Basel Committee on

Banking Supervision

OPE
Calculation of RWA for
operational risk
OPE25
Standardised approach
Version effective as of
01 Jan 2023
Updated to include the FAQs published on 5
June 2020 and the FAQ on climate-related
financial risks published on 8 December 2022.
FAQs published on 30 March 2023 added.

Downloaded on 31.05.2023 at 09:10 CEST

© Bank for International Settlements 2023. All rights reserved.

Downloaded on 31.05.2023 at 09:10 CEST 2/20

Introduction
25.1 The standardised approach methodology is based on the following components:

(1) the Business Indicator (BI) which is a financial-statement-based proxy for

operational risk;

(2) the Business Indicator Component (BIC), which is calculated by multiplying

the BI by a set of regulatory determined marginal coefficients (αi); and

(3) the Internal Loss Multiplier (ILM), which is a scaling factor that is based on a
bank’s average historical losses and the BIC.

25.2 Operational risk capital requirements (ORC) are calculated by multiplying the BIC
and the ILM, as shown in the formula below. Risk-weighted assets (RWA) for
operational risk are equal to 12.5 times ORC.

Components of the standardised approach

25.3 The BI comprises three components: the interest, leases and dividend component
(ILDC); the services component (SC), and the financial component (FC).

25.4 The BI is defined as:

25.5 ILDC, SC and FC are defined in the formulae below, where a bar above a term
indicates that it is calculated as the average over three years: t, t-1 and t-2:1

Footnotes
1 The absolute value of net items (eg interest income – interest expense)
should be calculated first year by year. Only after this year by year
calculation should the average of the three years be calculated.

Downloaded on 31.05.2023 at 09:10 CEST 3/20

25.6 The definitions for each of the components of the BI are provided in OPE10.

25.7 To calculate the BIC, the BI is multiplied by the marginal coefficients (αi). The
marginal coefficients increase with the size of the BI as shown in Table 1. For
banks in the first bucket (ie with a BI less than or equal to €1bn) the BIC is equal
to BI x 12%. The marginal increase in the BIC resulting from a one unit increase in
the BI is 12% in bucket 1, 15% in bucket 2 and 18% in bucket 3.2

BI ranges and marginal coefficients Table 1

Bucket BI range (in €bn) BI marginal coefficients (αi)

1 ≤1 12%

2 1 < BI ≤30 15%

3 > 30 18%

Footnotes
2 For example, given a BI = €35bn, the BIC = (1 x 12%) + (30-1) x 15% +
(35-30) x 18% = €5.37bn.

25.8 A bank’s internal operational risk loss experience affects the calculation of
operational risk capital through the ILM. The ILM is defined as below, where the
Loss Component (LC) is equal to 15 times average annual operational risk losses
incurred over the previous 10 years:

25.9 The ILM is equal to one where the loss and business indicator components are
equal. Where the LC is greater than the BIC, the ILM is greater than one. That is, a
bank with losses that are high relative to its BIC is required to hold higher capital
due to the incorporation of internal losses into the calculation methodology.
Conversely, where the LC is lower than the BIC, the ILM is less than one. That is, a
bank with losses that are low relative to its BIC is required to hold lower capital
due to the incorporation of internal losses into the calculation methodology.

Downloaded on 31.05.2023 at 09:10 CEST 4/20

25.10 The calculation of average losses in the LC must be based on 10 years of high-
quality annual loss data. The qualitative requirements for loss data collection are
outlined in OPE25.14 to OPE25.34. As part of the transition to the standardised
approach, banks that do not have 10 years of high-quality loss data may use a
minimum of five years of data to calculate the LC.3 Banks that do not have five
years of high-quality loss data must calculate the capital requirement based
solely on the BIC. Supervisors may however require a bank to calculate capital
requirements using fewer than five years of losses if the ILM is greater than 1 and
supervisors believe the losses are representative of the bank’s operational risk
exposure.

Footnotes
3 This treatment is not expected to apply to banks that previously used
the Advanced Measurement Approaches for determining operational
risk capital requirements under the Basel II framework.

