Versions

 

OM-1.2.8

The board of directors must:

(a) Establish a management culture, and supporting processes, to understand the nature and scope of the operational risk inherent in the licensee's strategies and activities, and develop comprehensive, dynamic oversight and control environments that are fully integrated into or coordinated with the overall framework for managing all risks across the enterprise;
(b) Provide senior management with clear guidance and direction regarding the principles underlying the framework and approve the corresponding policies developed by senior management;
(c) Regularly review the framework to ensure that the licensee has identified and is managing the operational risk arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities, processes or systems, including changes in risk profiles and priorities (e.g. changing business volumes);
(d) Ensure that the licensee's framework is subject to effective independent review by audit or other appropriately trained parties such as the compliance function; and
(e) Ensure that as best practice evolves, management is availing themselves of these advances.
January 2014