(1) | A central counterparty must have in place policies and procedures, approved by its controlling body, in order to determine— |
(a) | the circumstances under which external data such as public data or pooled industry data or both must be used in addition to internal data; |
(b) | the methodologies that must be used in order to incorporate the relevant external data, such as scaling or qualitative adjustments, |
provided that the central counterparty’s operational risk measurement system incorporates relevant external data when there is reason to believe that the central counterparty is exposed to infrequent, yet potentially severe, losses.
(2) | The external data referred to in subregulation (1) must include information in respect of— |
(a) | the actual loss amounts; |
(b) | the scale of business operations where the loss event occurred; |
(c) | the causes of and circumstances surrounding the loss event; and |
(d) | any other information that would assist the central counterparty in assessing the relevance of the loss event or data or both. |
(3) | A central counterparty’s policies and procedures relating to the use of external data must be subject to regular independent review and appropriate internal audit coverage. |