CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
CP10 (Full Document) - European Banking Authority
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
· Approving proactive risk management strategies and policies;<br />
· Approving the organisational structure of the control functions;<br />
and<br />
· Specifying levels of acceptable risk.<br />
471. The management body (both supervisory and management<br />
functions) is responsible for making formal decisions on the<br />
implementation of the AMA approach. This includes the overall<br />
approval of the project, the specification of goals, and the<br />
appointment of the organisational structures responsible for<br />
implementation. A time schedule of the necessary steps and an<br />
estimation of related costs and benefits should be provided with the<br />
project approval.<br />
472. The management body (both supervisory and management<br />
functions) should be actively involved, on an ongoing basis, in the<br />
oversight of the control procedures and measurement systems<br />
adopted by the operational risk management function and Internal<br />
Audit, to ensure that they are adequate and that the overall<br />
operational risk management and measurement processes and<br />
systems remains effective over time.<br />
473. The main goal of the management body (management function)<br />
should be to ensure that all components of the operational risk<br />
framework, including controls and mitigation, are functioning as<br />
intended. The Management body (management function) should<br />
have an extensive understanding of operational risk policies, and<br />
should understand how operational risks affect the institution. The<br />
management body (management function) should take responsibility<br />
for ensuring that the operational risk inherent in new products,<br />
activities, processes, and systems is adequately assessed before<br />
they are introduced.<br />
474. The tasks to be addressed by the management body (management<br />
function) include:<br />
· Ensuring the soundness of risk management processes;<br />
· Informing the management body (supervisory function) – or a<br />
designated committee thereof – of material changes or exceptions<br />
from established policies that will materially impact the operations<br />
and the operational risk profile of the institution;<br />
· Identifying and assessing the main risk drivers, based on<br />
information provided by the operational risk management<br />
function;<br />
· Defining the tasks of the risk management unit and evaluating<br />
the adequacy of its professional skills;<br />
· Monitoring and managing all sources of potential conflicts of<br />
interest;<br />
· Establishing effective communication channels in order to ensure<br />
that all staff are aware of relevant policies and procedures;<br />
Page 111 of 123