25.11 For banks in bucket 1 (ie with BI ≤ €1 billion), internal loss data does not affect
the capital calculation. That is, the ILM is equal to 1, so that operational risk
capital is equal to the BIC (=12% x BI). At national discretion, supervisors may
allow the inclusion of internal loss data into the framework for banks in bucket 1,
subject to meeting the loss data collection requirements specified in OPE25.14 to
OPE25.34. In addition, at national discretion, supervisors may set the value of ILM
equal to 1 for all banks in their jurisdiction. In case this discretion is exercised,
banks would still be subject to the full set of disclosure requirements summarised
in OPE25.35.

Minimum standards for the use of loss data under the standardised
approach
25.12 Banks with a BI greater than €1bn are required to use loss data as a direct input
into the operational risk capital calculations. The soundness of data collection and
the quality and integrity of the data are crucial to generating capital outcomes
aligned with the bank’s operational loss exposure. The minimum loss data
standards are outlined in OPE25.14 to OPE25.34. National supervisors should
review the quality of banks’ loss data periodically.

Downloaded on 31.05.2023 at 09:10 CEST 5/20

25.13 Banks which do not meet the loss data standards are required to hold capital that
is at a minimum equal to 100% of the BIC. In such cases supervisors may require
the bank to apply an ILM which is greater than 1. The exclusion of internal loss
data due to non-compliance with the loss data standards, and the application of
any resulting multipliers, must be publicly disclosed in accordance with the Pillar
3 requirements.

General criteria on loss data identification, collection and treatment

25.14 The proper identification, collection and treatment of internal loss data are
essential prerequisites to capital calculation under the standardised approach.
The general criteria for the use of the LC are as follows.

25.15 Internally generated loss data calculations used for regulatory capital purposes
must be based on a 10-year observation period. If ten years of good quality loss
data are not available when the bank first moves to the standardised approach, a
shorter observation period is acceptable on an exceptional basis (with a minimum
observation period of five years). Note that all years of good-quality data
available beyond five years must be included.

25.16 Internal loss data are most relevant when clearly linked to a bank’s current
business activities, technological processes and risk management procedures.
Therefore, a bank must have documented procedures and processes for the
identification, collection and treatment of internal loss data. Such procedures and
processes must be subject to validation before the use of the loss data within the
operational risk capital requirement measurement methodology, and to regular
independent reviews by internal and/or external audit functions.

25.17 For risk management purposes, and to assist in supervisory validation and/or
review, a supervisor may request a bank to map its historical internal loss data
into the relevant Level 1 supervisory categories as defined in Table 2 and to
provide this data to supervisors. The bank must document criteria for allocating
losses to the specified event types.

Downloaded on 31.05.2023 at 09:10 CEST 6/20

 Detailed loss event type classification Table 2

Event-type
Categories
category (Level Definition Activity examples (Level 3)
(Level 2)
1)

Internal fraud Losses due to Unauthorised Transactions not reported

acts of a type activity (intentional)
intended to
defraud, Transaction type unauthorised
misappropriate (with monetary loss)
property or
circumvent Mismarking of position
regulations, the (intentional)
law or company
policy, excluding Theft and fraud Fraud / credit fraud / worthless
diversity/ deposits
discrimination
Theft / extortion /
events, which
embezzlement / robbery
involves at least
one internal party Misappropriation of assets

Malicious destruction of assets

Forgery

Check kiting

Smuggling

Account takeover /
impersonation etc

Tax non-compliance / evasion

(wilful)

Bribes / kickbacks

Insider trading (not on firm's

account)

External fraud Losses due to Theft and fraud Theft / robbery

acts of a type
intended to Forgery
defraud,
misappropriate Check kiting
property or
circumvent the Systems Hacking damage
law, by a third security
Theft of information (with
party
monetary loss)

