(5) | As a minimum, the risk management processes, practices, procedures and policies referred to in subregulation (4)— |
(a) | shall be adequate for the size and nature of the activities of the bank, including, among others, the bank’s— |
(i) | exposure to credit risk; |
(ii) | exposure to counterparty credit risk; |
(iii) | exposure to operational risk; |
(iv) | exposure to market risk; |
(v) | exposure to interest-rate risk in the banking book; |
(vi) | exposure to liquidity risk; |
(vii) | activities relating to risk mitigation; |
(viii) | trading activities, |
and shall periodically be adjusted in light of the changing risk profile or financial strength of the bank, financial innovation or external market developments;
[Regulation 39(5)(a) substituted by section 10(b) of Notice No. 1427, GG44048, dated 31 December 2020 - effective 1 January 2021]
(b) | shall be duly aligned with, and, where appropriate, provide specific guidance for the successful implementation of and the continued adherence to, the business strategy, goals and objectives, and the risk appetite or tolerance for risk, of the bank; |
(c) | shall duly specify relevant limits and allocated capital relating to the bank's material exposures to risk; |
[Regulation 39(5)(c) substituted by section 10(c) of Notice No. 1427, GG44048, dated 31 December 2020 - effective 1 January 2021]
(d) | shall be sufficiently robust— |
(i) | to determine and monitor the total indebtedness of any person to whom the bank granted credit; |
(ii) | to ensure that the bank raises appropriate and timely credit impairments and maintains adequate allowances or reserves for potential losses in respect of its loans or advances; |
(iii) | to identify and manage material interrelationships between the bank's relevant risk exposures; |
(iv) | to ensure the bank's continued compliance with the relevant documented set of internal policies, controls and procedures; |
(v) | to ensure that the bank captures the economic substance and not merely the legal form of the bank's various exposures to risk; |
(vi) | to ensure that the bank duly approves any significant hedging or risk management initiative, before it is implemented; |
[Regulation 39(5)(d)(vi) inserted by section 10(d) of Notice No. 1427, GG44048, dated 31 December 2020 - effective 1 January 2021 - subsequent subparagraphs have been renumbered (section 10(e)]
(vii) | to ensure that the bank conducts sufficiently robust and independent due diligence in respect of the bank's respective investment in or exposure to instruments, products or markets, and that the bank, for example, does not merely or solely rely on an external credit rating when investing in a particular product or instrument; |
(viii) | to ensure that the bank regularly conducts appropriate stress-testing or scenario analysis; |
(ix) | to ensure that the bank maintains sufficient liquidity and capital adequacy buffers to remain solvent during prolonged periods of financial market stress and illiquidity; |
(x) | to clearly delineate accountability and all relevant lines of authority across the bank's various business units, lines or activities, and ensure that a clear separation exists between all relevant business units, lines or activities, and any relevant risk or control function; |
(xi) | to ensure that, prior to its initiation, all relevant risk management, control and business units or lines appropriately review and assess proposed new activities, investment in new instruments or the introduction of new products, to ensure that the bank will be able to continuously understand, manage and control the relevant activity, investment or inherent risks in the product; |
[Regulation 39(5)(d)(xi) substituted by section 10(f) of Notice No. 1427, GG44048, dated 31 December 2020 - effective 1 January 2021]
(xii) | to ensure that the bank is able to appropriately aggregate or consolidate all relevant risks or exposure to risk; |
(xiii) | to ensure ongoing, accurate, appropriate and timely communication or reporting of the bank's relevant risk exposures and any material deviation from approved policies, processes or procedures to the senior management and the board of directors; |
(xiv) | to ensure that the bank's board of directors and senior management receive timely and appropriate information regarding the condition of the bank's respective asset portfolios, including matters related to the relevant classification of credit exposure, the level of impairment or provisioning, and major problem assets; |
(xv) | to enable the proactive identification and proper management of all relevant material exposures to risk; |
[Regulation 39(5)(d)(xv) substituted by section 10(g) of Notice No. 1427, GG44048, dated 31 December 2020 - effective 1 January 2021]
(xvi) | to ensure that any breach of an internal limit is duly escalated and addressed; |
(xvii) | to timeously detect potential criminal activities and prevent undue exposure to criminal activities; |
(xviii) | to ensure proper oversight of any relevant outsourced function. |
(e) | shall in the case of the bank's exposure to counterparty credit risk— |
(i) | duly take into account the market risk, liquidity risk, legal risk and operational risk normally associated with counterparty credit risk; |
(ii) | ensure that the bank— |
(A) | duly takes into account the creditworthiness of all relevant counterparties; |
(B) | duly takes into account any relevant settlement and pre-settlement risk; |
(C) | continuously monitors the utilisation of credit lines; |
(D) | measures its current exposure gross and net of collateral in all relevant cases, including in the case of margin lending; |
(E) | manages all relevant risk exposures at a counterparty and bank-wide level; |
(f) | shall in the case of risk mitigation, including matters related to collateral and margin agreements with counterparties, be sufficiently robust to ensure that the bank continuously— |
(i) | devotes sufficient resources to the orderly operation of margin agreements with OTC derivative and securities financing counterparties, as measured by, among other things, the timeliness and accuracy of the bank's outgoing calls and response time to incoming calls; |
(ii) | controls, monitors and reports— |
(A) | all relevant risk exposures related to margin agreements, such as the volatility and liquidity of the securities exchanged as collateral; |
(B) | any potential concentration risk to particular counterparties or types of collateral; |
(C) | the reuse of both cash and non-cash collateral, including the potential liquidity shortfalls resulting from the reuse of collateral received from counterparties, and |
