Comparing the “Big Four” operational risk disclosures is fairly interesting, both in terms of the quantitative and the qualitative. Like the credit risk disclosures, there is a fair amount of divergences in both the quantity and quality of the disclosures, differences I expect to narrow over time. This is because (at least in theory) no one had a chance to look at anyone else’s before they were close enough to publication that no real changes could be made.

Quantitative Disclosures

Firstly, the quantitative disclosures. As for credit risk, the CBA is carrying the lightest load, at $1.085bn in regulatory capital ,or 2.5% of total RWA. This should be no surprise, as it is historically the most risk adverse banking institution in Australia. It also had a strong Basel II program.

Partly because of its smaller size, Westpac has the next lowest burden, at $1.091bn – but it also (just) pips the ANZ as a proportion of RWA, with 3.1%, to the ANZ’s 3.2%. The ANZ’s capital requirement, though, is $1.441bn due to its greater size.

It should also come as no surprise that the NAB is lagging the field here, with $1.892bn in operational risk capital, representing 3.5% of credit RWA. NAB has had the most operational risk “events” over the last few years and is the only one of the Big 4 still using Standardised for a fair part of its portfolio – in this case their overseas subsidiaries. The proportion is a bit lower than you would have expected because credit RWA at the NAB is also higher. On the plus side, it does provide a fair bit of room for improvement…

Qualitative Disclosures

To open with a general comment – as you would expect, most of them have used the Basel II definition of operational risk, where it

“…is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. It includes legal and regulatory risk but excludes strategic and reputation risk”.

I have always had problems with this definition ranging from the pedantic (it speaks of failed … people – how can you have a person that fails? It should be personal actions or something like that) to the nature of the exclusions. To me, the reputational failings from an operational risk point of view arise directly from the event. However they may be difficult to quantify so perhaps they have to be excluded for calculations.

Regulatory Compliance

The disclosures have to comply with APS 330, attachment A, paras 4 (like all other risk areas) and table 12. There is considerable weasel room in here and it looks like the banks have all chosen to interpret these slightly differently, but mostly in the direction of keeping the disclosures minimal and uninformative.

Bank by Bank

In alphabetical order – the ANZ’s text looks like it has been pulled almost directly from the BCBS publication “Sound Practices for the Management and Supervision of Operational Risk“. This is a good basis and it (obviously) meets the regulatory minima, but I would have liked to see something a little less generic. The only area that actually looks like it is ANZ internal are the acronyms used. They are, however, the only ones to include an explicit statement of their risk appetite – as you may expect, it is “low”. It would be helpful if, like the NAB and WBC, they put the capital numbers here as well to reduce the need to hunt through the document to find them.

The CBA, as previously stated, has given the most full disclosures. They have also been a lot more specific than, for example, the ANZ. Interestingly, they have also not included the BCBS exceptions in their definition of operational risk – strategic and reputational risk are therefore included and strategic risk gets a whole section to itself. While I agree with this, it is not in compliance with APS 330 or the Accord. If you want to see how a good, full disclosure works, though, read through this one. I hope they all converge to here as the years progress. Well done CBA – just put in the capital numbers here as well next time, please.

The NAB sits in between the ANZ and CBA, with good use of diagrams and a workable description of internal processes – but is some way behind the CBA in the depth of content. They have though, actually copied the numbers here as well as in the capital section, making it easier to use.

Westpac’s disclosures are easily the shortest and with the most useless diagram, taking up half a page for the same diagram the NAB had in barely a tenth the size. While it may comply with APS 330, it is only just doing so. The numbers are here, though, so they are not a total loss.


This is a bit more subjective, but the CBA’s disclosures also just look better. While the diagrams tell you little of value (they look like they have come from one of their consultants – possibly KPMG as I recognise the process map) they have gone in for a lot of description and the layout works reasonably well. It is also 4 and a half pages in length.

Of the others, the NAB have made an effective use of diagrams while reducing the content as far as they think they could get away with – using a total of about one page of text and roughly 2/3rds of another of diagrams. The ones that are there, though, as small(ish) and do add tot he text, so good marks there.

Westpac is another one with very little text and they have added very little in the way of diagrams, the one that is in there seems to have been added to make the page break worthwhile. In this case the diagram could have been replaced with about two lines of text or a few bullet points.

The ANZ’s is the sole contribution without diagrams, using just text, headings and bullet points. A few diagrams may have improved the appearance – but they should avoid going down the Westpac route of putting one in for the sole reason of having a diagram.


Easy win here for the CBA, with NAB a distant second. The ANZ is next, a little more distant, with Westpac easily tail-end charlie. As I said earlier, I hope the others look to the CBA in the next round. If they had added in the capital numbers at the tail of the qualitative disclosures I would have said they were best practice – but at least it gives them a little room fo

r improvement.