Home   Browse contents   View updates   Search  
     Quick search

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Rulebook Modules
Prudential — Investment, Insurance Intermediation and Banking Module (PIB) [VER33/02-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases
Financial Markets Tribunal

Whole SectionText only Print Print Manager Link

(1 version)
Dec 9 2012 onwards

PIB A10.1 Guidance

Whole Section PDF

The definitive version of DFSA handbook text is the PDF version as that is the text of the instrument as made and published by the DFSA.

To view past versions of this module in PDF format, please visit the Archive.


1. This GuidanceG is relevant to an Authorised FirmG described in PIB section 10.3 (that is, a firm in CategoryG 1, 2, 3A, 3B, 3C, or 5) in regard to an Internal Risk Assessment ProcessG (referred to in this GuidanceG as an IRAPG ).
2. The following GuidanceG generally assumes that the RulesG relating to capital adequacy in PIBG apply to an Authorised FirmG on a solo basis. However, the GuidanceG is to be read as also applying where the capital adequacy requirements in these modules apply to the Financial GroupG of an Authorised FirmG on a consolidated basis.

Purpose of the IRAPG

3. The IRAPG is an internal process of an Authorised FirmG which enables it to identify, assess, aggregate and monitor its risks adequately. The objective of the IRAPG is to develop a comprehensive and detailed risk profile for the firm. The IRAPG should help the firm ensure that sound risk management systems are in place, address any weaknesses in its risk management framework, and maintain adequate internal capital relative to its risk profile.
4. An Authorised FirmG should ensure that the IRAPG forms an integral part of the firm's risk management framework and decision-making processes. The IRAPG should cover all activities of the Authorised FirmG and should be proportionate to the nature and complexity of the firm's activities.
5. The Authorised FirmG should be able to demonstrate to the DFSAG that its internal risk assessment is comprehensive and adequate relative to the nature of risks posed by its business activities and its operating environment.
6. The DFSAG does not prescribe any specific approach for the IRAPG and, consequently, an Authorised FirmG can choose to implement an IRAPG which is proportionate to the nature, size and complexity of the business activities.
7. The IRAPG should be subject to adequate internal controls and reviews by internal audit to ensure the integrity and objectivity of the process. The IRAPG should consider the quality and effectiveness of the Authorised Firm'sG risk management framework while determining its risk profile.
8. The IRAPG should:
a. identify and outline all related parties of the Authorised FirmG , and list the types of transactions that occur between those related parties and the firm;
b. identify the most significant risks to which the firm is exposed, which should, at a minimum, include the risks identified in GuidanceG note 9;
c. identify each of the firm's major business lines and prepare a comprehensive list of the major risks to which each of the businesses are exposed;
d. identify the controls and risk management measures used to address the risks referred to in b. and c. and assess the strength of such controls and systems; and
e. consider the impact of an economic or industry downturn on its future earnings, taking into account its business plans.
9. The IRAPG should, in addition to the aforementioned factors:
a. estimate, with the aid of historical data, where available, the range and distribution of possible losses which might arise from each of those risks and consider using stress tests to provide risk estimates;
b. consider the extent to which the firm's Capital RequirementG adequately addresses the type of risks referred to under GuidanceG note 8 (b) and (c); and
c. estimate the expected change in the firm's risk profile on the basis of projections of the firm's business activities for the next 3 to 5 years.
10. If the firm's IRAPG is based on this GuidanceG , it may enable the DFSAG more easily to review the IRAPG as part of its SREPG . However, the DFSAG may decide to rely on an IRAPG that is not consistent with the elements of this GuidanceG , owing to specific reasons and/or circumstances which necessitate an alternative approach.

GuidanceG on risks to be covered as part of the IRAPG

11. An Authorised FirmG should consider the following risks, where relevant, in its IRAPG :
a. Credit RiskG , including Large ExposuresG and Concentration RisksG ;
b. Market RiskG ;
c. Liquidity RiskG ;
d. for Islamic Financial BusinessG involving PSIAsG , displaced commercial risk;
e. interest rate risk in the Non-Trading BookG ;
f. Operational RiskG ;
g. internal controls and systems; and
h. reputational risk.
12. This GuidanceG is merely an indicative list of risk categories, which does not preclude an Authorised FirmG from assessing other risks that it considers significant (for example, securitisation risks and residual risks). Likewise, certain categories of risks might not be relevant to all Authorised FirmsG completing the IRAPG . In this case, the IRAPG should clearly indicate why the risk is considered minimal or not relevant. The IRAPG should also consider all risks arising from any non-regulated activities of the Authorised FirmG , if they are seen as material to the risk profile of the firm.
Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]