Escolar Documentos
Profissional Documentos
Cultura Documentos
INSTITUTION:
DATE:
The Basel II Operational Risk Self-Assessment Template for Financial Institutions Document map
1
2
3
4
5
6
7
SP
SG
CAR
CG I-Note
DM I-Note
RCap I-Note
SSG
Basel Committee on Banking Supervision. Principles for the Sound Management of Operational Risk. June 2011.
Basel Committee on Banking Supervision. Operational Risk - Supervisory Guidelines for Advanced Measurement Approaches. June 2011.
Office of the Superintendent of Financial Institutions Canada. Guideline. Capital Adequacy Requirements. January 2012.
Office of the Superintendent of Financial Institutions Canada. Implementation Note. Corporate Governance at TSA & AMA Institutions. May 2006.
Office of the Superintendent of Financial Institutions Canada. Implementation Note. Data Maintenance at TSA & AMA Institutions. May 2006.
Office of the Superintendent of Financial Institutions Canada. Implementation Note. Approval of Regulatory Capital models for Deposit-Taking Institutions. December 2009.
Senior Supervisors Group. Observations on Developments in Risk Appetite Frameworks and IT Infrastructure. December 2010.
Column Heading
Definition
Compliance Rating
N/A
Full Compliance
Substantial Compliance
Partial Compliance
Non-Compliance
Expected date to achieve full compliance status or date full compliance was attained
Internal Audit (Audit Status) refers to the independent audit assessment of the FRFIs
responses to OSFI criteria.
N/A
Audit Work Completed
Audit Work in Progress
No Audit Work Planned
Validation
The validation responses reflect the status of work done by the institutions independent
validation function to establish whether the AMA model is sound or whether improvements
are required. Validation should encompass both quantitative and qualitative elements, and
assess the appropriateness of the risk management processes to ensure that the
framework remains fit for purpose.
N/A
Validation Work Completed
Validation Work in Progress
No Validation Work Planned
Reference
Criteria
Compliance Rating
CAR (664)
CAR (644)
SP (25)
SP (26)
SP (27b)
SP (27c)
SP (27d)
SP (27e)
SP (27f)
SP (27g)
Page 6 of 87
Validation
Reference
SP (27h)
Criteria
Compliance Rating
Page 7 of 87
Validation
Reference
Criteria
SP (25)
SP (27a)
SP (25)
Compliance Rating
Page 8 of 87
Validation
Reference
SP (40)
Criteria
Compliance Rating
DM I-Note
Section II
Principle 2
Data Collection
2.01 Data collection establishes clear and
comprehensive documentation for data
definition, collection and aggregation,
including data mapping to CAR business
lines, data schematics where necessary, and
other identifiers, if any
2.02 Data collection establishes standards for
data accuracy, completeness, timeliness and
reliability
2.03 Data collection identifies and documents
gaps and, where applicable, documents the
manual or automated workarounds used to
close data gaps and meet data requirements
2.04 Data collection establishes standards,
policies and procedures around the
cleansing of data through reconciliation, field
validation, reformatting, decomposing or use
of consistent standards, as appropriate
2.05 Data collection establishes procedures for
identifying and reporting on data errors and
data linkage breaks to source, downstream
and/or external systems
2.06 An independent challenge is in place to
ensure accuracy, completeness, timeliness
and reliability of the internal operational risk
event collected. Specifically processes in
place to confirm that data is comprehensive,
accurate, timely, etc.
