Revisions to the principles for the sound management of operational risk

The Committee introduced its Principles for the sound management of operational risk in 2003, and subsequently revised them in 2011 to incorporate the lessons from the financial crisis. In 2014, the Committee conducted a review of the implementation of the principles which indicated that several principles had not been adequately implemented, and that the principles did not sufficiently capture certain important sources of operational risk. The Committee is proposing a limited number of updates to: (i) align the principles with the recently finalised Basel III operational risk framework; (ii) update the guidance where needed in the areas of change management and information and communication technologies; and (iii) enhance the overall clarity of the principles.

Comments on any element of this paper should be submitted here[1] by Friday, 6 November 2020. All comments may be published on the BIS website unless a respondent specifically requests confidential treatment.


  1. ^ here (

1 2