[GEN Rule 5.3.1] requires an Authorised Person to establish and maintain systems and controls, including but not limited to financial and risk systems and controls that ensure that its affairs are managed effectively and responsibly by its senior management.
2. In complying with
[GEN Rule 5.3.1], an Authorised Firm should establish and maintain a strong control environment that uses policies, processes and systems, appropriate internal controls and appropriate risk mitigation and/or transfer strategies.
3. In establishing systems and controls to address Operational Risk
an Authorised Firm
should consider the following:
a. clear segregation of duties and dual control;
b. clearly established authorities and/or processes for approval;
c. close monitoring of adherence to assigned risk limits or thresholds;
d. safeguards for access to, and use of, the Authorised Firm's assets and records;
e. appropriate staffing level and training to maintain expertise;
f. ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations; and
g. regular verification and reconciliation of transactions and accounts.