2.10. Risk Management and Control
Effective from Sep 24 2019 - Dec 31 2019
To view other versions open the versions tab on the right
| 32. | A FBB is required to have effective processes to identify, classify, manage, monitor and report all the risks it is or might be exposed to. | |
| 33. | A FBB should establish, implement and maintain adequate risk management policies and procedures, including effective procedures for risk assessment, which identify all the risks relating to the FBB’s activities, processes and systems, and where appropriate, set its risk appetite or the level of risk tolerated by the FBB. | |
| 34. | A FBB should adopt effective arrangements, processes and mechanisms to identify and manage the risk relating to its activities, processes and systems, in the light of that level of risk tolerance. | |
| 35. | A FBB’s senior management should approve and periodically review the strategies and policies for taking up, managing, monitoring and mitigating the risks the FBB is or might be exposed to. | |
| 36. | A FBB should, as a minimum, monitor the following: | |
| i. | The adequacy and effectiveness of its risk management function, policies and procedures; | |
| ii. | The level of compliance by the FBB and its staff with the risk control arrangements, processes and mechanisms; and | |
| iii. | The adequacy and effectiveness of measures taken to address any deficiencies in those policies, procedures, arrangements, processes and mechanisms, including failures by the relevant persons to comply with such arrangements, processes and mechanisms or follow such policies and procedures. | |
| 37. | A FBB is expected to, where appropriate and proportionate in view of the nature, scale and complexity of its business and the nature and range of activities, establish and maintain a risk management function that operates independently and carries out the following tasks: | |
| i. | Implementation of risk management policies and procedures; and | |
| ii. | Provision of risk management reports and advice to its senior management. | |
| 38. | Where a FBB does not maintain a local risk management function, it should nevertheless be able to demonstrate that the risk management policies and procedures which it has adopted are robust and are consistently effective. | |
| 39. | SAMA requires that the risk control arrangements of an FBB that has significant retail activities or is a systemically important wholesale FBB, to include: | |
| i. | The appointment of a branch Head of Risk Management; and | |
| ii. | The Establishment of a branch risk management oversight team whose role includes giving risk oversight under an effective risk management structure and framework. | |