Operational Risk

Black Diamond Risk Enterprises (BDRE) provides operational risk consulting services where operational risk refers to potential losses resulting from inadequate systems, management failure, faulty controls, fraud, human error and so on.

We also work with organizations to reduce fraud, and control technology risk.  Examples of fraud are numerous and include employees who intentionally falsify and/or misrepresent the risks incurred in a transaction.  Technology risk, principally computer systems risk, also falls into the operational risk category.

We also work with organizations to reduce human factor risk.  It relates to the losses that may result from human errors, such as pushing the wrong button on a computer, inadvertently destroying a file, or entering the wrong value for the parameter input of a model.

Microsoft PowerPoint - BDRE - ERM Engagement Model v2


Black Diamond Operational Risk Services Include:

Active Operational Risk Portfolio Management

Black Diamond Risk Enterprises (BDRE) works with firms to develop superior Active Operational Risk Portfolio Management strategies especially with respect to entry/exit decisions.  The decision to enter or exit a particular business should include capital and liquidity management considerations, as well as risk-adjusted performance measurement and the “risk diversification effect” of the decision.

Capital management decisions seek an answer to the question, “How much value will be created if the decision is taken to allocate resources to a new or existing business, or alternatively to close down an activity?”

Active Portfolio Management is a part of the following services:

Basel III

International Regulatory Framework For Banks


“Basel III” is a comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector. These measures aim to:

•   Improve the banking sector’s ability to absorb shocks arising from financial and economic stress, whatever the source

•   Improve risk management and governance

•    Strengthen banks’ transparency and disclosures.

The reforms target:

•   Bank-level, or micro-prudential regulation, which will help raise the resilience of individual banking institutions to periods of stress.

•   Macro-prudential, system wide risks that can build up across the banking sector as well as the procyclical amplification of these risks over time.

These two approaches to supervision are complementary as greater resilience at the individual bank level reduces the risk of system wide shocks

Basel III phase-in arrangements:



Basel III overview table:



Regulatory Capital—Basel III the Standardized and Advanced Approach

“Regulatory Capital Rules: Regulatory Capital, Implementation of Basel III, Minimum Regulatory Capital Ratios, Capital Adequacy, and Transition Provisions” (Basel III), agencies are proposing to revise their risk-based and leverage capital requirements consistent with agreements reached by the Basel Committee on Banking Supervision (Basel III). Basel III applies to all national banks and federal savings associations, collectively, banks. The Basel III proposes a new common equity tier 1 minimum capital requirement, a higher minimum tier 1 capital requirement, and, for banks subject to the advanced approaches capital rules, a supplementary leverage ratio that incorporates off-balance-sheet exposures. Additionally, consistent with Basel III, the agencies propose to apply limits on a bank’s capital distributions and certain discretionary bonus payments if the bank does not hold a specified “buffer” of common equity tier 1 capital in addition to the minimum risk-based capital requirements. The revisions set forth are consistent with section 171 of the Dodd–Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd–Frank), which requires the agencies to establish minimum risk-based and leverage capital requirements.

“Regulatory Capital Rules: Standardized Approach for Risk-Weighted Assets; Market Discipline and Disclosure Requirements” (Standardized Approach), agencies propose to revise and harmonize rules for calculating risk-weighted assets to enhance risk sensitivity and address weaknesses identified over recent years. Revisions include incorporating aspects of the Basel II standardized framework and alternatives to credit ratings, consistent with section 939A of Dodd–Frank.  The revisions also include methods for determining risk-weighted assets for residential mortgages, securitization exposures, and counterparty credit risk. The Standardized Approach introduces disclosure requirements that would apply to U.S. bank holding companies with $50 billion or more in total assets.

“Regulatory Capital Rules: Advanced Approaches Risk-Based Capital Rule; Market Risk Capital Rule” (Advanced Approaches and Market Risk), proposes to revise the advanced approaches risk-based capital rules consistent with Basel III and other changes to the Basel Committee’s capital standards. The agencies also propose revising the advanced approaches risk-based capital rules to be consistent with section 939A and section 171 of Dodd–Frank. Additionally in this NPR, the OCC, the FDIC, and the Board propose to expand the scope of the market risk rule to apply it to federal and state savings associations and savings and loan holding companies with significant trading activity. Generally, the advanced approaches rules would continue to apply to national banks and FSAs with $250 billion or more in consolidated assets or $10 billion or more in foreign exposure.