Downloaded on 31.05.2023 at 09:10 CEST 7/20

 Employment Losses arising Employee Compensation, benefit,
practices and from acts relations termination issues
workplace safety inconsistent with
employment, Organised labour activity
health or safety
laws or Safe General liability (slip and fall etc)
agreements, from environment
payment of Employee health and safety
personal injury rules events
claims, or from
Workers compensation
diversity /
discrimination
Diversity and All discrimination types
events
discrimination

Clients, products Losses arising Suitability, Fiduciary breaches / guideline

and business from an disclosure and violations
practices unintentional or fiduciary
negligent failure Suitability / disclosure issues
to meet a (know-your-customer etc)
professional
obligation to Retail customer disclosure
specific clients violations
(including
Breach of privacy
fiduciary and
suitability Aggressive sales
requirements), or
from the nature Account churning
or design of a
product. Misuse of confidential
information

Lender liability

Improper Antitrust
business or
market Improper trade / market
practices practices

Market manipulation

Insider trading (on firm's

account)

Unlicensed activity

Money laundering

Product flaws Product defects (unauthorised

etc)

Model errors

Downloaded on 31.05.2023 at 09:10 CEST 8/20

 Selection, Failure to investigate client per
sponsorship guidelines
and exposure
Exceeding client exposure limits

Advisory Disputes over performance of

activities advisory activities

Damage to Losses arising Disasters and Natural disaster losses

physical assets from loss or other events
damage to Human losses from external
physical assets sources (terrorism, vandalism)
from natural
disaster or other
events

Business Losses arising Systems Hardware

disruption and from disruption
system failures of business or Software
system failures
Telecommunications

Utility outage / disruptions

Execution, Losses from failed Transaction Miscommunication

delivery and transaction capture,
process processing or execution and Data entry, maintenance or
management process maintenance loading error
management,
from relations Missed deadline or
with trade responsibility
counterparties
Model / system misoperation
and vendors
Accounting error / entity
attribution error

Other task misperformance

Delivery failure

Collateral management failure

Reference data maintenance

Monitoring Failed mandatory reporting

and reporting obligation

Inaccurate external report (loss

incurred)

Downloaded on 31.05.2023 at 09:10 CEST 9/20

 Customer Client permissions / disclaimers
intake and missing
documentation
Legal documents missing /
incomplete

Customer / Unapproved access given to

client account accounts
management
Incorrect client records (loss
incurred)

Negligent loss or damage of

client assets

Trade Non-client counterparty

counterparties misperformance

Miscellaneous non-client
counterparty disputes

Vendors and Outsourcing

suppliers
Vendor disputes

FAQ
FAQ1 How could banks ensure that losses stemming from climate-related
financial risks are identifiable?

Losses due to natural disasters map to the event type category

“Damage to physical assets” from Table 2. However, climate-related
financial risks may also cause operational risk losses in other event
type categories. For example, if a bank is perceived to misrepresent
sustainability-related practices or the sustainability-related features of
its investment products, it could lead to litigation cases (event type
category “Clients, products and business practices”). A power cut as a
consequence of climate-related financial risks could cause an
interruption to a bank's services and communications (event type
category “Business disruption and system failures”). Where feasible,
losses whose root cause could stem from climate-related risk drivers
could be identifiable from the loss database, for example, by using a
flag.

Downloaded on 31.05.2023 at 09:10 CEST 10/20

25.18

A bank's internal loss data must be comprehensive and capture all material
activities and exposures from all appropriate subsystems and geographic
locations. The minimum threshold for including a loss event in the data collection
and calculation of average annual losses is set at €20,000. At national discretion,
for the purpose of the calculation of average annual losses, supervisors may
increase the threshold to €100,000 for banks in buckets 2 and 3 (ie where the BI is
greater than €1 billion).

FAQ
FAQ1 Should operational loss events from outsourced activities be included
in the operational loss dataset?

For operational losses from outsourced activities, the financial impacts

of events that the bank is responsible for should be included in the
dataset as operational losses. The financial impacts of events that are
paid by the outsourcer (rather than by the bank) are not operational
losses to the bank.

