Article 28
Role of the management body in risk management
1.
Member States shall ensure that the management body of the investment firm approves and periodically reviews the strategies and policies on the risk appetite of the investment firm, and on managing, monitoring and mitigating the risks the investment firm is or may be exposed to, taking into account the macroeconomic environment and the business cycle of the investment firm.
2.
Member States shall ensure that the management body devotes sufficient time to ensure proper consideration of the matters referred to in paragraph 1 and that it allocates adequate resources to the management of all material risks to which the investment firm is exposed.
3.
Member States shall ensure that investment firms establish reporting lines to the management body for all material risks and for all risk management policies and any changes thereto.
4.
Member States shall require all investment firms that do not meet the criteria set out in point (a) of Article 32(4) to establish a risk committee composed of members of the management body who do not perform any executive function in the investment firm concerned.
Members of the risk committee referred to in the first subparagraph shall have appropriate knowledge, skills and expertise to fully understand, manage and monitor the risk strategy and the risk appetite of the investment firm. They shall ensure that the risk committee advises the management body on the investment firm’s overall current and future risk appetite and strategy and assists the management body in overseeing the implementation of that strategy by senior management. The management body shall retain overall responsibility for the investment firm's risk strategies and policies.
5.
Member States shall ensure that the management body in its supervisory function and the risk committee of that management body, where a risk committee has been established, have access to information on the risks to which the investment firm is or may be exposed.