Back Custom print Link Text Only Rich Text Print

  • OM-2.2 OM-2.2 Developing an Appropriate Risk Management Environment

    • OM-2.2.1

      It must be standard practice for a bank's management to implement policies and procedures to manage risks arising out of a bank's activities. The bank must maintain written policies and procedures that identify the risk tolerances approved by the Board of Directors and must clearly delineate lines of authority and responsibility for managing the risks. Banks' employees and loan officers in particular must be fully aware of all policies and procedures that relate to their specific duties.

      Amended: July 2011
      October 07

    • OM-2.2.2

      The bank's strategy must define its tolerance for risk and lay out the Board's understanding of the specific characteristics of operational risk.

      October 07

    • The Board of Directors

      • OM-2.2.3

        The Board of Directors must be aware of the major aspects of the bank's operational risk as a distinct and controllable risk Category.

        Amended: July 2011
        October 07

      • OM-2.2.4

        The responsibilities of the Board of Directors of the bank must include:

        (a) Approving the bank's operational risk strategy;
        (b) Periodically reviewing the bank's operational risk strategy;
        (c) Approving the basic structure of the framework for managing operational risk; and
        (d) Ensuring that senior management is carrying out its risk management responsibilities.
        October 07

    • Senior Management

      • OM-2.2.5

        The responsibilities of the senior management of the bank must include:

        (a) Implementing the operational risk strategy approved by the Board of Directors;
        (b) Ensuring that the strategy is implemented consistently throughout the whole banking organisation;
        (c) Ensuring that all levels of staff understand their responsibilities with respect to operational risk management;
        (d) Developing and implementing policies, processes and procedures for managing operational risk in all of the bank's products, activities, processes and systems;
        (e) Developing succession plans for senior staff; and
        (f) Developing Business Continuity Plans for the bank.
        October 07

    • Management Information System

      • OM-2.2.6

        The management information system of a banking organisation plays a key role in establishing and maintaining an effective operational risk management framework.

        October 07

      • OM-2.2.7

        'Communication flow' serves the purpose of establishing a consistent operational risk management culture across the bank. 'Reporting flow' enables:

        (a) Senior management to monitor the effectiveness of the risk management system for operational risk; and
        (b) The Board of Directors to oversee senior management performance.
        Amended: January 2012
        October 07