sg-crest A Singapore Government Agency Website

Guidelines
 Published Date: 01 March 2013

​Guidelines on Risk Management Practices – Operational Risk

Guidelines for a financial institution’s operational risk management framework, including business continuity and outsourcing.
Applies to: Full Bank (Locally Incorporated) , Full Bank (Branch) , Wholesale Bank (Branch) , Wholesale Bank (Locally Incorporated) , Merchant Bank (Locally Incorporated) , Merchant Bank (Branch) , Dealing in Capital Market Products , Product Financing , Licensed Fund Management Company , Corporate Finance Advisory , REIT Management , Registered Fund Management Company , Credit Rating Agency , Securities Crowdfunding , Venture Capital Fund Management Company , Exempt Futures Broker , Exempt OTC Derivatives Broker , Providing Custodial Services , Exempt Corporate Finance Adviser Serving Accredited Investors , Approved CIS Trustee , Exempt Trust Company , Licensed Trust Company , Exempt Person Providing Trust Services

These guidelines set out the key elements expected of an institution’s operational risk management framework and include guidelines on business continuity and outsourcing.

The guidelines are not intended to be exhaustive. Institutions should also take into account applicable industry standards such as the Basel Committee on Bank Supervision’s “Principles for the Sound Management of Operational Risk” (June 2011) where appropriate.

Operational Risk Framework and Systems

An institution should establish sound and appropriate operational risk management strategies, policies and processes to identify, measure assess, monitor, report and control or mitigate operational risk. These operational risk management strategies, policies and processes should be consistent with the institution’s risk profile, risk appetite and capital strength, and take into account market and macroeconomic conditions, and address all relevant aspects of operational risk prevalent in the businesses of the institution on an institution-wide basis.

The institution’s strategies, policies and processes for the management of operational risks should be approved and subjected to regular review by the institution’s Board. The Board is responsible for ensuring that these policies and processes are implemented effectively by management and fully integrated into the institution’s overall risk management process.

Management Information Systems

The institution should establish appropriate and effective information systems to:

(a) monitor operational risk;

(b) compile and analyse operational risk data; and

(c) facilitate appropriate reporting mechanisms at the institution’s Board, senior management, and business line levels that support proactive management of operational risk.

Reporting Mechanism

The institution should establish an appropriate reporting mechanism to notify MAS of significant operational risk developments.

Business Continuity

Business Continuity Management (BCM) is a holistic management process that focuses on the effective recovery and rapid resumption of critical business functions and restoration of information technology infrastructure following operational disruptions. A proactive and robust BCM framework enables the institution to improve its readiness to respond to and recover from crises. Effective implementation of sound BCM strategies can minimise the impact from operational disruptions and enable the institution to fulfil its business obligations during crises.

Resources:

Outsourcing

While outsourcing can bring about cost and other benefits, it may increase the risk profile of an institution.

These guidelines on outsourcing set out MAS’ expectations on an institution that has entered into outsourcing or is planning to outsource its business activities to a business provider.

Resources: