Operational risk is inherent in all types of licensees' transactions and activities, processes and systems, and the effective management of operational risk must be a fundamental element of a licensee's risk management programme. Sound operational risk governance relies upon three lines of defence:
(a) Business line management;
(b) An independent operational risk management function; and