SYSC 13 provides guidance on how to interpret SYSC 3.1.1 R and SYSC 3.2.6 R, which deal with the establishment and maintenance of systems and controls, in relation to the management of operational risk. Operational risk has been described by the Basel Committee on Banking Supervision as "the risk of loss, resulting from inadequate or failed internal processes, people and systems, or from external events". This chapter covers systems and controls for managing risks concerning any of a firm's operations, such as its IT systems and outsourcing arrangements. It does not cover systems and controls for managing credit, market, liquidity and insurance risk.
Operational risk is a concept that can have a different application for different firms. A firm should assess the appropriateness of the guidance in this chapter in the light of the scale, nature and complexity of its activities as well as its obligations as set out in Principle 3, to organise and control its affairs responsibly and effectively.
A firm should take steps to understand the types of operational risk that are relevant to its particular circumstances, and the operational losses to which they expose the firm. This should include considering the potential sources of operational risk addressed in this chapter: people; processes and systems; external events.