(1) The business indicator is a financial statement-based proxy for operational risk. The items representing ordinary banking business operations in financial statements should be included within that indicator, while the elements to be excluded from the business indicator should be those which do not represent ordinary banking business operations as listed in Article 314(7) of Regulation (EU) 575/2013. The determination of what elements should be included in, or excluded from, the business indicator and its different components should be based on what is laid down in international regulatory standards. 

(2) For some income and expenses components, it would be disproportionate to disentangle the value of their different sub-components or items. It follows that where an income or an expense element is listed among the excluded items, but also contains items that are listed among the items to be included, or vice-versa, institutions should ensure that such items are not excluded, or included, more than once. 

(3) To align with international regulatory standards, institutions should include interest income and interest expenses in the interest, leases and dividend component. Article 314(2) of Regulation (EU) No 575/2013 requires institutions to include all income and expenses arising from financial and operating leases in the interest, leases and dividend component, including depreciation and impairment. The items related to leases included in the interest, leases and dividend component of the business indicator should be aligned with those in International Financial Reporting Standards (IFRS) 16. Accordingly, institutions should include all income and expenses from investment properties that generate rents, including rental income from investment properties, in the interest, leases and dividend component. 

(4) To ensure consistency with international regulatory standards, institutions should calculate the asset component referred to in Article 314(2) of Regulation (EU) No 575/2013 as the sum of certain balance sheet assets. As the asset component contributes to the calculation of the interest, leases, and dividend component, institutions should also include in the asset component all the assets on the balance sheet that generate interest income or lead to interest expenses. 

(5) Institutions should include dividend income in the interest, leases and dividend component. The dividend income should include the institution's dividend income from investments in stocks and funds not consolidated in the financial statements of the institution, including dividend income from non-consolidated subsidiaries, associates and joint ventures. 

(6) Institutions should include other operating income in the service component. Other operating income should include income from ordinary operations not included in other items of the business indicator but of similar nature. 

(7) Pursuant to Article 314(5) of Regulation (EU) No 575/2013, institutions are to include in the other operating expenses their expenses and losses from operational risk events. Those operational risk events can take several forms in an institution’s financial statement, including expenses, losses, provisions, impairment, and depreciation. Institutions should therefore include in their other operating expenses all the impacts of operational risk events that affect their financial statements, irrespective of how those expenses are labelled or accounted for. Because Article 314(7), point (b), of Regulation (EU) No 575/2013 specifies that premiums paid and payments received from insurance or reinsurance policies purchased are not to be included in the calculation of the business indicator, it follows that such expenses should be gross of insurance or reinsurance policies purchased. Nonetheless, those expenses should be net of recoveries other than insurance and reinsurance. Those expenses should also include exceptional losses that institutions may exclude from the calculation of their annual operational risk loss after the permission referred to in Article 320(1) of Regulation (EU) No 575/2013 has been obtained. 

(8) To obtain proper and exhaustive information on where the financial impacts of operational risk events are accounted for in an institution’s financial statement, institutions should break down those financial impacts by the main items of the profit and loss statement where those impacts are accounted for. 

(9) Institutions should include fee and commission income in the service component. That should include income received from providing advice and services, and income received by the institution as an outsourcer of financial services. 

(10) Institutions should include fee and commission expenses in the service component. That should include expenses paid for receiving advice and services and outsourcing fees paid by the institution for the supply of financial services, but should exclude outsourcing fees paid for the supply of non-financial services, such as logistical, IT, or human resources. 

(11) Certain types of operations or accounting choices, including economic hedging of fair value through profit and loss positions, and the bifurcation of derivatives embedded in host hybrid or structured financial instruments, may cause an unwarranted increase in the financial component, the formula of which envisages the sum of the absolute values of the profit and loss of the trading book component and of the banking book component. In economic hedging, such unwarranted increase is due to the presence of types of operations that are strictly related to each other and that are of opposite profit and loss sign. When recorded in accordance with the accounting standards, the amounts of those operations are accounted for in different components of the business indicator (i.e. the trading book component and the banking book component). Hence financial institutions cannot net the amounts of those operations when those amounts are calculated within the financial component. Where that is the case, institutions should be allowed to adopt the prudential boundary approach, i.e. to calculate the financial component in accordance with Part Three, Title I, Chapter 3, of Regulation (EU) No 575/2013. 

(12) Institutions should include the trading component in the financial component, which contains net profit or loss on trading assets and liabilities, from hedge accounting, and from exchange differences.

(13) Institutions should include the banking component in the financial component, which contains net profit or losses on financial assets and liabilities of the non-trading book, as well as net profit or net losses from hedge accounting and from exchange differences of items in the non-trading book. Losses already accounted in the calculation of the risk weighted assets for credit risk should not be included in the banking component. 

