People risk: Where are the boundaries?

Abstract

Spurred into action by several well-publicised losses in the financial sector, such as the collapse of the venerable Barings bank in the UK, banking regulators have begun to develop rules for quantifying, managing and disclosing operational risks. The Basel Committee, the world's senior banking regulator, has identified four categories of operational risk, namely, processes, people, systems and external events. This paper addresses the ‘people’ category. Despite the fact that, under the new regulations, capital must be assigned to cover ‘people’ risks, the boundaries of this particular risk are not well defined. Without a clear definition of this (or for that matter any other) risk, a firm's risk managers, and the boards that they report to, will not know whether such risks are being managed adequately. This paper develops a framework for analysing people risk and concludes that the scope of such risks cannot be managed solely by specialist operational risk management functions. Because of the sheer breadth of people risk, operational risk managers must reach out to other disciplines to properly understand its scope and to develop common approaches to its management.