Guideline on risk management and other aspects of internal control in central securities depository
|
|
- Homer Watkins
- 8 years ago
- Views:
Transcription
1 until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph 2, of the Act on the Financial Supervision Authority, the Financial Supervision Authority issues the following guideline on risk management and other aspects of internal control in central securities depository.
2 until further notice 2 (11) CONTENTS Page 1 Introduction Definition of the concept of internal control and risk management Internal control Risk management Responsibility for internal control and risk management General principles of internal control Principles relating to risk management Principles relating to the organization of a central securities intermediary Principles relating to accounting and information systems Principles relating to IT systems Internal audit function Tasks of internal audit Role of internal audit... 11
3 until further notice 3 (11) 1 Introduction The smooth operation of a central securities depository is essential for the operation and stability of markets. Therefore, the Financial Supervision Authority (FSA) has decided to issue this guideline on risk management and other aspects of internal control to the central securities depository. In this guideline, the Financial Supervision Authority lays down minimum requirements for adequate risk management and other aspects of internal control. The basic principle is that the risk management and other aspects of internal control exercised by a central securities depository should be of adequate standard with regard to the nature and scope of operations. Adequate risk management and other aspects of internal control must be applied in all business operations carried out by an authorized central securities depository. This guideline documents generally accepted principles that represent the common view of financial supervisors in EU and EEA countries. Internal control and risk management are defined in Chapter 2. These definitions describe the aims of both processes but are not intended as a comprehensive specification of how these processes are to be organized. Responsibility for organizing risk management and other internal control is discussed in Chapter 3. The minimum requirements in respect of this responsibility are presented in this chapter. General principles of internal control and risk management are presented in Chapters 4 and 5. Principles related to the organization of a central securities depository as regards risk management and internal control are discussed in Chapter 6. Principles relating to accounting and information systems as well as to IT systems as regards internal control and risk management are discussed in Chapters 7 and 8. The tasks and role of internal control and risk management within a depository are discussed in the final chapter of this guideline, Chapter 9.
4 until further notice 4 (11) 2 Definition of the concept of internal control and risk management 2.1 Internal control Internal control is a process aimed at: a) accomplishment of stated goals and objectives; b) economical and efficient use of resources; c) adequate control of the risks inherent in operations; d) reliability and integrity of financial and other management information; e) compliance with laws and regulations, strategies, plans, internal rules and procedures. According to this definition, internal control comprises all such controls, financial or otherwise, as are effected by the board of directors, managing director and other staff. 2.2 Risk management Risk management refers to the identification, assessment, limitation and control 1 of risks that arise from and are essentially related to business. In a central securities depository, risk management is an integral part of the internal control system. Adequate risk management must cover at least the following risks (but is not limited to these): - credit risk (including counterparty risk) - financial risks - operative risk - legal risk - strategic risk. Adequate risk management must cover risk areas that are essential to the continuation of core businesses of a central securities depository (but is not limited to these). 1 The use of risk limits for the measurement and limitation of risks applies to measurable risks only.
5 until further notice 5 (11) 3 Responsibility for internal control and risk management A central securities depository s board of directors has a key role in defining and monitoring the principles and procedures of internal control. A central securities depository s board of directors is responsible for defining risk taking principles and ensuring that that the risk management and control systems of the central securities depository are adequate with regard to the nature and scope of operations. A central securities depository s board of directors and managing director are responsible for ensuring that internal control is applied in all operations. If a central securities depository belongs to a consolidation group, some tasks of internal control and risk management may be within the remit of the board of directors and managing director of the parent undertaking under the internal allocation of responsibilities of the consolidation group. However, the central securities depository s board of directors and managing director always have the primary responsibility for the operation and adequacy of the central securities depository s risk management and internal control. A central securities depository s board of directors and managing director must especially 1) determine the central securities depository s organizational structure; ensure an appropriate allocation of responsibilities and decision-making powers; and see to it that internal control and risk management cover all activities of the central securities depository and are commensurate with the risks inherent in its different operations; 2) establish quantitative and qualitative objectives for each field of operation and monitor their implementation; 3) approve the central securities depository s risk-taking principles; establish policies for risk limitation and supervise compliance with such policies; 4) ensure that staff have the requisite skills and are suitable for their tasks and that they have access to the information required to perform their tasks; 5) ensure that procedures for key operations are documented in writing; 6) ensure that the central securities depository maintains information and accounting systems that are adequate for decision-making and assessment of operations; 7) ensure that the central securities depository maintains IT systems that are adequate with regard to its activities and organized in an appropriate fashion;
6 until further notice 6 (11) 8) ensure that the central securities depository s staff do not handle, in their capacity as representatives of the investment firm, any business transactions of their own or concerning persons with whom they are closely related, or otherwise influence any decisions relating to such business transactions; 9) ensure that the internal audit function is organized in an appropriate fashion and operates in accordance with good internal audit practice; 10) ensure that the board of directors are informed of material findings made by the internal audit function, the auditors and the authorities; 11) ensure that the organization of the internal audit function supports the fulfilment of the aims of risk management; 12) ensure that the central securities depository has a risk management function that is independent of the risk-taking function or profit-earning function; 13) review internal control and the adequacy of risk management on a regular basis and always when - operations expand into new markets; - new products are introduced; - there are or will be material changes in the operating environment; or - businesses are reorganized; 14) establishing procedures to ensure that control systems are revised when deficiencies are detected or control fails completely. 4 General principles of internal control The following principles are common to all aspects of internal control: a) Internal control must promote a corporate culture that accepts internal control as a normal and necessary element of business. b) Internal control must cover all activities of a central securities depository. Such control needs to be commensurate with the risks inherent in different operations. Particular attention needs to be focused on new products, new business areas and cross-border operations. c) A central securities depository must see to it that adequate internal control is exercised by all undertakings in its consolidation group. d) If a central securities depository purchases services from other firms or units in its consolidation group, this must not lead to any deterioration in the central securities depository s internal control.
