{"id":30880,"date":"2023-08-16T11:20:20","date_gmt":"2023-08-16T11:20:20","guid":{"rendered":"https:\/\/analystprep.com\/study-notes\/?p=30880"},"modified":"2026-03-05T14:22:24","modified_gmt":"2026-03-05T14:22:24","slug":"introduction-to-operational-risk-and-resilience-2","status":"publish","type":"post","link":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/","title":{"rendered":"Introduction to Operational Risk and Resilience"},"content":{"rendered":"<p><script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"ImageObject\",\n  \"url\": \"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\",\n  \"caption\": \"Illustration from AnalystPrep Study Notes\",\n  \"copyrightNotice\": \"\u00a9 2024 AnalystPrep\",\n  \"acquireLicensePage\": \"https:\/\/analystprep.com\/license-info\",\n  \"creditText\": \"AnalystPrep Design Team\",\n  \"creator\": {\n    \"@type\": \"Organization\",\n    \"name\": \"AnalystPrep\"\n  }\n}\n<\/script><br \/>\n<script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"QAPage\",\n  \"mainEntity\": {\n    \"@type\": \"Question\",\n    \"name\": \"Which aspect should be given the highest priority to improve a bank\u2019s operational resilience framework?\",\n    \"text\": \"XYZ Bank is planning to improve its operational resilience framework. As a risk manager, which of the following should be given the highest priority?\",\n    \"answerCount\": 4,\n    \"acceptedAnswer\": {\n      \"@type\": \"Answer\",\n      \"text\": \"The correct answer is C. Identifying and protecting critical business services (CBS) should be the highest priority. Operational resilience focuses on ensuring that essential services continue during disruptions such as cyber-attacks, system failures, or natural disasters. By identifying and protecting these critical services, a bank can prioritize resources and safeguards to maintain its most important operations.\"\n    },\n    \"suggestedAnswer\": [\n      {\n        \"@type\": \"Answer\",\n        \"text\": \"Increasing cybersecurity defenses.\"\n      },\n      {\n        \"@type\": \"Answer\",\n        \"text\": \"Enhancing backup and recovery procedures.\"\n      },\n      {\n        \"@type\": \"Answer\",\n        \"text\": \"Identifying and protecting critical business services.\"\n      },\n      {\n        \"@type\": \"Answer\",\n        \"text\": \"Implementing a more robust business continuity plan.\"\n      }\n    ]\n  }\n}\n<\/script><\/p>\n<p><iframe loading=\"lazy\" src=\"\/\/www.youtube.com\/embed\/kBtjYGebT6o\" width=\"611\" height=\"343\" allowfullscreen=\"allowfullscreen\"><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><\/iframe><\/p>\n<p><strong>After completing this reading<\/strong>,<strong> you should be able to<\/strong>:<\/p>\n<ul>\n<li>Describe an operational risk management framework and assess the types of risks that can fall within the scope of such a framework.<\/li>\n<li>Describe the seven Basel II event risk categories and identify examples of operational risk events in each category.<\/li>\n<li>Explain the characteristics of operational risk exposures and operational loss events and challenges that can arise in managing operational risk due to these characteristics.<\/li>\n<li>Describe operational resilience, identify the elements of an operational resilience framework, and summarize regulatory expectations for operational resilience.<\/li>\n<\/ul>\n<h2>Operational Risk Management Framework and the Types of Risks That Can Fall Within the Scope of Such a Framework<\/h2>\n<p>An operational risk management framework is an approach to mitigating the risks associated with organizational operations. It involves identifying, assessing, monitoring, and controlling risks that could result in adverse outcomes that affect an organization\u2019s ability to meet its goals and objectives. An operational risk management framework should include clear processes, policies, and procedures for identifying potential operational risks, assessing their severity, and developing strategies for reducing or eliminating them.<\/p>\n<p>The Basel Committee defines operational risk as \u201cthe risk of loss resulting from inadequate or failed internal processes, people and systems, or \u00a0external events.\u201d<\/p>\n<p>Operational risk encompasses a wide range of potential threats, including natural disasters, human mistakes, inadequate procedures or technologies, cyberattacks, financial losses due to fraud or theft, and reputational damage attributed to regulatory violations. To successfully manage these risks, organizations must have a comprehensive approach that incorporates all aspects of business operations. The focus of such an approach should range from employee roles and responsibilities to the use of technology and the development of data security protocols.<\/p>\n<p>Many programs that manage risks in banks take effective management of operational risk as a fundamental element that is inherent in all banking products, systems, activities, and processes. Therefore, sound operational risk management reflects the board&#8217;s and senior management&#8217;s effectiveness in the administration of portfolio products, activities, processes, and systems.