Entire Section

  • PIB 6.3 PIB 6.3 Risk Identification and Assessment

    • PIB 6.3.1 PIB 6.3.1

      An Authorised Firm must:

      (a) ensure that it identifies and assesses the Operational Risks inherent in all the Authorised Firm's products, activities, processes and systems;
      (b) ensure the inherent risks in (a) are understood by relevant Employees of the Authorised Firm;
      (c) systematically track Operational Risk events and any financial impact associated with such events; and
      (d) ensure that the tracking in (c) is consistent with the Operational Risk event types described in the Basel III framework.
      Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.3.1 Guidance

        1. An Authorised Firm should record all Operational Risk events, including near misses and events which result in a positive financial outcome.
        2. These Rules complement related Rules in GEN section 5.3 relating to risk management systems and controls. For example, GEN Rule 5.3.6 requires an Authorised Firm to appoint an individual to advise its Governing Body and senior management as to risks.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.3.2 PIB 6.3.2

      An Authorised Firm must ensure that its Operational Risk policy in PIB Rule 6.2.1:

      (a) includes an approval process for all new products, activities, processes and systems; and
      (b) incorporates the requirement in PIB Rule 6.3.1(a).
      Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.3.2 Guidance

        1. An Authorised Firm should have policies and procedures that address the process for review and approval of new products, activities, processes and systems. The review and approval process should include consideration of:
        a. inherent risks in any new product, service, or activity;
        b. resulting changes to the Authorised Firm's Operational Risk profile, appetite and tolerance, including changes to the risk of existing products or activities;
        c. necessary controls, risk management processes, and risk mitigation strategies;
        d. residual risk;
        e. changes to relevant risk limits;
        f. procedures and metrics to measure, monitor, and manage the risk of the new product or activity; and
        g. appropriate investment in human resources and technology infrastructure.
        2. Tools that an Authorised Firm may employ for identifying and assessing Operational Risk include:
        a. internal loss data collection and analysis;
        b. external data collection and analysis;
        c. risk assessments;
        d. business process mapping;
        e. risk and performance indicators; and
        f. scenario analysis.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]