The FSA has produced several documents that are concerned with operational risk, and others that are concerned with systems and controls.
The FSA sometimes distinguishes between operational risk (as part of business risk) and control risk and sometimes doesn’t. For example, the guidance was originally intended to be part of a separate module, PROR, and was presented as such in CP97. However, the guidance was completely rewritten, and moved into the systems and controls module (SYSC), in CP142.
Further guidance on operational risk is contained in PS97_115, a policy statement issued after feedback on CP97 and CP115, and in PS140, a policy statement issued after feedback on CP140. PS140 applies to insurers, friendly societies, and Lloyd’s.
Operational risk is also mentioned in several of the documents in the “Building a New Regulator” series. These documents set out the overall approach of the FSA, and describe their risk framework and regulatory processes.
A report on how firms are going about the business of introducing operational risk management systems, “Building a framework for operational risk management: the FSA’s observations”, was published in July 2003. It contains useful information on good practices.
The FSA’s new structure for capital requirements, based on the calculated ECR (Enhanced Capital Requirement) which is then modified by the ICG (Individual Capital Guidance), as discussed in CP190 and CP195, means that operational risk will affect the capital that firms need. This will be through the ICG, which although it takes the ECR into account is also influenced by the systems and controls that firms have in place. The FSA say:
The more firms are able to demonstrate that their risk assessment processes capture and quantify all of the issues in our guidance, then the lower we are likely to assess their ICG (and vice versa). This provides an incentive for good risk management.
The following external links are relevant:
- CP97: Integrated Prudential Sourcebook
- CP 142: Operational risk systems and controls
- CP140: The Interim Prudential Sourcebooks for Insurers and Friendly Societies and the Lloyd’s Sourcebook: Guidance on Systems and Controls
- PS140: The Interim Prudential sourcebooks for Insurers and Friendly Societies and the Lloyd’s sourcebook: Guidance on Systems and controls – Feedback on CP140 and ‘made’ text
- CP143: Integrated Prudential sourcebook – Feedback on chapters of CP97 applicable to insurance firms and supplementary consultation
- PS97_115: Integrated Prudential Sourcebook – Feedback on CP115 (Integrated Prudential Sourcebook – timetable for implementation) and CP97 (Integrated Prudential Sourcebook)
- Building the new regulator: Progress report 2
- Building the new regulator: Progress report 1
- The future regulation of insurance: A progress report
- A new regulator for the new millennium
- Operational Risk in General Insurance
- Financial Services Authority
- Current consultations at the FSA
- Building a framework for operational risk management: the FSAs observations
- CP190: Enhanced capital requirements and individual capital assessments for non-life insurers
- CP195: Enhanced capital requirements and individual capital assessments for life insurers
- Operational Risk. Measurement or Bust!
- Quantifying operational risk in general insurance companies
- Restructuring of prudential and systems and controls material in the FSA Handbook
- PS142: Operational risk systems and controls – Feedback on CP142
- PS142_2: Building a framework for operational risk management: the FSA’s observations – Feedback on industry practice as we prepare to implement CP142
- PS04/16: Integrated Prudential sourcebook for insurers