Operational Risk Event

Operational risk events exist as anecdotes shared in hallway conversations and buried in email threads. When a trader exceeds a limit or a wire transfer fails, the business line manager mentions it at the weekly meeting. There is no written record of what happened, how much was lost, or which Basel event type applies. When the regulator asks 'show me your loss history,' the answer is silence.

None — AI cannot identify loss patterns, predict operational risk exposure, or size capital reserves because no machine-readable Operational Risk Event record exists.

Operational Risk Event records exist as rows in a shared Excel workbook. A risk analyst logs the event description, approximate loss amount, and business line after the fact. Column headers vary by region — London uses 'Loss Value (GBP)' while New York uses 'Impact $.' Root cause and Basel event type classification are free-text fields filled inconsistently, making cross-event comparison unreliable.

AI could read exported spreadsheet rows, but cannot reliably aggregate losses across regions or classify events by Basel category because field definitions are inconsistent.

Operational Risk Events are recorded using a standard template with consistent fields: event ID, event date, discovery date, Basel event type (Level 1 and Level 2), gross loss, net loss after recoveries, affected business line, and root cause classification. Analysts enter events into a form that enforces required fields. However, the records live as documents or flat-file exports, not in a relational system.

AI can search and retrieve Operational Risk Event records by field values, but cannot programmatically join events with control assessments, KRI breaches, or RCSA findings without manual cross-referencing.

Operational Risk Events are stored in a GRC or operational risk management system with discrete fields for each attribute: event ID, Basel event type (ET1-ET7), business line, gross and net loss, root cause taxonomy code, control failure reference, and remediation action plan. The system enforces referential integrity — Basel event types must come from the approved taxonomy, business lines from the organizational hierarchy. An analyst can query 'all internal fraud events exceeding $100K in the trading business line for the past 12 months' and get a structured result set.

AI can aggregate loss distributions by Basel event type, compute value-at-risk for operational risk, and correlate event frequency with KRI thresholds for capital reserve estimation.

Operational Risk Events are schema-driven entities with explicit relationships to RCSA control assessments, KRI time series, audit findings, insurance recoveries, and regulatory reporting submissions. Each event links bidirectionally to the controls that failed, the risk indicators that should have flagged it, and the remediation actions taken. An AI agent can ask 'which control weaknesses identified in the Q2 RCSA contributed to execution-delivery-process-management losses exceeding our risk appetite?' and receive a fully traced answer.

AI can perform causal pathway analysis from loss event through control failure to root cause, predict emerging loss clusters using loss distribution approach modeling, and auto-generate regulatory operational risk disclosures.

The Operational Risk Event is a living entity generated from converging signals across the enterprise. When a transaction exception occurs, the system assembles a structured event record automatically: Basel event type inferred from transaction taxonomy, loss amount calculated from ledger entries, affected business line derived from the booking entity, root cause pre-classified from control monitoring telemetry, and remediation actions seeded from the playbook for that event category. The event record is a real-time synthesis of organizational knowledge, not a post-hoc filing.

Fully autonomous operational risk event management is possible. AI can detect, classify, quantify, trace, and initiate remediation for operational loss events and near-misses without human intervention for routine event categories.

Ceiling of the CMC framework for this dimension.