External Risk Financing Options - This represents the transfer of risk to a third party and may include: conventional insurance, risk retention groups, group captives, risk sharing pools, rent-a-captives, agency captives, and finite risk insurance.

Internal Risk Financing Options - This represents self insurance and may involve a number of techniques including: unfunded retention, single parent captives, contractual transfer of risk, and funded retention.

Lone Retention Guidelines - Formal guidelines established as a part of the Operational Risk Management Plans as to how much risk may be retained by the institution in the form. of self insurance.

Operational Risk - The risk of loss - either financial or non-financial inherent in the bank Operations. Operational risk is pure risk i.e there is no opportunity for gain as in financial risk. Operational risk either result in loss or no loss. Examples of operational risk are: losses due to criminal activity (fraud, counterfeiting, forgery, etc.,) loss of revenue due to system outages or destruction, professional liability losses (shareholder suits, fines for regulatory non-compliance, suits by customers) intangible losses such as damage to reputation and credibility, etc.

Operational Risk Manager - The senior manager within the bank responsible for the development of the bank's Operational Risk Management Plan and implementation and management of the Operational Risk Management Program. The Operational Risk Manager should report directly to the .managing Director/General Manager.

Operational Risk Management Committee - An operational committee of the bank reporting directly to the Operational Risk Manager. this committee should be composed of members of all major operational and staff departments within the bank; to include, but not be limited;: to Internal Audit, Treasury Operations, Credit Card/ATM, Data Processing / Telecommunications, Insurance, Domestic Branch Operations, Overseas Branch/Subsidiary Operations, Private Banking, and Compliance. The Operational Risk Management Committee shall be responsible for assisting the Operational Risk Manager in developing Risk Assessment and Control Matrices for each functional area within the bank. and developing and implementing the Operational Risk Management Plan.

Operational Risk Management Plan - The strategic plan developed by the Operational Risk Manager and the Operational Risk

Management Committee and formally approved by the Board of Directors for addressing the management of operational risks within the institution. This plan should define how the institution proposes to handle each category of operational risk (i.e. crime, professional liability, regulatory/legal non-compliance, political risk, etc. ) and the methods to be used in their control (internal controls, internal retention of risk, risk transfer through conventional insurance, finite risk management programs, etc.). This plan should be reviewed and approved by the Board of Directors on at least an annual basis.

Penalty / Reward System - In the context of operational risk management, Penalty/Reward Systems should be used to create a system of incentives for the effective management of operational risk at the level of the operational department or unit. For example, branches which reduce losses below a target amounting receive bonuses equal to half of the amount saved.

Risk Assessment and Control Matrices - These matrices should be developed by each functional area and reviewed by both the Operational Risk Manager and the Internal Auditor. They should identify each area of operational risk to which the department / unit is subject, the level of potential loss (either financial or non-financial), and all internal and external methods to be used to either control or finance risk.

Risk Financing Policy - Formal guidelines established as apart of the Operational Risk Management Plan defining the methods to be used by the institution (i.e. conventional insurance, single parent captive, risk retention group, finite insurance. etc.) for the financing of operational risk.