Banking (Capital) (Operational Risk) Code

Approval and Effective Date

On 06 Dec 2024, the Hong Kong Monetary Authority (HKMA) approved the Banking (Capital) (Operational Risk) Code, effective 1 January 2025, to provide guidance on operational risk capital requirements under sections 323 and 336 of the Banking (Capital) Rules (Chapter 155L). This code of practice specifies detailed requirements for authorized institutions to calculate operational risk capital charges.

Guidance on BI Calculation

The code specifies income statement and balance sheet items for calculating Basic Indicator (BI) under section 323(2) of the Capital Rules, as detailed in Table A. These include dividend income, fee and commission expenses/income, gains/losses from banking/trading book assets, interest-earning assets, interest expenses, interest income, other operating expenses, and other operating income. The Monetary Authority has provided typified sub-items for each category to ensure consistent application.

High Quality Operational Loss Data Standards

The code establishes standards for 'high quality operational loss data' under sections 323(1) and 323(3), requiring authorized institutions to implement documented policies for end-to-end data management (identification, collection, aggregation, storage, retention, and backup). Data must undergo validation by auditors before use for capital calculation and annual independent review. Institutions must classify events per Table B's event-type categories, ensure data comprehensiveness across material activities and geographies, retain data for events exceeding the Specified Amount (HKS200,000), and include specified data elements in Table C.

Operational Loss Event Definition

The code defines 'operational loss event' under section 323(1) and 323(4) as any event falling within the event-type categories specified in Table B. These categories include internal fraud, external fraud, employment practices, business practices, damage to physical assets, and business disruption. The guidance mandates that institutions capture all material losses from such events, including gross loss amounts, drivers/causes, recoveries, and timing losses, while excluding certain costs like general maintenance and insurance premiums.

Exclusion Threshold for Loss Data

Under sections 336(1)(a) and 336(2), the code specifies a threshold of HKS200,000 for excluding loss data from the Loss Distribution Approach (LDA) calculation. Losses from events with cumulative losses (after recoveries) below this threshold must be excluded. The Monetary Authority may approve exclusion of losses from events meeting specific criteria, including demonstration that the event is no longer relevant to the institution's risk profile and losses have been included in annual operational risk calculations for at least three years (excluding divested businesses).

Conditions for Monetary Authority Approval

The code details conditions under sections 336(1)(c) and 336(3) for Monetary Authority approval to exclude losses. The Authority may grant approval only if it considers it prudent, based on the institution's risk profile, and after verifying that the event is no longer relevant and losses were included in calculations for at least three years. Approval is prohibited if cumulative losses (after recoveries) exceed 5% of the institution's three-year arithmetic mean of annual operational risk losses, or if other relevant factors warrant exclusion.