Risk Appetite and Tolerance
OM-1.2.13
The board of directors must approve and review a risk appetite and tolerance statement for operational risk that articulates the nature, types and levels of operational risk that the
licensee is willing to assume.January 2014OM-1.2.14
When approving and reviewing the risk appetite and tolerance statement, the board of directors must consider all relevant risks, the
licensee's level of risk aversion, its current financial condition and thelicensee's strategic direction. The board of directors must approve appropriate thresholds or limits for specific operational risks, and an overall operational risk appetite and tolerance.January 2014OM-1.2.15
The risk appetite and tolerance statement should encapsulate the various operational risk appetites within a
licensee and ensure that they are consistent.January 2014OM-1.2.16
The board of directors must regularly review the appropriateness of limits and the overall operational risk appetite and tolerance statement. This review must consider changes in the external environment, material increases in business or activity volumes, the quality of the control environment, the effectiveness of risk management or mitigation strategies, loss experience, and the frequency, volume or nature of limit breaches. The board must monitor management adherence to the risk appetite and tolerance statement and provide for timely detection and remediation of breaches.
January 2014OM-1.2.17
The
licensee must ensure that the internal pricing and performance measurement mechanisms appropriately take into account operational risk. Where operational risk is not considered, risk-taking incentives might not be appropriately aligned with the risk appetite and tolerance.January 2014