<\/p>\n<h3>Operational Risk Management (ORM), Non-financial Risk Management (NFRM), and Enterprise Risk Management (ERM)<\/h3>\n<p>Operational risk can also be referred to as non-financial risk. Some banks may have NFRM (Non-financial Risk Management) departments instead of ORM (Operational Risk Management) departments. This happens because factors that are not financial in nature often influence operational risk.<\/p>\n<p>Enterprise Risk Management (ERM) is the term for the comprehensive management of all business risks.<\/p>\n<p>In the financial sector, ERM offers a structure for managing an organization&#8217;s financial and non-financial risks from a firm-wide viewpoint.<\/p>\n<p>Outside the financial industry, operational risks may account for the majority of a company&#8217;s risk exposure, resulting in no distinction between ERM and ORM.<\/p>\n<h2>The Seven Basel II Event Risk Categories, Including Examples of Operational Risk Events in Each Category<\/h2>\n<p>The Basel Committee on Banking Supervision (BCBS) breaks down operational risk into seven major categories known as &#8220;Basel types level 1.&#8221;<\/p>\n<p>The table below summarizes the seven level 1 categories of OpRisk according to the Basel committee.<\/p>\n<h4>Table 1.1: The Seven Basel II Operational Risk Events<\/h4>\n<p>$$\\small{\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Definition} \\\\\\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Internal fraud}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses due to acts of a type intended to defraud,}\\\\\\text{misappropriate property or circumvent regulations,}\\\\\\text{the law or company policy, excluding diversity or }\\\\\\begin{array}[c]{@{}l@{}}\\text{discrimination events, which involve}\\\\\\text{at least one internal party}\\end{array} \\end{array}\\\\\\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{External fraud}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses due to acts of a type intended to defraud,}\\\\\\text{misappropriate property or circumvent the law,}\\\\\\text{by a third party.}\\end{array} \\\\ \\hline\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Employment}\\\\\\text{practices and }\\\\\\text{workspace safety}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses arising from acts inconsistent with employment,}\\\\\\text{health or safety laws or agreements,}\\\\\\text{from payment of personal injury claims or}\\\\\\text{from diversity\/discrimination events.}\\end{array} \\\\\\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Clients,}\\\\\\text{products, and }\\\\\\text{business }\\\\\\text{practices}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses arising from an unintentional or negligent failure}\\\\\\text{to meet a professional obligation to specific clients}\\\\\\text{(including fiduciary and suitability requirements), or}\\\\\\text{from the nature or design of a product.}\\end{array} \\\\ \\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Damage to }\\\\\\text{physical assets}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses arising from loss or damage to physical assets}\\\\\\text{from natural disaster or other events.}\\end{array} \\\\ \\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Business disruption}\\\\\\text{and system failures}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses arising from disruption of business or system failures.}\\end{array} \\\\ \\hline<br \/>\n\\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Execution, }\\\\\\text{delivery and}\\\\\\text{process management}\\end{array} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Losses from failed transaction processing or}\\\\\\text{process management, from relations}\\\\\\text{with trade counterparties and vendors.}\\end{array} \\end{array}}$$<\/p>\n<h3>Category 1: Internal Fraud\u00a0 (IF)<\/h3>\n<p>Internal fraud includes any fraudulent activity a firm&#8217;s employees perpetrate. It is one of the less frequent types of OpRisk losses. It owes its rarity to the sophisticated internal control investments institutions have made over the years. However, cases of internal fraud still occur, and billions of dollars go down the drain.\u00a0<\/p>\n<h4>Table 1.2: Examples of Internal Fraud<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Examples} \\\\ \\hline<br \/>\n\\text{Internal Fraud} &amp;{\\text{Transactions not reported (intentional);}\\\\ \\text{transaction type unauthorized (w\/monetary loss);}\\\\ \\text{mismarking of position (intentional).}}\\\\\\\\ &amp;{\\text{Fraud\/credit fraud\/worthless deposits};\\\\ \\text{theft\/ extortion\/embezzlement\/robbery};\\\\ \\text{misappropriation of assets},\\\\ \\text{malicious destruction of assets;}\\\\ \\text{forgery; check kiting;}\\\\\\text{smuggling; account take-over\/impersonation\/ etc.};\\\\ \\text{tax noncompliance\/evasion (willful); bribes\/kickbacks};\\\\ \\text{insider trading (not on firm\u2019s account)}}\\end{array}$$<\/p>\n<h3>Category 2: External\u00a0 Frauds\u00a0 (EF)<\/h3>\n<p>External fraud includes all forms of fraud third parties or outsiders perpetrate against a firm. In banking, good examples would be system hacking and cheque and credit card fraud. In recent years, external fraud has cost financial firms millions of dollars.