Back Custom print Link Text Only Rich Text Print

  • OM-A OM-A Introduction

    • OM-A.1 OM-A.1 Purpose

      • OM-A.1.1

        The purpose of this module is to provide rules and guidance to banks operating in Bahrain on establishing parameters and control procedures to monitor and mitigate operational risks.

      • OM-A.1.2

        This module provides support for certain other parts of the Rulebook, mainly:

        (a) Principles of Business; and
        (b) High Level Controls.

      • OM-A.1.3

        The contents of this Module apply to all banks, except where noted in individual chapters.

    • OM-A.2 OM-A.2 Key requirements

      • General procedures

        • OM-A.2.1

          Banks' management must establish written policies and procedures to manage risks arising out of the banks' activities.

      • Outsourcing

        • OM-A.2.2

          A licensee must formally notify the Agency and seek its prior approval before committing to a new material outsourcing arrangement. The notification must:

          (a) be made in writing to the licensee's normal supervisory contact;
          (b) contain sufficient detail to demonstrate that relevant issues raised in section OM-2.4 onward of this chapter have been addressed; and
          (c) be made at least 6 weeks before the licensee intends to commit to the arrangement.

        • OM-A.2.3

          Once an outsourcing arrangement has been implemented, the Agency requires a licensee to continue to monitor the associated risks and the effectiveness of its mitigating controls.

      • Electronic money and electronic banking activities

        • OM-A.2.4

          The Agency specifically urges the licensees to use the 'Fourteen Risk Management Principles and Sound Practices' set out in the Basel's Committee paper stated in section OM-3.1 below, as guidelines, in order to recognise, address and manage risks associated with e-banking in a prudent manner.

      • Business continuity, contingency planning and security

        • OM-A.2.5

          Banks must submit their succession plans for their senior management team to the Agency. Locally incorporated banks must confirm that the plan has been reviewed and endorsed at Board level. This information should be submitted to the Agency by the end of each calendar year.

        • OM-A.2.6

          All full commercial banks must implement security measures which satisfy the Agency's minimum requirements as laid out in Chapter OM-5. These measures include external physical security measures as well as internal measures for staff security and the handling of cash.

    • OM-A.3 OM-A.3 Regulation history

      • OM-A.3.1

        This module was first issued on 1st January 2005 as part of the Islamic principles volume. All regulations in this volume have been effective since this date. All subsequent changes are dated with the month and year at the base of the relevant page and in the Table of Contents. Chapter 3 of Module UG provides further details on Rulebook maintenance and control.

      • OM-A.3.2

        A list of most recent changes made to this module are detailed in the table below:

        Summary of changes

        Module Ref. Change Date Description of Changes
        OM-5 01/04/05 New Securities Measures
        OM-4.2 01/10/05 Succession planning for locally incorporated banks
        OM-5.1 01/10/05 Clarification of security manager role for smaller banks and deletion of requirement for cash trays
        OM-B & OM-1.2 01/04/06 Minor amendments concerning roles of Board and management and editing of OM B.
        OM-5.1.15OM-5.1.24 01/04/06 New security requirements for ATM security arrangements and reporting of security related complaints

      • Evolution of the Module

        • OM-A.3.3

          Prior to the development of this Rulebook, the Agency had issued various circulars representing regulations covering different aspects of operational risk management. These circulars have now been consolidated into this module covering the operational risk management regulation. These circulars and their evolution into this module are listed below:

          Circular Ref. Date of Issue Module Ref. Circular Subject
          BC/3/98 21 Feb 1998 OM-B Basel Committee on Banking Supervision Framework for the Evaluation of Internal Control Systems
          BS/9/03 14 Sep 2003 OM-1 Operational Risk Management
          ODG/162/03 21 May 2003 OM-2 Outsourcing
          BC/9/98 16 Jun 1998 OM-3 Electronic Money and Electronic Banking Activities
          BC/6/02 24 Jun 2002 OM-3 Risk Management Principles for Electronic Banking
          ODG/347/03 28 Sep 2003 OM-4.2 Succession Planning

      • Effective date

        • OM-A.3.4

          The contents in this module are effective from the date depicted in the original circulars (see paragraph OM-A.3.3) or from the date shown in the Module Footer.