The Basel III and Standardized Approach include addenda that provide a summary of the proposed rules that are more relevant for community banks. The agencies intend for these addendums to act as a guide for community bankers, helping them to navigate the proposed rules and identify the changes most relevant for their institution. The addenda do not, however, by themselves provide a complete understanding of the proposed rules and the agencies expect and encourage all banks to review the proposed rules in their entirety.


Basel III Standardized Approach

Basel III Advanced Approach

Benford’s Law

A phenomenological law also called the first digit law, first digit phenomenon, or leading digit phenomenon. Benford’s law states that in listings, tables of statistics, etc., the digit 1 tends to occur with probability ∼30%, much greater than the expected 11.1% (i.e., one digit out of 9). Benford’s law can be observed, for instance, by examining tables of logarithms and noting that the first pages are much more worn and smudged than later pages (Newcomb 1881). While Benford’s law unquestionably applies to many situations in the real world, a satisfactory explanation has been given only recently through the work of Hill (1998).

Benford’s law was used by the character Charlie Eppes as an analogy to help solve a series of high burglaries in the Season 2 “The Running Man” episode (2006) of the television crime drama NUMB3RS.

Benford’s law applies to data that are not dimensionless, so the numerical values of the data depend on the units. If there exists a universal probability distribution P(x) over such numbers, then it must be invariant under a change of scale, so


If intP(x)dx=1, then intP(kx)dx=1/k, and normalization implies f(k)=1/k. Differentiating with respect to k and setting k=1 gives


having solution P(x)=1/x. Although this is not a proper probability distribution (since it diverges), both the laws of physics and human convention impose cutoffs. For example, randomly selected street addresses obey something close to Benford’s law.


If many powers of 10 lie between the cutoffs, then the probability that the first (decimal) digit is D is given by a logarithmic distribution


for D=1, …, 9, illustrated above and tabulated below.

1 0.30103 6 0.0669468
2 0.176091 7 0.0579919
3 0.124939 8 0.0511525
4 0.09691 9 0.0457575
5 0.0791812

However, Benford’s law applies not only to scale-invariant data, but also to numbers chosen from a variety of different sources. Explaining this fact requires a more rigorous investigation of central limit-like theorems for the mantissas of random variables under multiplication. As the number of variables increases, the density function approaches that of the above logarithmic distribution. Hill (1998) rigorously demonstrated that the “distribution of distributions” given by random samples taken from a variety of different distributions is, in fact, Benford’s law (Matthews).

One striking example of Benford’s law is given by the 54 million real constants in Plouffe’s “Inverse Symbolic Calculator” database, 30% of which begin with the digit 1. Taking data from several disparate sources, the table below shows the distribution of first digits as compiled by Benford (1938) in his original paper.