<\/p>\n<h4>Table 1.3: Examples of External Fraud<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Examples} \\\\ \\hline\u00a0<br \/>\n\\text{External Fraud} &amp; {\\text{Theft\/robbery; forgery; check kiting}\\\\ \\text{ Hacking damage; theft of information }\\\\ \\text{(w\/monetary loss) }}\\end{array}$$<\/p>\n<h3>Category 3: Employment Practices and Workplace Safety (EPWS)<\/h3>\n<p>EPWS is more prominent in parts of the world where labor laws are either old-fashioned, or there is more of a culture of litigation against employers.<\/p>\n<h4>Table 1.4: Examples of EPWS Events<\/h4>\n<p>$$\\begin{array}{l|l} \\textbf{Event Category} &amp; \\textbf{Examples} \\\\ \\hline \\\\<br \/>\n{\\text{Employment Practices}\\\\ \\text{and Workplace Safety}} &amp; {\\text{Compensation, benefit, termination issues;}\\\\\\text{organized labor activity.} \\\\\u00a0 \\text{General liability (e.g., slip and fall.);}\\\\ \\text{employee health and safety rules events;}\\\\ \\text{workers compensation.} \\\\ \\ \\text{All discrimination types.}} \\end{array}$$<\/p>\n<h3>Category 4: Clients, Products, and Business Practices (CPBP)<\/h3>\n<p>This is one of the categories that have the highest numbers of loss events, particularly in the US. It encompasses losses, for example, from disputes with clients and counterparties, regulatory fines due to improper business practices, or wrongful advisory activities.<\/p>\n<h4>Table 1.5: Examples of Events under the Clients, Products, and Business Practices Category<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Examples} \\\\ \\hline<br \/>\n{\\text{Clients, products,}\\\\ \\text{and business}\\\\\\text{practices}}&amp; {\\text{Fiduciary breaches\/guideline violations;}\\\\ \\text{disclosure issues (e.g., KYC);}\\\\ \\text{retail customer disclosure violations;}\\\\ \\text{breach of privacy;}\\\\\\text{misuse of confidential information.}\\\\ \\text{Antitrust; improper trade practices;} \\\\ \\text{market manipulation;}\\\\ \\text{insider trading (on firm\u2019s account);}\\\\ \\text{unlicensed activity; money laundering.}\\\\ \\text{Product defects (e.g., unauthorized);}\\\\ \\text{model errors.}\\\\ \\text{Failure to investigate clients as per guidelines,}\\\\ \\text{exceeding client exposure limits.} \\\\ \\text{Disputes over the performance of advisory activities}} \\end{array}$$<\/p>\n<h3>Category 5: Damage to Physical Assets (DPA)<\/h3>\n<p>The other operational risk involves physical asset damage. This can result from natural disasters or external human sources (e.g., terrorism and vandalism). Only a few firms actively incur losses from this type of risk because events in this category are usually either too small or incredibly large.<\/p>\n<h4>Table 1.6: Examples of Events under the Damage to Physical Assets Category<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category}&amp;\\textbf{Examples}\\\\ \\hline \\\\<br \/>\n\\text{Damage to Physical Assets} &amp; {\\text{Natural disaster losses};\\\\ <br \/>\n\\text{human losses from external sources}\\\\ \\text{(e.g., terrorism, vandalism)}.}<br \/>\n\\end{array}$$<\/p>\n<h3>Category 6: Business Disruption and System Failures (BDSF)<\/h3>\n<p>Events under the BDSF category can be quite difficult to spot. For example, a system crash almost always comes with financial costs, but these losses would most likely be classified as EDPM. To illustrate this, consider the derivative department of a large bank that experiences a crash at 9:00 am. The IT department does all it can, including turning to backup plans, all in vain. The system regains normalcy at 5:00 pm when money markets are already closed.<\/p>\n<p>On checking the status of the transactions, the bank learns that it needs to fund an extra USD 10 billion on that day. Since the markets are already closed, the bank is forced to negotiate special conditions with its counterparties. Unfortunately, the rates at which the transactions are settled ultimately end up being higher than the daily average. Although a BDSF event \u2013 a system failure \u2013occasioned this loss,\u00a0 it will most likely be categorized as part of the next category, Execution, Delivery, and Process Management (EDPM). Alternatively, it could be ignored altogether.\u00a0<\/p>\n<h4>Table 1.7: Examples of Events under the Business Disruption and System Failures Category<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Examples}\\\\\\hline<br \/>\n{\\text{Business Disruption and}\\\\ \\text{System Failures}} &amp;{\\text{ Hardware; software};\\\\ \\text{telecommunications; utility outage\/disruptions.}} \\end{array}$$<\/p>\n<h3>Category 7: Execution, Delivery, and Process Management (EDPM)<\/h3>\n<p>These are losses from failed transaction processing. Alternatively, these losses could emanate from process management from relations with trade counterparties and vendors. Losses of this event type are quite frequent since human error, miscommunications, and so on, can occasion them. Particularly, these losses are common in an environment where banks have to process millions of transactions per day.