Updated 24/12/2024
In force

Initial Legal Act
Amendments
Search within this legal act

Article 6 - Assessment of the adequacy of the composition and role of the management body and senior management

Article 6

Assessment of the adequacy of the composition and role of the management body and senior management

1.   When assessing the adequacy of the composition and the role of the senior management and the management body as referred to in Article 325bi(1), point (c), of Regulation (EU) No 575/2013, competent authorities shall:

(a)

verify whether the institution, in its documentation of the risk management system, describes:

(i)

the composition, the roles and responsibilities of the management body and senior management;

(ii)

the roles and responsibilities of each member of the management body and senior management;

(b)

verify whether the senior management is constituted of members that represent the highest hierarchical levels below the management body, and has defined responsibility for the proper functioning of the internal model for market risk;

(c)

verify whether the composition of any internal committee structure established by the management body to support its decision-making is adequate, as required by paragraph 2;

(d)

verify whether the role of the senior management is adequate, as required by paragraph 3;

(e)

verify whether the role of the management body, and of the committees constituting the internal committee structure referred to in point (c), are adequate, as required by paragraph 4.

Where an institution’s management body delegates any of its tasks to an internal committee, competent authorities shall, in the context of those delegated tasks, make the assessments required by this Regulation at the level of the internal committee designated by the management body.

2.   For the purposes of paragraph 1, first subparagraph, point (c), competent authorities shall verify whether:

(a)

for each committee of the internal committee structure, the management body has clearly set out its mandate, hierarchy, reporting lines, permanent members, frequency of meetings, and levels of responsibility;

(b)

the internal committee structure has a committee that assesses any new product, proposes those products to the senior management for approval, and monitors those products and whether the risk control unit, and any other function of the institution that is affected by the introduction of a new product, are represented in such committee;

(c)

the governance underpinning the internal committee structure allows for the effective and timely control of all internal position limits referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013;

(d)

the governance underpinning the internal committee structure ensures active involvement of the management body in the risk-control process as required by Article 325bi(1), point (c), of Regulation (EU) No 575/2013;

(e)

as part of the internal documentation, the institution has documented all aspects referred to in point (a).

3.   For the purposes of paragraph 1, first subparagraph, point (d), competent authorities shall verify whether:

(a)

the senior management of the institution takes appropriate corrective actions where weaknesses of the internal risk-measurement model or the internal default risk model are identified by any of the following:

(i)

the risk control unit;

(ii)

the qualified parties tasked with the validation of the internal model (‘validation function’);

(iii)

the internal audit function;

(iv)

any other control function of the institution;

(b)

the senior management of the institution is informed of, and follows up on, the recommendations made by the internal audit, the risk control unit, the validation function, in relation to the internal risk-measurement model or the internal default risk model;

(c)

the senior management of the institution is able to ensure the overall quality of the institution’s governance of the valuation of positions included in the internal risk-measurement model or the internal default risk model.

4.   For the purposes of paragraph 1, first subparagraph, point (e), competent authorities shall verify whether the management body:

(a)

on the basis of a proposal from the risk control unit, approves all relevant policies and procedures related to the implementation of the internal model, including the appropriate organisational structure, to ensure that the internal model is implemented with integrity;

(b)

on the basis of a proposal from the risk control unit and after due consideration of the conclusions and recommendations resulting from the validation process, approves the methodologies for assessing market risk applied in the internal model;

(c)

on the basis of an assessment from the risk control unit and after due consideration of the conclusions and recommendations resulting from the validation process, approves any new products;

(d)

on the basis of a proposal from the risk control unit, approves and updates the internal position limits;

(e)

on the basis of a proposal from the risk control unit laying down and assessing the acceptable level of risk, approves the acceptable level of risk, the internal capital allocation and the budget by trading desk;

(f)

adopts the approval procedure for breaches of internal position limits;

(g)

approves or requires corrective actions in relation to breaches of the internal position limits escalated by the risk control unit in accordance with Article 16(1), point (b);

(h)

on the basis of a proposal from the risk control unit:

(i)

approves the stress testing programme;

(ii)

discusses the results of the stress tests;

(iii)

assesses potential action, and where necessary, takes corrective actions.