Have formal written programs of operational risk and loss control including risk assessment and control matrices been developed for all operational and staff areas ?
If yes 1, do these programs include:
*
Proprietary and confidential data ?
*
Physical security of the bank's premises ?
*
Branch fraud prevention and awareness ?
*
Credit card, ATM, trading, and payment systems fraud ?
*
Software piracy and patent / copyright infringement ?
*
Information Systems Security ?
*
Product and service quality assurance ?
*
A dherence to customer contractual obligations ?
*
Compliance with regulatory and statutory requirements within Saudi Arabia ?
*
Others as applicable ?
2.
Does the Operational Risk Management function provide central direction and coordination for operational risk management and loss control and risk financing programs within the institution ? Does its scope include:
*
Timely reporting of losses to senior management, SAMA, insurance carriers, and law enforcement (when appropriate) ?
*
Complete investigation of losses in conjunction with internal audit, bank's security department, insurance carriers and law enforcement (when appropriate) ?
*
Written claims handling procedures for line and staff personnel as well as both in-house claims personnel and external claims handling services ?
*
Review of claims files and investigative procedures ?
*
Coordination of claims and periodic qualitative evaluation of the overall claims handling process ?
*
Follow-up on all open claims and periodic qualitative evaluation of the overall claims handling process?
3.
Has the institution developed penalty/reward systems ? Do these systems include:
*
Regular scheduled comparative evaluation of loss records of various units.
*
Monetary and non-monetary incentives
4.
Has a formal program of operational risk control training been established which emphasizes responsibility and accountability for the control of operational losses ?
