BCBS Principles of Good Operational Risk Management



BCBS Principles of Good Operational Risk Management

For Banking, the Principles documented by the Basel Committee for Banking Supervision in BCBS195 can be used to create a comprehensive framework that, if correctly implemented, can assist in managing risk within the Bank. The BCBS principles are also aligned with other frameworks and guidance such as that published by the Committee of Sponsoring Organisations (COSO) in 2004 and the UK’s FCA sourcebook / Turnbull guidance amongst others. The twelve principles as shown on the screen cover a broad foundation of Risk Management and are the building blocks for how risk practitioners can implement an end to end framework into their organisation. Principle 1: The board of directors should take the lead in establishing a strong risk management culture, implemented by senior management The board of directors and senior management should establish a corporate culture guided by strong risk management, set standards and incentives for professional and responsible behaviour, and ensure that staff receives appropriate risk management and ethics training Principle 2: Banks should develop, implement and maintain a Framework that is fully integrated into the bank’s overall risk management processes. The Framework for operational risk management chosen by an individual bank will depend on a range of factors, including its nature, size, complexity and risk profile Principle 3: The board of directors should approve and periodically review the operational risk management framework, and ensure that senior management implements the policies, processes and systems of the operational risk management framework effectively at all decision levels Principle 4: The board of directors should approve and periodically review a risk appetite and tolerance statement for operational risk that articulates the nature, types and levels of operational risk the bank is willing to assume Principle 5: Senior management should develop for approval by the board of directors a clear, effective and robust governance structure with well-defined, transparent and consistent lines of responsibility. Senior management is responsible for consistently implementing and maintaining throughout the organisation policies, processes and systems for managing operational risk in all of the bank’s material products, activities, processes and systems consistent with the bank’s risk appetite and tolerance statement Principle 6: Senior management should ensure the comprehensive identification and assessment of the operational risk inherent in all material products, activities, processes and systems to make sure the inherent risks and incentives are well understood Principle 7: Senior management should ensure that the bank’s change management process is comprehensive, appropriately resourced and adequately articulated between the relevant lines of defence Principle 8: Senior management should implement a process to regularly monitor operational risk profiles and material operational exposures. Appropriate reporting mechanisms should be in place at the board of directors, senior management, and business unit levels to support proactive management of operational risk Principle 9: Banks should have a strong control environment that utilises policies, processes and systems; appropriate internal controls; and appropriate risk mitigation and/or transfer strategies Principle 10: Banks should implement a robust ICT risk management programme in alignment with their operational risk management framework Principle 11: Banks should have business continuity plans in place to ensure their ability to operate on an ongoing basis and limit losses in the event of a severe business disruption. Business continuity plans should be linked to the bank’s operational risk management framework Principle 12: A bank’s public disclosures should allow stakeholders to assess its approach to operational risk management and its operational risk exposure


Related terms