col. title 1 2 3 4 5 6 7 8 9 samples
A Rivers, Area 31.0 16.4 10.7 11.3 7.2 8.6 5.5 4.2 5.1 335
B Population 33.9 20.4 14.2 8.1 7.2 6.2 4.1 3.7 2.2 3259
C Constants 41.3 14.4 4.8 8.6 10.6 5.8 1.0 2.9 10.6 104
D Newspapers 30.0 18.0 12.0 10.0 8.0 6.0 6.0 5.0 5.0 100
E Specific Heat 24.0 18.4 16.2 14.6 10.6 4.1 3.2 4.8 4.1 1389
F Pressure 29.6 18.3 12.8 9.8 8.3 6.4 5.7 4.4 4.7 703
G H.P. Lost 30.0 18.4 11.9 10.8 8.1 7.0 5.1 5.1 3.6 690
H Mol. Wgt. 26.7 25.2 15.4 10.8 6.7 5.1 4.1 2.8 3.2 1800
I Drainage 27.1 23.9 13.8 12.6 8.2 5.0 5.0 2.5 1.9 159
J Atomic Wgt. 47.2 18.7 5.5 4.4 6.6 4.4 3.3 4.4 5.5 91
K n^(-1), sqrt(n) 25.7 20.3 9.7 6.8 6.6 6.8 7.2 8.0 8.9 5000
L Design 26.8 14.8 14.3 7.5 8.3 8.4 7.0 7.3 5.6 560
M Reader’s Digest 33.4 18.5 12.4 7.5 7.1 6.5 5.5 4.9 4.2 308
N Cost Data 32.4 18.8 10.1 10.1 9.8 5.5 4.7 5.5 3.1 741
O X-Ray Volts 27.9 17.5 14.4 9.0 8.1 7.4 5.1 5.8 4.8 707
P Am. League 32.7 17.6 12.6 9.8 7.4 6.4 4.9 5.6 3.0 1458
Q Blackbody 31.0 17.3 14.1 8.7 6.6 7.0 5.2 4.7 5.4 1165
R Addresses 28.9 19.2 12.6 8.8 8.5 6.4 5.6 5.0 5.0 342
S n^1, n^2...n! 25.3 16.0 12.0 10.0 8.5 8.8 6.8 7.1 5.5 900
T Death Rate 27.0 18.6 15.7 9.4 6.7 6.5 7.2 4.8 4.1 418
Average 30.6 18.5 12.4 9.4 8.0 6.4 5.1 4.9 4.7 1011
Probable Error +/-0.8 +/-0.4 +/-0.4 +/-0.3 +/-0.2 +/-0.2 +/-0.2 +/-0.3

The following table gives the distribution of the first digit of the mantissa following Benford’s Law using a number of different methods.

method Sloane sequence
Sainte-Lague A055439 1, 2, 3, 1, 4, 5, 6, 1, 2, 7, 8, 9, …
d’Hondt A055440 1, 2, 1, 3, 1, 4, 2, 5, 1, 6, 3, 1, …
largest remainder, Hare quotas A055441 1, 2, 3, 4, 1, 5, 6, 7, 1, 2, 8, 1, …
largest remainder, Droop quotas A055442 1, 2, 3, 1, 4, 5, 6, 1, 2, 7, 8, 1, …

Business Continuity Planning (BCP)

Black Diamond Risk Enterprises (BDRE) offers a broad package of services delivered by a multidisciplinary team of professionals who will work with you to identify risks, quantify the potential impact on your business, and recommend mitigation strategies to reduce or eliminate exposures.

We facilitate identification of critical functions and help develop strategies to restore them after a loss.  We can advise you of the most appropriate level of response and help you organize teams to respond to emergencies, manage crises, and recover business operations.  We can help you document and implement your plans.  Once implemented, we can help you test your plans to verify they meet your needs.


Business Continuity Planning is a part of the following services:

Business Process Management (BPM)

Black Diamond Risk Enterprises (BDRE) provides a broad variety of BPM services.  More than ever, we recognize that Risk Professionals:

  • Need to do more with less – with responsibilities out-pacing resources
  • Need better controls – to more effectively quantify and track performance
  • Need better information, aggregated, streamlined and in real-time.

As such, we deliver an integrated suite of on-demand risk management solutions that combine flexible workflows and user-defined business rules with centralized process dashboards and real-time reporting.  BDRE utilizes web-based technologies based on individual client needs or industry requirements incorporating a variety of application modules targeting common risk management process bottlenecks, including:

A.   Compliance Management

Complete process automation – from the formalization of vendor contract types to certificate of insurance input, tracking, renewal and reporting

B.   Exposure Data Collection

Automate the collection, aggregation and reporting of exposure values – from planning and task assignment to reporting and preparing market submission

C.   Contract Review

Standardize contract language (manage the exceptions), automate and track review cycles and other performance measures while optimizing best practices.

