What is the Loss Distribution Approach for operational risk, and how do Key Risk Indicators fit in?

You're right that operational risk can feel less intuitive than market or credit risk, but the Loss Distribution Approach is actually quite elegant once you see the mechanics. Let me walk through both LDA and KRIs.

Loss Distribution Approach (LDA) — Overview

The LDA models operational risk losses by separately estimating:

1. Frequency distribution — How many loss events occur per year? (Typically Poisson)
2. Severity distribution — How large is each individual loss? (Typically Lognormal or Generalized Pareto for tail events)

You then convolve these two distributions (combine them via Monte Carlo simulation) to get the aggregate annual loss distribution, from which you extract the capital charge at the 99.9th percentile.

Step-by-Step Example:

Northstar Financial Services wants to estimate op risk capital for its internal fraud event type.

Step 1: Estimate Frequency

Historical data (10 years of internal loss data + consortium data) suggests an average of 8 internal fraud events per year.

• Frequency ~ Poisson(λ = 8)

Step 2: Estimate Severity

Past fraud losses range from $15,000 to $4.2M. Fitting a lognormal distribution:

• Severity ~ Lognormal(μ = 11.5, σ = 1.8)
• This gives a mean loss of ~$210,000 and a heavy right tail

Step 3: Monte Carlo Convolution

For each simulation run (say 100,000 iterations):

1. Draw N from Poisson(8) — e.g., N = 11 events this year
2. Draw 11 severity values from Lognormal(11.5, 1.8)
3. Sum them to get the aggregate annual loss

Step 4: Extract Capital

Sort all 100,000 aggregate loss outcomes. The 99.9th percentile (the 100th worst out of 100,000) might be $6.8M. That's the op risk capital charge for internal fraud.

Repeat for all 7 Basel event types (internal fraud, external fraud, employment practices, clients/products, physical assets, business disruption, execution/delivery) and sum across them (with or without diversification).

Key Risk Indicators (KRIs) — The Forward-Looking Complement

While LDA is backward-looking (based on historical losses), KRIs provide early warning signals of emerging operational risks.

What Makes a Good KRI:

• Measurable — quantitative, not subjective
• Leading — predicts future losses, not just reports past ones
• Actionable — when the indicator breaches a threshold, management can intervene

Examples of KRIs by Risk Type:

How KRIs and LDA Work Together:

1. LDA sets the capital charge based on historical loss patterns.
2. KRIs provide real-time monitoring and trigger management action before losses materialize.
3. Some advanced banks use Bayesian approaches to update LDA parameters with KRI data — if system downtime KRIs are spiking, the frequency parameter for technology losses is adjusted upward.

Exam Tip: GARP loves asking about the limitations of LDA — specifically, the scarcity of internal data for high-severity / low-frequency events and the need to supplement with external data and scenario analysis.

Our FRM Part II course on AcadiFi covers all three pillars of op risk measurement (LDA, scenario analysis, and scorecard approaches) with practice problems tailored to recent exam trends.