Can banks use insurance to reduce operational risk capital requirements, and what are the limitations?
I know banks buy insurance policies covering things like fraud, cyber events, and natural disasters. Can they use this insurance to reduce their regulatory operational risk capital charge? The FRM II material mentions some restrictions.
Yes, under certain Basel frameworks banks could (and under some national implementations still can) receive partial capital credit for insurance coverage against operational risk events. However, the treatment has evolved significantly with the transition from AMA to SMA.
Under the AMA (Historical):
The AMA allowed banks to recognize insurance mitigation up to a cap of 20% of the total operational risk capital charge, subject to strict eligibility criteria:
- Insurer Quality — The insurer must have a minimum credit rating (typically A or equivalent) to ensure the policy actually pays out when needed
- Policy Coverage Match — The insurance must cover the same operational risk events included in the capital model
- Residual Term — Policy must have a remaining term of at least one year. Policies expiring within 90 days receive zero recognition (haircut to zero)
- Cancellation Notice — Minimum 90 days' cancellation notice to prevent sudden coverage gaps
- No Exclusions for Regulatory Actions — Policies that exclude regulatory fines or penalties have limited recognition
- Haircut for Uncertainty — A haircut applied for counterparty risk (insurer default) and coverage gaps (deductibles, caps, exclusions)
Under the SMA (Current):
The SMA does NOT allow insurance mitigation. This is a deliberate simplification — the Basel Committee concluded that valuing insurance benefits reliably was too complex and subjective.
However, the Internal Loss Multiplier (ILM) component of SMA uses net loss data (after insurance recoveries). So while insurance doesn't directly reduce the SMA formula's output, recoveries from past insurance claims do lower the historical loss input, which indirectly reduces the ILM.
Why Insurance Mitigation Is Limited:
| Challenge | Explanation |
|---|---|
| Basis risk | Insurance policies rarely cover 100% of operational losses — deductibles, caps, and exclusions create gaps |
| Counterparty risk | If the insurer fails (as AIG nearly did in 2008), the 'mitigation' disappears |
| Claims process risk | Insurance claims for large operational losses often involve lengthy disputes and litigation |
| Moral hazard | Excessive insurance reliance could weaken internal controls |
| Coverage volatility | Insurance markets can change terms, increase premiums, or withdraw capacity after large industry losses |
Practical Reality:
Banks still buy operational risk insurance for economic protection (protecting earnings from individual large losses), but the regulatory capital benefit is limited or nonexistent under SMA. The insurance decision is driven by risk management economics, not capital optimization.
Exam Tip: FRM II tests the AMA vs SMA treatment of insurance and the reasons for the 20% cap and eligibility criteria under AMA.
Explore operational risk mitigation strategies in our FRM resources.
Master Part II with our FRM Course
64 lessons · 120+ hours· Expert instruction
Related Questions
How exactly do futures margin calls work, and what happens if I can't meet one?
How do you calculate the settlement amount on a Forward Rate Agreement (FRA)?
When should I use Monte Carlo simulation instead of parametric VaR, and how does it actually work?
Parametric VaR vs. Historical Simulation VaR — when does each method fail?
What are the core components of an Enterprise Risk Management (ERM) framework, and how does it differ from siloed risk management?
Join the Discussion
Ask questions and get expert answers.