D.   Recommendation Management

Centralized solution to monitor and track audit and risk control recommendations – from initial survey input to recommendation approval and final execution

E.   Certificate Issuance

On-demand request and issuance of certificates of insurance – renew thousands of certificates instantaneously


Business Process Management is a part of the following services:

Black Diamond Risk Enterprises (BDRE) provides capital management consulting services.  As a trend, Enterprise Risk Management is clearly in tune with a parallel drive toward the unification of risk, capital, and balance sheet management.  Over the last few years, it has become increasingly difficult to distinguish risk management tools from capital management tools since risk increasingly drives the allocation of capital in risk-intensive businesses such as banking and insurance.  Similarly, it has become difficult to distinguish capital management tools from balance sheet management tools, since risk/reward relationships increasingly drive the structure of the balance sheet.

At BDRE we believe that only by forging a meaningful connection between risk measurement, risk capital, risk-based pricing and performance measurement can firms ensure that the decisions they take reflect the best interests of stakeholders.

  • Risk Capital is the cushion that provides protection against the various risks inherent in a corporation’s business.  It traditionally answers the question “How much capital is required for our firm to remain solvent given our risk profile?”  Risk Capital measurement is based on the same concepts as Value-at-Risk (VaR) calculation methodology.
  • Risk Capital Attribution involves the allocating of risk capital to business lines as part of a risk-adjusted performance measurement system.
  • Economic Capital is the sum of risk capital and strategic capital where strategic risk capital = goodwill + burned out capital.
  • Strategic Risk Capital refers to the risk of significant investments about whose success and profitability there is a high uncertainty.  If the venture is not successful, the firm will usually face a major write-off, and its reputation will be damaged.
  • Regulatory Capital is the minimum amount of capital imposed by a regulator.  (Reference Basel II & III and Solvency II.)
  • Pricing Transactions – Risk capital numbers can be used to calculate risk-based pricing for individual transactions.  Risk-based pricing is attractive because it ensures that a firm is compensated for the economic risk generated by a transaction.

Capital Management is a part of the following services:


Cyber Risk

Challenge: Managing acceptable cost of cyber risk.

Solution: Construct Likelihood and Frequency measures



Disaster Recovery

In addition to Business Continuity Planning, Black Diamond Risk Enterprises offers discreet Disaster Recovery services focused on post-event damage control and business recovery.  Services include critical operations risk assessment, capacity and gap review; Recovery definition, objectives, strategy and implementation.


Disaster Recovery is a part of the following services:

Legal and Regulatory Compliance Risk

Challenge: Managing acceptable cost legal and regulatory compliance risk.

Solution : Construct Likelihood and Frequency measures


Black Diamond Risk Enterprises (BDRE) helps institutions upgrade their approach to managing Liquidity risk.  Liquidity risk comprises both funding liquidity risk and asset liquidity risk, although these two dimensions of liquidity risk are closely related.

Funding liquidity risk relates to a firms ability to raise the necessary cash to roll over its debt; to meet the cash, margin and collateral requirements of counterparties; and (in the case of funds) to satisfy withdrawals.

Asset liquidity risk, often simply called liquidity risk, is the risk that an institution will not be able to execute a transaction at the prevailing market price because there is, temporarily, no appetite for the deal on the other side of the market.  If the transaction cannot be postponed, its execution may lead to a substantial loss on the position.


Liquidity Management is a part of the following services:

Performance Measurement and Incentive Compensation

Black Diamond Risk Enterprises (BDRE) works with firms to implement sophisticated performance measurement systems.  Once risk capital has been calculated it can be plugged into risk-based capital attribution systems, often grouped under the acronyms RAPM (Risk Adjusted Performance Measurement), or RAROC (Risk Adjusted Return on Capital).

RAROC numbers can be used as input in compensation calculations for senior management of business lines and/or operational groups for their contribution to shareholder value.

These systems provide a uniform risk-adjusted measure of performance that both management and external stakeholders can use to determine economic profitability (as opposed to accounting profitability).


Performance Measurements & Compensation is a part of the following services:

Rating Agency Review Preparation

Black Diamond Risk Enterprises (BDRE)  works with organizations to prepare for rating agency reviews and to leverage the opportunity to sustain or enhance their credit rating.  For example, rating agencies recognize that superior risk management organizations  allocate capital to business units on a risk-adjusted basis and hold managers accountable for risk-adjusted profitability.  Empowered with this information, pro-active organizations will make necessary adjustments to position themselves to optimize their credit assessment.

