8. General Criteria on Loss Data Identification, Collection and Treatment
| No: 44047144 | Date(g): 27/12/2022 | Date(h): 4/6/1444 | Status: In-Force |
Effective from Jan 01 2023 - Dec 31 2022
To view other versions open the versions tab on the right
| The proper identification, collection and treatment of internal loss data are essential prerequisites to capital calculation under the standardized approach. The general criteria for the use of the LC are as follows: | ||
| a) | Internally generated loss data calculations used for regulatory capital purposes must be based on a 10-year observation period. When the bank first moves to the standardized approach, a five-year observation period is acceptable on an exceptional basis when good-quality data are unavailable for more than five years. | |
| b) | Internal loss data are most relevant when clearly linked to a bank’s current business activities, technological processes and risk management procedures. Therefore, a bank must have documented procedures and processes for the identification, collection and treatment of internal loss data. Such procedures and processes must be subject to validation before the use of the loss data within the operational risk capital requirement measurement methodology, and to regular independent reviews by internal and/or external audit functions. | |
| c) | For risk management purposes, and to assist in supervisory validation and/or review, SAMA will request a bank to map its historical internal loss data into the relevant Level 1 supervisory categories as defined in annexure 2 and to provide this data to SAMA. The bank must document criteria for allocating losses to the specified event types. | |
| d) | A bank’s internal loss data must be comprehensive and capture all material activities and exposures from all appropriate subsystems and geographic locations. The minimum threshold for including a loss event in the data collection and calculation of average annual losses is set at SAR 44,600 for the purpose of the calculation of average annual losses, SAMA may increase the threshold to SAR 446,000 for the banks where the BI is greater than SAR 4.46 billion). | |
| e) | A side from information on gross loss amounts, the bank must collect information about the reference dates of operational risk events, including the date when the event happened or first began (“date of occurrence”), where available; the date on which the bank became aware of the event (“date of discovery”); and the date (or dates) when a loss event results in a loss, reserve or provision against a loss being recognized in the bank’s profit and loss (P&L) accounts (“date of accounting”). In addition, the bank must collect information on recoveries of gross loss amounts as well as descriptive information about the drivers or causes of the loss event.3 The level of detail of any descriptive information should be commensurate with the size of the gross loss amount. | |
| f) | Operational loss events related to credit risk and that are accounted for in credit risk RWAs should not be included in the loss data set. Operational loss events that relate to credit risk, but are not accounted for in credit risk RWAs should be included in the loss data set. | |
| g) | Operational risk losses related to market risk are treated as operational risk for the purposes of calculating minimum regulatory capital under this framework and will therefore be subject to the standardized approach for operational risk. | |
| h) | Banks’ Internal Audit function must conduct independently review of the comprehensiveness and accuracy of the loss data at least on annul basis and submit the report to the Audit Committee. | |
3 Tax effects (eg reductions in corporate income tax liability due to operational losses) are not recoveries for purposes of the standardized approach for operational risk.