Disclosure in operational risk management involves providing transparent, accurate and timely information to stakeholders about an institution’s approach to identifying, assessing and managing operational risks.

Public disclosures should offer enough detail to help external parties - such as regulators, investors and customers - evaluate the institution’s risk profile and the effectiveness of its control measures.

Key elements of effective disclosure include:

• Operational Risk Framework: Outlining the structure, principles and tools used to manage risks.
• Risk Appetite and Tolerance: Communicating the institution’s thresholds for acceptable risk.
• Significant Risk Events: Reporting on material risk incidents, their causes and the lessons learned.
• Continuous Improvement Efforts: Sharing initiatives undertaken to strengthen operational risk management practices.

An institution’s disclosure practices should align with its internal risk governance and comply with regulatory requirements while remaining accessible and comprehensible to its audience.