<\/p>\n<h4>Table 1.8: Examples of Events under the Execution, Delivery &amp; Process Management Category<\/h4>\n<p>$$\\begin{array}{l|l}<br \/>\n\\textbf{Event Category} &amp; \\textbf{Examples} \\\\ \\hline<br \/>\n{\\text{Execution,}\\\\\\text{Delivery}\\\\\\text{and}\\\\\\text{Process}\\\\\\text{Management}} &amp; \\begin{array}{@{\\labelitemi\\hspace{\\dimexpr\\labelsep+0.5\\tabcolsep}}l@{}}\\text{Miscommunication; }\\\\\\text{data entry, missed deadline or responsibility;}\\\\\\text{accounting error\/entity attribution error;}\\\\\\text{delivery failure;}\\\\\\text{Failed mandatory reporting obligation;}\\\\\\text{inaccurate external report (loss incurred).}\\\\\\text{Client permissions\/disclaimers}\\\\\\text{missing legal documents missing\/incomplete.}\\\\\\text{Unapproved access given to accounts;}\\\\\\text{incorrect client records (loss incurred);}\\\\\\text{negligent loss or damage of client assets}\\\\\\text{Nonclient counterparty misperformance;}\\\\\\text{misc. nonclient counterparty disputes.}\\\\\\text{Outsourcing; vendor disputes.}\\end{array} \\end{array}$$<\/p>\n<h2>The Characteristics of Operational Risk Exposures and Operational Loss Events, and Challenges That Can Arise in Managing Operational Risk Due to These Characteristics<\/h2>\n<p>The Basel Committee defines <strong>operational risk <\/strong>as \u201cthe risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events.\u201d Operational risk includes <strong>legal risk <\/strong>but excludes <strong>strategic <\/strong>and <strong>reputational <\/strong>risks.<\/p>\n<p>Many programs that manage risks in banks take effective management of operational risk as a fundamental element that is inherent in all banking products, systems, activities, and processes. Therefore, sound operational risk management reflects the board&#8217;s and senior management&#8217;s effectiveness in the administration of portfolio products, activities, processes, and systems.<\/p>\n<h3>Legal and Compliance<\/h3>\n<p>Legal risk is related to the enforceability or breach of contracts, the applicability of laws and regulations, and the risk of financial loss in the event of mistakes or breaches. Compliance refers to submission to all the rules and regulations that are relevant to a certain activity as well as the law.<\/p>\n<p>Banks face huge fines and expensive business restrictions that regulators impose as a result of breaching laws and regulations.<\/p>\n<h3>Reputational Risk<\/h3>\n<p>Reputational risk stems from damage to an organization&#8217;s reputation, public image, or brand due to the negative impacts of an operational event. It can arise from a variety of sources, including corporate mismanagement, product failure, safety issues, data breaches and cyber-attacks, employee misconduct or negligence, regulatory or governmental actions\/investigations, and other unpredictable events. External actors, such as competitors, activists, and media outlets can also cause reputation risk.<\/p>\n<h3>Strategic Risk<\/h3>\n<p>Strategic risk can have a significant impact on the success of an organization. It encompasses risks associated with decisions related to a wide variety of areas, such as mergers and acquisitions, capital investments, entry into new markets or product lines, pricing strategies, and restructuring. Poor strategic decisions may lead to financial losses due to impaired asset values, higher costs, lost opportunities for revenue growth, reduced efficiency in operations and processes, or missed market opportunities. Unsuccessful implementation of a strategy, due to inadequate control procedures and failure to monitor objectives effectively, can also result in losses.<\/p>\n<h3>The Risk Management Cycle<\/h3>\n<p>There are four main tasks that make up risk management frameworks:<\/p>\n<ul>\n<li>Risk identification.<\/li>\n<li>Risk assessment.<\/li>\n<li>Risk mitigation.<\/li>\n<li>Risk monitoring.<\/li>\n<\/ul>\n<p><strong><img loading=\"lazy\" decoding=\"async\" width=\"1590\" height=\"909\" class=\"aligncenter size-full wp-image-30882\" style=\"max-width: 100%;\" src=\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\" alt=\"\" srcset=\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png 1590w, https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1-300x172.png 300w, https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1-1024x585.png 1024w, https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1-768x439.png 768w, https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1-1536x878.png 1536w, https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1-400x229.png 400w\" sizes=\"auto, (max-width: 1590px) 100vw, 1590px\" \/>Risk identification<\/strong> is the process of identifying and analyzing potential risks that could affect an organization. This task involves determining which risks could have a material impact on the organization\u2019s ability to meet its objectives and then gauging the likelihood of their occurrence.\u00a0 It also involves documenting any existing controls in place to mitigate those risks. Risk identification techniques include brainstorming, interviews with stakeholders, failure mode and effect analysis (FMEA), root cause analysis, examining industry trends, and other methods.<\/p>\n<p><strong>Risk assessment<\/strong> involves evaluating the probability of a risk occurring and its severity or impact if it does occur. This helps organizations prioritize their attention on the most significant risks so they can focus mitigation efforts where they are needed most. Different risk assessment approaches, such as qualitative or quantitative methods, may be used depending on the complexity of the subject matter.