Operational Risk refers to the potential for loss resulting from failures in internal processes, systems, people or external events. Unlike financial or credit risk, operational risk is not directly tied to market or transactional exposure but instead stems from the day-to-day operations of a business. Examples include system outages, human error, internal fraud, cyberattacks, regulatory breaches or failures in third-party service providers.

Operational risk can arise from weaknesses in onboarding procedures, flawed screening systems, inadequate Due Diligence (DD) or inconsistent record-keeping, when looking at it through the lens of Know Your Customer (KYC), Anti-Money Laundering (AML) and Compliance. For example, if a compliance team fails to identify a sanctioned entity due to a gap in the screening process, the organization may face regulatory penalties and reputational damage.

Managing operational risk requires a proactive approach that includes strong internal controls, employee training, regular audits, robust technology infrastructure and clear escalation procedures.