FAQ2 When building the loss data set, which exchange rate should be used
to convert losses from foreign subsidiaries of a banking organisation
into domestic currency?

Loss impacts denominated in a foreign currency should be converted

using the same exchange rate that is used to convert them in the
banking organisation’s financial statements of the period the loss
impacts were accounted for.

FAQ3 How should the minimum threshold for including a loss event in the
Loss Component dataset be applied for events which result in multiple
accounting impacts?

Some operational loss events result in multiple accounting impacts,

which can be loss impacts or recoveries. To determine whether an
operational loss event must be included in the Loss Component
calculation dataset, the net loss amount of the event should be
calculated by summing all of the event’s loss impacts inside the ten-
year calculation window and subtracting all recoveries inside the ten-
year calculation window. The accounting date of the impacts is used to
determine whether they are inside the ten year calculation window. If
the event’s net total loss amount is equal to or above EUR 20,000 (or
equal to or above EUR 100,000 if that national discretion is used), the
loss event must be included in the calculation dataset. Note that a loss

Downloaded on 31.05.2023 at 09:10 CEST 11/20

 event may not result in a net loss amount above EUR 20,000 (EUR
100,000) in any individual year and still have to be included in the Loss
Component calculation dataset as long as the cumulative impact of
the loss event in the ten year window is equal to or above EUR 20,000
(EUR 100,000).

As an example, consider a bank determining its capital requirements

using a Loss Component calculation window of 2012 to 2021, and
assume this bank is subject to a EUR 20,000 loss threshold. Suppose
one loss event results in a loss impact of EUR 16,000 in 2012 and EUR
7,000 in 2013. This loss event must be included in the calculation
dataset because its total impact inside the calculation window is EUR
23,000. On the other hand, a loss event that resulted in a loss impact
of EUR 1,000,000 in 2010 (outside of the calculation window), a loss
impact of EUR 300,000 in 2013 (inside the calculation window), and a
recovery of EUR 500,000 in 2015 (inside the calculation window)
should not be included in the calculation dataset because its net
impact inside the calculation window is negative, and thus less than
EUR 20,000.

25.19 Aside from information on gross loss amounts, the bank must collect information
about the reference dates of operational risk events, including the date when the
event happened or first began (“date of occurrence”), where available; the date
on which the bank became aware of the event (“date of discovery”); and the date
(or dates) when a loss event results in a loss, reserve or provision against a loss
being recognised in the bank’s profit and loss (P&L) accounts (“date of
accounting”). In addition, the bank must collect information on recoveries of
gross loss amounts as well as descriptive information about the drivers or causes
of the loss event.4 The level of detail of any descriptive information should be
commensurate with the size of the gross loss amount.

Footnotes
4 Tax effects (eg reductions in corporate income tax liability due to
operational losses) are not recoveries for purposes of the standardised
approach for operational risk.

25.20 Operational loss events related to credit risk and that are accounted for in credit
RWA should not be included in the loss data set. Operational loss events that
relate to credit risk but are not accounted for in credit RWA should be included in
the loss data set.

Downloaded on 31.05.2023 at 09:10 CEST 12/20

25.21
Operational risk losses related to market risk are treated as operational risk for
the purposes of calculating minimum regulatory capital under this framework and
will therefore be subject to the standardised approach for operational risk.

25.22 Banks must have processes to independently review the comprehensiveness and
accuracy of loss data.

Specific criteria on loss data identification, collection and treatment

25.23 Building an acceptable loss data set from the available internal data requires that
the bank develop policies and procedures to address several features, including
gross loss definition, reference date and grouped losses.

25.24 Gross loss is a loss before recoveries of any type. Net loss is defined as the loss
after taking into account the impact of recoveries. The recovery is an independent
occurrence, related to the original loss event, separate in time, in which funds or
inflows of economic benefits are received from a third party.5

Footnotes
5 Examples of recoveries are payments received from insurers,
repayments received from perpetrators of fraud, and recoveries of
misdirected transfers.

