When JPMorgan Chase CEO Jamie Dimon testified before Congress in late 2023 that the original Basel III Endgame proposal would require his bank to hold an additional $50 billion in capital—enough to fund 500,000 small business loans—the operational risk component was the single largest contributor to that number.
The Advanced Measurement Approaches (AMA) that the largest US banks had spent over a decade building would be eliminated overnight, replaced by a standardized formula that, critics argued, bore little relationship to actual risk exposure.
Fast-forward to March 2026, and US regulators have formally rescinded the 2023 proposal and issued a fundamentally different re-proposal.
The Federal Reserve, OCC, and FDIC now project that aggregate capital in the banking system will modestly decrease under the new framework—a dramatic pivot from the original +16% CET1 increase.
| What You Need to Know |
| The March 2026 re-proposal dramatically scaled back capital increases, with regulators now projecting overall capital levels will modestly decrease rather than the original +16% aggregate CET1 increase. |
| Operational risk is the single largest RWA driver under Basel III Endgame, with the new Standardized Approach (SA) replacing all internal models (AMA) for banks above $100 billion in assets. |
| The Business Indicator Component (BIC) and Internal Loss Multiplier (ILM) form the core calculation, tying capital directly to revenue size and 10 years of historical loss data. |
| US regulators have diverged from the Basel Committee framework by proposing reduced operational risk floors (potentially 40–60% vs. the original 72.5%), creating global comparability challenges. |
| Comment period closes June 18, 2026, with implementation expected to begin in 2027 and phase in over three years through 2030. |
| Banks that start gap analyses, loss data remediation, and BIC calculations now will gain a 12–18 month head start on compliance readiness. |
| The Three Lines Model must adapt: first-line operational risk owners need new data collection capabilities, second-line needs recalibrated capital models, and third-line must validate the entire framework. |
But for operational risk managers specifically, the structural change remains significant: internal models are still gone, the Standardized Approach is still coming, and the compliance clock is ticking.
This guide breaks down exactly what the Basel III Endgame means for operational risk: the new capital calculation methodology, how it differs from the 2023 proposal, what your Three Lines of Defense need to do differently, and a 90-day roadmap to get compliance-ready before the comment period closes.
1. What Is Basel III Endgame and Why Does It Matter?
Basel III Endgame refers to the final set of reforms issued by the Basel Committee on Banking Supervision (BCBS) in December 2017, designed to reduce excessive variability in risk-weighted assets across global banks.
In the US, these reforms apply to banking organizations with $100 billion or more in total consolidated assets. The core objective: replace internal models with standardized approaches that produce comparable, transparent capital requirements across institutions.
The Basel III Endgame encompasses changes to credit risk, market risk (via the Fundamental Review of the Trading Book, or FRTB), credit valuation adjustment (CVA) risk, and—most significantly for this article—operational risk.
Operational risk was identified by the American Bankers Association (ABA) as the single largest driver of RWA inflation under the original 2023 proposal, accounting for an estimated 78% RWA increase for Category I and II banks.
Figure 1: RWA Impact by Risk Category
Source: PwC analysis of 2023 NPR. Operational risk represents the largest single RWA driver under the original proposal.
Understanding this context is critical because even though the 2026 re-proposal significantly reduced overall capital impact, the structural shift from internal models to the Standardized Approach for operational risk remains intact.
Every bank above the $100 billion threshold must prepare for a fundamentally different methodology, regardless of whether aggregate capital requirements go up or down.
2. The Regulatory Timeline: From 2023 NPR to 2026 Re-Proposal
Basel III Endgame: What the March 2026 Re-Proposal Actually Changed
The March 2026 Basel III Endgame re-proposal made six structural changes to the original 2023 framework. Each one has direct implications for how US banks calculate operational risk capital, report loss data, and brief their boards through the June 2026 comment period and beyond.
Basel III Endgame: The ILM Change Most Practitioners Missed
The single most consequential change is the removal of the Internal Loss Multiplier (ILM) as a loss-history adjustment. Under the re-proposal, regulators will no longer adjust a firm’s operational risk charge based on its loss record. ILM effectively becomes 1.0 for US banks.
This flips the preparation playbook. Programs that spent 12 months curating 10-year loss data for ILM inputs face a write-off of that effort — at least for capital computation. The data is still valuable for operational risk management, scenario-based risk assessment, and post-implementation monitoring.
