OM-2.1 OM-2.1 Overview
OM-2.1.1
This Chapter provides guidance and rules for operational risk and sets out requirements for an appropriate risk management environment, including business continuity, outsourcing and electronic banking. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. This definition includes legal risk, but excludes strategic and
reputational risk .October 07OM-2.1.2
Operational risk is inherent in all types of banks' activities, and therefore all new products and services should be reviewed for operational risks prior to their implementation. As these risks are important and can result in substantial losses, bank auditors should include operational audits in the scope of all audits.
October 07OM-2.1.3
The importance of operational risk has gained prominence as increasing reliance on sophisticated technology raises concerns of potential losses should unforeseen events cause technological failures. Banks have traditionally focused on controlling and mitigating credit and liquidity risks, however, enhanced levels of automation, while reducing costs and processing times, also pose potential risks. As such any one process or system failure may itself or through a series of systematic failures, cause financial or other losses to a bank. Therefore, it has become imperative that banks should establish policies and procedures to monitor and control operational risks.
October 07OM-2.1.4
The CBB will use the papers mentioned in Paragraphs OM-1.1.1 to OM-1.1.11 as guidelines in evaluation of the internal control systems of banks operating in Bahrain. Such evaluations will be made through the CBB's normal supervisory processes (e.g. meetings with management, on-site examinations (Module BR) and the use of
appointed experts (Section BR-6.5).Amended: January 2012
Amended: January 2011
October 2007
