03 G3 Annexure B - OR Self Assessment Template
03 G3 Annexure B - OR Self Assessment Template
03 G3 Annexure B - OR Self Assessment Template
The applicant bank is required to complete a self-assessment as outlined in this paper, according to the following criteria:
Compliant All “essential” criteria are met without any significant deficiencies in all operations
Largely compliant Minor shortcomings, but not sufficient enough to raise doubts about the institution’s ability to achieve the objective
Materially non-compliant Shortcoming is sufficient to raise doubts about the institution’s ability to achieve compliance
* Rating Rationale - Provides justification, explanation, meaning and context and plays an important part in understanding the reasons or principles employed in arriving at the 'Criteria Rating' assigned. Detailed
explanations are therefore required in terms of what the bank does in practice. Examples can also be included. Moreover, be reminded that evidence should be collected and maintained.
^ Action Plans - It is recommended that SMART (Specific, Measurable, Attainable, Realistic, Timely) principles are applied when setting action plans. Detailed explanations are therefore required in terms of the steps /
actions the bank will be taking to attain the 'Compliant' 'Criteria Rating' status. If 'Compliant' has been selected, then the column can be left blank and / or details can be provided in terms of any maintenance or
enhancements planned.
A. OPERATIONAL RISK GOVERNANCE
Assessment
Area of Assessment Reference # Criteria Information Request Rating Rationale Action Plans
Rating
Board of Directors
1. Board of Director approvals Reg 33 1.1 The board of directors are actively involved (a) Frequency of Board review of firm-wide
(8)(b)(i)(A) in the oversight of the operational risk framework to operational risk management.
management framework.
2. Operational risk strategy Reg 33 2.1 The bank has an operational risk None
(8)(b)(i)(B) management system that is conceptually
sound and is implemented with integrity.
3. Role of senior management Reg 33 3.1 Senior management is actively involved in None
(8)(b)(i)(A) the oversight of the operational risk
management framework.
8.2 The bank has procedures for taking (a) Describe how the bank uses the
appropriate action according to the information within operational risk
information within the management reports. management reports.
Reg 33 2.7 The mapping process is clearly documented. (a) Identify documentation for mapping
(8)(d)(iv) More specifically, business line definitions process and assess its allowance for
are sufficiently documented to allow for business line mapping replication.
business line mapping replication.
2.8 Documentation clearly motivate any (a) Identify how documentation addresses
exceptions or overrides and be kept on exceptions and overrides.
record.
Reg 33 2.9 Processes are in place to define the mapping (a) Identify processes in place to define the
(8)(d)(v) of any new activities or products. mapping of any new activities or products.
Reg 33 2.10 Senior management is responsible for the (a) Identify who is responsible for the
(8)(d)(i) mapping policy. mapping policy.
(b) Identify the format in which the mapping
policy has been presented and approved by
the Board
Reg 33 2.11 The mapping process to business lines is (a) Identify if the mapping process has been
(8)(d)(vi) subject to independent review. subject to independent review (and by
whom). If independent review has not taken
place, identify future plans to do so.
2.2 There are procedures for taking appropriate (a) Describe how the operational risk
action according to the information within the exposure reports are used to respond to
management reports. operational risk and the management of the
risk.
1. AMA Model Reg 33 1.1 The bank's AMA model captures potentially (a) Provide a description of assumptions and
(9)(d)(iii)(B) severe tail loss estimates. inputs used to construct the model.
1.2 The bank's AMA model is comparable to a None
one year holding period and a 99.9
percentile confidence interval.
Reg 33 1.3 The bank is calculating the operational risk None
(9)(e)(i) regulatory capital requirement as the sum of
expected loss and unexpected loss.
1.4 The bank is adequately capturing EL in its (a) Provide the bank's documentation on
internal business practices. how operational risk EL is measured and
accounted for.
Reg 33 1.5 The bank's AMA model captures the major None
(9)(d)(iii)(B) drivers of the operational risk affecting the
shape of the tail loss estimates.
2. Correlation Reg 33 2.1 Internally determined correlations are used (a) Provide details on how correlation is
(9)(d)(ii) in operational risk modelling. The bank can integrated into the model and the rationale
demonstrate that its systems for determining for its use in calculating the capital
correlations are sound and implemented with requirement.
integrity and take into account the (b) For internally determined correlations,
uncertainty surrounding any such correlation identify the assumptions used and discuss
estimates (particularly in periods of stress). the methods used for estimating correlation.
Reg 33 2.2 The bank validates its correlation (a) Identify how the bank is validating its
(9)(e)(ii)(B) assumptions using appropriate quantitative correlation assumptions.
and qualitative techniques.
3. Four fundamental elements: Reg 33 3.1 Key elements of the bank's operational risk (a) Provide a brief summary of how these 4
- Internal data (9)(d)(iii)(B)(vii) measurement system include the use of elements are used in the operational risk
- External data internal data, relevant external data, scenario measurement system.
- Scenario analysis analysis and factors reflecting the business
- Business environment and environment and internal control system.
internal controls
Reg 33 3.2 Weighting of the 4 fundamental elements is (a) Provide documentation and rationale for
(9)(d)(iii)(A) credible, transparent, well-documented and the approach taken in weighting of each
and (B)(vi) verifiable approach. fundamental element.
3.3 The approach for weighting the 4 None
fundamental elements is internally
consistent.
3.4 Double counting of qualitative assessments None
or risk mitigants already recognised in other
elements of the framework is avoided in the
approach for weighting the 4 fundamental
elements.
4. Internal Data Reg 33 4.1 The bank has documented procedures for (a) Provide the documented procedures.
(9)(d)(v)(C) assessing the historical internal loss data for
its relevance and use in the operational risk
measurement system.
Reg 33 4.2 The bank is using at least 3 years of None
(9)(d)(v)(D) historical internal loss data if internal loss
data is being used to either build or validate
the operational risk measurement system.
Reg 33 4.3 The bank has documented its criteria for (a) Provide the documented criteria.
(9)(d)(v)(B) mapping historical internal loss data to Basel
business lines and event types.
4.4 The internal loss data is comprehensive and (a) Provide rationale for excluding loss
captures appropriate sub-systems and activities and exposures, if any, from the loss
geographic locations. collection process.
4.5 The bank has an appropriate gross loss None
threshold for internal loss data collection.
4.6 The bank has specific criteria for allocating (a) Provide the specific criteria.
operational losses that span across business
lines or occur in a centralized function.
4.7 All material operational losses related to the (a) Identify the bank's approach to collecting
definition of operational risk are identified in operational losses related to credit and
the loss data collection. market risk.