Authorised Firm must implement and maintain an Operational Risk policy which enables it to identify, assess, control and monitor Operational Risk.
(2) The policy must be documented and provide for a sound and well-defined risk management framework to address the
Authorised Firm's Operational Risk.
Authorised Firm must:
(a) ensure that its risk management systems enable it to implement the
Operational Risk policy;
(b) identify, assess, mitigate, control and monitor the risk; and
(c) review and update the policy at intervals that are appropriate to the nature, scale and complexity of its activities.
Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]