Back Custom print Link Text Only Rich Text Print

  • Governance: The Board of Directors

    • OM-8.2.14

      Principle 3: The board of directors must establish, approve and periodically review the Framework. The board of directors must oversee senior management to ensure that the policies, processes and systems are implemented effectively at all decision levels.

      Added: October 2012

    • OM-8.2.15

      The board of directors must:

      (a) Establish a management culture, and supporting processes, to understand the nature and scope of the operational risk inherent in the bank's strategies and activities, and develop comprehensive, dynamic oversight and control environments that are fully integrated into or coordinated with the overall Framework for managing all risks across the enterprise;
      (b) Provide senior management with clear guidance and direction regarding the principles underlying the Framework and approve the corresponding policies developed by senior management;
      (c) Regularly review the Framework to ensure that the bank has identified and is managing the operational risk arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities, processes or systems, including changes in risk profiles and priorities (e.g. changing business volumes);
      (d) Ensure that the bank's Framework is subject to effective independent review by audit or other appropriately trained parties such as the compliance function; and
      (e) Ensure that as best practice evolves, management is availing themselves of these advances.
      Added: October 2012

    • OM-8.2.16

      Strong internal controls are a critical aspect of operational risk management, and the board of directors must establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment must provide appropriate independence/separation of duties between operational risk management functions, business lines and support functions.

      Added: October 2012

    • OM-8.2.17

      Principle 4: The board of directors must approve and review a risk appetite and tolerance statement for operational risk that articulates the nature, types and levels of operational risk that the bank is willing to assume.

      Added: October 2012

    • OM-8.2.18

      When approving and reviewing the risk appetite and tolerance statement, the board of directors must consider all relevant risks, the bank's level of risk aversion, its current financial condition and the bank's strategic direction. The risk appetite and tolerance statement should encapsulate the various operational risk appetites within a bank and ensure that they are consistent. The board of directors must approve appropriate thresholds or limits for specific operational risks, and an overall operational risk appetite and tolerance.

      Added: October 2012

    • OM-8.2.19

      The board of directors must regularly review the appropriateness of limits and the overall operational risk appetite and tolerance statement. This review must consider changes in the external environment, material increases in business or activity volumes, the quality of the control environment, the effectiveness of risk management or mitigation strategies, loss experience, and the frequency, volume or nature of limit breaches. The board must monitor management adherence to the risk appetite and tolerance statement and provide for timely detection and remediation of breaches.

      Added: October 2012