OM-A.2 OM-A.2 Key requirements
General procedures
OM-A.2.1
Banks' management must establish written policies and procedures to manage the risks arising out of banks' activities.
Outsourcing
OM-A.2.2
A licensee must formally notify the Agency and seek its prior approval before committing to a new material outsourcing arrangement. The notification must:
(a) be made in writing to the licensee's normal supervisory contact;(b) contain sufficient detail to demonstrate that relevant issues raised in section OM-2.4 onward of this chapter have been addressed; and(c) be made at least 6 weeks before the licensee intends to commit to the arrangement.OM-A.2.3
Once an outsourcing arrangement has been implemented, the Agency requires a licensee to continue to monitor the associated risks and the effectiveness of its mitigating controls.
Electronic money and electronic banking activities
OM-A.2.4
The Agency specifically urges licensees to use the 'Fourteen Risk Management Principles and Sound Practices' set out in the Basel Committee paper stated in section OM-3.1 below, as guidelines, in order to recognise, address and manage risks associated with e-banking in a prudent manner.
Business continuity, contingency planning and security
OM-A.2.5
The Agency requires its licensees to submit to the Agency a description of their
succession plans for their senior management team. Amongst other things, banks should summarise who is covered by theirsuccession plan , and confirm that the plan has been reviewed and endorsed at Board level. This information should be submitted to the Agency by the end of each calendar year.OM-A.2.6
All full commercial banks must implement security measures which satisfy the Agency's minimum requirements as laid out in Chapter OM-5. These measures include external physical security measures as well as internal measures for staff security and the handling of cash.
