تجاوز إلى المحتوى الرئيسي

3.1.3 Risk Management Function (RMF) and Risk Control Function

C 52/2017 STA يسري تنفيذه من تاريخ 1/4/2021

139. With regard to the bank’s risk management and control function, the ICAAP report is expected to describe

 
(i)How the RMF has access to all business lines and other units that might have possibility in generating risk , and to all relevant subsidiaries, and affiliates;
 
(ii)RMF processes/ practices/ mechanisms through which the bank effectively identifies, measures, monitors, and reports material risks;
 
(iii)Mechanisms that ensure that the policies, methodologies, controls, and risk monitoring systems are developed, validated, maintained and appropriately approved;
 
(iv)Processes to effectively identify and review the changes in risks arising from the bank’s strategy, business model, new products, and changes in the economic environment;
 
(v)Capital contingency plans for surviving unexpected events;
 
(vi)Risk management information systems (MIS) that ensure:
 
That the bank distributes regular, accurate, and timely information on the bank’s aggregate risk profile internally;
 
The appropriate frequency and distribution of risk management information;
 
Early warning processes for pre-empting capital limit breaches; and
 
Internal decision-making process are facilitated to allow the bank’s management to authorize remedial actions before capital adequacy is compromised.
 
(vii)The bank’s risk appetite as defined and used in the preparation of the ICAAP, which should be consistently referenced for taking business decisions;
 
(viii)Risk quantification methodologies that are clearly articulated and documented, including high-level risk measurement assumptions and parameters;
 
(ix)The approaches used to assess capital adequacy, which should include the stress test framework and a well-articulated definition of capital adequacy;
 
(x)The capital planning process objectives, which should be forward-looking and aligned to the bank’s business model and strategy;
 
(xi)Capital allocation processes including monitoring among business lines and identified risk types (e.g. risk limits defined for business lines, entities, or individual risks should be consistent to ensure the overall adequacy of the bank’s internal capital resources); and
 
(xii)The boundary of entities included,
 
(xiii)The process of risk identification, and
 
(xiv)The bank’s risk inventory and classification, reflecting the materiality of risks and the treatment of those risks through capital.
 

140. The internal control functions should play a vital role in contributing to the formation of a sustainable business strategy. The ICAAP report should describe the following with regard to internal control functions:

 
(i)The responsibilities of Internal Audit and Compliance concerning risk management;
 
(ii)Any relevant internal and external audit reviews of risk management and the conclusions reached; and
 
(iii)Outsourcing arrangements that have a material effect on internal capital adequacy management, if any. This should elaborate the bank’s reliance on, or use of, any third parties such as external consultants or suppliers. The bank should provide a high-level summary reports or reviews of the outsourced functions’ related policy documentation and processes.