Basel III Endgame: Fee Income, Investment Management, and Capital-Neutral Framing
Fee income now counts on a net basis — revenues minus expenses — rather than gross. This reduces operational risk capital for fee-heavy businesses. Investment management activity gets a lower operational-risk weighting, reflecting its historically low loss profile. The aggregate framing is “capital-neutral” for large US banks.
This shifts the board conversation from “how much extra capital will we raise?” to “how do we reshape the business mix to benefit from the re-weighting?” Risk-weighted asset forecasts built against the 2023 NPR need re-running against the 2026 numbers before the 18 June 2026 comment deadline.
The path from the original Notice of Proposed Rulemaking (NPR) to the current re-proposal has been unusually turbulent. In July 2023, the Fed, OCC, and FDIC published a joint NPR that generated over 16,000 comment letters—an unprecedented volume for a banking regulation—with the overwhelming majority opposing the proposal’s scope and calibration.
Figure 2: Basel III Endgame Regulatory Timeline
Key milestones from the original 2023 proposal through the 2026 re-proposal and expected implementation.
On March 19, 2026, the agencies formally rescinded the 2023 proposals and issued three new proposals that comprehensively overhaul the existing US bank capital framework. The comment period for these proposals closes on June 18, 2026.
According to Bloomberg Professional Services, Fed remarks point to a largely capital-neutral outcome, with implementation expected to begin in 2027 and phase in over three years.
| Milestone | Date | Status | Implication |
| Original NPR Published | July 2023 | Rescinded | Set baseline; generated massive pushback |
| Comment Period Closed | January 2024 | Complete | 16,000+ letters; forced re-proposal |
| Fed Chair Signals Re-Proposal | September 2024 | Complete | Acknowledged broad material changes needed |
| Re-Proposed Rules Published | March 2026 | Active | Three proposals; dramatically reduced scope |
| Comment Period Closes | June 2026 | Pending | Last window for industry input |
| Final Rule Expected | Late 2026/Early 2027 | Projected | Must prepare before finalization |
| Implementation Begins | Mid-2027 | Projected | Three-year phase-in to 2030 |
3. The New Standardized Approach for Operational Risk
The most consequential change for operational risk management in banking is the elimination of the Advanced Measurement Approaches (AMA) and their replacement with a single Standardized Approach (SA).
Under the AMA, banks used proprietary internal models to calculate operational risk capital. These models produced vastly different capital charges for banks with similar risk profiles—the exact problem the BCBS set out to solve.
3.1 Business Indicator Component (BIC)
The BIC is a financial-statement-based proxy for operational risk exposure. It uses a Business Indicator (BI) calculated as the sum of three components, each averaged over three years: (1) the Interest, Leases, and Dividends Component (ILDC), (2) the Services Component (SC), and (3) the Financial Component (FC). The BI is then multiplied by marginal coefficients that increase with the bank’s size.
| BI Range (USD Billions) | Marginal Coefficient | Bucket |
| $0 – $1B | 12% | Bucket 1 |
| $1B – $30B | 15% | Bucket 2 |
| Above $30B | 18% | Bucket 3 |
For the largest US banks (GSIBs), nearly all operational risk capital will fall into Bucket 3, meaning 18% of their three-year average BI drives the baseline capital requirement before loss adjustments.
This design inherently ties capital to revenue scale, which the ABA has criticized as penalizing well-managed banks that generate high revenue with low operational losses.
3.2 Internal Loss Multiplier (ILM)
The ILM adjusts the BIC based on a bank’s actual historical loss experience over the preceding 10 years.
The formula is: ILM = ln[exp(1) – 1 + (LC/BIC)^0.8], where LC (the Loss Component) equals 15 times the bank’s average annual operational risk losses. Banks with better loss records get a multiplier below 1.0 (reducing their capital charge), while banks with heavy losses face multipliers above 1.0.
However, the US re-proposal introduces a critical divergence from the BCBS framework: the ILM floor may be set at 40–60% of the BIC rather than the BCBS standard of 72.5%.
This means US regulators are giving banks more credit for strong loss management—but it also creates global regulatory fragmentation that multinationals will need to manage across jurisdictions.
3.3 Final Capital Calculation
The minimum operational risk capital requirement = BIC × ILM. For a hypothetical large bank with a three-year average BI of $50 billion and average annual operational losses of $2 billion, the calculation would yield a BIC of approximately $8.1 billion (using the tiered marginal coefficients) and an ILM that adjusts this based on the LC/BIC ratio.
