ORX is introducing the ORX Operational Risk Reference Taxonomy into banking and insurance operational risk loss data to enhance the consistency, accuracy and depth of risk measurement. This development will support a more structured approach to categorising loss events, enabling firms to cross-reference data more effectively, gain clearer insights into emerging risks and strengthen their risk management practices
Enhancing loss data with the ORX Reference Taxonomy
Our Head of Risk Measurement, Sarah Astill, explains how integrating the ORX Reference Taxonomy into the operational risk loss data enhances industry-wide consistency and provides deeper insights into financial risk.
Why are we introducing the ORX Reference Taxonomy to the loss data?
By the fourth quarter of 2025, ORX will launch Agora, our new, advanced loss data exchange platform designed to support more secure, reliable and scalable data management. As part of this transition, banks and insurers will begin to categorise their loss data events using the ORX Reference Taxonomy.
This marks a significant step forward in how we understand and manage risks. For the first time, we will be able to deliver enhanced analytics, deeper insights and meaningful benchmarks on the risks that matter most to you – such as information security, third-party exposures and financial crime.
As an industry, we’ll be better equipped to assess the prevalence and cost of previously elusive risks, such as business continuity and model risk, giving us a true understanding of industry-wide and regional risk profiles –supporting you in making informed decisions and preparing more effectively for emerging threats.
What makes the ORX Reference Taxonomy more effective?
- Built on industry experience and insights: Driven by the practices and expertise of our member firms, the ORX Reference Taxonomy reflects the realities of risk management across the financial services industry.
- Aligned with evolving risks: It stays relevant by aligning with current industry practices and adapting to the changing landscape of key and emerging risks, ensuring categories reflect how firms actually operate.
- A common risk language: More than just a classification system, it introduces a contemporary risk language that helps firms consistently identify, compare, and respond to risks, supporting clearer communication and more effective risk management.
“The introduction of the ORX Reference Taxonomy into the ORX Global Loss Data marks a significant advancement in the way we, as a financial services industry, categorise, understand, and manage risks.
For the first time, ORX will be able to provide members with benchmarks and trend analysis for the risks that matter most to the industry, such as information security, third party, and financial crime."
Sarah Astill, Head of Risk Measurement
How does a common risk language benefit the industry?
As well as being contemporary and meaningful, the ORX Reference Taxonomy provides a unified risk language across all ORX products and services. This means firms can seamlessly cross-reference insights from:
- ORX Loss Data
- ORX News
- ORX Scenarios
- The ORX Reference Control Library
- The ORX Reference Risk Indicator Library
For the first time, we'll be able to compare the industry’s perception of top risks, gathered through the biannual Top Risk Review, with the actual data reported in industry-pooled loss data. In addition, we'll be able to compare these insights with the scenarios firms consider most material, as well as the public stories featured in ORX News. This will help us assess whether risk perceptions align with the realities reflected in both the loss data and ORX News.
How will we capture complex, cross-cutting risks?
Certain key risk areas - such as climate, cyber, resilience and third-party risks – are not always fully captured by traditional event-type categorisations. That’s why we’re introducing risk flags into ORX loss data, helping to better identify and understand the true cost of these critical risks.
When categorising an event using the ORX Reference Taxonomy, we’re answering the question:
“What happened to trigger this operational risk loss?”
In some cases, an event may be categorised as fraud or data management, but it might also involve a cyber incident or the use of a third party. The introduction of risk flags allows us to capture these connections more accurately, giving you a clearer picture of how complex risks unfold.
This enhanced detail will help you and your firm better understand the true costs of these risks and enable us to deliver richer benchmarks and analytics that support more effective risk management.