25.25 Banks must be able to identify the gross loss amounts, non-insurance recoveries,
and insurance recoveries for all operational loss events. Banks should use losses
net of recoveries (including insurance recoveries) in the loss dataset. However,
recoveries can be used to reduce losses only after the bank receives payment.
Receivables do not count as recoveries. Verification of payments received to net
losses must be provided to supervisors upon request.

25.26 The following items must be included in the gross loss computation of the loss
data set:

(1) Direct charges, including impairments and settlements, to the bank's P&L
accounts and write-downs due to the operational risk event;

(2) Costs incurred as a consequence of the event including external expenses

with a direct link to the operational risk event (eg legal expenses directly
related to the event and fees paid to advisors, attorneys or suppliers) and
costs of repair or replacement, incurred to restore the position that was
prevailing before the operational risk event;

Downloaded on 31.05.2023 at 09:10 CEST 13/20

 (3) Provisions or reserves accounted for in the P&L against the potential
operational loss impact;

(4) Losses stemming from operational risk events with a definitive financial
impact, which are temporarily booked in transitory and/or suspense
accounts and are not yet reflected in the P&L ("pending losses").6 Material
pending losses should be included in the loss data set within a time period
commensurate with the size and age of the pending item; and

(5) Negative economic impacts booked in a financial accounting period, due to

operational risk events impacting the cash flows or financial statements of
previous financial accounting periods ("timing losses").7 Material "timing
losses" should be included in the loss data set when they are due to
operational risk events that span more than one financial accounting period
and give rise to legal risk.

Footnotes
6 For instance, in some countries, the impact of some events (eg legal
events, damage to physical assets) may be known and clearly
identifiable before these events are recognised through the
establishment of a reserve. Moreover, the way this reserve is
established (eg the date of discovery) can vary across banks or
countries.

7 Timing impacts typically relate to the occurrence of operational risk

events that result in the temporary distortion of an institution’s
financial accounts (eg revenue overstatement, accounting errors and
mark-to-market errors). While these events do not represent a true
financial impact on the institution (net impact over time is zero), if the
error continues across more than one financial accounting period, it
may represent a material misrepresentation of the institution’s
financial statements.

Downloaded on 31.05.2023 at 09:10 CEST 14/20

 FAQ
FAQ1 When an operational loss event results in a provision and, later, that
provision turns into a charge-off, should both be summed in
calculating the operational loss resulting from an operational loss
event? For example, if a bank takes a €1 million provision for a legal
event in 2018 and then settles the legal event for €1.2 million in 2019,
should both be summed to calculate the operational loss resulting from
the operational loss event?

No. The €1 million provision is an operational loss included in 2018

and the additional €200 thousand is an operational loss in 2019 (equal
to the €1.2 million settlement in 2019 minus the €1 million provision in
2018). There should be no double counting of the same financial
impacts in the calculation of operational losses. When a bank makes a
provision due to an operational loss event, such provision must be
considered an operational loss immediately for the calculation of the
Loss Component. When a charge-off (such as a settlement) eventually
takes place later, only the difference between the initial provision and
the charge-off (if any) should be added to the operational loss
calculation.

FAQ2 When a bank refunds a client that was overbilled due to an operational
failure, can the initial overbilling be used to net out the refund?

When a bank refunds a client that was overbilled due to an operational

failure, if the refund is provided in the same financial accounting
period as the overbilling took place and thus no misrepresentation of
the institution’s financial statements occurs, there is no operational
loss. If the refund occurs in a subsequent financial accounting period to
the overbilling, it is a timing loss; any operational loss event that
exceeds the threshold of EUR 20,000 (or EUR 100,000 if the national
supervisor has used the national discretion to set this higher threshold)
should be included in the loss dataset. In this case, the prior overbilling
is not a recovery.

FAQ3 How should the costs relating to a bank asset that is damaged or
destroyed be defined?

