Entire section
Introduction
7.2 Technology Risk and Business Continuity – Policies

7.1. Operational Risk Management Framework and Governance

(1) A Bank must implement and maintain an Operational Risk management policy which enables it to identify, assess, monitor, control and mitigate its Operational Risk exposures.

(2) The Operational Risk management policy must be documented and include the Bank’s risk appetite for Operational Risk exposures. The policy must also set out as to how the Bank identifies, assesses, mitigates, controls and monitors Operational Risk.

(3) The Operational Risk management policy of a Bank must be approved by its Governing Body.

(4) A Bank must:

  1. (a) identify, assess, monitor, mitigate and, control its Operational Risk exposures;
  2. (b) ensure that its risk management framework including but not limited to tools, methodologies and, systems enable it to implement its Operational Risk management policy;
  3. (c) hold adequate Capital, at all times, to support its Operational risk exposures;
  4. (d) review and update its Operational Risk management policy at a frequency appropriate to the nature, scale and complexity of its Trading Book activities.

(5) A Bank’s Governing Body must ensure that its Operational risk management policy enables it to obtain a comprehensive bank-wide view of its Market Risk exposures and takes into account therisk of a significant deterioration in market liquidity of its exposures. Note:Guidance in respect of the contents of a Bank’s Operational Risk management policy, systems and controls which is required to satisfy the regulatory requirement in the Rule 7.1 is provided in the BPG issued by the AFSA.