Operational Risk impacts all Authorised Firms. Where a Firm employs staff or engages in financial services activities, it exposes itself to risk from people, processes, systems/business technologies, and external events. The level of risk will vary from Firm to Firm and is a function of the nature, scale, and complexity of each Authorised Firm’s business activities.
Technological innovations bring the promise of efficient back office operations and reduced Operational Risk such as human process errors, but also present the risk of systems disruptions and errors due to change management failures, system integration and update errors, or cyber incidents. Effective management of these emerging risks can require new risk management methods, resources, and skills. In turn, these demands can challenge Firms’ ability to identify and control risk and remain resilient in an ever evolving and advancing financial services environment.
In recognition of the impact of innovation on Operational Risk, the DFSA has dedicated resources to the supervision of Operational Risk within Authorised Firms.
We direct our Operational Risk Supervision activities at all DFSA Authorised Firms, Registered Auditors, Credit Rating Agencies and Authorised Market Institutions.
The DFSA expects Authorised Firms to understand their Operational Risk exposures and take necessary steps to effectively mitigate the risks. The DFSA does not require Authorised Firms to follow any particular Operational Risk framework. However, Authorised Firms are expected to establish an appropriate and effective Operational Risk management framework to identify, assess, monitor, report and control or mitigate Operational Risk. The framework should be consistent with the Firm’s risk appetite and the nature, scale, and complexity of the Firm’s business activities.
The Firm’s framework is expected to be approved and subjected to regular review by the Firm’s Board of Directors. The Board is expected to ensure the framework is implemented by management and effectively embedded across the Firm’s Operational Risk management processes. Finally, the framework should support a top down and bottom up approach to risk identification.
We will assess a Firm’s overall Operational Risk framework against 11 principles. The 11 principles are adopted from the Basel Committee on Banking Supervision’s Principles for the Sound Management of Operational Risk. Though prepared by the Basel Committee, the principles are applicable to all types of financial institutions. A summary of the principles is as follows:
For better web experience, please use the website in portrait mode