John’s ability to defraud the bank represents one kind of operational risk. This risk is frequently defined as:

In a sense, all bank risks are operational risks under this definition. However, certain of these risks—namely those considered to be portfolio risk, such as credit, liquidity and market risk—are treated separately because of their importance to the financial condition and performance of a bank. There is also another fundamental reason for the separation of risks: portfolio risk management is undertaken with some expectation of return while operational risk management is important to manage expenses and loss prevention.

Banks experience operational risk from the moment they open their doors on their first business day to the moment they close their doors on their last. Consequently, banks have always been faced with operational risk. Recent events, however, have increased interest in operational risk and its control. Some of these include the following:

• bank failures due to operational breakdowns;
• the Basel II Capital Accord, which requires large, internationally-active banking organizations to explicitly hold capital to compensate for their operational risk (for more information, review Basel II); and
• greater regulatory focus on operational risk management practices, including internal controls, during bank examinations. For more information on the attention devoted to risk management practices, review the discussion contained in SR Letter 95-51 issued by the Federal Reserve System.

Some parts of a bank’s business activities expose it to greater operational risk than others. Some areas where you may want to direct your attention are included here:

• Information Technology (IT)
• Encompasses risks associated with all forms of technology used to create, store, exchange and use information in its various forms.
• Payment Systems Risk
• Encompasses the risk associated with a bank's payment system activities. These activities include automated clearinghouse (ACH), automated teller machines (ATMs), remote deposit capture and electronic funds transfer (EFT).
• Bank Operations
• Involves the risks associated with many tasks that are performed behind the public face of a bank. These operations include loan operations, correspondent bank accounts, financial reporting, fixed assets, insurance, and other assets and liabilities.

Select any of the above for specific discussions of the individual activities included in each area, the risks they present, matters to consider in their oversight and red flags calling your attention to risk management issues.