Skip to main content
Version status: Amended | Document consolidation status: Updated to reflect all known changes
Version date: 9 December 2011 - onwards
Version 3 of 3

Article 9 Internal control mechanisms and risk management processes

1. The Member States shall require regulated entities to have, in place at the level of the financial conglomerate, adequate risk management processes and internal control mechanisms, including sound administrative and accounting procedures.

2. The risk management processes shall include:

(a) sound governance and management with the approval and periodical review of the strategies and policies by the appropriate governing bodies at the level of the financial conglomerate with respect to all the risks they assume;

(b) adequate capital adequacy policies in order to anticipate the impact of their business strategy on risk profile and capital requirements as determined in accordance with Article 6 and Annex I;

(c) adequate procedures to ensure that their risk monitoring systems are well integrated into their organisation and that all measures are taken to ensure that the systems implemented in all the undertakings included in the scope of supplementary supervision are consistent so that the risks can be measured, monitored and controlled at the level of the financial conglomerate.

(d) arrangements in place to contribute to and develop, if required, adequate recovery and resolution arrangements and plans. Such arrangements shall be updated regularly.