Читать книгу Non-financial Risk Management in the Financial Industry - Группа авторов - Страница 122

Table 9: Example of RAF thresholds breaches prioritisation (Findings Severity Matrix)

Оглавление
1 – Large Italian Banking Group The compliance unit of a large European banking group defined the following criteria to assess the severity level of the remedial actions to be implemented after a threshold breach:

Prior to issuing findings in case of breaches, it should be taken into consideration whether analogous prescriptions have been identified by other sources (e.g. internal audit, risk assessments) and whether there are mitigating actions already ongoing to prevent duplication and promote synergic approaches. Potential remedial measures could be, for example, the review and potential reinforcement of second-level controls, the provision of additional training, the activation of a temporary task force to remedy a backlog of alerts or establishment of steering committees to monitor the remedial progress.

The risk owner for the respective area in which the breach occurred should be identified through the risk matrix within the organisational structure – and is thus the subject responsible for compliance with the external regulations/internal rules. The risk owner, in turn, must define the owners of the implementation of each remedial action to be undertaken.

Clear deadlines should be defined, and their related progress be monitored periodically. Furthermore, there should be clear rules for the definition and management of the due dates (e.g. maximum remedial action time span based on the severity of the related findings; rules and process for re-planning, also consistent with gap severity).

Furthermore, the issues that led to the breaches should be investigated and adequate actions should be taken, which can include cutbacks or the freezing of variable remuneration, up to the termination of employment.

Fußnoten:

[1] SSG 2009.

[2] Ibid.; Bank for International Settlements 2010; Single Supervisory Mechanism 2016.

[3] SSG 2010.

[4] FSB 2013a.

[5] ECB 2018a.

[6] Single Supervisory Mechanism 2016.

[7] FSB 2013a.

[8] ACAMS 2015.

[9] Feedbacks collected during FIRM Compliance roundtable organised by the ECB (Frankfurt, 16 September 2020).

[10] FSB 2013a.

[11] Ibid.

[12] FSB 2013a, 2013b; ECB 2018a.

[13] Single Supervisory Mechanism 2016.

[14] EBA 2017, 2020a.

[15] Single Supervisory Mechanism 2016.

Non-financial Risk Management in the Financial Industry

Подняться наверх