In a case where a bank asset is damaged or destroyed and without

prejudice of additional indirect losses, the losses related to the asset
value and the costs of repair or replacement depend on how the bank
proceeds in addressing that damage or destruction:

(a) In cases where an asset of the bank is damaged or destroyed and

the bank does not replace or repair it, the operational loss amount

Downloaded on 31.05.2023 at 09:10 CEST 15/20

 corresponds to the reduction in the book value of the asset plus
any residual clean-up or disposal costs

(b) In cases where an asset of the bank is damaged or destroyed and

the bank decides to replace it or repair it fully, then the
operational loss amount is the cost of replacing or repairing the
asset plus any residual clean-up or disposal costs.

(c) In cases where an asset of the bank is damaged and the bank
decides to repair it partially (ie the asset has less book value after
repair than prior to the operational loss event), then the
operational loss amount is the cost of repairing the asset plus the
loss of book value of the asset after the repair relative to its pre-
operational loss event book value plus any residual clean-up or
disposal costs.

FAQ4 What is the threshold of materiality for timing losses and pending
losses?

Like other operational losses, timing losses and pending losses must be
included in the operational loss event dataset if they are associated
with an operational loss event that exceeds €20,000 (€100,000 upon
national discretion) for banks in buckets 2 and 3.

25.27 The following items should be excluded from the gross loss computation of the
loss data set:

(1) Costs of general maintenance contracts on property, plant or equipment;

(2) Internal or external expenditures to enhance the business after the

operational risk losses: upgrades, improvements, risk assessment initiatives
and enhancements; and

(3) Insurance premiums.

25.28 Banks must use the date of accounting for building the loss data set. The bank
must use a date no later than the date of accounting for including losses related
to legal events in the loss data set. For legal loss events, the date of accounting is
the date when a legal reserve is established for the probable estimated loss in the
P&L.

Downloaded on 31.05.2023 at 09:10 CEST 16/20

25.29 Losses caused by a common operational risk event or by related operational risk
events over time, but posted to the accounts over several years, should be
allocated to the corresponding years of the loss database, in line with their
accounting treatment.

FAQ
FAQ1 What are the conditions for losses (and recoveries) to be grouped into a
single operational loss event?

All operational losses caused by a common underlying trigger or root

cause should be grouped into one operational loss event in a bank’s
operational loss event dataset. Two examples of losses with a common
underlying trigger or root cause, which should be grouped into a single
loss event:

1. A natural disaster causes losses in multiple locations and/or

across an extended time period.
2. A breach of a bank’s information security results in the disclosure
of confidential customer information. As a result, multiple
customers incur fraud-related losses that the bank must
reimburse. This is sometimes accompanied by remediation
expenses such as credit card re-issue or credit history monitoring
services.

Banks should have a clear, well-documented policy for determining the

criteria for multiple losses to be grouped into an operational loss event.
In addition, processes should be in place to ensure that there is a firm-
wide understanding of the loss event grouping policy, that there is
appropriate sharing of loss event data across businesses to implement
the policy effectively and that there are adequate controls (including
independent review) to assess ongoing compliance with the policy.

Downloaded on 31.05.2023 at 09:10 CEST 17/20

Exclusion of losses from the Loss Component
25.30 Banking organisations may request supervisory approval to exclude certain
operational loss events that are no longer relevant to the banking organisation's
risk profile. The exclusion of internal loss events should be rare and supported by
strong justification. In evaluating the relevance of operational loss events to the
bank's risk profile, supervisors will consider whether the cause of the loss event
could occur in other areas of the bank's operations. Taking settled legal
exposures and divested businesses as examples, supervisors expect the
organisation's analysis to demonstrate that there is no similar or residual legal
exposure and that the excluded loss experience has no relevance to other
continuing activities or products.

FAQ
FAQ1 Upon supervisory approval to exclude losses, when should this
exclusion take effect?

The calculation of the loss component of the operational risk capital

(ORC) should recognise the effect of exclusion immediately after the
supervisory approval. If supervisors only require the operational risk
standardised approach calculation to be updated annually, but the
exclusion is approved prior to an intermediate (eg, quarterly) update of
the bank’s total risk-weighted assets that precedes the annual update
of the operational risk standardised approach, banks should report the
revised operational risk risk-weighted assets in the first update of total
risk-weighted assets post-exclusion.

FAQ2 Can operational risk losses resulting from the reform of benchmark
reference rates be excluded from the operational risk charge based on
OPE25.30?

Banks may suffer operational risk losses related to the reform of

benchmark reference rates, particularly if they do not adequately
prepare for the transition to the new rates. For example, losses may be
incurred over an extended period of time if banks fail to identify and
remediate relevant legacy contracts prior to the discontinuation of a
benchmark rate. Operational risk losses relating to the reform of
benchmark reference rates do not fulfil the criteria for exclusion from
the calculation of operational risk capital requirements laid out in
OPE25.30 (ie characterised as one-off, no longer relevant, no residual
exposure). It should, however, be noted that not all costs related to the
implementation of benchmark rate reforms represent operational risk
losses (eg legal fees to alter contracts to prepare for the new reference

Downloaded on 31.05.2023 at 09:10 CEST 18/20

 rates in accordance with relevant legal rules; or costs related to
adjustments to IT systems). To minimise the risk of operational risk
losses, banks should consider the effects of benchmark rate reform on
their businesses in a timely manner and make the necessary
preparations for the transition to the alternative rates. In doing so, they
should maintain a close dialogue with their supervisory authorities
regarding their plans and transition progress, including any identified
impediments.

25.31 The total loss amount and number of exclusions must be disclosed in accordance
with the Pillar 3 requirements with appropriate narratives, including total loss
amount and number of exclusions.

25.32 A request for loss exclusions is subject to a materiality threshold to be set by the
supervisor (for example, the excluded loss event should be greater than 5% of the
bank’s average losses). In addition, losses can only be excluded after being
included in a bank’s operational risk loss database for a minimum period (for
example, three years), to be specified by the supervisor. Losses related to
divested activities will not be subject to a minimum operational risk loss database
retention period.

Exclusions of divested activities from the Business Indicator

25.33 Banking organisations may request supervisory approval to exclude divested
activities from the calculation of the BI. Such exclusions must be disclosed in
accordance with the Pillar 3 requirements.

FAQ
FAQ1 Upon supervisory approval to exclude activities from the BI, when
should this exclusion take effect?

Divested activities should be excluded from the calculation of the BI

amount used for the calculation of operational risk capital (ORC)
immediately after the supervisory approval. If supervisors only require
the operational risk standardised approach calculation to be updated
annually, but the exclusion is approved prior to an intermediate (eg,
quarterly) update of the bank’s total risk-weighted assets that precedes
the annual update of the operational risk standardised approach,
banks should report the revised operational risk risk-weighted assets in
the first update of total risk-weighted assets post-exclusion.

Downloaded on 31.05.2023 at 09:10 CEST 19/20

Inclusion of losses and BI items related to mergers and acquisitions
25.34 The scope of losses and BI items used to calculate the operational risk capital
requirements must include acquired businesses and merged entities over the
period prior to the acquisition/merger that is relevant to the calculation of the
standardised approach (ten years for losses and three years for BI).

FAQ
FAQ1 Upon a merger or an acquisition, when should the inclusion of the
losses and BI items of the merged entity or acquired businesses take
effect?

Losses and BI items from merged entities or acquired businesses should

be included in the calculation of operational risk capital (ORC)
immediately after the merger/acquisition, and should be reported in
the first update of the bank’s total risk-weighted assets that comes
after the merger/acquisition.

Disclosure
25.35 All banks with a BI greater than €1bn, or which use internal loss data in the
calculation of operational risk capital, are required to disclose their annual loss
data for each of the ten years in the ILM calculation window in accordance with
the Pillar 3 requirements. This includes banks in jurisdictions that have opted to
set ILM equal to one. Loss data is required to be reported net of recoveries, both
before and after loss exclusions. All banks are required to disclose each of the BI
sub-items for each of the three years of the BI component calculation window in
accordance with the Pillar 3 requirements.

Downloaded on 31.05.2023 at 09:10 CEST 20/20