OM-1.6.3

The independent review of the operational risk management framework undertaken in accordance with Paragraphs HC-6.6.33 and HC-6.6.34, must cover the following:

(i) Governance, the role of the board and senior management and ORMU in operational risk management;
(ii) The existence of operational risk appetite/tolerances or thresholds and approved documented policies, procedures and processes including tools for risk identification and assessment;
(iii) Register of risks covering risk events, KRIs, KRDs, KCIs and risk mitigation techniques;
(iv) Policies to ensure the bank are in compliance with the requirements under this Module for outsourcing arrangements including cloud outsourcing, electronic banking, security arrangements and business continuity management.
Amended: January 2022
Added: January 2020