Back Custom print Link Text Only Rich Text Print

  • OM-1.2 OM-1.2 Developing an appropriate risk management environment

    • OM-1.2.1

      It should be standard practice for a bank's management to establish policies and procedures to manage risks arising out of its activities. The bank should maintain written policies and procedures that identify the risk tolerances of the Board of Directors and should clearly delineate lines of authority and responsibility for managing the risks. Banks' employees should be fully aware of all policies and procedures that relate to their specific duties.

    • OM-1.2.2

      The bank's strategy should define its tolerance for risk and lay out the Board's understanding of the specific characteristics of operational risk.

    • The Board of Directors

      • OM-1.2.3

        The Board of Directors should be aware of the major aspects of the bank's operational risk as a distinct and controllable risk category.

      • OM-1.2.4

        The responsibilities of the Board of Directors of the bank should include:

        (a) approving the bank's operational risk strategy;
        (b) periodically reviewing the bank's operational risk strategy;
        (c) approving the basic structure of the framework for managing operational risk; and
        (d) ensuring that senior management is carrying out its risk management responsibilities.

    • Senior management

      • OM-1.2.5

        The responsibilities of the Senior management of the bank should include:

        (a) implementing the operational risk strategy approved by the Board of Directors;
        (b) ensuring that the strategy is implemented consistently throughout the whole banking organisation;
        (c) ensuring that all levels of staff understand their responsibilities with respect to operational risk management;
        (d) developing policies, processes and procedures for managing operational risk in all of the bank's products, activities, processes and systems; and
        (e) Developing succession plans for senior staff.

    • Management information system

      • OM-1.2.6

        The management information system of a banking organisation plays a key role in establishing and maintaining an effective operational risk management framework. Two key aspects of management information system are:

        (a) 'Communication flow' serves the purpose of establishing a consistent operational risk management culture across the bank.
        (b) 'Reporting flow' enables:
        1. senior management to monitor the effectiveness of the risk management system for operational risk; and
        2. the Board of Directors to oversee senior management performance.