Article 8 | Delegated Regulation 2018/959

Article 8 - Independent operational risk management function

Article 8

Independent operational risk management function

1. Competent authorities shall assess the independence of the operational risk management function from the institution's business units by confirming at least the following:

(a)

that the operational risk management function undertakes the following tasks separately from the institution's business lines:

(i)	the design, development, implementation, maintenance and oversight of the operational risk management process and the operational risk measurement system;

(ii)	the analysis of the operational risk associated with the introduction and development of new products, markets, lines of business, processes, systems and significant changes to existing products;

(iii)

the oversight of business activities that may give rise to an operational risk exposure that could breach the institution's risk tolerance;

(b)	that the operational risk management function receives appropriate commitment by the management body and senior management and is of adequate stature within the organization for fulfilling its tasks;

(c)	that the operational risk management function is not also responsible for the internal audit function;

(d)

that the head of the operational risk management function meets at least the following requirements:

(i)	an appropriate level of experience to manage the actual and prospective operational risk, as indicated by the operational risk profile;

(ii)	regular communication with the management body and its committees as mandated by the risk management structure of the institution;

(iii)

active involvement in the elaboration of the institution's operational risk tolerance and strategy for its management and mitigation;

(iv)	independence from the operational units and functions reviewed by the operational risk management function;

(v)	allocation of a budget for the operational risk management function by the head of risk management referred to in the fourth subparagraph of Article 76(5) of Directive 2013/36/EU or a member of the management body in a supervisory capacity and not by a business unit or executive function.

Recitals

CHAPTER 1 - GENERAL PROVISIONS (Article 1-6)

CHAPTER 2 - QUALITATIVE STANDARDS (Article 7-19)

SECTION 1 - Governance (Article 7-10)Article 7 - Operational risk management process Article 8 - Independent operational risk management function Article 9 - Senior management involvement Article 10 - Reporting

SECTION 2 - Use test (Article 11-15)

SECTION 3 - Audit and internal validation (Article 16-17)

SECTION 4 - Data quality and IT infrastructure (Article 18-19)

CHAPTER 3 - QUANTITATIVE STANDARDS (Article 20-35)

CHAPTER 4 - INSURANCE AND OTHER RISK TRANSFER MECHANISMS (Article 36-44)

CHAPTER 5 - FINAL PROVISION (Article 45-46)

Metadata

Related documents

Article 8 - Independent operational risk management function

Table of contents