In its day-to-day operations both large and small Financial Institutions face various types of risks. These risks historically were divided into two broad categories: credit risk - associated with the trustworthiness of a counterparty and market risk - that results from the market activity. But these risk categories are not exhaustive.
In the past decade firms and regulators were increasingly focusing on risks "other than market and credit risk." These came to be collectively called Operational risks. This catch-all category of risks include: employee errors, systems failures; fire, floods or other losses to physical assets,
fraud or other criminal activity.
The problem with the Operational Risk is that specialists still argue what to include in this category. Some of the components are so big, that it could form a separate risk category. For example, in the view of the latest corporate scandals, protection from fraud and other criminal activity became a hot topic .This type of risk is very broad and requires special skills, which makes it a substantial sub-category, with its own metrics.
The variety of operational risks is so broad, that elimination all of them would be too expensive. For this reason, all risks are separated into two groups: those that occur frequently and bring about modest losses; those that occur infrequently but may result in considerable losses.
Based on past experience, extensive research and fair judgment, one of the following tactics is applied: eliminate the risk; accept, but attempt to mitigate the consequences; or simply accept some risks as a part of doing business. The last tactics best serves risks with minor losses, while application of other tasks depend on the nature of the risk. For example, natural disasters cannot be prevented and sometimes also not easily forecasted. But the company can still have a plan how to recover from is with the minimum losses (consequences mitigation tactic).
Another peculiarity of the operational risks in that they can differ among companies working in the same business field. For instance, company that is renting its office will have different risks that the company that owns the building. So, in addition to the common and typical risks, every Institution will have its own, unique operational risks.
Another type of risk that is usually included in the operation risks group is the Reputation Risk. This is the risk that the public image of the company would be harmed by some event or information. Bad reputation of the Institution will later translate into financial losses due to the reduction in client base. Negative publicity can even make the best people to leave the company, making the crisis even worse. For all these reasons, this risk shouldn't be underestimated. Though reputation risk is very difficult to measure, it still could be managed. Companies try to reduce this risk through the introduction of Codes of Ethics and Conduct. Financial Institutions also engage in various socially important projects, donate money to charities to create an image of the company that cares for the community needs.
Most operational risks are best managed within the departments in which they arise, because this department has the deepest knowledge of the issue. However, a centralized control and coordination is needed to ensure that actions are harmonized and fall within the main framework of the risk management.