<\/p>\n<p><strong>Risk mitigation<\/strong> is implementing measures to reduce the likelihood or potential impact of each identified risk. Risk mitigation strategies include avoiding certain activities which pose a high risk, instituting control systems to monitor activities that could create unexpected events, transferring risks through insurance policies, and establishing quick response contingency plans.<\/p>\n<p><strong>Risk monitoring<\/strong> refers to the continuous tracking of risk exposure and how effective existing controls are at mitigating them. Organizations should regularly monitor identified risks to ensure that current controls are still valid and adjust them if necessary. Monitoring should also be conducted for changes in external factors that could cause an increase or decrease in risk levels over time. Among others, external factors include new regulations or market condition shifts.<\/p>\n<h3>Nature and Features of Operational Risk<\/h3>\n<p>There are five main characteristics of operational risk.<\/p>\n<h4>Heterogenous<\/h4>\n<p>Operational risk encompasses an extremely broad range of risks, ranging from external fraud to cyber-attacks and data privacy breaches. Since each risk type can have different causes, consequences, and potential losses, it is important for firms to understand the risks they face in order to plan accordingly. For example, external fraud incidents can be caused by anything from stolen credit cards to malicious software infiltrations, whereas internal fraud incidents may include cash theft or rogue trading activities. It is also important for firms to consider the potential financial impact of each type of operational risk event. Risk financial impact varies greatly depending on the size and complexity of an organization.<\/p>\n<h4>Idiosyncratic<\/h4>\n<p>Oftentimes the severity and frequency of operational risk events are largely dependent upon a firm&#8217;s ability and willingness to manage them effectively. Depending on the industry, certain risks, such as EDPM, might be more or less pronounced due to a company&#8217;s processes and systems. In addition, external events which are out of a company&#8217;s control can cause some risks, such as DPA. Therefore, it is critical for companies to continually assess their operational risk profile in order to best protect themselves against any future loss events.<\/p>\n<h4>Heavy-tailed<\/h4>\n<p>This means that an organization may experience an occasional large loss even as it experiences numerous smaller losses on a regular basis. As such, traditional statistical models used to predict operational risk may not be effective due to their lack of capacity to accurately account for these extreme events. To address this issue, organizations should use alternative methods such as stress testing or scenario analysis to examine the potential impact of such events and plan accordingly.<\/p>\n<h4>Interconnected<\/h4>\n<p>A key feature of operational risk is the interconnectedness between different types of risks. For example, certain control weaknesses or human errors related to IT systems could lead to exposure across multiple departments and functional areas within an organization. Similarly, external economic, political, and environmental factors can also have a significant impact on operations due to their wide-reaching implications.<\/p>\n<h4>Dynamic and Evolving<\/h4>\n<p>With industry developments, operational risks have taken on many different forms. These forms range from terrorist attacks and natural disasters to rogue trading and cyber-attacks. Operating environments are quickly changing, and so are operational risks.<\/p>\n<h2>Operational Resilience and the Elements of an Operational Resilience Framework<\/h2>\n<p>Operational resilience is the ability of a business to proactively prepare for, respond to, and effectively manage disruptions. It is an important concept that allows a company to be better prepared and, thus, withstand unprecedented events and crises. The five main components of operational resilience are continuity of business services, important business services, impact tolerance levels, management of disruption, and lessons learned.<\/p>\n<p><strong>Continuity of business services<\/strong> refers to the capacity of a company to sustain essential operations and functions in the face of an unexpected event or crisis. This means that an organization should plan how it will sustain service delivery during such disruptive periods. In addition, a company should have mechanisms for monitoring performance and evaluating recovery from any service disruption.<\/p>\n<p><strong>Important business services<\/strong> are services that are fundamental to the success of an organization. Such services include both physical assets and intangible resources (such as skills). Organizations should be aware of all these important services so they can properly plan how they will manage them in case of failure or disruption.\u00a0<\/p>\n<p><strong>Impact tolerance levels<\/strong> refer to the degree of adverse impact a business can tolerate before its operations are adversely disrupted. This is determined by assessing both internal capacities (such as available personnel) as well as external factors (such as government regulations). Organizations should be able to determine their own unique set of tolerable impacts in order to plan appropriately for disruptive events.