Custom print

HC-6.6.33

Past version: Effective from 01 Jul 2018 to 31 Dec 2021
To view other versions open the versions tab on the right

Conventional bank licensees must ensure that the risk management framework is subject to independent review by a third party consultant, other than the external auditor, when there are material changes in the relevant Rulebook requirements or to the business conducted by the bank and / or its risk profile. The review must cover, at a minimum, the following:

(a) the appropriateness of risk appetite/tolerance levels and capital planning;
(b) the strength of the internal control infrastructure, given the nature, scope and complexity of the bank's business;
(c) the appropriateness of third-party inputs or other tools used for management information purposes, such as risk measures and models.
(d) the identification of large exposures and risk concentrations;
(e) the accuracy and completeness of data input into the assessment process;
(f) Model governance and model validation procedures where models are used for computation of risk measures or estimates;
(g) the reasonableness and validity of scenarios used in the assessment process; and
(h) The use of stress-testing, including an analysis of the underlying assumptions and inputs.
Added: July 2018