The actual capital charge depends heavily on the final ILM calibration and floor—which is why the June 2026 comment period matters so much.
4. Capital Impact: Original Proposal vs. 2026 Re-Proposal
The difference between the 2023 and 2026 proposals is stark. The original NPR would have increased aggregate CET1 capital requirements by approximately 16%, with GSIBs facing a 19% increase.
The 2026 re-proposal, by contrast, is designed to be broadly capital-neutral, with regulators projecting that overall capital in the banking system will modestly decrease. For risk assessment professionals, this shift changes the compliance calculus from a capital-building exercise to a methodology-transition exercise.
Figure 3: Capital Impact Comparison
Estimated CET1 impact by bank category. The 2026 re-proposal targets capital neutrality, a dramatic shift from 2023.
| Dimension | 2023 Original NPR | 2026 Re-Proposal |
| Aggregate CET1 Impact | +16% industrywide | Modest decrease expected |
| GSIB Impact | +19% CET1 | ~Capital neutral |
| Operational Risk Approach | SA replaces AMA | SA replaces AMA (unchanged) |
| ILM Floor | 72.5% (BCBS standard) | 40–60% (proposed) |
| Applicability Threshold | $100B+ total assets | $100B+ total assets (unchanged) |
| Output Floor | 72.5% phase-in | Reduced; longer phase-in |
| Implementation Start | July 2025 | Mid-2027 (estimated) |
| Phase-In Period | 3 years (to June 2028) | 3 years (to ~2030) |
5. AMA vs. Standardized Approach: What Changes for Your Team
The shift from AMA to the Standardized Approach is not merely a formula change—it transforms how operational risk teams organize their work, what data they collect, and how they report to the board.
Under the AMA, banks invested heavily in scenario analysis, external loss databases, and complex internal models that required ongoing validation.
The SA eliminates the need for model development and validation but introduces new requirements around loss data quality and Business Indicator calculation.
Figure 4: AMA vs. Standardized Approach Comparison
The SA reduces complexity and regulatory approval burden but also reduces risk sensitivity compared to internal models.
| Capability | Under AMA (Old) | Under SA (New) |
| Loss Data Collection | Required for model inputs; 5+ years | Required for ILM; 10 years minimum |
| Scenario Analysis | Core model input | Not required for capital; still useful for risk management |
| Model Validation | Annual independent validation required | No models to validate; focus shifts to data validation |
| Capital Calculation | Proprietary internal model | Standardized formula (BIC × ILM) |
| Regulatory Approval | Model must be approved by regulators | No model approval needed; data quality audited |
| Board Reporting | Model outputs and assumptions | BIC components, loss trends, ILM trajectory |
For key risk indicator (KRI) programs, the SA introduces a new set of metrics that boards and risk committees will need to monitor. Where AMA-era KRIs focused on model performance and scenario coverage, SA-era KRIs should track BIC component trends, loss data completeness, ILM trajectory, and peer benchmarking on standardized capital charges.
6. Three Lines Model: Roles and Responsibilities Under the SA
The shift to the Standardized Approach requires a recalibration of the Three Lines Model for operational risk. Each line of defense has distinct new responsibilities under the SA framework.
| Line | Role | Key SA Responsibilities | New Capabilities Needed |
| 1st Line | Business Units / Process Owners | Accurate loss event capture; incident classification; root cause documentation | Standardized loss taxonomy; real-time reporting tools; training on 10-year data requirements |
| 2nd Line | Risk Management / Compliance | BIC calculation; ILM monitoring; capital adequacy reporting; policy updates | Financial statement integration for BI components; loss data quality assurance; peer benchmarking |
| 3rd Line | Internal Audit | Independent assurance over loss data integrity; BIC/ILM calculation validation | SA-specific audit methodology; data completeness testing; regulatory change tracking |
The most significant capability gap for most banks is in loss data management. The ILM requires 10 years of operational loss history, classified according to the Basel event-type taxonomy.
Banks that have gaps in their historical data—due to mergers, system migrations, or inconsistent classification—must begin remediation now.
The COSO ERM framework provides a useful lens for integrating operational risk data governance into broader enterprise risk management structures.
