12 CFR § 3.161 - Qualification requirements for incorporation of operational risk mitigants.
(a) Qualification to use operational risk mitigants. A national bank or Federal savings association may adjust its estimate of operational risk exposure to reflect qualifying operational risk mitigants if:
(1) The national bank's or Federal savings association's operational risk quantification system is able to generate an estimate of the national bank's or Federal savings association's operational risk exposure (which does not incorporate qualifying operational risk mitigants) and an estimate of the national bank's or Federal savings association's operational risk exposure adjusted to incorporate qualifying operational risk mitigants; and
(2) The national bank's or Federal savings association's methodology for incorporating the effects of insurance, if the national bank or Federal savings association uses insurance as an operational risk mitigant, captures through appropriate discounts to the amount of risk mitigation:
(i) The residual term of the policy, where less than one year;
(ii) The cancellation terms of the policy, where less than one year;
(iii) The policy's timeliness of payment;
(iv) The uncertainty of payment by the provider of the policy; and
(v) Mismatches in coverage between the policy and the hedged operational loss event.
(b) Qualifying operational risk mitigants. Qualifying operational risk mitigants are:
(1) Insurance that:
(i) Is provided by an unaffiliated company that the national bank or Federal savings association deems to have strong capacity to meet its claims payment obligations and the obligor rating category to which the national bank or Federal savings association assigns the company is assigned a PD equal to or less than 10 basis points;
(ii) Has an initial term of at least one year and a residual term of more than 90 days;
(iii) Has a minimum notice period for cancellation by the provider of 90 days;
(iv) Has no exclusions or limitations based upon regulatory action or for the receiver or liquidator of a failed depository institution; and
(v) Is explicitly mapped to a potential operational loss event;
(2) Operational risk mitigants other than insurance for which the OCC has given prior written approval. In evaluating an operational risk mitigant other than insurance, the OCC will consider whether the operational risk mitigant covers potential operational losses in a manner equivalent to holding total capital.
The following state regulations pages link to this page.