DNB assesses the management of operational risks based on the following aspects of the risk management process:
- development of a risk strategy including risk appetite for operational risks as part of the institution's overall risk appetite;
- assignment of responsibilities for operational risk management;
- drawing up and implementation of a policy framework and setting limits for operational risks;
- identification and estimation of operational risks;
- monitoring and reporting of operational risks, including external reporting; and
- management and mitigation of operational risks.
Furthermore, DNB pays specific attention to risk culture, procedures for the approval of new products, IT, outsourcing and business continuity. The figure below illustrates all these aspects.
DNB has prepared detailed management measures for each aspect and included them in an assessment framework. This framework is named Reference framework ORM 2015 and is available for download under "Related downloads". The "IT", "Outsourcing" and "Business Continuity Management" aspects are still under construction.
A bank can also use the assessment framework as a self-assessment. It may help identify any potential shortcomings and prioritise improvement measures. The ultimate objective is that all aspects of operational risk management function in a structured manner and demonstrably adequately in practice, with due regard for the proportionality principle.
Relevant regulations and directives
DNB assesses operational risks on the basis of Section 3:17 of the Financial Supervision Act (Wet op het financieel toezicht – Wft). The aspects relevant to operational risk management include management of business processes and risks, integrity and the solidity of the institution.
Below you will find a list of the most relevant national and international regulations and directives for banks.
- National legal framework
- Financial Supervision Act, artikel 3:17
- Decree on Prudential Rules for Financial Undertakings - Besluit Prudentiële Regels
- International legal framework