Financial Markets Act, 2012 (Act No. 19 of 2012)RegulationsFinancial Markets Act RegulationsChapter VI : Central Counterparties13. Risk management framework13.9 Operational risk |
(1) | The risk management framework must in the case the central counterparty’s exposure to operational risk, enable the central counterparty to— |
(a) | identify, manage and monitor the plausible sources of operational risk; |
(b) | develop and maintain appropriate internal controls; |
(c) | set operational reliability objectives; |
(d) | develop a business continuity plan; |
(e) | assess the evolving nature of the operational risk it faces on an on-going basis so that it can analyse its potential vulnerabilities and implement appropriate defence mechanisms; |
(f) | assess the additional operational risks related to its interoperability arrangements to ensure the scalability and reliability of information technology systems and related resources; |
(g) | include formal change-management and project-management processes to mitigate operational risk arising from modifications to operations, policies, procedures, and controls; and |
(h) | include comprehensive and well-documented procedures in place to record, report, analyse, and resolve all operational incidents. |
(2) | A central counterparty must have in place a well-documented assessment and management system for operational risk with clear responsibilities assigned for this system, which must— |
(a) | identify its exposures to operational risk and track relevant operational risk data, including material loss data; |
(b) | be subject to an annual review carried out by an independent party, including an internal party, with the necessary knowledge to carry out such review, the result of which must be made available to the Authority upon request; |
(c) | be closely integrated into the risk management processes of the central counterparty to ensure that its output is an integral part of the process of monitoring and controlling the central counterparty’s operational risk profile. |