Article 8 | Delegated Regulation 2024/1085

Article 8 - Assessment of the internal governance and oversight of the institution in relation to the risk control unit

Article 8

Assessment of the internal governance and oversight of the institution in relation to the risk control unit

1. When assessing the internal governance and oversight of the institution in relation to the risk control unit referred to in Article 325bi(1), point (b), of Regulation (EU) No 575/2013, competent authorities shall verify whether that risk control unit:

(a)	is completely separate and independent from the personnel and the management functions responsible for the trading business areas;

(b)

is duly represented in the institution’s decision-making bodies and is involved in the decision-making process where any of the following issues are on the agenda:

(i)	the approval of new methodologies for assessing market risk and of any changes to existing methodologies;

(ii)	the approval of the establishment of a trading desk;

(iii)

the approval or update of reports and inventories within the remit of the risk control unit;

(iv)	the setting of the acceptable level of risk;

(v)	the setting and regular update of the internal limit structure;

(vi)	the approval of limit breaches;

(vii)

the approval of new products or new business lines;

(viii)

the approval of pricing models used for risk purposes;

(ix)	the approval of stress testing programmes;

(x)	the approval of IT infrastructure systems related to risk management tools;

(c)	is adequate, is proportionate to the size of the institution and the risks of the business, and has the resources necessary to perform its tasks effectively;

(d)	has sufficiently experienced, qualified and trained staff to undertake all relevant activities for the effective risk management of the internal model and for monitoring and challenging the actions of other units, in particular of the trading business units;

(e)	is responsible for the outcome of the calculations based on the internal-risk measurement model and the internal default risk model.

2. For the purposes of paragraph 1, point (a), competent authorities shall verify whether:

(a)	the risk control unit is composed of one or more separate organisational structures in the institution’s organisational chart;

(b)	the heads of the risk control unit or units are senior managers of the institution;

(c)	the staff and the senior management responsible for the risk control unit are not responsible for any trading business activities;

(d)	senior managers of the risk control unit and those responsible for business areas have different reporting lines to the management body of the institution;

(e)	the variable remuneration of the staff and senior management responsible for the risk control unit is not linked to the performance of the tasks related to trading business areas under their supervision in a way that hinders or impedes their independence.

3. For the purposes of paragraph 1, point (b), competent authorities shall take into account:

(a)	the documented view of the risk control unit when either the management body or the relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b);

(b)	the minutes of the institution’s management body or relevant committee of the internal committee structure, and the action points reflected therein;

(c)	the reports of the risk control unit about internal position limits, and any decisions regarding limit breaches;

(d)	information provided by the staff and senior management of the institution, where appropriate.

For the purposes of point (b), competent authorities shall assess the degree of involvement of the risk control unit when the institution’s management body or relevant committee of the internal committee structure discuss any of the issues referred to in paragraph 1, point (b). Competent authorities shall identify cases where the view of the risk control unit and the final decision taken by either the management body or the relevant committee of the internal committee structure diverge.

CHAPTER 1 - GENERAL PROVISIONS (Article 1-4)

CHAPTER 2 - ASSESSMENT OF QUALITATIVE REQUIREMENTS (Article 5-21)Article 5 - Overview of the assessment of qualitative requirements Article 6 - Assessment of the adequacy of the composition and role of the management body and senior management Article 7 - Assessment of whether trading desks comply with Article 104b of Regulation (EU) No 575/2013 Article 8 - Assessment of the internal governance and oversight of the institution in relation to the risk control unit Article 9 - Assessment of the new product policy Article 10 - Independent review of the internal risk-measurement model Article 11 - Assessment of the validation of any internal risk measurement models, and of the outcome of such validation Article 12 - Assessment of the adequacy of the scope and completeness of the internal validation Article 13 - Assessment of the adequacy of reporting Article 14 - Assessment of adequacy of trading limits Article 15 - Assessment of the adequacy of the process to update trading limits Article 16 - Assessment of the adequacy of the process relating to trading limit breaches Article 17 - Assessment of the adequacy of the stress testing programme Article 18 - Assessment of the adequacy of the reverse and ad-hoc stress testing scenarios Article 19 - Assessment of the internal risk-measurement model in relation to the robustness of the IT systems Article 20 - Assessment of reasonable accuracy of the internal risk-measurement model, including pricing model Article 21 - Assessment of the internal risk-measurement model in relation to additional back-testing programmes

CHAPTER 3 - ASSESSMENT OF THE INTERNAL RISK-MEASUREMENT MODEL USED TO COMPUTE THE EXPECTED SHORTFALL RISK MEASURE AND THE STRESS SCENARIO RISK MEASURE (Article 22-44)

CHAPTER 4 - ASSESSMENT OF THE INTERNAL DEFAULT RISK MODEL USED TO COMPUTE THE ADDITIONAL OWN FUNDS REQUIREMENT FOR DEFAULT RISK (Article 45-52)

CHAPTER 5 - FINAL PROVISIONS (Article 53)

Metadata

Related documents

Article 8 - Assessment of the internal governance and oversight of the institution in relation to the risk control unit

Table of contents