Back Custom print Link Text Only Rich Text Print

  • Senior Management

    • OM-8.2.20

      Principle 5: Senior management must develop for approval by the board of directors a clear, effective and robust governance structure with well defined, transparent and consistent lines of responsibility. Senior management is responsible for consistently implementing and maintaining throughout the organisation policies, processes and systems for managing operational risk in all of the bank's material products, activities, processes and systems consistent with the risk appetite and tolerance.

      Added: October 2012

    • OM-8.2.21

      Senior management is responsible for establishing and maintaining robust challenge mechanisms and effective issue-resolution processes. These must include systems to report, track and, when necessary, escalate issues to ensure resolution. Banks must be able to demonstrate that the three lines of defence (as highlighted in Paragraph OM-8.1.3) approach is operating satisfactorily and to explain how the board and senior management ensure that this approach is implemented and operating in an appropriate and acceptable manner.

      Added: October 2012

    • OM-8.2.22

      Senior management must translate the operational risk management Framework established by the board of directors into specific policies, processes and procedures that can be implemented and verified within the different business units. Senior management must clearly assign authority, responsibility and reporting relationships to encourage and maintain this accountability, and ensure that the necessary resources are available to manage operational risk in line with the bank's risk appetite and tolerance statement. Moreover, senior management must ensure that the management oversight process is appropriate for the risks inherent in a business unit's activity.

      Added: October 2012

    • OM-8.2.23

      Senior management must ensure that staff responsible for managing operational risk coordinate and communicate effectively with staff responsible for managing credit, market, and other risks, as well as with those in the bank who are responsible for the procurement of external services such as insurance risk transfer and outsourcing arrangements. Failure to do so could result in significant gaps or overlaps in a bank's overall risk management programme.

      Added: October 2012

    • OM-8.2.24

      A bank's risk management function should be commensurate with the nature, size, complexity and risk profile of the bank's activities. The managers of the corporate operational risk management function should be of sufficient stature within the bank to perform their duties effectively, ideally evidenced by title commensurate with other risk management functions such as credit, market and liquidity risk.

      Added: October 2012

    • OM-8.2.25

      Senior management should ensure that bank activities are conducted by staff with the necessary experience, technical capabilities and access to resources. Staff responsible for monitoring and enforcing compliance with the institution's risk policy should have authority independent from the units they oversee.

      Added: October 2012

    • OM-8.2.26

      A bank's governance structure should be commensurate with the nature, size, complexity and risk profile of its activities. When designing the operational risk governance structure, a bank must take the following into consideration:

      (a) Committee structure;
      (b) Committee composition; and
      (c) Committee operation.
      Added: October 2012

    • OM-8.2.27

      Sound industry practice for larger and more complex organisations with a central group function and separate business units is to utilise a board-created enterprise level risk committee for overseeing all risks, to which a management level operational risk committee reports. Depending on the nature, size and complexity of the bank, the enterprise level risk committee may receive input from operational risk committees by country, business or functional area. Smaller and less complex organisations may utilise a flatter organisational structure that oversees operational risk directly within the board's risk management committee.

      Added: October 2012

    • OM-8.2.28

      Sound industry practice is for operational risk committees (or the risk committee in smaller banks) to include a combination of members with expertise in business activities and financial, as well as independent risk management (refer to Module HC for details on committee membership).

      Added: October 2012

    • OM-8.2.29

      Committee meetings should be held at appropriate frequencies with adequate time and resources to permit productive discussion and decision-making. Records of committee operations should be adequate to permit review and evaluation of committee effectiveness.

      Added: October 2012