1.Overview of Operational Risk Management

• The Bank of Korea (BOK) effectively performs risk management activities to identify and control risk factors that exist internally and externally within the organization, ensuring smooth operations of its fundamental functions, such as currency issuance, implementation of monetary policy, and the operation of payment settlement systems.
• Operational risk refers to the risk of hindering the achievement of organizational goals or causing financial losses and reputational damage due to inappropriate business processes, systems, inadequate staff management, or external events.
• Risk appetite refers to the level of risk that an organization can tolerate in the process of achieving its objectives. The BOK establishes a risk appetite that its employees should consider in their work and regularly reviews its appropriateness.

2. Operational Risk Management Governance Structure

The operational risk management of the BOK is structured in the form of a Three-Lines of Defense model(3-lines of defense model) consisting of front-line departments, dedicated risk management departments, and the audit office.

3. Operational Risk Management Organization

• In order to manage bank-wide operational risks and to ensure business continuity, a dedicated Operational Risk Team has been established within the Strategy and Coordination Department to support operational risk management activities across all departments.
• Furthermore, through the Risk Committee composed of relevant department heads, we strengthen the risk management framework and support senior management in making risk-related decisions.
• In the event of a serious disaster or the possibility thereof, the Emergency Response Committee is convened to oversee bank-wide responses.

4. Operational Risk Management Tools

Operational risk management at the BOK utilizes the following tools.

• 1.Risk Register Management
  A risk register refers to a list of identified risks categorized by risk type, and each department regularly updates the risk register by identifying potential risks through a business process analysis.
• 2.Risk Control Self-Assessment (RCSA)
  Through Risk Control Self-Assessment (RCSA), departments can assess the current level of risks and control activities within the organization, and verify the effectiveness of control activities. This enables them to effectively achieve business objectives.
• 3.Monitoring Key Operational Risk Indicators (KORI)
  By monitoring Key Operational Risk Indicators (KORI), we regularly examine major risk factors that could lead to business disruption, financial loss, or reputational damage. This proactive approach helps prevent the occurrence of related incidents and provides valuable reference material for management decision-making.
• 4.Risk Reports
  Risk Reports are periodically prepared to capture the overall risk management status and assessment of the BOK. These reports aim to identify efficient response strategies for the risks faced by the BOK.

Business Continuity Management : The BOK has established and maintains a Business Continuity Plan (BCP) to ensure an effective response and to enhance organizational resilience in the event of a disaster that could disrupt core business operations. The development of the BCP follows the Three-Lines of Defense model similar to operational risk management.