• OM-1.4 OM-1.4 Monitoring

    • OM-1.4.1

      Licensees must implement a process to regularly monitor operational risk profiles and material exposures to losses. There must be regular reporting of pertinent information at the board, senior management and business levels that supports the proactive management of operational risk.

      January 2014

    • OM-1.4.2

      Licensees are encouraged to continuously improve the quality of operational risk reporting. A licensee should ensure that its reports are comprehensive, accurate, consistent and actionable across business lines and products. Reports should be manageable in scope and volume; effective decision-making is impeded by both excessive amounts and paucity of data.

      January 2014

    • OM-1.4.3

      Reporting should be timely and a licensee should be able to produce reports in both normal and stressed market conditions. The frequency of monitoring should reflect the risks involved and the frequency and nature of changes in the operating environment. Monitoring should be an integrated part of a licensee's activities. The results of these monitoring activities should be included in regular management and board reports, as should compliance reviews performed by the internal audit and/or risk management functions. Reports generated by (and/or for) supervisory authorities may also inform this monitoring and should likewise be reported internally to senior management and the board, where appropriate.

      January 2014

    • OM-1.4.4

      Operational risk reports may contain internal financial, operational, and compliance indicators, as well as external market or environmental information about events and conditions that are relevant to decision making. Operational risk reports should include:

      (a) Breaches of the licensee's risk appetite and tolerance statement, as well as thresholds or limits;
      (b) Details of recent significant internal operational risk events and losses; and
      (c) Relevant external events and any potential impact on the licensee.
      January 2014

    • OM-1.4.5

      Data capture and risk reporting processes should be analysed periodically with a view to continuously enhancing risk management performance as well as advancing risk management policies, procedures and practices.

      January 2014