ANNEX IV
Instructions for disclosure of risk management objectives and policies
Table EU OVA - Institution risk management approach: Free format text boxes for disclosure of qualitative information
1. Institutions shall disclose the information referred to Article 435(1) of Regulation (EU) 575/2013 ( 6 ) (‘CRR’) by following the instructions provided below in this Annex to complete table EU OVA which is presented in Annex III to this Implementing Regulation.
|
Legal references and instructions |
|
|
Row number |
Explanation |
|
(a) |
The concise risk statement approved by the management body in the application of point (f) of Article 435(1) CRR shall describe how the business model determines and interacts with the overall risk profile: for instance, the key risks related to the business model and how each of these risks is reflected and described in the risk disclosures, or how the risk profile of the institution interacts with the risk tolerance approved by the management body. Within the risk statement in the application of point (f) of Article 435(1) CRR, institutions shall also disclose the nature, extent, purpose and economic substance of material transactions within the group, affiliates and related parties. The disclosure shall be limited to transactions that have a material impact on the risk profile of the institution (including reputational risk) or the distribution of risks within the group. Institutions shall also include key ratios and figures that show how the risk profile of the institution interacts with the risk tolerance set by the management body. |
|
(b) |
Information to be disclosed in the application of point (b) of Article 435(1) CRR includes the risk governance structure for each type of risk: responsibilities attributed throughout the institution (including, where relevant, oversight and delegation of authority and breakdown of responsibilities between the management body, the business lines and the risk management function by type of risk, business unit, and other relevant information); relationships between the bodies and functions involved in risk management processes (including, as appropriate, the management body, risk committee, risk management function, compliance function, internal audit function); and the organisational and internal control procedures. When disclosing the structure and organisation of the relevant risk management function, institutions shall complement the disclosure with the following information: — Information on the overall internal control framework and how its control functions are organised (authority, resources, statute, independence), the major tasks they perform, and any actual and planned material changes to these functions; — The approved limits of risks to which the institution is exposed; — Changes of the heads of internal control, risk management, compliance and internal audit. — Channels to communicate, decline and enforce the risk culture within the institution (for instance, whether there are codes of conduct, manuals containing operating limits or procedures to treat violations or breaches of risk thresholds or procedures to raise and share risk issues between business lines and risk functions). |
|
(c) |
The declaration that institutions shall disclose in compliance with point (e) of Article 435(1) CRR, on the adequacy of the risk management arrangements, has to be approved by the management body and provide assurance that the risk management systems put in place are adequate taking into account the institution’s risk profile and its strategy. |
|
(d) |
As part of the disclosures required in point (c) of Article 435(1) CRR, institutions shall disclose the scope and nature of risk disclosure and/or measurement systems and the description of the flow on risk to the management body and senior management. |
|
(e) |
When providing information on the main features of risk disclosure and measurement systems in the application of point (c) of Article 435(1) CRR, institutions shall disclose their policies regarding systematic and regular reviews of risk management strategies, and the periodical assessment of their effectiveness. |
|
(f) |
Disclosure on the strategies and processes to manage risk in the application of point (a) of Article 435(1) CRR shall include qualitative information on stress testing, such as the portfolios subject to stress testing, scenarios adopted and methodologies used, and the use of stress testing in risk management. |
|
(g) |
Institutions shall provide information on the strategies and processes to manage, hedge and mitigate risks, as well as on the monitoring of the effectiveness of hedges and mitigants in accordance with points (a) and (d) of Article 435(1) CRR for risks that arise from the institutions’ business model. |
Table EU OVB - Disclosure on governance arrangements: Free format text boxes for disclosure of qualitative information.
2. Institutions shall disclose the information referred to in Article 435(2) CRR by following the instructions provided below in this Annex to complete table EU OVB which is presented in Annex III to this Implementing Regulation.
|
Legal references and instructions |
|
|
Row number |
Explanation |
|
(a) |
Institutions shall disclose the number of directorships held by members of the management body in accordance with point (a) of Article 435(2) CRR. When disclosing this information, the following specifications apply: — Institutions under the scope of Article 91(3) and (4) of Directive (EU) 2013/36 (1) (‘CRD’) shall disclose the number of directorships as counted by this Article; — Institutions shall disclose the number of directorships effectively held for each member of the management body (whether it is a group company or not, a qualifying holding or an institution within the same institutional protection scheme and whether the directorship is an executive or non-executive directorship) regardless of whether the directorship is with an entity that pursues or does not pursue a commercial objective; — Where an additional directorship was approved by the competent authority, all institutions in which this member holds a directorship shall disclose this fact together with the name of the competent authority approving the additional directorship. |
|
(b) |
When disclosing information regarding the recruitment policy for the selection of members of the management body in accordance with point (b) of Article 435(2) CRR, institutions shall include information on the actual knowledge, skills and expertise of the members. Institutions shall include information on the policy possibly resulting from succession planning and on any foreseeable changes within the overall composition of the management body. |
|
(c) |
When disclosing their diversity policy in accordance with point (c) of Article 435(2) CRR, institutions shall disclose information on the objectives and any relevant targets set out in that policy, and the extent to which those objectives and targets have been achieved. In particular institutions shall disclose the policy on gender diversity, including: — Where a target has been set for the underrepresented gender and for the policies regarding diversity in terms of age, educational background, professional background and geographical provenance, the target set, and the extent to which the targets are met. — Where a target is not met, institutions shall disclose the reasons and, when relevant, the measures taken to meet the target within a certain time period. |
|
(d) |
Institution shall disclose if they have set up a separate risk committee, and the number of times the risk committee has met in accordance with point (d) of Article 435(2) CRR. |
|
(e) |
As part of data on the information flow on risk to the management body in the application of point (e) of Article 435(2) CRR, institutions shall describe the process of the risk disclosure provided to the management body, particularly the frequency, scope and main content of risk exposure and how the management body was involved in defining the content to be disclosed. |
|
(1)
DIRECTIVE 2013/36/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338). |
|
( 6 ) Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).