Skip to main content
Entire section Custom print Text Only Rich Text Print

Article 3: Risk Management Function

C 153-2018 STA Effective from 27/6/2018
  1. 1. The head of the risk management function, the CRO or equivalent, must be of sufficient seniority and stature within the bank, to credibly challenge the heads of business lines and functions. The risk management function is responsible for assisting the Board, board committees, executive committee (including the credit committee) and senior management to develop and maintain the risk governance framework.
  2. 2. Appointment or dismissal of the CRO must be approved by the Board or board risk committee. If the CRO is removed, the bank must immediately advise the Central Bank of the reasons for such a removal.
  3. 3. The CRO, or equivalent, must:
    1. a. Not have a decision-making role in the bank’s risk-taking functions, including credit underwriting, or the finance function;
    2. b. Have no revenue-generating responsibilities;
    3. c. Not have remuneration based on the performance of any of the bank’s risk-taking functions;
    4. d. Not be the chief executive of the bank, or head of the finance, compliance or internal audit function;
    5. e. Have a direct reporting line to the Board or board risk committee and appropriate reporting lines to senior management; and
    6. f. Have unfettered access directly to the board risk committee, including the ability to meet without other senior executives present.
  4. 4. Key activities of the risk management function must include, but are not limited to:
    1. a. Identifying material individual, aggregate and emerging risks;
    2. b. Assessing these risks and measuring the bank’s exposure to them;
    3. c. Supporting the Board in its implementation, review and approval of the bank-wide or if applicable, group-wide risk governance framework;
    4. d. Ongoing monitoring to ensure risk-taking activities and risk exposures are in line with the board-approved risk appetite, risk limits and corresponding capital or liquidity needs;
    5. e. Establishing an early warning or trigger system as part of ongoing monitoring to ensure that breaches of the board-approved risk appetite and risk limits are reported on a timely basis to senior management, the Board or board risk-committee as required by board-approved policies;
    6. f. Influencing and, when necessary, challenging material risk decisions; and
    7. g. Reporting to senior management and the Board or board risk committee in accordance with the risk governance framework.