Operational Risk Loss Model

Worked Examples

Example 1: Payment Processing Failure

Problem: Payment system fails 0.5x/year on average. Average loss: $75,000 per incident. Max loss: $500,000. Controls 70% effective.

Solution: Expected loss: $37,500/year. With controls: ~$11,000 residual. 99th percentile VaR: ~$200,000. Controls save ~$26,000/year.

Result: $11K expected | $200K VaR | Controls justified | Consider insurance for tail

Example 2: Data Breach Risk

Problem: Breach risk: 0.2x/year. Average breach cost: $200,000. Max: $2M. Security controls 80% effective.

Solution: Expected: $40,000/year before controls. With controls: $8,000 residual. But VaR at 99%: ~$400,000. Low frequency but catastrophic tail.

Result: $8K expected | $400K VaR | Cyber insurance recommended | Tail risk significant

Example 3: Process Error

Problem: Manual process errors: 5x/year. Average impact: $10,000. Max: $50,000. Automation would be 85% effective but costs $30,000.

Solution: Current expected loss: $50,000/year. Post-automation: $7,500. Savings: $42,500/year. ROI: 142% first year.

Result: $42.5K annual savings | 142% ROI | Automation pays for itself in 9 months

Frequently Asked Questions

What is operational risk?

Operational risk is the risk of loss from inadequate or failed processes, people, systems, or external events. It includes fraud, system failures, errors, compliance breaches, and process breakdowns. It's distinct from market or credit risk.

How do you quantify operational risk?

Loss Frequency × Loss Severity = Expected Loss. Frequency is events per year. Severity is average loss per event. This gives expected annual loss. Add tail risk analysis (Value at Risk) for extreme scenarios.

What is Value at Risk (VaR) for operational risk?

VaR estimates maximum loss at a confidence level (e.g., 99%). For operational risk, 99th percentile VaR means the loss that won't be exceeded 99% of the time. The 1% tail captures catastrophic scenarios.

How effective are risk controls?

Effectiveness varies: Automation 70-90%, Access controls 60-80%, Manual review 30-50%, Training 20-40%. Multiple controls compound. But no control is 100% effective—residual risk always remains.

Should I buy insurance for operational risk?

Compare insurance premium to expected loss and VaR. Insurance makes sense when: potential loss exceeds affordable reserves, catastrophic scenarios exist, or regulations require it. Don't insure what you can afford to self-insure.

How do I collect loss data?

Track all incidents, near-misses, and losses in a database. Categorize by type. Estimate losses even for avoided incidents. Industry data (ORX, consortium data) supplements internal data.

Background & Theory

The Operational Risk Loss Frequency-Severity Model applies the following established principles and formulas. Break-even analysis identifies the sales volume at which total revenue equals total costs, producing neither profit nor loss. The formula divides total fixed costs by the contribution margin per unit, where contribution margin equals selling price minus variable cost per unit. If a software product has $50,000 in monthly fixed costs and each licence generates $20 above its variable cost, break-even requires 2,500 unit sales per month. Above that threshold, each additional unit contributes directly to profit. Gross margin expresses the percentage of revenue remaining after direct cost of goods sold: gross margin equals revenue minus COGS, divided by revenue. A SaaS company with 80 percent gross margins retains $0.80 of every revenue dollar to cover operating expenses, while a manufacturer with 30 percent gross margins faces much tighter operating leverage. Customer acquisition cost (CAC) divides total sales and marketing expenditure in a period by the number of new customers acquired in that same period. Customer lifetime value (LTV) estimates the total profit attributable to a customer relationship. The standard formula multiplies average revenue per user (ARPU) by gross margin and divides by the monthly churn rate. A business with $50 ARPU, 75 percent gross margin, and 2 percent monthly churn has an LTV of $1,875. The LTV:CAC ratio benchmarks unit economics health; a ratio above 3:1 is generally considered sustainable, while ratios below 1:1 indicate the business is acquiring customers at a loss. Burn rate measures monthly cash expenditure net of revenue. Cash runway equals current cash reserves divided by net monthly burn. A company with $1.2 million in the bank burning $100,000 per month has twelve months of runway. The Rule of 40 is a benchmark for SaaS health: the sum of annual revenue growth rate (as a percentage) and profit margin (as a percentage) should equal or exceed 40. High-growth companies burning cash can still pass this rule if their growth rate compensates.

History

The history behind the Operational Risk Loss Frequency-Severity Model traces back through the following developments. Early economic thought centred on mercantilism, the 16th and 17th century doctrine that national wealth derived from accumulating precious metals through export surpluses and colonial extraction. Adam Smith's "Wealth of Nations" in 1776 dismantled this framework, arguing that genuine prosperity arose from specialisation, division of labour, and freely operating markets. David Ricardo extended Smith's work with the theory of comparative advantage in 1817, demonstrating mathematically that mutually beneficial trade was possible even when one country was less productive in every industry. Alfred Marshall's "Principles of Economics" published in 1890 provided the modern framework of supply and demand curves, consumer surplus, price elasticity, and marginal analysis, establishing neoclassical economics as the dominant academic paradigm for decades. The Great Depression exposed the limits of laissez-faire assumptions, and John Maynard Keynes's "General Theory of Employment, Interest and Money" in 1936 argued that private-sector aggregate demand failures required countercyclical government fiscal intervention to restore full employment, shifting the policy consensus toward active macroeconomic management. The post-World War II decades constructed mixed-economy models combining market allocation with expanded welfare states and Keynesian demand management. Milton Friedman and the Chicago School challenged this consensus from the 1960s onward, championing monetarism and arguing that stable money supply growth was superior to discretionary fiscal policy. Their influence shaped the deregulatory and privatisation policies of the Reagan and Thatcher eras in the 1980s. Behavioural economics emerged through the work of Daniel Kahneman and Amos Tversky in the 1970s and Richard Thaler in the 1980s, using psychology to demonstrate that real human decision-making deviates systematically from rational-actor models through heuristics and biases. The rise of the internet and mobile platforms in the 2000s and 2010s created a new category of platform economics, where network effects, near-zero marginal cost of digital goods, and two-sided market dynamics generated winner-take-most competitive outcomes requiring new analytical frameworks for business valuation.