(D) | all relevant matters related to the surrendering of rights on collateral posted to counterparties; |
(g) | shall be sufficiently robust to timeously identify material concentrations in any one of the risk exposures specified in subregulation (3), including concentrations relating to or arising from— |
(i) | an individual or single counterparty, borrower or person; |
(ii) | a group of related or connected counterparties, borrowers or persons; |
(iii) | credit exposures in respect of counterparties or persons in the same industry, economic sector or geographic region; |
(iv) | credit exposures to counterparties or persons, the financial performance of which is dependent on the same activity or commodity; |
(v) | indirect credit exposures arising from the bank's risk mitigation activities such as exposure to a single collateral type or a single credit protection provider; |
(vi) | interest-rate risk in the bank's banking book; |
(ix) | trading exposure or risk, including interest-rate risk and price risk; |
(x) | equity positions held in the bank's banking book; |
(xi) | specific assets or instruments held in either the banking book or trading book, including structured products; |
(xii) | off-balance-sheet exposures, including guarantees, liquidity lines or other commitments; |
(xiii) | correlation between any of the aforesaid risks, counterparties, instruments, assets, liabilities or commitments. |
(h) | shall in the case of country risk and transfer risk be sufficiently robust— |
(i) | to identify and monitor exposures on an individual country basis in addition to an end-borrower or end-counterparty basis; |
(ii) | to ensure that country exposures are accurately monitored and reported in the bank's information systems, risk management systems and internal control systems; |
(iii) | to continuously ensure adherence to the bank's established country exposure limits, and any other relevant limit that may be specified by the bank or Registrar; |
(iv) | to monitor and evaluate developments in country risk and in transfer risk, and apply appropriate countermeasures; |
(v) | to raise appropriate provision for loss against country risk and transfer risk in addition to any relevant required loan-specific provision or impairment; |
(i) | shall in the case of liquidity risk be sufficiently robust to ensure that— |
(i) | the bank conducts comprehensive cash flow forecasting; |
(ii) | the bank duly specifies, implements and maintains appropriate limits in respect of its respective funding sources, including all relevant products, counterparties and markets; |
(iii) | the bank conducts robust liquidity scenario stress testing, including stress tests in respect of such bank specific or sector specific scenarios as may be specified in writing by the Registrar; |
(iv) | the bank develops and maintains robust and multifaceted contingency funding plans; |
(v) | the bank maintains a sufficient cushion of liquid assets to meet contingent liquidity needs; |
(j) | shall in the case of the bank’s intraday liquidity positions be sufficiently robust to ensure that— |
(i) | the bank actively manages its intraday liquidity positions and risks, for example, to meet payment and settlement obligations on a timely basis under both normal and stressed conditions, and as a result contributes to the smooth functioning of all relevant payment and settlement systems; |
(ii) | the bank has the ability— |
(A) | to measure expected daily gross liquidity inflows and outflows, anticipate the intraday timing of these flows where possible, and forecast the range of potential net funding shortfalls that might arise at different points during the day; |
(B) | to monitor intraday liquidity positions against expected activities and available resources in respect of matters such as relevant balances, remaining intraday credit capacity and available collateral; |
(C) | to acquire sufficient intraday funding to meet its intraday objectives; |
(D) | to manage and mobilise any required collateral to obtain the necessary intraday funds; |
(i) | manage the timing of its liquidity outflows in line with its intraday objectives; and |
(ii) | deal with unexpected disruptions to its intraday liquidity flows; |
(k) | shall in relevant cases include prudent contingency plans specifying, for example, how the bank will respond to funding, capital and other pressures that may arise when access to securitisation markets is reduced, including matters related to the valuation of all relevant instruments or positions held; |
(l) | shall include sound compensation processes, practices and procedures, and board-approved compensation policies, which compensation processes, practices, procedures and policies— |
(i) | shall be linked to longer-term capital preservation, and the financial strength of the bank. |
This means, inter alia—
(A) | that variable compensation payments, for example, shall be appropriately deferred and payment shall not be finalised over short periods whilst risks are realised over long periods; and |
(B) | that the mix of cash, equity and other forms of compensation shall be duly aligned with the bank's exposure to risk. |
(ii) | shall incorporate and promote appropriate risk-adjusted performance measures, that is, compensation shall acknowledge all relevant risks so that remuneration is balanced between the profit earned and the degree of risk assumed in order to generate the profit; |
(iii) | shall not be unduly linked, for example, to short-term accounting profit generation; |
(iv) | shall ensure that staff engaged in the relevant financial and risk control areas have appropriate authority and are compensated in a manner that is independent of the business areas they oversee, and commensurate with their function in the bank; |
(v) | shall promote adequate disclosure to stakeholders, that is, the bank shall disclose clear, comprehensive and timely information regarding the bank's compensation practices— |
(A) | to facilitate constructive engagement with all relevant stakeholders, including shareholders; |
(B) | to enable stakeholders to evaluate the quality of support for the bank's strategy, objectives and risk appetite; |
(m) | shall be subject to adequate internal controls and appropriate internal audit coverage; |
(n) | shall ensure appropriate board and senior management oversight and involvement; |
(o) | shall include adequate internal controls to produce any data or information which might be required on a consolidated basis; |
(p) | shall be duly documented; |
(q) | shall be subject to regular monitoring and review, and relevant testing, to ensure that they remain relevant and current. |
[Regulation 39(5)(j) substituted by regulation 23(a) of Notice No. 297, GG 40002, dated 20 May 2016]