Skip to content
About Us Insight platform ORX News platform Create an account
Login

Showing results for ""

Unfortunately, no results match your current query

    ,

    EBA finalises new operational risk event taxonomy

    POSTED BY
    false
    EBA finalises new operational risk event taxonomy
    2:34

    The European Banking Authority published its final risk event taxonomy on 4 August, following consultation with the industry. This taxonomy will be adopted as part of the European Union’s Capital Requirements Regulation for regulatory submissions.

    The taxonomy uses a two-level structure. Level one retains the seven event types currently used by Basel II to categorise operational risk events. The EBA has developed 26 new categories at level two granularity for more detailed event categorisation.

    ORX welcomes this new taxonomy as an important step forward in developing risk management practice. Like the ORX Reference Taxonomy for Event Types, first published in 2019, the EBA’s taxonomy enables firms to label and report on the risks faced by financial institutions today, such as financial crime or model risk.

    The EBA’s new risk event taxonomy closely aligns with ORX Reference Taxonomy. Firms that have adopted the ORX Reference Taxonomy in full for event categorisation can substantially derive the respective value for the EBA taxonomy.

    Steve Bishop, Research and Information Director at ORX commented:

    “New event taxonomies enable non-financial risk managers to identify, quantify and manage the key risks of today. That’s why ORX has invested in providing detailed event, cause and impact taxonomies that provide a benchmark for the industry.”

     

    Key changes

    The EBA had made several changes to its draft event taxonomy following consultation received from the industry in 2024, including extensive feedback provided by ORX.

    These changes include:

    • Addition of a data privacy breach level 2 value, enabling firms to label the applicable information security events
    • Standalone financial crime level 2 category now included
    • Simplification of the business disruption and system failures level 2 categories

    Attributes

    Alongside the event taxonomy, the EBA has also established a list of attributes (also known as flags). Attributes enable firms to specify a common risk characteristic or cause that is independent of the level 1 event type categorisation.

    As part of this final version of the taxonomy, the EBA has added a Cyber flag (“ICT risk – Cyber”) to its taxonomy. This is a good alignment with the ‘Cyber’ risk theme flag that ORX is incorporating into its loss data collection.

    The full list of event types and attributes is available from the EBA here.

    Next steps

    The RTS will go through a European Union approval process prior to implementation as part of the Capital Requirements Regulation (CRR). 

    ORX will provide a mapping from the ORX Reference Taxonomy for Event Types to the finalised EBA operational risk event taxonomy in September.
    Speech Bubbles Reversed Cyan 150px

    Want to know more about our Reference Taxonomy?

    Latest blogs and updates