DM I-Note
Section II
Principle 3
Data Processing
2.07 Data processing limits reliance on
workarounds and manual data manipulation
in order to mitigate the operational risk
related to human error and dilution of data
integrity
Page 9 of 87
Validation
B. Identification and
Area of Assessment
DM I-Note
Section II
Assessment
Principle 3
Reference
Criteria
Compliance Rating
DM I-Note
Section II
Principle 4
Data Access/Retrieval
3.01 Data repositories and underlying extract,
query and retrieval routines are designed and
built to support the institutions own data
requirements as well as ongoing needs for
supervisory assessments of various data as
appropriate
3.02 Access controls and data/information
distribution are based on user roles/
responsibilities and industry sound practices
in the context of effective segregation of
duties, and is in conformance with the need
to know principle, which is assessed by the
institutions internal compliance and audit
functions for overall effectiveness of the
internal controls designed to ensure this
conformance and compliance
DM I-Note
Section II
Principle 5
Data Storage/Retention
3.04 The institution has established documented
policies and procedures addressing storage,
retention and archiving, including, where
applicable, the procedures for
logical/physical deletion of data and
destruction of data storage media and
peripherals
3.05 The institution maintains back-ups of relevant
data files, data stores and databases in a
manner that can allow for data/information to
be readily available
Page 10 of 87
Validation
DM I-Note
Section II
Principle 5
Reference
Criteria
Compliance Rating
DM I-Note
Section III
Principle 3
SG (67)
CAR (663b)
DM I-Note
Section III
Principle 2
Page 11 of 87
Validation
Reference
SG (30a)
Criteria
Compliance Rating
Page 12 of 87
Validation
Reference
DM I Note Section III,
Principle 2
Criteria
Compliance Rating
CAR (676)
CAR (676)
CAR (663)
Page 13 of 87
Validation
Reference
SP (38)
Criteria
Compliance Rating
SP (38)
SP (39c)
SP (39d)
SP (39g)
SP (39h)
Page 14 of 87
Validation
Reference
Criteria
Compliance Rating
CAR Annex
8(b)
CAR Annex
8(c)
CAR Annex
8(e)
CAR Annex
8(f)
CAR Annex
8(g)
CAR Annex
8(h)
CAR Annex
8(i)
Page 15 of 87
Validation
Reference
Criteria
Compliance Rating
SP (39f)
Page 16 of 87
Validation
Reference
Criteria
Compliance Rating
CAR (666d)
SP (47)
10.03
SP (48)
Page 17 of 87
Validation
Reference
Criteria
SP (48a)
SP (48b)
SP (48c)
SP (48d)
SP (48e)
CAR (664)
SP (49)
SP (50)
SP (50a)
SP (50b)
SP (50c)
SP (50d)
SP (50e)
SP (50f)
SP (50g)
Compliance Rating
Mitigation
Page 18 of 87
Validation
Reference
Criteria
SP (52)
SP (52a)
SP (52b)
SP (52c)
SP (52d)
SP (52e)
Compliance Rating
Outsourcing
11.01 The FRFI has established policies for
managing the risks associated with
outsourcing activities aligned with OSFI - B10
Guidelines
11.02 The board of directors and senior
management understand the operational
risks associated with outsourcing
arrangements and ensuring that effective risk
management policies and practices are in
place to manage the risk in outsourcing
activities
SP (54a)
SP (54b)
SP (54c)
SP (54d)
Page 19 of 87
Validation
Reference
Criteria
SP (54e)
SP (54f)
SP (54g)
SP (55)
SP (56)
SP (58)
Compliance Rating
Page 20 of 87
Validation
Reference
SP (59)
Criteria
Compliance Rating
Page 21 of 87
Validation
Reference
1. Change
Management and
Approvals for New
Initiatives
SP Principle 7
(42)
Criteria
Compliance Rating
SP Principle 7
(42)
Approval Process
1.06 An approval process is tiered based on
financial or business impact, and risk
1.07 Approval process has considered all inherent
operational risk categories and includes an
assessment of existing and required controls
1.08 An assessment of the resulting change of an
FRFIs organizations risk profile is completed
1.09 Corporate Operational Risk Management
monitors the new product and approval
process identifying any material differences
to the operational risk profile and unexpected
risks
SP (41)
SP (42)
SP (42a)
Page 22 of 87
Validation
Reference
Criteria
SP (42b)
SP (42c)
SP (42d)
SP (42e)
SP (42f)
SP (42)
SP (42)
Compliance Rating
Page 23 of 87
Validation
Reference
Criteria
Compliance Rating
SP (31)
Page 24 of 87
Validation
Reference
(Corporate Operational Risk Management & Operational Risk Management terms are synonymous)
Criteria
Compliance Rating
CAR (666a) /
(SP) 15
1.03
(SP) 15
(SP) 35
CG I-Note
(3.2)
CG I-Note
(3.3)
CG I-Note
(3.4)
CG I-Note
(3.5)
Page 25 of 87
Validation
Reference
(Corporate Operational Risk Management & Operational Risk Management terms are synonymous)
Criteria
CG I-Note
(3.6)
CG I-Note
(3.7)
CG I-Note
(3.8)
CAR (664) / SP
15
Compliance Rating
Page 26 of 87
Validation
Reference
Criteria
Compliance Rating
SP (46)
SP (44)
SP (45a)
SP (45b) /
CG I-Note
(4.2)
SP (45c)
CG I-Note
(4.1)
Page 27 of 87
Validation
Reference
CG I-Note
(4.3)
Criteria
Compliance Rating
SP (44)
2. Disclosure
SP (60)
SP (61)
Public Disclosure
2.01 The FRFI publicly discloses relevant
operational risk management information
2.02 The FRFI discloses its operational risk
management framework in a manner that
allows investors and counterparties to
determine whether the FRFI identifies,
assesses, monitors and controls/mitigates
operational risk effectively.
