Governance (paras. 24-33)
[See also BCBS, Principles for enhancing corporate governance, October 2010.]
Board of directors
Principle 3: The board of directors should approve and periodically review the operational risk management framework, and ensure that senior management implements the policies, processes and systems of the operational risk management framework effectively at all decision levels.
24. The board of directors should:
a) establish a risk management culture and ensure that the bank has adequate processes for understanding the nature and scope of the operational risk inherent in the bank's current and planned strategies and activities;
b) ensure that the operational risk management processes are subject to comprehensive and dynamic oversight and are fully integrated into, or coordinated with, the overall framework for managing all risks across the enterprise;
c) provide senior management with clear guidance regarding the principles underlying the ORMF, and approve the corresponding policies developed by senior management to align with these principles;
d) regularly review and evaluate the effectiveness of, and approve the ORMF to ensure the bank has identified and is managing the operational risk arising from external market changes and other environmental factors, as well as those operational risks associated with new products, activities, processes or systems, including changes in risk profiles and priorities (eg changing business volumes);