S&P’s ERM Quality Classifications – Scoring Definitions for Non-financial firms:

A.  Weak

  • Missing complete controls for one or more major risks
  • Firm has limited capabilities to consistently identify, measure and comprehensively manage risk exposures
  • Execution of its RM program is sporadic
  • Losses may be widespread
  • Risk and RM may sometimes  be considered in the firm’s corporate judgment

B.  Adequate

  • Manage risk in separate silos but maintain complete control processes
  • Firm has capabilities to identify, measure, and manage most major risk exposures and losses
  • Unexpected losses are somewhat likely to occur
  • Risk and RM are often important considerations in the firms corporate judgment

C.  Strong

  • Demonstrate an enterprise-wide view of risks but are still focused on loss control
  • Have control processes for major risks
  • Firm can consistently identify, measure and manage risk exposures and losses in predetermined tolerance guidelines
  • Unlikely to experience unexpected losses outside of its tolerance level
  • Risk and RM are usually important considerations in the firm’s corporate judgment

D.  Excellent

  • All of the characteristics of the strong category, plus demonstrate risk/reward optimization
  • Firm has very well developed capabilities
  • Risk and RM are always important considerations in the firm’s corporate judgment
  • Highly unlikely that the firm will experience losses outside of its risk tolerance

Rating Agency Review is a part of the following services:

Risk Management Information Systems (RMIS)

Black Diamond Risk Enterprises (BDRE) provides risk management information system (RMIS) solutions that help you achieve your targeted results.  BDRE provides needs assessment, gap analysis, evaluation and selection services.  BDRE promotes the idea that the way an organization collects, manages and shares information influences its effectiveness and efficiency.  We listen to your needs, evaluate alternatives and create customer-specific solutions.


Risk Management Information Systems (RMIS) is a part of the following services:

Stress Testing and Scenario Analysis

Black Diamond Risk Enterprises (BDRE) works with firms to help upgrade their approach to Stress testing.  Stress Testing and Scenario Analysis are used to determine the size of potential losses related to specific extreme events that lie outside of normal market conditions.

Challenge: Managing Risk in Stress Markets

Solution: Construct Relevant Stress Scenarios

Example: Historical Stress Test (2007/2009 Financial Crises)


Supervisory Stress Testing of Bank Holding Companies

Dodd-Frank Act Stress Test :Supervisory Stress Test Methodology

The Federal Reserve expects large, complex bank holding companies (BHCs) to hold sufficient capital to continue lending to support real economic activity, even under adverse economic conditions. Stress testing is one tool that helps bank supervisors to measure whether a BHC has enough capital to support its operations throughout periods of stress. 

In the wake of the financial crisis, the Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), which requires the Federal Reserve to conduct an annual stress test of large BHCs and all nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) for Federal Reserve supervision to evaluate whether they have sufficient capital to absorb losses resulting from adverse economic conditions. The Dodd-Frank Act also requires BHCs and other financial companies supervised by the Federal Reserve to conduct their own stress tests. The Federal Reserve adopted rules implementing these requirements in October 2012. 

The Dodd-Frank Act requires the Federal Reserve to conduct an annual supervisory stress test of BHCs with $50 billion or more in total consolidated assets and nonbank financial companies designated by the FSOC for Federal Reserve supervision (collectively, “covered companies”). The Dodd-Frank Act also requires covered companies to conduct their own stress tests (company-run stress tests) semiannually. Together, the Dodd-Frank Act supervisory stress tests and the company-run stress tests are intended to provide BHC management and boards of directors, the public, and supervisors with forward-looking information to help identify downside risks and the potential effect of adverse conditions on capital adequacy of these large banking organizations. The Federal Reserve adopted rules implementing these requirements in October 2012.

