Please refer to instructions on the implementation of Basel II capital framework issued vide BSD circular No. 8 of June 27, 2006 and Risk Management guidelines issued vide BSD circular 7 of August 15, 2003 which provides broad level guidance on various risks with limited coverage for Operational Risk Management.

Banks are prone to a wide range of risks including frauds, forgeries, legal cases, incidents pertaining to IT, pandemic and external issues. Therefore, operational risk has emerged as an important element of enterprise-wide risk management system and has been made part of Pillar-1 capital requirement under the Basel framework which requires banks/ DFIs to hold capital explicitly for operational risk.

To further strengthen the operational risk management and for effective transition to advance approaches requiring historical time series of losses on consistent basis, State Bank has outlined Principles for Sound Management of Operational Risk and minimum standards for operational risk/loss data collection and implementation by the banks. The bank may make enhancements in standards in the light of their own experiences and requirements while adopting these instructions.

The attached instructions supplement the existing guidance on Standardized Approaches of operational risk prescribed under SBP Basel instructions and are intended to ensure that banks collect their loss data in a standardized way. Once the banks set up their operational risk framework and start collecting operational loss data, SBP would look into the possibility of forming an operational risk data consortium.

All banks/ DFIs are expected to set up operational risk framework and start operational loss data collection in line with the attached instructions by December 2015 and during this time period SBP inspection teams would review the progress made by the banks in this regard.

Please acknowledge receipt.

Encl. Implementation of Operational Risk Management Framework