How do you quantify operational risk?
A core Risk & Compliance interview question — asked in analyst and associate interviews across IB, PE, and the Big 4.
THE SHORT ANSWER
(1) Loss data collection: record all operational loss events above threshold. (2) Scenario analysis: estimate frequency and severity of low-frequency/high-severity events. (3) KRIs: track leading indicators. (4) Basel methods: Basic Indicator Approach (15% of gross income) or Advanced Measurement Approach (internal models). (5) Stress testing: model extreme but plausible scenarios.
WHAT INTERVIEWERS LISTEN FOR
- ✓Loss data collection
- ✓Scenario analysis
- ✓Key Risk Indicators (KRIs)
- ✓Basel methods (BIA/AMA)
- ✓Stress testing
COMMON MISTAKES
- ✗Confusing operational risk with market/credit risk
- ✗Ignoring low-frequency/high-severity events
- ✗Relying solely on qualitative assessment
Reading isn't the same as answering under pressure.
Interviewers don't hand you the model answer — you deliver yours on a clock. Practice this and 1,000+ questions with AI feedback on every answer.
RELATED QUESTIONS
- Why did Basel move from Value-at-Risk to Expected Shortfall for market risk under FRTB, and what does ES capture that VaR misses?
- What does DORA require for ICT incident reporting, and how does it change operational resilience expectations for financial entities?
- What are the key risks in outsourcing and third-party arrangements, and what do supervisory expectations (e.g., EBA guidelines) require?
- How is climate risk being incorporated into the prudential and risk-management framework?
- What is BCBS 239, and why is risk-data aggregation and reporting capability a supervisory priority?
- Explain the COSO ERM framework.