ORX System

Every three months ORX collects, from its 53 member banks in 18 different countries, the operational risk losses suffered in the previous quarter. The ORX system for the secure exchange, quality assurance, anonymisation, analysis and distribution of operational risk data is called the Core System and went live in January 2009.

ORX terms the quarterly data collection and distribution process the “Data Cycle”. Each Data Cycle commences 8 weeks after the quarter end with the submission of data to ORX. ORX publishes data 4 weeks from the date of first submission.  At a high level the Data Cycle operates as follows:

ORX Core System Data Cycle Overview

1. Initial Upload – Members prepare their data and complete the Core Upload template provided by ORX. The Core system allows either incremental upload (new event and changes) or complete upload (all events and all changes).

2. Data Validation  - Core identifies any basic data errors (i.e. incorrect BL code). These errors need to be corrected before the data will be accepted

3. Quality Validation – Using more sophisticated checks the quality validation processes ensures that all Business Rules are followed. Any issues with these rules will require data to be updated by the Member. Data corrections can be effected at record level within Core or outside of the system and re-loaded. Once all the rules have been passed then the data is reviewed and approved by the Data Manager and the Member Executive.

4. Aggregation and Anonymisation – once all ORX members have uploaded their data an anonymised data set is created. Anonymisation preserves the majority of data attributes but removes the possibility of linking a loss or set of losses to any particular member.

5. Quality Assurance – the ORX Quality Assurance Working Group review the data and raise any anomalies with the relevant Member routed anonymously through the Core System. If the underlying data need to be re-submitted then the individual Member can make corrections.

6. Publish – Once the Quality Assurance has been passed then the data is published and individual reports can be downloaded from individual member areas.

The global functionality of the application is sketched out in the diagram below.


Overview of ORX Core System.

Overview of ORX Core System

 

The entire Data Cycle process and system takes place within a highly secure environment. The system security elements include:

• System access
• System roles
• Data access
• Data segregation and anonymisation
• Data storage


All systems and procedures are designed such that no data and no control of data, beyond the reports provided to members, is possible outside of Switzerland. The system is hosted on a platform managed, maintained, monitored and operated by IBM Switzerland and to a verified SAS 70 standard. The Core System security is regularly reviewed by an external independent consultant whose reports are shared with members and whose review is conducted to the highest standards.