Back Custom print Link Text Only Rich Text Print

  • RM-6.1 RM-6.1 Operational Risk

    • RM-6.1.1

      Section RM-6.1 applies only to insurance firms and insurance brokers

    • RM-6.1.2

      An insurance licensee must identify and manage its operational risk across all its operations, and document its policies and procedures for achieving this in an operational risk policy.

    • RM-6.1.3

      Operational risk is the risk to the insurance licensee of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

    • RM-6.1.4

      Insurance licensees must consider the impact of operational risks on their financial resources and solvency. In so doing, insurance licensees must consider the factors listed under Paragraph RM-6.1.5, and any other factors relevant to their business.

      Amended: January 2007

    • RM-6.1.5

      In assessing potential operational risk, events that may affect the licensee's solvency include the following:

      (a) Risks to the licensee's resources and reputation from employees and agents (due to fraud, negligence etc);
      (b) Adequacy of management information;
      (c) Failure of information technology through breakdown, incompatibility of legacy systems and poor scalability, poor security, etc.;
      (d) Failure of processes and procedures;
      (e) Internal and external fraud;
      (f) Outsourcing risk (for more detail, see RM-7);
      (g) Resourcing levels;
      (h) Business continuity and disaster recovery; and
      (i) Reputational risks and the risk to the licensee's business from an undermining of consumer confidence in particular market segments, e.g. savings products.
      Amended: January 2007

    • RM-6.1.6

      Human failure may arise either from the loss of one or more key individuals, lack of competence or failure of an individual to follow procedures or observe authority levels.

    • RM-6.1.7

      The insurance licensee must identify those processes, systems and premises that are critical to its survival and continuing operations and must develop contingency plans ('business continuity planning') covering these areas. These plans must be regularly updated and tested.

      Amended: January 2007

    • RM-6.1.8

      An insurance licensee should have the means to ensure that its statutory and regulatory responsibilities are effectively carried out, especially where the group is subject to matrix management. More specifically, clear reporting lines and responsibilities need to be defined to minimize the risk that statutory and regulatory responsibilities are overlooked.

    • RM-6.1.9

      Insurance licensees must ensure that there is adequate succession planning and that the risks arising from the loss of key individuals are thereby contained.

    • RM-6.1.10

      The licensee's Board is responsible for ensuring the suitability and competence of employees for the assigned tasks, and for the adequacy of staffing levels. Depending on their size and scale of their activities, insurance licensees should consider having in place a formal appraisal process and a training plan for professional members of staff. For employees that are members of professional bodies it may also be appropriate for this to be integrated with requirements of those bodies for Continuing Professional Education (CPE).

    • RM-6.1.11

      Insurance licensees must identify, manage and control the risks that arise from human failure, including employees and agents. These include inappropriate remuneration policies, health and safety and employment policies.

    • RM-6.1.12

      The licensee's business continuity planning, risk identification and reporting must cover reasonably foreseeable external events and their likely impact on the firm and its business portfolio.

    • Physical Security Measures

      • RM-6.1.13

        Insurance licensees that deal directly with the public and maintain cash on their premises must put in place security measures to minimise the risk of theft or fraud.

      • RM-6.1.14

        Insurance licensees subject to Paragraph RM-6.1.13 must ensure that the maximum cash maintained at their premises at the end of each day is limited to BD10,000.

      • RM-6.1.15

        Insurance licensees subject to Paragraph RM-6.1.13 are required to install an alarm system for those premises that maintain cash.

      • RM-6.1.16

        Where appropriate, insurance licensees may consider the need to maintain a trained security guard at their premises.

    • Third Party Insurance

      • RM-6.1.17

        Insurance licensees are required to have in place insurance coverage from an unrelated third party to cover potential losses arising from liability, theft, fire and other potential operational risk.

      • RM-6.1.18

        Insurance licensees are required to comply with Paragraph RM-6.1.13 to RM-6.1.17, by 31st December, 2006 (Refer to ES-2.6A.1).

        Amended: October 2007
        Amended: April 2008