Bow-Tie Risk Analyser — Capital Markets

Risk Event Inventory

Step 1 — Risk Identification

Central Risk Event

Risk Category

Business Line

Inherent Risk Rating

Residual Risk Rating

Risk Owner

Review Date

Regulatory Framework

Risk Appetite

Risk Description

Context & Background

Estimated Financial Impact — Low (USD)

Estimated Financial Impact — High / Tail (USD)

Basel III Operational Risk Event Category BIS / Basel Committee on Banking Supervision

Select the applicable Basel II / III Level 1 operational risk event type. This classification drives regulatory capital treatment, loss data reporting (ORX, internal), and RCSA linkage. One primary category should be selected; note secondary categories in the description field.

Basel Category Notes / Secondary Classification

Step 2 — Risk Drivers (Threats)

Identify the causal factors that could trigger the central risk event. Drivers sit on the left side of the bow-tie. Each should be discrete, actionable, and assessable independently.

Step 3 — Key Risk Indicators (KRIs)

Design measurable, forward-looking indicators that provide early warning for each risk driver. A good KRI is quantifiable, has defined escalation thresholds, and is owned by a named individual.

Step 4 — Event Impacts (Consequences)

Identify downstream consequences if the central event occurs. Impacts sit on the right side of the bow-tie. Document first and second-order effects separately.

Step 5 — Key Control Indicators (KCIs)

Design post-event metrics that measure the scale of each impact and the effectiveness of recovery actions. KCIs are backward-looking monitors used during and after an event.

Step 6 — Controls & Mitigations

Preventive Controls Left-side — reduce likelihood

Recovery Mitigations Right-side — reduce impact

Step 7 — Bow-Tie Risk Map

Risk Driver

KRI — Early Warning

Preventive Control

Central Risk Event

Event Impact

KCI — Recovery Metric

Recovery Mitigation

Step 8 — Risk Register & Summary

Analysis Completeness

Driver Risk Heat MapLikelihood × Severity

Driver RegisterLeft-side

Driver	Category	Likelihood	Severity	Risk Score	KRIs Mapped	Controls Mapped	Coverage

Impact RegisterRight-side

Impact	Category	Severity	Time to Manifest	KCIs Mapped	Mitigations Mapped	Coverage

Audit & Attestation

Prepared by

Reviewed by (1st Line)

Approved by (CRO / MD)

Next Review Date

Document Version

Status