<\/p>\n<p><strong>Management of disruption<\/strong> encompasses all activities aimed at minimizing any potential negative consequences occasioned by an unplanned event or crisis. This includes developing strategies that quickly restore normal operations while also ensuring minimal interruption in service delivery during such times. It also requires having strong communication plans in place so key stakeholders can be kept informed throughout the incident response process.<\/p>\n<p><strong>Lessons learned<\/strong> involve documenting any insights gained from managing a particular incident or crisis so as to avert similar occurrences in the future. Companies should create comprehensive reports outlining what went right and wrong in their response to previous disruptions. That way, they can apply these lessons when planning future responses and mitigation strategies.<\/p>\n<h3>US Regulation<\/h3>\n<p>The Federal Reserve (Fed) has issued its Sound Practices to Strengthen Operational Resilience. The regulation emphasizes the need for organizations to have a holistic enterprise management framework. This encompasses important business services, tolerance impact level, as well as consideration of operational resilience as one of the key outcomes of an effective ORMF.<\/p>\n<p>Fed&#8217;s guideline stresses that organizations should have a comprehensive understanding of their critical operations and functions, including their people, processes, technology, and data. Thanks to this understanding, organizations can develop strategies to maintain operations despite potential disruptions. Organizations should consider the areas that may be at risk due to external factors such as cyber security threats or natural disasters. They should then moot plans to respond to the risks. Besides, they should identify key resources that are necessary for continued service delivery and secure them even in times of crisis.<\/p>\n<h3>BCBS Principles on Operational Resilience<\/h3>\n<p>There are seven BCBS Principles on Operational Resilience:<\/p>\n<ol>\n<li><strong>Governance<\/strong>: This entails making use of their current governing structure.<\/li>\n<li><strong>Operational risk management<\/strong>: Banks should utilize their expertise in operational risk management.<\/li>\n<li><strong>Business continuity planning and testing<\/strong>: Organizations should have business continuity plans in place.<\/li>\n<li><strong>Mapping interconnections and interdependencies<\/strong>: This involves establishing relationships and dependencies that must exist between internal and external entities in order to deliver important operations.<\/li>\n<li><strong>Third-party dependency management<\/strong>: This entails managing the reliance on external or internal entities.<\/li>\n<li><strong>Incident management<\/strong>: This involves creating and implementing procedures for recovery and response. Such procedures are instrumental in handling incidents that potentially interfere with the performance of crucial activities.<\/li>\n<li><strong>ICT, including cybersecurity<\/strong>: Ensures dependable information and communications technology.<\/li>\n<\/ol>\n<p>The three primary regulators that have policies for operational resilience are the UK, the US, and BCBS.<\/p>\n<blockquote>\n<h2>Practice Question<\/h2>\n<p>XYZ Bank is planning to improve its operational resilience framework. As a risk manager, you have been tasked with identifying the most critical aspects to prioritize in order to achieve greater operational resilience. Which of the following should be given the highest priority?<\/p>\n<ol style=\"list-style-type: upper-alpha;\">\n<li>Increasing cybersecurity defenses<\/li>\n<li>Enhancing backup and recovery procedures<\/li>\n<li>Identifying and protecting critical business services<\/li>\n<li>Implementing a more robust business continuity plan<\/li>\n<\/ol>\n<p>The correct answer is <strong>C<\/strong>.<\/p>\n<div class=\"flex-1 overflow-hidden\">\n<div class=\"react-scroll-to-bottom--css-jctvs-79elbk h-full dark:bg-gray-800\">\n<div class=\"react-scroll-to-bottom--css-jctvs-1n7m0yu\">\n<div class=\"flex flex-col items-center text-sm dark:bg-gray-800\">\n<div class=\"group w-full text-gray-800 dark:text-gray-100 border-b border-black\/10 dark:border-gray-900\/50 bg-gray-50 dark:bg-[#444654]\">\n<div class=\"text-base gap-4 md:gap-6 md:max-w-2xl lg:max-w-xl xl:max-w-3xl p-4 md:py-6 flex lg:px-0 m-auto\">\n<div class=\"relative flex w-[calc(100%-50px)] flex-col gap-1 md:gap-3 lg:w-[calc(100%-115px)]\">\n<div class=\"flex flex-grow flex-col gap-3\">\n<div class=\"min-h-[20px] flex flex-col items-start gap-4 whitespace-pre-wrap\">\n<div class=\"markdown prose w-full break-words dark:prose-invert light\">\n<p>While all of the listed aspects are important for improving operational resilience, identifying and protecting critical business services (CBS) should be the highest priority. Operational resilience focuses on the ability of an organization to continue delivering critical operations and services despite disruptions, such as cyber-attacks, natural disasters, or technology failures.