7. Global Regulatory Divergence: US vs. EU vs. UK
The 2026 re-proposal widens the gap between US and international implementations of the Basel III framework. The EU implemented its version through CRR3, effective January 2025, with an ILM set at 1.0 (effectively neutralizing the loss multiplier).
The UK’s Prudential Regulation Authority (PRA) plans to go live in January 2027 with a framework closer to the BCBS standard. The US re-proposal charts yet a third path, with reduced ILM floors and broader exemptions for mid-size banks.
| Dimension | US (2026 Re-Proposal) | EU (CRR3) | UK (PRA) |
| Implementation Date | Mid-2027 (est.) | January 2025 | January 2027 |
| ILM Treatment | 40–60% floor (proposed) | Set at 1.0 (neutralized) | BCBS standard (72.5%) |
| Applicability | $100B+ assets | All banks (proportional) | All PRA-regulated firms |
| Output Floor | Reduced; longer phase-in | 72.5% by 2030 | 72.5% by 2030 |
| AMA Retention | Eliminated | Eliminated | Eliminated |
For multinational banks, this divergence creates operational complexity. A global GSIB must calculate operational risk capital under at least three different calibrations, maintain data infrastructure that satisfies the most demanding jurisdiction’s requirements, and report consistently across regulators with different timelines and definitions.
Operational risk management frameworks must be designed to accommodate this multi-jurisdictional reality.
Basel III Endgame: Mid-Size US Banks ($100B-$250B) — A Different Playbook
Category IV US banks face a streamlined Basel III Endgame regime under the March 2026 re-proposal. Expectations are calibrated to scale — simpler Business Indicator calculation, lighter reporting cadence, and reduced disclosure requirements. Implementation effort is smaller, but governance expectations remain high.
Basel III Endgame: What Mid-Size Banks Actually Have to Do
A Category IV bank should plan for four deliverables over the 2026-2028 window. First, a simplified Business Indicator calculation integrated with finance systems.
Second, an operational-loss database sufficient for supervisory monitoring (full 10-year history not required for ILM since ILM = 1). Third, governance sign-off. Fourth, FFIEC 101-equivalent reporting.
The marginal effort versus a Category III Basel III Endgame implementation is roughly 30-40% smaller. But the board-level question remains the same: does the bank have a defensible operational risk governance structure that maps to the Three Lines Model and ties into enterprise capital planning?
Basel III Endgame: When Mid-Size Banks Still Need the Full Toolkit
Regional banks in growth mode — approaching $250 billion through M&A or organic expansion — should build the full Category III toolkit in advance. The transition threshold is a hard line, not a gradient. Banks that cross it without preparation face a 12-18 month catch-up program with limited regulatory tolerance for delay.
8. Practical Impacts on Loss Data and Reporting
The SA’s dependence on historical loss data elevates data management from a back-office function to a capital-determining activity.
Under the AMA, banks had flexibility in how they incorporated loss data into their models. Under the SA, the loss data feeds directly into the ILM formula, meaning every misclassified, unreported, or incomplete loss event has a quantifiable capital impact.
8.1 Loss Data Quality Requirements
| Requirement | What It Means in Practice |
| 10-Year Loss History | Banks must maintain 10 consecutive years of operational loss data classified by Basel event types; gaps trigger regulatory scrutiny |
| De Minimis Threshold | The re-proposal may set a minimum loss threshold (e.g., $20,000) below which events are excluded from the ILM calculation |
| Event Type Taxonomy | All losses must map to the seven Basel II event categories (internal fraud, external fraud, EPWS, CPBP, damage to physical assets, BDSF, execution/delivery) |
| Gross Loss vs. Net Loss | The SA uses gross loss (before recoveries); banks must track both and reconcile |
| Merger/Acquisition Data | Acquired bank loss histories must be integrated into the combined entity’s 10-year dataset |
For banks with robust risk metrics and KRI programs, the transition is manageable.
For banks that treated loss data as an AMA model input rather than a standalone data asset, the remediation effort could take 12–18 months—which is why starting now, before the final rule, is critical.
Basel III Endgame: Mapping AI, Cyber, and Climate Risk to the Standardized Approach
Emerging operational risks — AI, cyber, climate, crypto — fit inside the Basel III Endgame Standardized Approach through the seven Basel II operational risk event types.
The framework does not create new event categories for these risks. Banks map them into existing categories, ensuring the loss database captures the right data for supervisory monitoring.
