Article 320
Criteria for the Standardised Approach
1.
The criteria referred to in the first subparagraph of Article 312(1) are the following:
(a)
an institution shall have in place a well-documented assessment and management system for operational risk with clear responsibilities assigned for this system. It shall identify its exposures to operational risk and track relevant operational risk data, including material loss data. This system shall be subject to regular independent review carried out by an internal or external party possessing the necessary knowledge to carry out such review;
(b)
an institution's operational risk assessment system shall be closely integrated into the risk management processes of the institution. Its output shall be an integral part of the process of monitoring and controlling the institution's operational risk profile;
(c)
an institution shall implement a system of reporting to senior management that provides operational risk reports to relevant functions within the institution. An institution shall have in place procedures for taking appropriate action according to the information within the reports to management.
3.
EBA shall develop draft regulatory technical standards to specify the conditions that the competent authority has to assess pursuant to paragraph 1, including how the average annual operational risk loss is to be computed and the specifications on the information to be collected pursuant to paragraph 2 or any further information deemed necessary to carry out the assessment.
EBA shall submit those draft regulatory technical standards to the Commission by 10 January 2027.
Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.