Versions

 

OM-1.3.6

A bank must have a policy and procedures for review and approval of new products, services, activities, procedures, processes and systems. The review and approval process must consider, as appropriate, the following:

(a) Inherent and residual risks;
(b) Changes to the bank's operational risk profile and appetite and tolerance;
(c) The necessary controls, risk management processes and risk mitigation strategies;
(d) Changes to relevant risk thresholds or limits; and
(e) The procedures and metrics to measure, monitor, and manage the risk.
Added: January 2020