Under the Dodd-Frank Act stress test rules, the Federal Reserve conducts annual supervisory stress tests to evaluate whether a covered company has the capital, on a total consolidated basis, necessary to absorb losses and continue its operations by maintaining ready access to funding, meeting its obligations to creditors and other counterparties, and continuing to serve as a credit intermediary under adverse economic and financial conditions. As part of this supervisory stress test for each covered company, the Federal Reserve projects revenue, expenses, losses, and resulting post-stress capital levels, regulatory capital ratios, and the tier 1 common ratio under three scenarios (baseline, adverse, and severely adverse). 

The Federal Reserve generally uses a common set of scenarios for all covered companies in the supervisory stress test. However, the Federal Reserve may use additional scenarios or components of scenarios for all or a subset of the covered companies to capture salient sources of risk, and these scenarios may use data from dates other than the end of the third quarter. In DFAST 2013, large, complex BHCs with significant trading activities are subject to a global market shock that reflects general market stress and heightened uncertainty, which affects trading positions and elevates counterparty credit risk.

The Dodd-Frank Act codified the Federal Reserve’s practice of disclosing a summary of the results of its supervisory stress test. 

Company-Run Stress Tests

As required by the Dodd-Frank Act, the Federal Reserve’s stress test rules require covered companies to conduct two company-run stress tests each year. In conducting the “annual” test, a covered company uses data as of September 30 and reports its stress test results to the Federal Reserve by January 5. In addition, a covered company must conduct a “midcycle” test and report the results to the Federal Reserve by July 5. The Dodd-Frank Act stress test rules align the timing of annual company-run stress tests with the annual supervisory stress tests of covered companies.

In their annual stress tests, covered companies subject to the Dodd-Frank Act stress test rules must use the scenarios provided by the Federal Reserve. Each year, the Federal Reserve will provide at least three scenarios—baseline, adverse, and severely adverse—that are identical to the scenarios the Federal Reserve uses in the annual supervisory stress tests of covered companies.

By providing a common set of scenarios to all firms, the results of company-run and supervisory stress tests  will be based on comparable underlying assumptions. To further enhance comparability, the supervisory stress tests and company-run stress tests conducted under the Dodd-Frank stress test rules use the same set of capital action assumptions. According to these assumptions, over the nine-quarter planning horizon, each BHC maintains its common stock dividend payments at the same level as the previous year; scheduled dividend, interest or principal payments on any other capital instrument eligible for inclusion in the numerator of a regulatory capital ratio are assumed to be paid; but repurchases of such capital instruments and issuance of stock is assumed to be zero.

Finally, each covered company must publicly disclose a summary of the results of its company-run stress test under the severely adverse scenario provided by the Federal Reserve.

Subject Matter Expertise / Testimony

Black Diamond Risk Enterprises (BDRE) provides expert testimony in a variety of risk related areas. BDRE professionals are experienced, credentialed, articulate industry veterans who are passionate about the business of risk.

Supply Chain Risk Management

Black Diamond Risk Enterprises (BDRE) works with organizations to optimize supply chain risk management. These services include identifying, quantifying and translating the risks within the supply chain into manageable financial metrics.  Our process includes providing a detailed  assessment, analysis and implementation roadmap.


Supply Chain Optimization is a part of the following services:

Value at Risk (VaR)

Black Diamond Risk Enterprises (BDRE) provides Operational Risk Value at Risk (VaR) services in many forms.  We define Operational VaR as the worst case loss that might be expected from a portfolio of exposures over a given period of time at a specified level of probability.  As such,Operational VaR offers a probability statement about the potential change in the value resulting from a change in risk factors over a specified period of time.


Vendor Selection

Black Diamond Risk Enterprises (BDRE) understands the nuanced nature of broker/client and vendor/client relations.  BDRE provides an independent, objective evaluation of service provider selection, performance and contractual agreements.  We recognize that developing or improving a relationship with a service provider requires a clear understanding of your needs, expectations, objectives, operations and strategy.

An efficient, informed vendor selection process requires objective factual information unbiased by personal relationships.  It carries profound implications which may lead to changes in current compensation, services, expectations (Service Level Agreements & Stewardship Reports), management reporting and more.


Vendor Selection is a part of the following services: