RM-3.1 RM-3.1 General Requirements
RM-3.1.1
Licensees must document their framework for the proactive management of operational risk. This policy must be approved and reviewed at least annually by the board ofdirectors of thelicensee .July 2014RM-3.1.2
Operational risk is the risk to the
licensee of loss resulting from inadequate or failed internal processes, people and systems, or from external events. In identifying the types of operational risk losses that it may be exposed to,licensees should consider, for instance, the following:(a) The nature of alicensee's customers , products and activities, including sources of business, distribution mechanisms, and the complexity and volumes of transactions;(b) The design, implementation, and operation of the processes and systems used in the end-to-end operating cycle for alicensee's products and activities;(c) The risk culture and human resource management practices at alicensee ; and(d) The business operating environment, including political, legal, socio-demographic, technological, and economic factors as well as the competitive environment and market structure.July 2014RM-3.1.3
Licensees must assess and evaluate the impact of operational risks on their financial resources and solvency.July 2014Business Continuity Planning
RM-3.1.4
A
licensee's business continuity planning, risk identification and reporting must cover reasonably foreseeable external events and their likely impact on thelicensee and its business portfolio.July 2014Record Keeping
RM-3.1.5
L
icensees must retain an appropriate record of their operational risk management activities.July 2014