Title[ Part 2: The First Pillar - Minimum Capital Requirements
Section[ C. Qualifying criteria
1. The Standardised Approach
660. In order to qualify for use of the Standardised Approach, a bank must satisfy its supervisor that, at a minimum:
w Its board of directors and senior management, as appropriate, are actively involved in the oversight of the operational risk management framework;
w It has an operational risk management system that is conceptually sound and is implemented with integrity; and
w It has sufficient resources in the use of the approach in the major business lines as well as the control and audit areas.
661. Supervisors will have the right to insist on a period of initial monitoring of a bank’s
Standardised Approach before it is used for regulatory capital purposes.
662. A bank must develop specific policies and have documented criteria for mapping gross income for current business lines and activities into the standardised framework. The criteria must be reviewed and adjusted for new or changing business activities as appropriate. The principles for business line mapping are set out in Annex 8.
663. As some internationally active banks will wish to use the Standardised Approach, it is important that such banks have adequate operational risk management systems. Consequently, an internationally active bank using the Standardised Approach must meet the following additional criteria:108
(a) The bank must have an operational risk management system with clear responsibilities assigned to an operational risk management function. The operational risk management function is responsible for developing strategies to identify, assess, monitor and control/mitigate operational risk; for codifying firm-level policies and procedures concerning operational risk management and controls; for the design and implementation of the firm’s operational risk assessment methodology; and for the design and implementation of a risk-reporting system for operational risk.
(b) As part of the bank’s internal operational risk assessment system, the bank must systematically track relevant operational risk data including material losses by business line. Its operational risk assessment system must be closely integrated into the risk management processes of the bank. Its output must be an integral part of the process of monitoring and controlling the banks operational risk profile. For instance, this information must play a prominent role in risk reporting, management reporting, and risk analysis. The bank must have techniques for creating incentives to improve the management of operational risk throughout the firm.
(c) There must be regular reporting of operational risk exposures, including material operational losses, to business unit management, senior management, and to the board of directors. The bank must have procedures for taking appropriate action according to the information within the management reports.
(d) The bank’s operational risk management system must be well documented. The bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational risk management system, which must include policies for the treatment of non- compliance issues.
(e) The bank’s operational risk management processes and assessment system must be subject to validation and regular independent review. These reviews must include both the activities of the business units and of the operational risk management function.
(f) The bank’s operational risk assessment system (including the internal validation processes) must be subject to regular review by external auditors and/or supervisors.
Contents
Prev
Next
Last
