Back Custom print Link Text Only Rich Text Print

  • OM-A.2 OM-A.2 Key requirements

    • General procedures

      • OM-A.2.1

        Banks' management must establish written policies and procedures to manage risks arising out of the banks' activities.

    • Outsourcing

      • OM-A.2.2

        A licensee must formally notify the Agency and seek its prior approval before committing to a new material outsourcing arrangement. The notification must:

        (a) be made in writing to the licensee's normal supervisory contact;
        (b) contain sufficient detail to demonstrate that relevant issues raised in section OM-2.4 onward of this chapter have been addressed; and
        (c) be made at least 6 weeks before the licensee intends to commit to the arrangement.

      • OM-A.2.3

        Once an outsourcing arrangement has been implemented, the Agency requires a licensee to continue to monitor the associated risks and the effectiveness of its mitigating controls.

    • Electronic money and electronic banking activities

      • OM-A.2.4

        The Agency specifically urges the licensees to use the 'Fourteen Risk Management Principles and Sound Practices' set out in the Basel's Committee paper stated in section OM-3.1 below, as guidelines, in order to recognise, address and manage risks associated with e-banking in a prudent manner.

    • Business continuity, contingency planning and security

      • OM-A.2.5

        Banks must submit their succession plans for their senior management team to the Agency. Locally incorporated banks must confirm that the plan has been reviewed and endorsed at Board level. This information should be submitted to the Agency by the end of each calendar year.

      • OM-A.2.6

        All full commercial banks must implement security measures which satisfy the Agency's minimum requirements as laid out in Chapter OM-5. These measures include external physical security measures as well as internal measures for staff security and the handling of cash.