You're right that operational risk can feel less intuitive than market or credit risk, but the Loss Distribution Approach is actually quite elegant once you see the mechanics. Let me walk through both LDA and KRIs.
**Loss Distribution Approach (LDA) — Overview**
The LDA models operational risk losses by separately estimating:
1. **Frequency distribution** — How many loss events occur per year? (Typically Poisson)
2. **Severity distribution** — How large is each individual loss? (Typically Lognormal or Generalized Pareto for tail events)
You then **convolve** these two distributions (combine them via Monte Carlo simulation) to get the **aggregate annual loss distribution**, from which you extract the capital charge at the 99.9th percentile.
**Step-by-Step Example:**
Northstar Financial Services wants to estimate op risk capital for its **internal fraud** event type.
**Step 1: Estimate Frequency**
Historical data (10 years of internal loss data + consortium data) suggests an average of **8 internal fraud events per year**.
- Frequency ~ Poisson(λ = 8)
**Step 2: Estimate Severity**
Past fraud losses range from $15,000 to $4.2M. Fitting a lognormal distribution:
- Severity ~ Lognormal(μ = 11.5, σ = 1.8)
- This gives a mean loss of ~$210,000 and a heavy right tail
**Step 3: Monte Carlo Convolution**
For each simulation run (say 100,000 iterations):
1. Draw N from Poisson(8) — e.g., N = 11 events this year
2. Draw 11 severity values from Lognormal(11.5, 1.8)
3. Sum them to get the aggregate annual loss
**Step 4: Extract Capital**
Sort all 100,000 aggregate loss outcomes. The 99.9th percentile (the 100th worst out of 100,000) might be **$6.8M**. That's the op risk capital charge for internal fraud.
Repeat for all 7 Basel event types (internal fraud, external fraud, employment practices, clients/products, physical assets, business disruption, execution/delivery) and sum across them (with or without diversification).
**Key Risk Indicators (KRIs) — The Forward-Looking Complement**
While LDA is backward-looking (based on historical losses), KRIs provide **early warning signals** of emerging operational risks.
**What Makes a Good KRI:**
- **Measurable** — quantitative, not subjective
- **Leading** — predicts future losses, not just reports past ones
- **Actionable** — when the indicator breaches a threshold, management can intervene
**Examples of KRIs by Risk Type:**
| Risk Type | KRI | Threshold Example |
|---|---|---|
| Internal fraud | Staff turnover in trading desks | > 25% annual turnover |
| Systems failure | Unplanned system downtime hours | > 4 hours/month |
| Process error | Trade settlement failure rate | > 0.5% of transactions |
| External fraud | Phishing email volume targeting staff | > 200/week |
| Compliance | Overdue regulatory filings | Any overdue > 5 days |
**How KRIs and LDA Work Together:**
1. **LDA** sets the capital charge based on historical loss patterns.
2. **KRIs** provide real-time monitoring and trigger management action before losses materialize.
3. Some advanced banks use **Bayesian approaches** to update LDA parameters with KRI data — if system downtime KRIs are spiking, the frequency parameter for technology losses is adjusted upward.
**Exam Tip:** GARP loves asking about the limitations of LDA — specifically, the scarcity of internal data for high-severity / low-frequency events and the need to supplement with external data and scenario analysis.
Our FRM Part II course on AcadiFi covers all three pillars of op risk measurement (LDA, scenario analysis, and scorecard approaches) with practice problems tailored to recent exam trends.