Operational incidents relating to the execution of a process or the process itself

Level 2 (Main Category)	Level 3 (Subcategory)
Communication	Unsubscribe
Communication	Wrong content
Communication	Wrong recipient
Communication	No consent
Communication	Not received/undelivered
Documentation	Incorrect/inconsistent
Documentation	Not available
Documentation	Not received
Documentation	Inadequate
Information/Data	Not available
Information/Data	Not received
Reports	Inaccurate
Reports	Not available
Reports	Not received
Transaction execution	Execution error
Transaction execution	Execution unavailable
Transaction execution	Incorrect/missing status
Transaction execution	Confirmation not received
Transaction execution	Execution failed
Transaction execution	Repudiation
Transaction execution	Payment amount
Transaction execution	Beneficiary dispute
Transaction execution	Delay
Communication	Cannot update distribution list
Communication	Slow/not sending
Communication	Data mismanagement
Communication	Data leak
Transaction execution	Misdeal

Systems not behaving as expected, slow performance, infrastructure failure etc.

Level 2 (Main Category)	Level 3 (Subcategory)
Access	User rights
Access	Logging in
Connectivity	Slow/unresponsive/not working
Documentation	Upload/download error
Information/Data	Incorrect/inconsistent
System	Slow Performance
System	Functionality/service unavailable
System	User interface
System	Integration
System	IT hardware failures
Systems security	Vulnerability (i.e., patching outdated)
Systems security	Hacking
Systems security	Phishing
Systems security	Ransomware/Malware
Systems security	Data leak
Systems security	Data breach
Information/Data	Import error
Information/Data	Upload error/download error
Information/Data	Data mismanagement
Information/Data	Data leak
System	Software failures
System	Utility outage/disruptions
Systems security	Social engineering

Operational incidents relating directly to clients, products or practices

Level 2 (Main Category)	Level 3 (Subcategory)
Adviser activities	Lack of knowledge
Adviser activities	Misrepresentation or non-disclosure
Adviser activities	Not provided or not fully explained
Adviser activities	Wrong or not suitable
Product flaws	Policy cover or excess
Product flaws	Performance
Product flaws	Premiums, Fees and expenses charged
Product flaws	Design
Product flaws	Accessibility & barriers to enter/change/exit
Service	Lack of knowledge
Service	Query not attended to
Service	Attitude dismissive or rude
Service	Failure to communicate/send information
Service	Poor workmanship
Service	Poor turnaround time
Regulatory	Unlicensed activity
Fiduciary	Conflicts of interest with clients
Improper business practices	Business Contract disputes
Improper business practices	Impermissible Gifts or Contributions
Improper business practices	Intellectual Property Infringements
Improper business practices	Improper performance of duties
Regulatory	Anti-Money laundering
Regulatory	Poor compliance audit
Regulatory	Non-Compliance
Regulatory	Corporate Disclosure
Regulatory	Late implementation
Regulatory	Misstatements or Omissions in Offerings
Regulatory	Penalties charged/imposed
Regulatory	Report submission
Regulatory	Tax
Regulatory	Competition Act

Operational incidents due to a physical event.

Level 2 (Main Category)	Level 3 (Subcategory)
Disasters and other events	Natural Disasters and Related Events
Disasters and other events	Physical accidents and Related Events
Willful Damage	Acts resulting in Physical Damage
Willful Damage	War, Terrorism and Public Disorder

Operational incidents due to employee conduct.

Level 2 (Main Category)	Level 3 (Subcategory)
Information/Data	Disclosure of confidential information
Diversity and discrimination	Harassment/intimidation
Employee relations	Defamation of character
Employee relations	Employee rights violations
Employee relations	Improper behavior in workplace
Employee relations	Insubordination
Employee relations	Paid incorrect salary
Safe environment	On-the-Job injuries
Safe environment	Workplace design violations
Unauthorised activity	Investment limit breaches
Unauthorised activity	Over-reporting of transactions
Unauthorised activity	Unauthorised transactions
Unauthorised activity	Unauthorised use of computer systems
Unauthorised activity	Unreported transactions

Thief or deception of information, property, assets or claims etc. to result in personal gain

Level 2 (Main Category)	Level 3 (Subcategory)
Fraud/Theft	Billing fraud
Fraud/Theft	Identity theft/account take-over
Fraud/Theft	Forgery/impersonation
Fraud/Theft	Misappropriation
Fraud/Theft	Money stolen
Fraud/Theft	Accounting irregularities
Fraud/Theft	Falsifying personal details/information
Fraud/Theft	Tax evasion
Fraud/Theft	Asset theft
Fraud/Theft	Bribery and corruption