CP10 (Full Document) - European Banking Authority

More documents

Recommendations

Info

· Defining the content of reporting to the management body (supervisory function) or to different delegated bodies thereof (e.g., the Risk Committee) and · Examining reports from Internal Audit on operational risk management and measurement processes and systems. 475. Expectations concerning the level of understanding on the part of the management body (both supervisory and management functions) should not be lowered because of the underlying complexity of the subject. It is the responsibility of these bodies to have a complete understanding of the matters they are voting on or managing. 476. However, while the management function of the management body is expected to have a clear understanding of the management and measurement systems and processes and all factors affecting the operational risk management framework, the supervisory function of the management body should focus on assessing the impacts of potential failures in the operational risk management and measurement processes and systems on the institution’s operations. Internal reporting 477. Operational risk reporting should be an essential part of the internal reporting system and should support the proactive management of Operational risk. The recipient of the reporting should be the management body (both supervisory and management function), the Internal Audit, the Risk Committee and/or the Internal Control Committees (where established), and, where appropriate, the internal functions responsible for the identifying, assessing, monitoring, mitigating, and controlling operational risks. These internal functions could include, for example, business functions, central functions (such as IT, Plan and Management control, and accounting), risk functions. Internal reporting may also be made available to the institution’s Regulators. 478. The frequency and content of reporting should be formally approved by the management body (both supervisory and management functions). The management function should ensure the ongoing appropriateness of the reporting framework. 479. The frequency, content, and format of reporting should depend on the recipient and how the information will be used. Possible uses include strategic and financial planning, daytoday management, operational risk management and measurement, market disclosure, etc. 480. The scope of information included in internal reporting may vary according to the nature, size, and degree of complexity of the business, as well as of the institution. As a general rule, the riskier the business, the more detailed the information to be provided. The Page 112 of 123
frequency and format of the internal reporting should be consistent with the level of risk. 481. The design of the reporting framework is the responsibility of the institution. However, reporting could include: · Estimates of regulatory and economic capital; · New or improved management policies, procedures, and practices (e.g., changes in the business environment, business practices, and internal control factors); · Risk reduction and risk transfer strategies (e.g., the effect of any expected loss deductions, costbenefit analysis of insurance policies, mitigation and corrective actions on the business line/event type exposure and/or losses, costbenefit analysis of the mitigation actions); · Operational risk exposure (e.g., description of key operational risk events and drivers, and the distribution, trend, and migration of the operational risk exposure across business lines); · Internal and external loss experience (e.g., event type loss analysis and comparison in term of trends, seasonality, geographical distribution, etc.); · Identification and assessment of vulnerability areas (e.g., risk assessments, key risk indicators); and · Quality improvements in operational risk management and measurement processes and systems. Operational risk management function 482. The Operational Risk Management Function (ORMF) designs, develops, implements, executes, and maintains the operational risk management and measurement processes and systems. The tasks which it performs on a ongoing basis should include (among others): · The processes related to the definition, documentation, and collection of the four AMA elements; · Measurement methodology; · Monitoring and reporting systems; · Verifying the fulfilment of the qualifying criteria, and, in particular, of the use test; · Operational risk quantification and allocation processes, including the calculation of any haircuts (EL, Dependence, Insurance), backtesting and benchmarking, and the methodology for the allocation keys. 483. The ORMF should ensure, on a regular basis, that the institution’s operational risk measurement processes and risk management systems and all of their component are functioning as intended. The ORMF should have sufficient resources and skills of Operational risk Page 113 of 123
Page 1 and 2:
CEBS CP 10 11 July 2005 Guidelines
Page 3 and 4:
ANNEXES ...........................
Page 5 and 6:
to use these approaches. 6. The gui
Page 7 and 8:
IRB approach can be given only if t
Page 9 and 10:
approaches for regulatory purposes
Page 11 and 12:
purposes, when the group has submit
Page 13 and 14:
efficient running of the process, u
Page 15 and 16:
and/or 105 of the CRD, subject to t
Page 17 and 18:
58. Institutions intending to move
Page 19 and 20:
translated, supervisors will organi
Page 21 and 22:
76. The issues that supervisors are
Page 23 and 24:
holding company, the competent auth
Page 25 and 26:
· A new approval process shall not
Page 27 and 28:
· Institutions may not be ready to
Page 29 and 30:
2. Asking institutions to notify su
Page 31 and 32:
116. ‘Immaterial’ should refer
Page 33 and 34:
128. The EU Council has proposed th
Page 35 and 36:
should start with inputs, and those
Page 37 and 38:
to be only broadly compliant with t
Page 39 and 40:
institutions to be able to identify
Page 41 and 42:
differentiated if their loss rates
Page 43 and 44:
payments are originating from the s
Page 45 and 46:
any of its subsidiaries in full, wi
Page 47 and 48:
197. As a general rule, the rating
Page 49 and 50:
· Their discounting method results
Page 51 and 52:
grades. In this case, all of the re
Page 53 and 54:
of challenges, including choosing t
Page 55 and 56:
228. In principle, supervisors do n
Page 57 and 58:
prices on defaulted exposures, and
Page 59 and 60:
LGD estimation, they have to be tak
Page 61 and 62: The exposure value for the followin
Page 63 and 64: investigating the potential drivers
Page 65 and 66: advisable in some circumstances not
Page 67 and 68: terms) the proof of consistency wit
Page 69 and 70: 302. The information used in credit
Page 71 and 72: exposures to obligors or facilities
Page 73 and 74: Pooled data sets for good predictiv
Page 75 and 76: inputs to the IRB approach. Supervi
Page 77 and 78: used to quantify the risk parameter
Page 79 and 80: years for the economy as a whole, a
Page 81 and 82: · Institutions must be able to bri
Page 83 and 84: Benchmarking the outputs of interna
Page 85 and 86: model, and the internal use of the
Page 87 and 88: systems” (Annex VII, Part 4, Para
Page 89 and 90: · Examining reports from Internal
Page 91 and 92: organisational point of view (e.g.,
Page 93 and 94: conclusions are wellfounded. Inte
Page 95 and 96: 401. The role played by the CRC fun
Page 97 and 98: subsidiary, or by different subsidi
Page 99 and 100: way of a formal notification). The
Page 101 and 102: · The rollout plan should have a
Page 103 and 104: Principles and examples 1. The purp
Page 105 and 106: etween systems, recording of data t
Page 107 and 108: · The definition of an appropriate
Page 109 and 110: incorporate forwardlooking elemen
Page 111: · Approving proactive risk managem
Page 115 and 116: · Development of internal processe
Page 117 and 118: · Understanding the extent and nat
Page 119 and 120: ‣ If not, inform the other superv
Page 121 and 122: the decision. ‣ Agree on the proc
show all

CP10 (Full Document) - European Banking Authority

Create successful ePaper yourself

Delete template?

Save as template?