Basel III Endgame: AI and Model Risk Mapping
AI-related operational risk maps primarily into “Clients, Products & Business Practices” (for consumer harm, discriminatory lending decisions, faulty outputs) and “Business Disruption & System Failures” (for AI model outages, retraining failures). Banks should extend their operational risk management frameworks to capture AI-specific event identifiers.
Basel III Endgame: Cyber, Climate, and Crypto
Cyber events map into “External Fraud” (data exfiltration, ransomware) or “Business Disruption.” Climate events — physical damage to branches, counterparty default from climate shock — map into “Damage to Physical Assets” and indirectly into credit risk. Digital-asset custody incidents map into “Execution, Delivery & Process Management” with a flag for third-party exposure.
9. 90-Day Implementation Roadmap
Whether the final rule lands in late 2026 or early 2027, banks that complete the following 90-day readiness program will have a structural advantage.
This roadmap assumes your organization has not yet begun formal SA preparation. If you have, use it as a gap-check against your current program.
| Phase | Actions | Deliverables | Success Metrics |
| Days 1–30: Assess & Scope | 1. Conduct gap analysis of current loss data vs. SA requirements 2. Map BIC components to financial statements 3. Identify ILM data gaps (10-year history) 4. Establish project governance and RACI | Gap analysis report BIC component mapping Data remediation plan Project charter with RACI | Gap analysis completed with <5 open items All BIC components mapped to GL accounts Sponsor sign-off on remediation timeline |
| Days 31–60: Build & Remediate | 1. Build BIC calculation engine (spreadsheet or system) 2. Begin loss data remediation 3. Calculate preliminary ILM 4. Benchmark against peer disclosures 5. Draft board reporting framework | BIC calculation tool Loss data remediation tracker Preliminary capital estimate Peer benchmarking analysis Board reporting template | BIC tool produces results within 5% of manual calculation Loss data gaps reduced by 50% Preliminary capital estimate reviewed by CRO |
| Days 61–90: Validate & Embed | 1. Independent validation of BIC/ILM calculations 2. Submit comment letter on re-proposal 3. Update risk appetite statement for SA 4. Train 1st and 2nd line staff 5. Integrate SA metrics into KRI dashboard | Validation report Comment letter Updated risk appetite Training completion records SA-enhanced KRI dashboard | Zero material findings in validation Comment letter submitted before June 18 deadline 90%+ staff completion rate KRI dashboard operational |
Basel III Endgame: Frequently Asked Questions
When does Basel III Endgame take effect in the United States?
The US Basel III Endgame effective date depends on the final rule. The comment period on the 2026 re-proposal closes on 18 June 2026. Regulators will issue a final rule thereafter, with phased implementation expected between 2027 and 2028. Large banks should plan for a 12-18 month implementation window from final-rule issuance.
Who is subject to Basel III Endgame in the US?
Basel III Endgame in the US primarily covers Category I-III banks — GSIBs, Category II (over $700 billion), and Category III (over $250 billion). Category IV banks ($100-$250 billion) are subject to a streamlined framework under the March 2026 re-proposal, while community banks under $100 billion remain outside scope.
Does Basel III Endgame still use the Internal Loss Multiplier?
No. The March 2026 Basel III Endgame re-proposal removed the Internal Loss Multiplier (ILM) as an adjustment based on operational loss history. ILM effectively defaults to 1.0 for US banks. Operational loss data remains important for monitoring, scenario analysis, and supervisory review — just not as a capital multiplier.
How does Basel III Endgame treat fee income?
The Basel III Endgame re-proposal calculates fee income on a net basis — revenues minus expenses — rather than gross. This reduces operational risk capital for fee-heavy businesses, especially asset management and advisory. The change aligns capital with actual risk and removes the 2023 proposal’s over-capitalization of low-risk fee lines.
What is the Standardized Approach under Basel III Endgame?
The Basel III Endgame Standardized Approach (SA) replaces the Advanced Measurement Approach (AMA) for operational risk capital. It uses a Business Indicator Component (BIC) based on three financial buckets — interest, services, and financial components — multiplied by regulator-set marginal coefficients. Output feeds directly into risk-weighted assets.
How does Basel III Endgame affect mid-size US banks?
Mid-size US banks ($100-$250 billion, Category IV) fall under a streamlined Basel III Endgame framework under the March 2026 re-proposal. Expect a simplified Business Indicator calculation, reduced reporting frequency, and capital-neutral aggregate impact. Regional banks still need operational risk governance aligned with Three Lines Model expectations.
