Role of Board and Senior Management
HC-6.6.16
The Board must define the
Conventional bank licensee's risk appetite and ensure that the bank's risk management framework is aligned with the bank's strategic, capital strategies and financial plans and compensation practices and includes detailed policy that sets specific bank-wide prudential limits on the bank's activities. The bank's risk appetite must be clearly conveyed through an RAS that can be easily understood by all relevant parties: the board itself, senior management and bank employees.Added: July 2018HC-6.6.17
The
Conventional bank licensee's RAS must:(a) include both quantitative and qualitative considerations;(b) establish the individual and aggregate level and types of risk that the bank is willing to assume in advance of and in order to achieve its business activities within its risk capacity;(c) define the boundaries and business considerations in accordance with which the bank is expected to operate when pursuing the business strategy; and(d) be communicated effectively throughout the bank, linking it to daily operational decision-making and establishing the means to raise risk issues and strategic concerns across the bank.Added: July 2018HC-6.6.18
Developing and conveying the
Conventional bank licensee's risk appetite is essential to reinforcing a strong risk culture. The risk governance framework should outline actions to be taken when stated risk limits are breached, including disciplinary actions for excessive risk-taking, escalation procedures and board of director notification.Added: July 2018HC-6.6.19
The development of an effective RAS should be driven by both top-down board leadership and bottom-up management involvement. While the definition of risk appetite may be initiated by senior management, successful implementation depends upon effective interactions between the board, senior management, risk management and operating businesses, including the chief financial officer (CFO).
Added: July 2018HC-6.6.20
The Board must ensure that:
(a) a sound risk management culture is established throughout the bank;(b) appropriate limits are established that are consistent with the bank's risk appetite, risk profile and capital strength, and that are understood by, and regularly communicated to, relevant staff;(c) policy and processes are developed for risk-taking, that are consistent with the Risk Management Strategy and the established risk appetite;(d) uncertainties attached to risk measurement are recognised; and(e)senior management is taking all necessary steps to monitor and control all material risks consistent with the approved strategies and risk appetite.Added: July 2018HC-6.6.21
The Board of Directors and
senior management must possess sufficient knowledge of all major business lines to ensure that appropriate policy, controls and risk monitoring systems are implemented effectively. They must have the necessary expertise to understand the activities in which theConventional bank licensee is involved — such as securitisation and off-balance sheet activities — and the associated risks. The Board andsenior management must remain informed, on an on-going basis, about these risks as financial markets, risk management practices and the bank's activities evolve. In addition, the Board andsenior management must ensure that accountability and lines of authority are clearly delineated.Added: July 2018HC-6.6.22
Before embarking on new lines of business or activities, the Board and
senior management must identify and review the changes in risk profile arising from these potential new activities and ensure that the infrastructure and internal controls necessary to manage any related risks, are in place.Added: July 2018HC-6.6.23
Before embarking on new or complex products,
senior management must identify and review the changes in risk profile arising from these potential new products and ensure that the infrastructure and internal controls necessary to manage any related risks, are in place.Added: July 2018HC-6.6.24
For purposes of paragraph HC-6.6.22 and HC-6.6.23,
senior management must understand the underlying assumptions regarding accounting treatment, business models, valuation and risk management practices. In addition,senior management must evaluate the potential risk exposure if those assumptions fail.Added: July 2018HC-6.6.25
As part of the Board members annual training program,
Conventional bank licensees must include training to enable Board members to better analyse risk and question strategic decisions, policy and transactions. Banks must also provide adequate training for all staff across the business units on risk management related matters.Added: July 2018
