Back Custom print Link Text Only Rich Text Print

  • CRA-6.1 CRA-6.1 Board of Directors' Responsibility

    • CRA-6.1.1

      The Board of Directors of licensees are responsible for the establishment of an adequate and effective framework for identifying, monitoring and managing risks across all its operations.

      Amended: April 2023
      Added: April 2019

    • CRA-6.1.2

      The CBB expects the Board to be able to demonstrate that it provides suitable oversight and establishes, in relation to all the risks the licensee is exposed to, a risk management framework that includes setting and monitoring policies, systems, tools and controls.

      Added: April 2019

    • CRA-6.1.3

      Although authority for the management of a firm's risks is likely to be delegated, to some degree, to individuals at all levels of the organisation, the overall responsibility for this activity should not be delegated from its governing body and relevant senior managers.

      Added: April 2019

    • CRA-6.1.4

      A licensee's failure to establish, in the opinion of the CBB, an adequate risk management framework will result in it being in breach of Condition 6 of the Licensing Conditions. This failure may result in the CBB withdrawing or imposing restrictions on the licensee, or the licensee being required to inject more capital.

      Amended: April 2023
      Added: April 2019

    • CRA-6.1.5

      The Board of Directors must also ensure that there is adequate documentation of the licensee's risk management framework.

      Added: April 2019

    • Systems and Controls

      • CRA-6.1.6

        The risk management framework of licensee must provide for the establishment and maintenance of effective systems and controls as are appropriate to their business, so as to identify, measure, monitor and manage risks.

        Added: April 2019

      • CRA-6.1.7

        An effective framework for risk management should include systems to identify, measure, monitor and control all major risks on an on-going basis. The risk management systems should be approved and periodically reviewed by the Board.

        Added: April 2019

      • CRA-6.1.8

        The systems and controls required under Paragraph CRA-6.1.6 must be proportionate to the nature, scale and complexity of the licensee’s activities.

        Amended: April 2023
        Added: April 2019

      • CRA-6.1.9

        The processes and systems required must enable the licensee to identify the major sources of risk to its ability to meet its liabilities as they fall due, including the major sources of risk in each of the following categories:

        (a) Counterparty risk;
        (b) Market risk;
        (c) Liquidity risk;
        (d) Operational risk including cyber security risk;
        (e) Outsourcing risk;
        (f) Group risk; and
        (g) Any additional categories relevant to its business.
        Amended: April 2023
        Added: April 2019

      • CRA-6.1.10

        Licensees must establish and maintain a risk management function that operates independently and which has sufficient authority and resources, including access to the Board of Directors, to facilitate the carrying out of the following tasks:

        (a) The implementation of the risk management framework and maintenance of effective systems and controls referred to in Paragraph CRA-6.1.6;
        (b) The provision of reports and advice to senior management;
        (c) The development of the licensee's risk strategy; and
        (d) Direct communication with the Board of Directors, independently from the licensee's senior management, regarding concerns, where specific risk developments affect or may affect the licensee, without prejudice to the responsibilities of the Board of Board in its supervisory and/or managerial functions.
        Amended: April 2023
        Added: April 2019

      • CRA-6.1.11

        The CBB may permit a licensee to establish and maintain a risk management function which does not operate independently, provided this does not give rise to conflicts of interest and the licensee demonstrates to the CBB that the establishment and maintenance of a dedicated independent risk management function with sole responsibility for the risk management function is not appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of the regulated crypto-asset services undertaken in the course of that business.

        Amended: April 2023
        Added: April 2019

      • CRA-6.1.12

        Where a licensee is granted an exemption referred to in Paragraph CRA-6.1.11, the licensee must nevertheless be able to demonstrate that the policies and procedures which it has adopted in accordance with Paragraph CRA-6.1.6 satisfy the requirements thereof and are consistently effective.

        Added: April 2019