Article 72
General
1. When assessing compliance with the requirements on data maintenance laid down in Article 144(1)(d) and Article 176 of Regulation (EU) No 575/2013, competent authorities shall evaluate all of the following:
|
(a) |
the quality of the internal, external or pooled data, including the data quality management process, in accordance with Article 73; |
|
(b) |
the data documentation and reporting, in accordance with Article 74; |
|
(c) |
the relevant IT infrastructure, in accordance with Article 75. |
2. For the purpose of the assessment under paragraph 1, competent authorities shall apply all of the following methods:
|
(a) |
review the data quality management policies, methods and procedures relevant to the data used in the IRB Approach; |
|
(b) |
review the relevant data quality reports, as well as their conclusions, findings and recommendations; |
|
(c) |
review the IT infrastructure policies and IT systems management procedures, including the contingency planning policies, relevant for the IT systems used for the purpose of the IRB Approach; |
|
(d) |
review the relevant minutes of the institution’s internal bodies, including management body, or committees; |
|
(e) |
review the relevant findings of the internal audit or of other control functions of the institution; |
|
(f) |
review the progress reports on the efforts made by the institution to correct shortcomings and mitigate risks detected during relevant audits; |
|
(g) |
obtain written statements from or interview the relevant staff and senior management of the institution. |
3. For the purpose of the assessment under paragraph 1, competent authorities may also apply any of the following additional methods:
|
(a) |
perform own tests on the data of the institution or request the institution to perform tests proposed by the competent authorities; |
|
(b) |
review other relevant documents of the institution. |