Does Basel III Endgame require changes to the Three Lines Model?
Basel III Endgame reinforces, rather than rewrites, the Three Lines Model. First-line business units own operational risk data and controls. Second-line operational risk management oversees the Standardized Approach computation. Third-line internal audit tests the end-to-end process. See the
riskpublishing.com guide on the Three Lines Model for the roles-and-responsibilities mapping every bank should adopt during implementation.
What technology do banks need for Basel III Endgame compliance?
Banks need three technology capabilities for Basel III Endgame: a centralized operational-loss database with 10-year history, a Business Indicator calculation engine that integrates finance and risk data, and a regulatory reporting pipeline aligned with FR Y-14 and FFIEC 101 templates. GRC platforms (Archer, MetricStream, LogicGate) and specialized regulatory capital solutions cover most requirements.
How does Basel III Endgame compare between the US, EU, and UK?
Basel III Endgame implementation diverges by jurisdiction. The EU applies CRR3 from 1 January 2025 with phased output-floor transition through 2030. The UK PRA implements Basel 3.1 from 1 January 2027. The US re-proposal targets 2027-2028. Cross-border banks face a multi-year implementation planning challenge until regimes align.
What should banks submit in the Basel III Endgame comment period?
The Basel III Endgame 2026 re-proposal comment period closes 18 June 2026. Effective submissions quantify impact on specific business lines, flag unintended consequences, and propose targeted modifications rather than opposing the framework wholesale. Submissions should reference specific BIC coefficients, reporting templates, or transition provisions with data support.
How does Basel III Endgame map to existing ERM frameworks?
Basel III Endgame integrates cleanly with
existing ERM frameworks grounded in COSO ERM and ISO 31000. Operational risk capital calculation becomes a specific output of the broader ERM risk identification and measurement cycle. Board risk appetite statements should reference operational-risk capital as a quantitative metric, alongside credit and market risk appetite.
Does Basel III Endgame cover emerging risks like AI and cyber?
Yes. Basel III Endgame’s operational risk event types (Basel II categories 1-7) accommodate AI and cyber risks within “External Fraud,” “Business Disruption & System Failures,” and “Clients, Products & Business Practices.” Banks should map AI model risk, cyber incident losses, and third-party breach events into the loss database for monitoring — even though ILM no longer uses them.
10. Common Pitfalls in Basel III Endgame Preparation
| Pitfall | Root Cause | Remedy |
| Treating the SA as a capital exercise only | Focus on numbers rather than operational changes | Embed SA into operational risk framework, not just finance reporting |
| Ignoring loss data gaps until the final rule | Assumption that the rule will change further | Start remediation now; 10-year data gaps cannot be fixed retroactively |
| Using BIC as a standalone metric | Failure to contextualize with loss experience | Always present BIC alongside ILM and peer benchmarks in board reporting |
| Neglecting the comment period | Belief that industry groups will represent your interests | Submit institution-specific comments by June 18, 2026; regulators weight individual letters |
| Underestimating M&A data integration | Loss histories from acquired entities are incomplete | Audit acquired bank loss data immediately; build integration playbooks |
| Failing to update risk appetite statements | Risk appetite still references AMA-era metrics | Rewrite operational risk appetite in SA terms: BIC trends, ILM trajectory, loss thresholds |
| Not training first-line staff | Assumption that SA is a second-line responsibility | First-line captures the loss data that drives ILM; training is non-negotiable |
| Delaying system changes for the final rule | Waiting for certainty before investing | Build flexible BIC/ILM calculation tools now; calibration parameters can be updated later |
11. Looking Ahead: 2026–2028 Operational Risk Landscape
The Basel III Endgame re-proposal marks the beginning, not the end, of a multi-year transformation in how US banks manage and capitalize operational risk. Several converging trends will shape the landscape through 2028 and beyond.
First, the convergence of operational risk with operational resilience regulation is accelerating.
DORA in the EU, the PRA’s operational resilience framework in the UK, and growing US supervisory focus on critical operations all point toward a future where operational risk capital and resilience testing are integrated.
Banks that build their SA infrastructure with resilience linkages from the start will be better positioned for this convergence.
Second, AI and machine learning are transforming operational risk detection and loss event classification. As banks adopt AI governance frameworks, the intersection of AI risk and operational risk becomes increasingly important.