<\/p>\n<p>Identifying and protecting critical business services involves understanding the most important functions and services that the bank provides, assessing their vulnerabilities and potential impact on the bank&#8217;s operations, and prioritizing their protection. By identifying and protecting CBS, the bank can ensure that the most crucial aspects of its operations can continue even during a disruption.<\/p>\n<p>The other options, such as increasing cybersecurity defenses (A), enhancing backup and recovery procedures (B), and implementing a more robust business continuity plan (D), are all important components of an operational resilience framework. However, they are secondary priorities and are more effective when they support the protection and continuity of identified critical business services.<\/p>\n<p><b>Things to Remember<\/b><\/p>\n<ul>\n<li>Operational resilience aims to ensure an organization&#8217;s ability to continue key operations and services despite various disruptions.<\/li>\n<li>Critical Business Services (CBS) are the vital functions and services a bank offers. Prioritizing CBS is paramount for achieving operational resilience.<\/li>\n<li>Understanding CBS includes assessing their vulnerabilities, understanding their importance, and safeguarding them against potential risks.<\/li>\n<li>Protection of CBS ensures that primary operations continue even during unforeseen events.<\/li>\n<li>While other resilience aspects like cybersecurity, backup, and business continuity are vital, they gain full significance when they back the protection of CBS.<\/li>\n<\/ul>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\ufeff\ufeff After completing this reading, you should be able to: Describe an operational risk management framework and assess the types of risks that can fall within the scope of such a framework. Describe the seven Basel II event risk categories&#8230;<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[6,12,9],"tags":[],"class_list":["post-30880","post","type-post","status-publish","format-standard","hentry","category-frm","category-operational-and-integrated-risk-management","category-part-2","blog-post","no-post-thumbnail","animate"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Operational Risk and Resilience | FRM Part 2 Notes<\/title>\n<meta name=\"description\" content=\"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Operational Risk and Resilience | FRM Part 2 Notes\" \/>\n<meta property=\"og:description\" content=\"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\" \/>\n<meta property=\"og:site_name\" content=\"CFA, FRM, and Actuarial Exams Study Notes\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-16T11:20:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-05T14:22:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1590\" \/>\n\t<meta property=\"og:image:height\" content=\"909\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"AnalystPrep Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"AnalystPrep Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\"},\"author\":{\"name\":\"AnalystPrep Team\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e\"},\"headline\":\"Introduction to Operational Risk and Resilience\",\"datePublished\":\"2023-08-16T11:20:20+00:00\",\"dateModified\":\"2026-03-05T14:22:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\"},\"wordCount\":3859,\"image\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\",\"articleSection\":[\"FRM\",\"Operational and Integrated Risk Management\",\"Part 2\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\",\"url\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\",\"name\":\"Operational Risk and Resilience | FRM Part 2 Notes\",\"isPartOf\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\",\"datePublished\":\"2023-08-16T11:20:20+00:00\",\"dateModified\":\"2026-03-05T14:22:24+00:00\",\"author\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e\"},\"description\":\"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.\",\"breadcrumb\":{\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage\",\"url\":\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\",\"contentUrl\":\"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png\",\"width\":1590,\"height\":909},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/analystprep.com\/study-notes\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Introduction to Operational Risk and Resilience\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/#website\",\"url\":\"https:\/\/analystprep.com\/study-notes\/\",\"name\":\"CFA, FRM, and Actuarial Exams Study Notes\",\"description\":\"Question Bank and Study Notes for the CFA, FRM, and Actuarial exams\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/analystprep.com\/study-notes\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e\",\"name\":\"AnalystPrep Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0828fe7fdfdcf636b2061b4c563e20cc9b7453f7cd1641b4c43edbfba896727a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0828fe7fdfdcf636b2061b4c563e20cc9b7453f7cd1641b4c43edbfba896727a?s=96&d=mm&r=g\",\"caption\":\"AnalystPrep Team\"},\"url\":\"https:\/\/analystprep.com\/study-notes\/author\/analystprep-team\/\"}]}<\/script>\n<meta