to use the definition for calculating the minimum mandatory capital requirement for the operating risk. In its next step, the Basel Committee developed the Best Practices for Operating Risk Management and Audit, published in January 2003. The document provides a set of principles on effective operating risk management and control. Banks and supervisory authorities ought to use the principles while evaluating the adequacy of regulations and procedures for operating risk management.

The article presents the principles that govern the right risk management environment creation, including the responsibilities and accountability of Boards of Directors (risk awareness, risk definition, management strategy selection, delegating control responsibilities to an internal audit division). The role of banks' management boards is to introduce a risk management strategy, and to define policies, procedures, and an effective process for managing the bank's operating risk.

The article also discusses detailed issues related to risk management, including methods and tools for identifying risks. It also points out to the necessity of introducing regular risk profile monitoring in banks. Banks should work out policies, procedures and processes for controlling and limiting the most important types of operating risks. They should regularly review their risk limits system and the adequacy of their own audit strategies. They should also apply appropriate strategies to adjust their current operating risk profile to their organization's overall risk profile and willingness to take risks (the so-called "appetite for risk"). It is also emphasized that banks must create contingency plans and plans for ensuring business continuity.

The final section of the article discusses the role and responsibilities of banking supervision in controlling operating risks, and the importance of reporting responsibilities.

Banking supervisors should require all banks, regardless of their size, to enforce principles for identifying, evaluating, monitoring, supervising and limiting their operating risks. The principles should become a part of an organization's comprehensive risk management strategy.