A bank using the standardised approach must meet the following additional criteria:

(a) The bank must have an operational risk management system with clear responsibilities assigned to an operational risk management function. The operational risk management function is responsible for developing strategies to identify, assess, monitor and control/mitigate operational risk; for codifying bank-level policies and procedures concerning operational risk management and controls; for the design and implementation of the bank's operational risk assessment methodology; and for the design and implementation of a risk-reporting system for operational risk;
(b) As part of the bank's internal operational risk assessment system, the bank must systematically track relevant operational risk data including material losses by business line. Its operational risk assessment system must be closely integrated into the risk management processes of the bank. Its output must be an integral part of the process of monitoring and controlling the banks operational risk profile. For instance, this information must play a prominent role in risk reporting, management reporting, and risk analysis. The bank must have techniques for creating incentives to improve the management of operational risk throughout the bank;
(c) There must be regular reporting of operational risk exposures, including material operational losses, to business unit management, senior management, and to the board of directors. The bank must have procedures for taking appropriate action according to the information within the management reports;
(d) [This subparagraph was deleted in October 2012];
(e) [This subparagraph was deleted in October 2012]; and
(f) The bank's operational risk assessment system (including the internal validation processes) must be subject to regular review by external auditors and /or the CBB.
Amended: October 2012
Added: April 2008