• OM-A OM-A Introduction

    • OM-A.1 OM-A.1 Purpose and Scope

      • OM-A.1.1

        The purpose of this module is to provide rules and guidance to banks operating in Bahrain on establishing parameters and control procedures to monitor and mitigate operational risks.

      • OM-A.1.2

        This module provides support for certain other parts of the Rulebook, mainly:

        (a) Principles of Business; and
        (b) High Level Controls.

      • OM-A.1.3

        The contents of this Module apply to all banks, except where noted in individual chapters.

    • OM-A.2 OM-A.2 Key requirements

      • General procedures

        • OM-A.2.1

          Banks' management must establish written policies and procedures to manage the risks arising out of banks' activities.

      • Outsourcing

        • OM-A.2.2

          A licensee must formally notify the Agency and seek its prior approval before committing to a new material outsourcing arrangement. The notification must:

          (a) be made in writing to the licensee's normal supervisory contact;
          (b) contain sufficient detail to demonstrate that relevant issues raised in section OM-2.4 onward of this chapter have been addressed; and
          (c) be made at least 6 weeks before the licensee intends to commit to the arrangement.

        • OM-A.2.3

          Once an outsourcing arrangement has been implemented, the Agency requires a licensee to continue to monitor the associated risks and the effectiveness of its mitigating controls.

      • Electronic money and electronic banking activities

        • OM-A.2.4

          The Agency specifically urges licensees to use the 'Fourteen Risk Management Principles and Sound Practices' set out in the Basel Committee paper stated in section OM-3.1 below, as guidelines, in order to recognise, address and manage risks associated with e-banking in a prudent manner.

      • Business continuity, contingency planning and security

        • OM-A.2.5

          The Agency requires its licensees to submit to the Agency a description of their succession plans for their senior management team. Amongst other things, banks should summarise who is covered by their succession plan, and confirm that the plan has been reviewed and endorsed at Board level. This information should be submitted to the Agency by the end of each calendar year.

        • OM-A.2.6

          All full commercial banks must implement security measures which satisfy the Agency's minimum requirements as laid out in Chapter OM-5. These measures include external physical security measures as well as internal measures for staff security and the handling of cash.

    • OM-A.3 OM-A.3 Regulation history

      • OM-A.3.1

        This module was first issued in July 2004 as part of the conventional principles volume. All regulations in this volume have been effective since this date. All subsequent changes are dated with the month and year at the base of the relevant page and in the Table of Contents. Chapter UG-3 of Module UG provides further details on Rulebook maintenance and control.

      • OM-A.3.2

        The most recent changes made to this module are detailed in the table below:

        Summary of changes

        Module Ref. Change Date Description of Changes
        OM-5.1 01/04/05 Physical security measures
        OM-4.2 01/10/05 Succession planning for locally incorporated banks
        OM-5.1 01/10/05 Clarification of security manager role for smaller banks and deletion of requirement for cash trays.
        OM-B & OM-1.2 01/04/06 Minor amendments concerning roles of Board and management and editing of OM B.
        OM-5.1.15OM-5.1.24 01/04/06 New security requirements for ATM security arrangements and reporting of security related complaints

      • Evolution of the Module

        • OM-A.3.3

          Prior to the development of this Rulebook, the Agency had issued various circulars representing regulations covering different aspects of operational risk management. These circulars have now been consolidated into this module covering the operational risk management regulation. These circulars and their evolution into this module are listed below:

          Circular Ref. Date of Issue Module Ref. Circular Subject
          BS/9/03 14 Sep 2003 OM-1 Operational Risk Management
          ODG/162/03 21 May 2003 OM-2 Outsourcing
          BC/9/98 16 Jun 1998 OM-3 Electronic Money and Electronic Banking Activities
          BC/6/02 24 Jun 2002 OM-3 Risk Management Principles for Electronic Banking
          ODG/347/03 28 Sep 2003 OM-4.2 Succession Planning

      • Effective date

        • OM-A.3.4

          The contents in this module are effective from the date depicted in the original circulars (see paragraph OM-A.3.3) or from the date of the change shown in paragraph OM-A.3.2.