Page 28 of 87
Validation
G. Oversight Functions
Area of Assessment
Reference
1. Board Oversight
CAR (664) / SP
(21)
Criteria
Compliance Rating
SP (22)
SP (24)
SP (28a)
SP (28b)
SP (28c)
Page 29 of 87
Validation
G. Oversight Functions
Area of Assessment
Reference
Criteria
SP (28d)
SP (28e)
CG I-Note
(1.1)
SP (30) /
CG I-Note (1.2)
SP (30)
CG I-Note
(1.7)
CG I-Note
(1.3)
CG I-Note
(1.6)
Compliance Rating
2. Senior
Management
Oversight
SP (P5)
CAR (664)
Page 30 of 87
Validation
2. Senior
Management
Oversight
G. Oversight Functions
Area of Assessment
Reference
Criteria
SP (23)
SP (24)
SP (32)
SP (33) /
CG I-Note (2.6)
SP (33) /
CG I-Note (2.4)
SP (33) /
CG I-Note (2.2)
SP (33) /
SP (20) /
CG I-Note (2.5)
SP (36)
SP (53)
Compliance Rating
Validation
G. Oversight Functions
Area of Assessment
Reference
Criteria
CG I-Note
(2.3)
CG I-Note
(2.9)
CG I-Note
(2.10)
CG I-Note
(2.11)
CG I-Note
(2.7)
Compliance Rating
CG I-Note
(2.8)
CG I-Note
(2.12)
Page 32 of 87
Validation
G. Oversight Functions
Area of Assessment
Reference
Criteria
Compliance Rating
3. Operational Risk
Committee and
SP (37a)
Structure
SP (37b)
SP (37c)
4. Oversight: The
Three Lines of
Defence Model
SP (14)
Page 33 of 87
Validation
G. Oversight Functions
Area of Assessment
Reference
Criteria
SP (16)
SP (19)
SG (14)
Compliance Rating
SG (14)
CG I-Note
(5.4)
4.10
CG I-Note
(5.2)
CG I-Note
(5.3)
Page 34 of 87
Validation
G. Oversight Functions
Area of Assessment
Reference
CG I-Note
(5.5)
Criteria
Compliance Rating
Note:
Page 35 of 87
Validation
Reference
1. AMA Model
CAR
Ch. 7 (667)
Criteria
Compliance Rating
SG 160
SG 161
Page 36 of 87
Reference
Criteria
Compliance Rating
SG 162
SG 163
SG 164
SG 165
SG 166
SG 167
Page 37 of 87
H. Advanced Measurement
Approach Methodology
SG 167
Area of Assessment
Reference
Criteria
Compliance Rating
SG 169
SG 170
Distributional Assumptions
1.20 The FRFIs distributional assumptions
underpin most, if not all, operational risk
modelling approaches and are generally
made for both the frequency and severity of
operational risk loss events.