property=\"og:video\" content=\"https:\/\/www.youtube.com\/embed\/kBtjYGebT6o\" \/>\n<meta property=\"og:video:type\" content=\"text\/html\" \/>\n<meta property=\"og:video:duration\" content=\"1675\" \/>\n<meta property=\"og:video:width\" content=\"480\" \/>\n<meta property=\"og:video:height\" content=\"270\" \/>\n<meta property=\"ya:ovs:adult\" content=\"false\" \/>\n<meta property=\"ya:ovs:upload_date\" content=\"2023-08-16T11:20:20+00:00\" \/>\n<meta property=\"ya:ovs:allow_embed\" content=\"true\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Operational Risk and Resilience | FRM Part 2 Notes","description":"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/","og_locale":"en_US","og_type":"article","og_title":"Operational Risk and Resilience | FRM Part 2 Notes","og_description":"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.","og_url":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/","og_site_name":"CFA, FRM, and Actuarial Exams Study Notes","article_published_time":"2023-08-16T11:20:20+00:00","article_modified_time":"2026-03-05T14:22:24+00:00","og_image":[{"width":1590,"height":909,"url":"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png","type":"image\/png"}],"author":"AnalystPrep Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"AnalystPrep Team","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#article","isPartOf":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/"},"author":{"name":"AnalystPrep Team","@id":"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e"},"headline":"Introduction to Operational Risk and Resilience","datePublished":"2023-08-16T11:20:20+00:00","dateModified":"2026-03-05T14:22:24+00:00","mainEntityOfPage":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/"},"wordCount":3859,"image":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage"},"thumbnailUrl":"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png","articleSection":["FRM","Operational and Integrated Risk Management","Part 2"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/","url":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/","name":"Operational Risk and Resilience | FRM Part 2 Notes","isPartOf":{"@id":"https:\/\/analystprep.com\/study-notes\/#website"},"primaryImageOfPage":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage"},"image":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage"},"thumbnailUrl":"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png","datePublished":"2023-08-16T11:20:20+00:00","dateModified":"2026-03-05T14:22:24+00:00","author":{"@id":"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e"},"description":"Learn the definition and characteristics of operational risk, including failures in processes, systems, people, and external events.","breadcrumb":{"@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#primaryimage","url":"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png","contentUrl":"https:\/\/analystprep.com\/study-notes\/wp-content\/uploads\/2023\/02\/image-1.png","width":1590,"height":909},{"@type":"BreadcrumbList","@id":"https:\/\/analystprep.com\/study-notes\/frm\/part-2\/operational-and-integrated-risk-management\/introduction-to-operational-risk-and-resilience-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/analystprep.com\/study-notes\/"},{"@type":"ListItem","position":2,"name":"Introduction to Operational Risk and Resilience"}]},{"@type":"WebSite","@id":"https:\/\/analystprep.com\/study-notes\/#website","url":"https:\/\/analystprep.com\/study-notes\/","name":"CFA, FRM, and Actuarial Exams Study Notes","description":"Question Bank and Study Notes for the CFA, FRM, and Actuarial exams","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/analystprep.com\/study-notes\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/ed0c939f3f12a02c5a193708b713d89e","name":"AnalystPrep Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/analystprep.com\/study-notes\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0828fe7fdfdcf636b2061b4c563e20cc9b7453f7cd1641b4c43edbfba896727a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0828fe7fdfdcf636b2061b4c563e20cc9b7453f7cd1641b4c43edbfba896727a?s=96&d=mm&r=g","caption":"AnalystPrep Team"},"url":"https:\/\/analystprep.com\/study-notes\/author\/analystprep-team\/"}]},"og_video":"https:\/\/www.youtube.com\/embed\/kBtjYGebT6o","og_video_type":"text\/html","og_video_duration":"1675","og_video_width":"480","og_video_height":"270","ya_ovs_adult":"false","ya_ovs_upload_date":"2023-08-16T11:20:20+00:00","ya_ovs_allow_embed":"true"},"_links":{"self":[{"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/posts\/30880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/comments?post=30880"}],"version-history":[{"count":40,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/posts\/30880\/revisions"}],"predecessor-version":[{"id":42635,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/posts\/30880\/revisions\/42635"}],"wp:attachment":[{"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/media?parent=30880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/categories?post=30880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/analystprep.com\/study-notes\/wp-json\/wp\/v2\/tags?post=30880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}