Requirements for the risk management system
An institution shall comply with the following requirements:
it shall meet the qualitative requirements set out in Part Three, Title IV, Chapter 5;
it shall conduct a regular programme of back-testing, comparing the risk measures generated by the model with realised risk measures, and hypothetical changes based on static positions with realised measures;
the management body and senior management shall be involved in the risk control process and shall ensure that adequate resources are devoted to credit and counterparty credit risk control. In this regard, the daily reports prepared by the independent risk control unit established in accordance Article 287(1)(a) shall be reviewed by a level of management with sufficient seniority and authority to enforce both reductions of positions taken by individual traders and reductions in the overall risk exposure of the institution;
the risk measurement system shall be used in conjunction with internal trading and exposure limits. In this regard, exposure limits shall be related to the institution's risk measurement model in a manner that is consistent over time and that is well understood by traders, the credit function and senior management;
an independent review of the risk measurement system shall be carried out regularly in the institution's own internal auditing process. This review shall include both the activities of the business trading units and of the independent risk control unit. A review of the overall risk management process shall take place at regular intervals (and no less than once a year) and shall specifically address, as a minimum, all items referred to in Article 288;
the on-going validation of counterparty credit risk models, including back-testing, shall be reviewed periodically by a level of management with sufficient authority to decide the action that will be taken to address weaknesses in the models.