Operational Resilience: Reserve Bank of India's Guidance Note on ORM and OR Series
OR Ai Gen_with Cert Logo 37

[OR] [RBI] [5] Responsibilities of Board of Directors and Senior Management

The Three Lines of Defense model provides a structured approach to operational risk management, assigning specific roles to operational management, risk management/compliance, and internal audit to effectively identify, assess, and mitigate risks. This framework ensures that responsibilities are clearly delineated across the organization, promoting a comprehensive strategy for safeguarding against potential threats. The Board of Directors (BoD) plays a critical role in overseeing this framework, ensuring that it aligns with the organization's overall risk management strategy and is implemented effectively by Senior Management.

The BoD is responsible for approving and periodically reviewing the Operational Risk Management Framework (ORMF) and the approach to Operational Resilience. Their duties include establishing a strong risk management culture, integrating risk management processes into the broader framework, and providing guidance to Senior Management on ORMF principles. Additionally, the BoD must regularly evaluate the ORMF's effectiveness, ensure independent reviews, and stay updated on best practices. In terms of risk appetite, the BoD must develop and communicate a clear risk appetite and tolerance statement, ensuring it aligns with the entity's strategic objectives and regulatory requirements.

Senior Management is tasked with implementing the ORMF across the organization, translating it into specific policies and procedures within different business units. They must allocate resources, establish accountability, and ensure effective communication and coordination between various risk management functions. Senior Management is also responsible for maintaining a governance structure that supports the entity's size and complexity, ensuring staff competence and committee effectiveness. By adhering to these principles, the BoD and Senior Management can ensure robust operational risk management and resilience, protecting the organization from potential disruptions while aligning with its strategic goals.

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

Responsibilities of the Board of Directors and Senior Management in Operational Risk Management and Resilience

The Three Lines of Defense model is a risk management framework that delineates responsibilities across an organization to identify, assess, and mitigate operational risks effectively. This approach divides risk management into three distinct functions: operational management, risk management/compliance, and internal audit, each with specific roles in safeguarding the organization from potential threats.

 

Principle 3: Board of Directors Oversight and Review

 

The Board of Directors (BoD) is crucial in approving and periodically reviewing the Operational Risk Management Framework (ORMF) and the approach to Operational Resilience. They must ensure that Senior Management effectively implements the policies, processes, and systems of the ORMF and Operational Resilience at all decision-making levels.

The BoD’s responsibilities include:

Risk Management Culture: Establishing a risk management culture and ensuring adequate processes to understand the nature and scope of operational risk in current and planned strategies and activities.

  • Oversight of Risk Management Processes: Ensuring operational risk management processes are integrated into the overall risk management framework.

  • Guidance and Policy Approval: Providing Senior Management with guidance on ORMF principles and approving policies aligning with these principles.

  • Effectiveness Review: Regularly evaluate and approve the ORMF to manage operational risks arising from external changes and new activities.

  • Independent Review: Ensuring the ORMF undergoes independent reviews by third parties.

  • Adoption of Best Practices: Keeping abreast of best practices in risk management.

 

Principle 4: Risk Appetite and Tolerance


The BoD should approve and periodically review a risk appetite and tolerance statement for operational risk, reflecting the nature, types, and levels of risk the entity is willing to assume. This involves:

  • Development of Risk Appetite Statement: Ensuring the statement is aligned with the entity's strategic and financial plans and regulatory requirements.

  • Clear Communication: Making the risk appetite statement understandable for all stakeholders.

  • Inclusion of Key Information: Including background information and assumptions behind the business plans.

  • Articulating Motivations and Boundaries: State motivations for risk-taking and set boundaries for monitoring.

  • Scenario and Stress Testing: Ensuring the statement is forward-looking and tested against various scenarios.


Principle 5: Governance and Implementation by Senior Management


Senior Management is responsible for developing and maintaining a robust governance structure and ensuring the implementation of the ORMF across the organization. Key responsibilities include:

  • Policy Implementation: Translating the ORMF into specific policies and procedures within different business units.

  • Accountability and Resource Allocation: Assigning authority and ensuring necessary resources are available for managing operational risk.

  • Challenge Mechanisms: Establishing systems for reporting, tracking, and resolving issues and ensuring the three-lines-of-defence approach is effective.

  • Coordination and Communication: Ensuring effective communication between staff managing various risks and those responsible for third-party arrangements.

  • Staff Competence: Ensuring staff have the necessary experience, technical capabilities, and independence to enforce compliance.

  • Committee Structure and Operation: Designing a governance structure that suits the entity’s size and complexity, with appropriate committees and meeting practices.


Following these principles, the BoD and Senior Management can ensure robust operational risk management and resilience, safeguarding the entity against potential disruptions and aligning with strategic objectives.

More Information About Blended Learning OR-5000 [OR-5] or OR-300 [OR-3]

To learn more about the course and schedule, click the buttons below for the OR-3 Blended Learning OR-300 Operational Resilience Implementer course and the OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer course.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

 FAQ BL-OR-5 OR-5000
 

 

  
OR Implementer Landing Page

New call-to-action

 New call-to-action

Comments:

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024