The Basel Committee on Banking Supervision,
a committee of the Bank for International Settlements, has
issued a number of papers that put the responsibility on the
board and management of a bank for ensuring that the bank
has an effective system of operational (internal) control.
The board and management are also responsible for ensuring
that the bank has a means of providing periodic assurance
to them that the systems of control are working and that the
role of internal audit is adapted to provide objective assurance
of the adequacy of internal controls.
The relevant Basel Committee pronouncements include:
- The Regulatory Treatment of Operational Risk
- Internal Audit in Banks and the Supervisor?s Relationship
with Auditors
- Enhancing Bank Transparency
- Framework for Internal Control Systems in Banking Organisations
- Enhancing Corporate Governance in Banking Institutions
- Sound Practices for the Management and Supervision of
Operational Risk
- Customer Due Diligence for Banks
The need for a process to measure a bank?s operational risk
profile has taken on a new urgency as a result of the Basel
Committee paper "The Regulatory Treatment of Operational
Risk." Banks will be required to allocate capital against
their operational risk profile, in the same way as for their
credit and market exposures. Any bank that has a method for
identifying its operational risks and measuring the effectiveness
of its control environment, which is acceptable to its regulator,
will benefit from a reduced capital charge requirement. The
most important element from any bank?s point of view is the
requirement by the Basel Committee that:
"The bank must have an independent operational risk
management function that is responsible for the design and
implementation of the bank?s operational risk management system.
The operational risk management function should be responsible
for codifying bank-level policies and procedures concerning
operational risk management and controls; for the design and
implementation of the firm?s operational risk measurement
methodology; for the design and implementation of a risk-reporting
system for operational risk; and for developing strategies
to identify, measure, monitor and control operational risk."
BUT it should be emphasised that a bank should have an operational
risk management process for the benefit of the bank?s business
and future, not just because the regulators require it. |