(14) To prevent the improper use of the prudential boundary approach, the concept of ‘unwarranted increase in the financial component’ in the case of economic hedging should not be extended to cover the profit and loss of hedging instruments in the trading book that are not clearly related to the profit and loss of hedged instruments in the non-trading book valued at fair value through profit and loss, or to situations where institutions do not fully comply with the rules and conditions of the prudential boundary approach set out in Part Three, Title I, Chapter 3, of Regulation (EU) No 575/2013. Furthermore, adjustments to the financial component should be limited to the amount of profit and loss related to risks effectively covered by the hedge, and materially offsetting the accounting profit and loss of the hedged items. 

(15) Institutions that intend to adopt the prudential boundary approach should be able to calculate the profit and loss of all the positions held in the prudential trading book and the prudential non-trading book, over the three financial years envisaged for the calculation of the financial component. In case of economic hedging, institutions should be able to identify the profit and loss of hedged instruments and related hedges, connecting the hedges to the hedged risks, and to document the hedging relationship in line with the risk management objectives of the institution. Those calculations are different from the calculation carried out under the accounting approach and are not based on harmonised accounting standards nor subject to periodic supervisory reports. Therefore, only institutions that have in place policies, procedures, systems and controls to carry out such calculations in a proper manner and to identify the profit and loss amounts in case of economic hedging, properly documenting them, should be allowed to adopt the prudential boundary approach. 

(16) To prevent regulatory arbitrage through the selected use of the prudential boundary approach in some years of the calculation, institutions should apply the prudential boundary approach for all three financial years envisaged for the calculation of the business indicator. In addition, institutions should be allowed to use the prudential boundary approach in combination with the accounting approach for certain entities within the same group or certain types of operations or accounting choices, including those related to the hedging of structured issuances. In particular, where institutions apply the prudential boundary approach only to selected types of operations, they should use the accounting approach for the remaining part of the balance sheet. 

(17) To enable competent authorities to review the adoption of the prudential boundary approach, institutions intending to adopt that approach should provide their competent authorities with adequate documentation and information prior to its implementation. Institutions that intend to use the prudential boundary approach only partially should, for the same reason, also include in the notification information on the accounting approach. 

(18) Where any condition allowing for the adoption of the prudential boundary approach is no longer met, institutions should revert to the accounting approach. To prevent regulatory arbitrage, institutions should not switch between those two approaches too frequently. 

(19) From an operational risk perspective, reinsurance products or services do not conceptually differ from financial products or services whose income and expenses stemming from their distribution are included within the business indicator, typically under fee and commission income or fee and commission expenses. Therefore, institution should not exclude from the calculation of the business indicator all income and expenses arising from selling or distributing insurance or reinsurance products or services. 

(20) Certain financial impacts related to lease assets or resulting from operational risk events, or the outsourcing fees paid for the supply of financial services, might, in specific cases, be accounted for under the following items, listed in Article 314(7) of Regulation (EU) No 575/2013: administrative expenses, including staff expenses, as referred to in Article 314(7), point (c), of Regulation (EU) No 575/2013, depreciation of tangible assets, amortisation of intangible assets as referred to in Article 314(7), point (f), of Regulation (EU) No 575/2013, and impairment or reversal of impairment as referred to in Article 314(7), point (i), of Regulation (EU) No 575/2013. In such cases, institutions should not exclude those financial impacts from the calculation of the business indicator. 

(21) In the case of acquisitions, mergers or disposals, the consideration of the period of three financial years based on financial statements for the calculation of the business indicator may lead to a potential divergence between the capital requirements for operational risk and the effective risk profile of a given institution. It is therefore necessary to lay down a method for determining the adjustment of the business indicator in the case of mergers, acquisitions or disposals, and the conditions for granting the permission to exclude from the business indicator amounts related to disposed entities or activities, thus ensuring better alignment between institutions’ capital requirements and institutions’ effective risk profile. 

(22) The business indicator is a financial statement-based proxy for operational risk. Institutions should therefore in principle base their adjustment following mergers or acquisitions on the audited financial statement of the merged or acquired entities or activities. However, institutions may experience difficulties in retrieving a historical series of accurate data related to the merged or acquired entities or activities over the period of three financial years to be considered for reflecting the operation. Institutions should therefore have the possibility to use alternative calculation options where the historical data relating to the acquired or merged entity or activities are not available or accurate to cover the full period that is relevant to the calculation of their business indicator. Those alternative calculation methods should be sufficiently conservative. 

(23) The disposal of a business or of an entity may not always imply that the operational risk related to the disposed entity or activities is fully transferred to the acquiring entity. The terms and conditions of the disposal may provide for an indemnity arrangement in case of new liabilities or losses arising from operational risk events occurring prior to the disposal. Therefore, in the case of disposals, the conditions under which competent authorities may grant the permission referred to in Article 315(2) of Regulation (EU) No 575/2013 should, in particular, ensure that the entity or activity disposed is no longer deemed relevant to the institution’s risk profile. 

