(i) Governance, the role of the board and senior management and ORMU in operational risk management;

(ii) The existence of operational risk appetite/tolerances or thresholds and approved documented policies, procedures and processes including tools for risk identification and assessment;

(iii) Register of risks covering risk events, KRIs, KRDs, KCIs and risk mitigation techniques;

(iv) Policies to ensure the bank are in compliance with the requirements under this Module for outsourcing arrangements including cloud outsourcing, electronic banking, security arrangements and business continuity management.