SYSC 13.2 Purpose

SYSC 13.2.1GRP

SYSC 13 provides guidance on how to interpret SYSC 3.1.1 R and SYSC 3.2.6 R, which deal with the establishment and maintenance of systems and controls, in relation to the management of operational risk. Operational risk has been described by the Basel Committee on Banking Supervision as "the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events". This chapter covers systems and controls for managing risks concerning any of a firm's operations, such as its IT systems and outsourcing arrangements. It does not cover systems and controls for managing credit, market, liquidity and insurance risk.

SYSC 13.2.2GRP

Operational risk is a concept that can have a different application for different firms. A firm should assess the appropriateness of the guidance in this chapter in the light of the scale, nature and complexity of its activities as well as its obligations as set out in Principle 3, to organise and control its affairs responsibly and effectively.

SYSC 13.2.3GRP

A firm should take steps to understand the types of operational risk that are relevant to its particular circumstances, and the operational losses to which they expose the firm. This should include considering the potential sources of operational risk addressed in this chapter: people; processes and systems; external events.

SYSC 13.2.4G



1Operational risk can, amongst other things, lead to unfair treatment of consumers or lead to financial crime. A firm should consider all operational risk events that may affect these matters in establishing and maintaining its systems and controls.