1.21
SG 171
Page 38 of 87
H. Advanced Measurement
Approach Methodology
SG 171
Area of Assessment
Reference
Criteria
Compliance Rating
1.23
SG 172
SG 173
SG 174
SG 175
SG 176
Page 39 of 87
Reference
SG 177
Criteria
Compliance Rating
1.29
1.30
SG 180
Page 40 of 87
SG 180
H. Advanced Measurement
Approach Methodology
Area of Assessment
Reference
Criteria
Compliance Rating
SG 182
SG 183
1.40
SG 184
Page 41 of 87
SG 184
Reference
Criteria
Compliance Rating
SG 186
Page 42 of 87
Reference
SG 188
Criteria
Compliance Rating
SG 189
SG 190
SG 191
Page 43 of 87
Reference
SG 192
Criteria
Compliance Rating
Page 44 of 87
Reference
Criteria
Compliance Rating
SG 197
Page 45 of 87
Reference
SG 200
Criteria
Compliance Rating
SG 202
Page 46 of 87
Reference
SG 203
Criteria
Compliance Rating
SG 204
SG 205
Page 47 of 87
Reference
SG 206
Criteria
Compliance Rating
SG 207
SG 208
SG 211
Page 48 of 87
Reference
Criteria
Compliance Rating
SG 212
SG 213
SG 214
SG 215
SG 216
SG 217
Page 49 of 87
Reference
Criteria
Compliance Rating
SG 218
SG 219
SG 220
SG 221
Page 50 of 87
Reference
Criteria
Compliance Rating
SG 224
SG 228
SG 229
Page 51 of 87
Reference
SG 230
Criteria
Compliance Rating
SG 231
SG 232
SG 233
Page 52 of 87
Reference
Criteria
Compliance Rating
CAR
Ch. 7 (671)
CAR
Ch. 7 (672)
CAR
Ch. 7 (673)
SG 247
Page 53 of 87
SG 247
Reference
Criteria
Compliance Rating
CAR
Ch. 7 (674)
SG 248
SG 249
Page 54 of 87
Reference
SG 250
Criteria
Compliance Rating
5. Scenario Analysis
SG 251
CAR
Ch. 7 (675)
SG 253
SG 254
Page 55 of 87
H. Advanced Measurement
Approach Methodology
SG 254
Area of Assessment
Reference
Criteria
Compliance Rating
Page 56 of 87
Reference
Criteria
Compliance Rating
SG 255
SG 256
6.04
Page 57 of 87
Reference
Criteria
Compliance Rating
Detailed Criteria CAR Ch. 7 (669a), Ch. 7 (669e) & Ch. 7 (669f)
CAR
7.01 Any internal operational risk measurement
Ch. 7 (669a)
system must be consistent with the scope
of operational risk defined by the
Committee in paragraph 644 and the loss
event types defined in Annex 9.
CAR
Ch. 7 (669e)
CAR
Ch. 7 (669f)
SG 235
Page 58 of 87
Reference
SG 236
Criteria
Compliance Rating
SG 237
SG 257
Page 59 of 87
Reference
Criteria
Compliance Rating
SG 259
SG 260
CAR
Ch. 7 (677)
CAR
Ch. 7 (678)
Page 60 of 87
CAR
Ch. 7 (678)
Reference
Criteria
Compliance Rating
CAR
Ch. 7 (656)
CAR
Ch. 7 (680)
Page 61 of 87
Validation
Page 62 of 87
Validation
Page 63 of 87
Validation
Page 64 of 87
Validation
Page 65 of 87
Validation
Page 66 of 87
Validation
Page 67 of 87
Validation
Page 68 of 87
Validation
Page 69 of 87
Validation
Page 70 of 87
Validation
Page 71 of 87
Validation
Page 72 of 87
Validation
Page 73 of 87
Validation
Page 74 of 87
Validation
Page 75 of 87
Validation
Page 76 of 87
Validation
Page 77 of 87
Validation
Page 78 of 87
Validation
Page 79 of 87
Validation
Page 80 of 87
Validation
Page 81 of 87
Validation
Page 82 of 87
Validation
Page 83 of 87
Validation
Page 84 of 87
Validation
Page 85 of 87
Validation
Page 86 of 87
Validation
Page 87 of 87