(24) Pursuant to Article 316(1) of Regulation (EU) No 575/2013, institutions with a business indicator equal to or exceeding EUR 750 million are to, in addition to the business indicator component, compile data on operational risk losses and calculate their annual operational risk losses. International standards on operational risk, including those from the Basel Committee on Banking Supervision, require loss events to be classified into seven event types. To comply with those standards, the operational risk taxonomy referred to in Article 317(9) of Regulation (EU) No 575/2013 should be based on the same event types. 

(25) To obtain a sufficiently granular classification system, the operational risk taxonomy should also include a second level of classification, based on the industry best practices. Accordingly, loss events data in the operational risk taxonomy should be organised in Level 1 event types, representing the macro-events to which a loss event should be assigned, and Level 2 categories, listing in more detail the features of the corresponding Level 1 event types. To foster harmonisation in the recording of loss events, the design and description of Level 2 categories should be developed in line with international standards and industry best practices. 

(26) To provide the complete picture of the losses of an institution, the construction of the operational risk taxonomy in Level 1 event types and Level 2 categories should be designed to make them mutually exclusive and collectively exhaustive, without any residual category. 

(27) Though Level 1 event types and Level 2 categories should be exhaustive with reference to operational risk losses, some loss events may be attributable to a supplementary description in addition to its assignment to the relevant Level 1 event type and Level 2 category. To enrich the recording of information available on loss events, institutions should assign one or, where appropriate, more attributes to those events. Given their nature, attributes should not be designed to make them mutually exclusive and collectively exhaustive. It should therefore be possible to assign multiple attributes to a single loss event, including loss events related to ‘ICT third-party service providers’ as defined in Article 3, point (19), of Regulation (EU) 2022/2554 of the European Parliament and of the Council2 , which should be assigned both the ‘ICT risk’ and ‘Third party risk’ attributes. 

(28) To adequately describe the losses incurred by an institution, institutions should record only losses that are relevant for the calculation of the annual operational risk loss in the loss data set. However, institutions should not include in the loss data set losses that are recovered within five working days, as the losses are recognised as being rapidly recovered. 

(29) The operational risk loss taxonomy should allow for an effective supervision of the operational risk, and should be proportionate when first applied. For that reason, historical data of Level 2 categories and attributes should be provided on a best effort or voluntary basis for at least the full year 2025. Conversely, since Level 1 categories are unchanged compared to the existing framework, institutions should provide historical data for at least the years since 1 January 2016. 

(30) Mergers and acquisitions may oblige an institution to calculate the annual operational risk loss due to the increased size of the business indicator. Furthermore, the challenges stemming from the integration of the merged or acquired entities may require institutions to calculate operational risk losses, which could be unduly burdensome. Institutions should therefore be given sufficient time to comply with the requirement to calculate the annual operational risk loss. 

(31) Institutions may report a business indicator equal to or higher than EUR 750 million only temporarily, due to transitory circumstances. Therefore, it would be unduly burdensome for those institutions to calculate the annual operational risk loss when exceeding the threshold is only a temporary exception within a certain time frame. 

(32) In specific circumstances, bridge institutions may be set up to manage the resolution of institutions. Given the specificity of the bridge institutions and their temporary nature, it would be unduly burdensome for those institutions to calculate the annual operational risk loss. For that reason, they should be exempt from that requirement. 

(33) Acquired or merged entities or activities may record losses using a risk taxonomy which is different from the one of the reporting institution. To ensure the comparability and consistency of the data, the reporting institution should reclassify the losses of the acquired or merged entities using the risk taxonomy referred to in Article 317 of Regulation (EU) No 575/2013. 

(34) The losses of the acquired or merged entities or activities may be in a currency which is different from the one of the reporting institution. Institutions should therefore incorporate those losses in the losses of the reporting institution using, for each of the ten-years window, the exchange rate used at the end of the relevant year. 

(35) Merged or acquired entities or activities may not record losses, or may record losses using a risk taxonomy that is different from that referred to in Article 317(9) of Regulation (EU) No 575/2013 because those entities or activities are not required by the applicable law to build a loss data set in accordance with Article 317(2) of that Regulation. It is also possible that merged or acquired entities or activities did not fall under the scope of Article 317 of Regulation (EU) No 575/2013 for each of the ten years prior to the acquisition or the merger. In such cases, institutions should calculate the annual operational risk loss using the reported losses for which data are available, adjusting the result for the coverage rate or the reported losses compared to the whole institution. 

(36) The provisions of this Regulation are closely linked as they all specify key aspects of operational risk requirements. To ensure coherence between those provisions, facilitate end users’ access and to enable institutions to apply those provisions in a consistent manner, they should be included in a single Regulation. 

(37) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Banking Authority. 

(38) The European Banking Authority conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Banking Stakeholder Group established under Article 37 of Regulation (EU) No 1093/2010 of the European Parliament and of the Council,