Article 26 Scenario analysis

  1. (1)

    Competent authorities shall assess an institution's compliance with the standards relating to scenario analysis, as referred to in point (iii) of Article 20(d), by verifying at least the following:

    1. (a)

      that the institution has a robust governance framework in place relating to the scenario process that generates credible and reliable estimates, irrespective of whether the scenario is used for evaluating high severity events or the overall operational risk exposures;

    2. (b)

      that the scenario process is clearly defined, well documented, repeatable and designed to reduce as much as possible subjectivity and biases, including:

      1. (i)

        the underestimation of risk due to the number of observed events being small;

      2. (ii)

        the misrepresentation of information due to scenario assessors' interests in conflict with the goals and consequences of the assessment;

      3. (iii)

        the overestimation of events with temporal proximity to the scenario assessors;

      4. (iv)

        the distortion of assessment due to the categories within which the responses are represented;

      5. (v)

        the bias in the information presented in background materials to survey questions or within the questions themselves.

    3. (c)

      that qualified and experienced facilitators provide consistency in the process;

    4. (d)

      that the assumptions used in the scenario process are based, to the maximum extent, on the relevant internal data and external data with an objective and unbiased selection process;

    5. (e)

      that the chosen number of scenarios, the level at, or units in, which scenarios are studied, are realistic and properly explained, and that the scenario estimates take into account relevant changes in the internal and external environments that can affect the institution's operational risk exposure;

    6. (f)

      that the scenario estimates are generated taking into account potential or probable operational risk events that have not yet, fully or partly, materialised in an operational risk loss;

    7. (g)

      that the scenario process and estimates are subject to a robust independent challenge process and oversight.