OM-8.2.46
Control processes and procedures should be established and banks should have a system in place for ensuring compliance with a documented set of internal policies concerning the risk management system. Principal elements of this could include, for example:
(a) Top-level reviews of the bank's progress towards the stated objectives;
(b) Verifying compliance with management controls;
(c) Review of the treatment and resolution of instances of non-compliance;
(d) Evaluation of required approvals and authorisations to ensure accountability to an appropriate level of management; and
(e) Tracking reports for approved exceptions to thresholds or limits, management overrides and other deviations from policy.
Added: October 2012