Updated 24/12/2024
In force

Initial Legal Act
Amendments
Search within this legal act

Article 8 - Assessment of the internal governance and oversight of the institution in relation to the risk control unit

Article 8

Assessment of the internal governance and oversight of the institution in relation to the risk control unit

1.   When assessing the internal governance and oversight of the institution in relation to the risk control unit referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether that risk control unit:

(a)

is completely separate and independent from the personnel and the management functions responsible for the trading business areas;

(b)

is duly represented in the institution’s decision-making bodies and is involved in the decision-making process where any of the following issues are on the agenda:

(i)

the approval of new methodologies for assessing market risk and of any changes to existing methodologies;

(ii)

the approval of the establishment of a trading desk;

(iii)

the approval or update of reports and inventories within the remit of the risk control unit;

(iv)

the setting of the acceptable level of risk;

(v)

the setting and regular update of the internal limit structure;

(vi)

the approval of limit breaches;

(vii)

the approval of new products or new business lines;

(viii)

the approval of pricing models used for risk purposes;

(ix)

the approval of stress testing programmes;

(x)

the approval of IT infrastructure systems related to risk management tools;

(c)

is adequate, is proportionate to the size of the institution and the risks of the business, and has the resources necessary to perform its tasks effectively;

(d)

has sufficiently experienced, qualified and trained staff to undertake all relevant activities for the effective risk management of the internal model and for monitoring and challenging the actions of other units, in particular of the trading business units;

(e)

is responsible for the outcome of the calculations based on the internal-risk measurement model and the internal default risk model.

2.   For the purposes of paragraph 1, point (a), competent authorities shall verify whether:

(a)

the risk control unit is composed of one or more separate organisational structures in the institution’s organisational chart;

(b)

the heads of the risk control unit or units are senior managers of the institution;

(c)

the staff and the senior management responsible for the risk control unit are not responsible for any trading business activities;

(d)

senior managers of the risk control unit and those responsible for business areas have different reporting lines to the management body of the institution;

(e)

the variable remuneration of the staff and senior management responsible for the risk control unit is not linked to the performance of the tasks related to trading business areas under their supervision in a way that hinders or impedes their independence.

3.   For the purposes of paragraph 1, point (b), competent authorities shall take into account:

(a)

the documented view of the risk control unit when either the management body or the relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b);

(b)

the minutes of the institution’s management body or relevant committee of the internal committee structure, and the action points reflected therein;

(c)

the reports of the risk control unit about internal position limits, and any decisions regarding limit breaches;

(d)

information provided by the staff and senior management of the institution, where appropriate.

For the purposes of point (b), competent authorities shall assess the degree of involvement of the risk control unit when the institution’s management body or relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b). Competent authorities shall identify cases where the view of the risk control unit and the final decision taken by either the management body or the relevant committee of the internal committee structure diverge.