Comprehensive and Detailed In-Depth Explanation:
Basel II defines operational risk as "the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events," explicitly including legal risk (e.g., lawsuits, regulatory fines) but excluding strategic and reputational risks. Pandemic risk (A) is an external event but isn’t separately categorized—it falls under operational risk only if it disrupts processes. Strategic risk (B) relates to business decisions, and reputational risk (C) affects perception, not direct losses. Legal risk (D) is a core component, often arising from operational failures (e.g., non-compliance).
Exact Extract from Official Source:
BCBS, "Basel II: International Convergence of Capital Measurement and Capital Standards," June 2006, para. 644: "Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and reputational risk."
GARP FRR Study Notes, Operational Risk Section: "Legal risk, encompassing losses from litigation or regulatory penalties, is explicitly included in Basel’s operational risk definition, unlike reputational or strategic risks, which are managed separately."
[Reference:BCBS, "Basel II," para.644; GARP FRR Study Notes, Operational Risk Section., ]
