OM-8.2.13

Entire section

Custom print

Link

Text Only

Rich Text

Print

Location:

Framework documentation must clearly:

(a) Identify the governance structures used to manage operational risk, including reporting lines and accountabilities;

(b) Describe the risk assessment tools and how they are used;

(c) Describe the bank's accepted operational risk appetite and tolerance (see Paragraphs OM-8.2.17 and OM-8.2.18), as well as thresholds or limits for inherent and residual risk, and approved risk mitigation strategies and instruments;

(d) Describe the bank's approach to establishing and monitoring thresholds or limits for inherent and residual risk exposure;

(e) Establish risk reporting and Management Information Systems (MIS);

(f) Provide for a common taxonomy of operational risk terms to ensure consistency of risk identification, exposure rating and risk management objectives;

(g) Provide for appropriate independent review and assessment of operational risk; and

(h) Require the policies to be reviewed whenever a material change in the operational risk profile of the bank occurs, and revised as appropriate.

Added: October 2012