Home   Browse contents   View updates   Search  
     Quick search

Dubai Financial Services Authority (DFSA): Contents

Dubai Financial Services Authority (DFSA)
Recognised Jurisdictions and Funds
Declaration Notices
Financial Markets Tribunal
Rulebook Modules
Prudential — Investment, Insurance Intermediation and Banking Module (PIB) [VER34/12-19]
Sourcebook Modules
Consultation Papers
Policy Statements
DFSA Codes of Practice
Amendments to Legislation
Media Releases

BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player

  • PIB 6.2 Risk Management Framework and Governance

    • PIB 6.2.1

      (1) An Authorised FirmG must implement and maintain an Operational RiskG policy which enables it to identify, assess, control and monitor Operational RiskG .
      (2) The policy must be documented and provide for a sound and well-defined risk management framework to address the Authorised Firm'sG Operational RiskG .
      (3) An Authorised FirmG must:
      (a) ensure that its risk management systems enable it to implement the Operational RiskG policy;
      (b) identify, assess, mitigate, control and monitor the risk; and
      (c) review and update the policy at intervals that are appropriate to the nature, scale and complexity of its activities.
      Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

    • PIB 6.2.2

      An Authorised FirmG must ensure that its Governing BodyG approves the Operational RiskG policy in PIB Rule 6.2.1.

      Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]

      • PIB 6.2.2 Guidance

        1. Some of the key aspects that an Authorised FirmG should consider in its Operational RiskG policy include:
        a. the governance structures used to manage Operational RiskG , including reporting lines and accountabilities;
        b. risk assessment tools and how they are used;
        c. the Authorised Firm'sG accepted Operational RiskG appetite, permissible thresholds or tolerances for inherent and residual risk, and approved risk mitigation strategies and instruments;
        d. the Authorised Firm'sG approach to establishing and monitoring thresholds or tolerances for inherent and residual risk ExposureG ;
        e. risk reporting and MIS; and
        f. appropriate independent review and assessment of the Authorised Firm'sG Operational RiskG framework.
        2. An Authorised Firm'sG Operational RiskG policy should, amongst other things, include consideration of PrinciplesG for the Sound Management of Operational RiskG , issued by the Basel Committee on BankingG Supervision (BCBS) and the Guidelines on the management of Operational RiskG in market-related activities issued by the European BankingG Authority which are useful in relation to activities other than banking.

        Governing BodyG Responsibilities

        1. The GENG Module contains RulesG and GuidanceG regarding corporate governance requirements for Authorised FirmsG , including the responsibilities of an Authorised FirmG regarding risk management.
        2. In developing, implementing and maintaining an effective Operational RiskG framework, an Authorised Firm'sG Governing BodyG should:
        a. approve and review a risk appetite and tolerance for Operational RiskG that articulates the nature, types and levels of Operational RiskG that the Authorised FirmG is willing to assume;
        b. consider all relevant risks, the Authorised Firm'sG level of risk appetite, its current financial condition and its strategic direction. The Governing BodyG should monitor management adherence to the risk appetite and tolerance and provide for timely detection and remediation of breaches;
        c. encourage a management culture, and develop supporting processes, which help to engender within the Authorised FirmG an understanding by relevant EmployeesG of the nature and scope of the Operational RiskG inherent in the Authorised Firm'sG strategies and activities;
        d. provide senior management with clear guidance and direction regarding the principles underlying the Authorised Firm'sG Operational RiskG management framework and approve the corresponding policies developed by senior management;
        e. regularly review the Authorised Firm'sG Operational RiskG policy to ensure that the Authorised FirmG has identified and is managing the Operational RiskG arising from external market changes and other environmental factors, as well as those Operational RisksG associated with new strategies, products, activities, or systems, including changes in risk profiles and priorities (e.g. changing business volumes). Such review should also take into account the Operational RiskG loss experience, the frequency, volume or nature of limit breaches, the quality of the control environment and the effectiveness of risk management or mitigation strategies;
        f. ensure that the Authorised Firm'sG Operational RiskG policy and framework is subject to effective independent review by audit or other appropriately-trained PersonsG ;
        g. ensure that management is incorporating industry best practice in managing Operational RiskG ; and
        h. establish clear lines of management responsibility and accountability for implementing a strong control environment. The control environment should provide appropriate independence/separation of duties between Operational RiskG control functions, business lines and support functions.

        Senior Management Responsibilities

        1. GEN 5.2 contains RulesG and GuidanceG regarding senior management arrangements for Authorised FirmsG .
        2. In relation to establishing and maintaining a robust Operational RiskG framework, an Authorised Firm'sG senior management should:
        a. translate the Operational RiskG management framework established by the Governing BodyG into specific policies and procedures that can be implemented and verified within the different business units;
        b. clearly assign authority, responsibility and reporting relationships to encourage and maintain accountability, and to ensure that the necessary resources are available to manage Operational RiskG in line within the Authorised Firm'sG risk appetite and tolerance; and
        c. ensure that the management oversight process is appropriate for the risks inherent in a business unit's activity.
        Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]