1.A Bank must notify the Central Bank promptly and no later than 24 hours after experiencing an operational risk event that triggers, or is likely to trigger, disaster recovery or business continuity plans, or has, or is likely to have, a significant impact on the Bank’s operations, profitability or capital. The Bank must explain to the Central Bank the nature of the event, actions being taken, the likely effect and the timeframe for returning to normal operations, where applicable. The Bank must notify the Central Bank when normal operations resume.
2.A Board-approved disclosure policy must provide for the Bank’s publication of sufficient information on operational risk and controls to allow stakeholders to assess its approach to operational risk management and to determine whether the Bank identifies, assesses, evaluates, monitors and controls and mitigates operational risk effectively. In addition, a Bank must implement a process for assessing the appropriateness of its operational risk disclosures.
3.Branches and Subsidiaries of foreign Banks operating in the UAE may largely rely on the Group’s disclosures, supplemented by disclosure, at least annually through their websites that are dedicated to their activities in the UAE, of a summary of the local branch or Subsidiary’s operational risk management framework.
4.A Bank’s public disclosures must be commensurate with the size, risk profile and complexity of a Bank’s operations and evolving industry practice. A Bank’s disclosures must be consistent with how Senior Management and the Board assess and manage the operational risk of the Bank.