A licensed central counterparty that wishes to adopt the Advanced Measurement Approach for the calculation of the central counterparty’s capital requirement relating to operational risk must—
(a) | have in place an independent operational risk management function, responsible for— |
(aa) | policies and procedures relating to operational risk management and control, including policies to address areas of non-compliance, which policies must be approved by the central counterparty’s controlling body; |
(bb) | strategies to identify, measure, monitor and control or mitigate the central counterparty’s exposure to operational risk. |
(ii) | the design and implementation of— |
(aa) | a methodology for the measurement of the central counterparty’s exposure to operational risk; |
(bb) | the central counterparty’s operational risk management framework; |
(cc) | a risk-reporting system relating to operational risk; |
(b) | have in place an internal operational risk measurement system— |
(i) | which must be closely integrated into the day-to-day risk management processes of the central counterparty; |
(ii) | which must be subject to regular validation and independent review, which validation and independent review must include verification that the internal validation processes are operating in a satisfactory manner and that data flows and processes associated with the risk measurement system are transparent and accessible; |
(iii) | the output of which must form an integral part of the process to monitor and control the central counterparty’s exposure to operational risk, including internal capital allocation and risk analysis; |
(c) | have in place techniques to— |
(i) | allocate capital to major business units, which allocation is based on operational risk; |
(ii) | create incentives to improve the management of operational risk throughout the central counterparty; |
(d) | on a regular basis report its exposure to operational risk, including material losses suffered in respect of operational risk, to the management of the central counterparty’s business units, the senior management of the central counterparty and the central counterparty’s controlling body; |
(e) | have in place adequate measures to take appropriate action, including in cases of non-compliance with internal policies, controls and procedures; |
(f) | document the central counterparty’s operational risk management system; |
(g) | have in place a process to ensure compliance with the central counterparty’s documented set of internal policies, controls and procedures concerning the operational risk management system; |
(h) | have in place a robust operational risk management process which must be subject to regular review by the central counterparty’s internal and external auditors which review must include the activities of— |
(i) | the relevant business units; and |
(ii) | the independent operational risk management function. |