The SA’s reliance on historical loss data creates an interesting tension with AI-driven risks that may have no historical precedent—regulators will need to address how emerging risks are captured in a backward-looking framework.
Third, the global divergence in SA implementation will drive demand for harmonized reporting tools and cross-jurisdictional risk frameworks.
Banks that invest in flexible, multi-regime calculation engines now will have a competitive advantage as regulators in the US, EU, and UK fine-tune their respective approaches through 2028. The ISO 31000 risk management standard provides a jurisdiction-agnostic foundation that can help multinational banks maintain consistency across regulatory regimes.
Finally, the role of the operational risk function itself is evolving. With the SA removing the need for complex internal model development and validation, operational risk teams have an opportunity to redirect resources toward forward-looking risk identification, compliance monitoring, and strategic risk advisory—activities that create more value for the business than capital modeling ever did.
Basel III Endgame: Glossary of Key Terms
| Acronym / Term | Definition |
| Basel III Endgame | Collective name for the final phase of Basel III capital reforms (Basel 3.1) addressing risk-weighted assets, credit risk, market risk, operational risk, and CVA. Proposed in the US in 2023, re-proposed in March 2026. |
| AMA | Advanced Measurement Approach — the internal-model approach for operational risk capital being eliminated under Basel III Endgame. |
| SA / SMA | Standardized Approach for operational risk (also called SMA — Standardized Measurement Approach). Replaces AMA. Based on Business Indicator times regulator-set coefficients. |
| BIC | Business Indicator Component — the size-of-business input to the operational risk capital calculation under Basel III Endgame. |
| BI | Business Indicator — the sum of interest, services, and financial components used in the BIC formula. |
| ILM | Internal Loss Multiplier — originally proposed as a loss-history adjustment. Effectively set to 1.0 under the March 2026 re-proposal. |
| RWA | Risk-Weighted Assets — the denominator of bank capital ratios. Operational risk contributes to RWA alongside credit and market risk. |
| GSIB | Global Systemically Important Bank — the top-tier category under Basel III Endgame, subject to the highest capital surcharges. |
| Category I-IV | US banking agency categorization by size and complexity. Category I = GSIBs; II = $700B+; III = $250B+; IV = $100-$250B. |
| CRR3 | EU Capital Requirements Regulation 3 — the EU implementation of Basel III Endgame, applicable from 1 January 2025. |
| FR Y-14 | Federal Reserve stress-testing data collection. Operational loss data flows here and into FFIEC 101 reports. |
| FFIEC 101 | Regulatory capital reporting template used by US banking agencies. |
Ready to build your Basel III Endgame operational risk readiness program? Visit riskpublishing.com for practitioner guides, operational risk frameworks, KRI libraries for banks, and ERM implementation templates designed for financial services risk professionals.
References
1. Basel Committee on Banking Supervision – High-Level Summary of Basel III Reforms (2017)
2. BIS – Operational Risk Standardised Approach: Executive Summary
3. Federal Reserve – Agencies Request Comment on Proposed Rules (July 2023)
4. PwC – Basel III Endgame: Complete Regulatory Capital Overhaul
5. EY – Basel III Endgame: What You Need to Know
6. Bloomberg Professional Services – Fed Remarks Point to Capital-Neutral Basel III Endgame in 2026
7. Moody’s – US Proposes Final Basel Rules, Transition Period to Start in July 2025
8. American Bankers Association – Over-Estimation of Basel III Endgame Operational Risk Capital
9. ABA – Methodological Flaws in Basel III Endgame Operational Risk Capital Requirements
10. Atlantic Council – Basel III Endgame: The Specter of Global Regulatory Fragmentation
11. Congressional Research Service – Bank Capital Requirements: Basel III Endgame
12. Brookings Institution – What Is Bank Capital? What Is the Basel III Endgame?
13. Freshfields – Basel III Endgame, Take Two: 8 Key Takeaways from the Re-Proposals
15. KPMG – Capital Requirements: Proposed Basel III Endgame & GSIB Capital Surcharges
Chris Ekai is a Risk Management expert with over 10 years of experience in the field. He has a Master’s(MSc) degree in Risk Management from University of Portsmouth and is a CPA and Finance professional. He currently works as a Content Manager at Risk Publishing, writing about Enterprise Risk Management, Business Continuity Management and Project Management.