7 until further notice 7 (11) e) Internal control must include risk management systems that enable identification, assessment and control of all essential risks relating to the activities of a central securities depository. f) Internal control must prevent acts of fraud, embezzlement and other malpractices. Internal control preventing other malpractices include eg monitoring the securities trading of staff of the central securities depository and the rules applicable thereto. g) A central securities depository must ensure that it has in place updated guidelines for key operations, including internal control of operations. h) Internal control should also include contingency planning so as to ensure the continuity of the central securities depository s operations in the event of disruptions. Contingency plans must be tested to ensure they can be implemented when the need arises. 5 Principles relating to risk management Key principles of risk management are: a) Set operational limits for quantifiable risks and defined procedures for limitation of non-quantifiable risks are put in writing. b) Risk management systems incorporate decision-making procedures for engaging in new activities. All individuals involved are briefed, in respect of their own spheres of responsibility, of the risks associated with the new activity and the ways in which the risk management procedures for the new activity will be implemented. c) Compliance with risk limits and procedures is monitored on a continuous basis. When operational limits are exceeded or risk management procedures are not followed, the incident should be promptly reported and assessed. Clear follow-up procedures for violation are established. d) Risk management limits and procedures are reviewed periodically so that they correspond to adopted operational modes and the current market situation. 6 Principles relating to the organization of a central securities intermediary A central securities depository must be organized in accordance with its operations and the inherent risks. The following principles need to be considered when structuring an organization:
8 until further notice 8 (11) a) Effective segregation of duties performed by the organization must be established both to improve control and to avoid the risks of malpractice and error. b) The organization must have adequate depth to assure the competence and availability of replacement staff. Management must further assure that any staff member designated as an alternate is indeed capable of performing the tasks related to the position. c) Each operational process should incorporate its own control procedures to ensure that all transactions are duly authorized, implemented and recorded. d) Access to assets and confidential information should be restricted to authorized personnel in accordance with individual job descriptions and areas of responsibility. 7 Principles relating to accounting and information systems Accounting and information systems enable the recording of transactions and the flow of related information needed for internal decision-making and internal control as well as for external purposes. Information provided by such systems must give a true and fair view of all the central securities depository s operations. To ensure the existence of effective accounting and information systems, the following principles should be observed: a) Every transaction is recorded promptly and accurately with the correct time and date and sufficient detail. The audit trail must be complete starting from the original document. b) Management and other personnel have prompt access to sufficient information to properly perform their duties. c) Information is released to the authorities at appointed times without delay. d) Information provided for external use (annual accounts, supervisory reporting, etc) complies with the relevant statutes and regulations. 8 Principles relating to IT systems A central securities depository needs to have the necessary expertise, organization and internal control procedures to maintain and process information in an electronic form. For internal control, this implies compliance with the principles identified below in points a k. These principles also apply in situations where data are handled in a decentralized manner, ie business units besides the IT department handle and process data. A central securities depository should further ensure that their suppliers of IT systems and services apply similar principles.
9 until further notice 9 (11) A central securities depository must comply with the following principles in the pursuit of its own operations only to the extent that these principles apply to its operations. a) Approval by the board of directors of IT strategy and budget that accord with the central securities depository s current and estimated future needs to ensure the integrity and support of the technical environment. b) Policies, standards, procedures and controls for the various spheres of IT activity should be defined so as to enable cooperation among business units and in-house providers of IT services. Operational models, standards, procedures and controls should serve as a basis for management planning, control and evaluation of IT activities. c) User operations and technical operations should be kept separate. The IT department should carry responsibility for development and operation of computer systems; users should carry responsibility for correctness and accuracy of data they enter or otherwise handle. d) There should also be further segregation of systems development and computer operation responsibilities so that individuals performing tasks in either of these spheres can only access information in the other sphere through controlled standard procedures. Duties of the personnel in charge of information system implementation and maintenance, granting and revoking access, and database administration should also be segregated. e) The internal audit function should be capable of evaluating the adequacy and effectiveness of IT internal controls. f) The IT department should implement and provide on-going support of systems development and quality assurance procedures to ensure that systems perform the functions for which they were designed as well as oversee the production of standardized documentation to support current users and future development tasks. g) The procedures to be followed in acquisition or approval of software and hardware, as well as in procuring services from independent providers should be decided. There should further be means to evaluate that an acquisition or contracted service corresponds to the central securities depository s needs and its established standards, and is backed by continued technical support. h) Information systems should incorporate controls and violation detection capabilities with full traceability so that it is possible to assure the legitimacy and correctness of input and output data and determine that the data were input or accessed by individuals with proper authorization. In the event of disturbances, it should be possible to fully restore processes without loss of transaction records in order to assure a complete audit trail.
10 until further notice 10 (11) i) Authorizations for access to data and software as well as system administrator authorizations should be granted in accordance with consistent principles approved by management. Access to data and programmes must be restricted to authorized individuals through a variety of technical means (user IDs, passwords, etc). A system for tracing and dealing with unauthorized access attempts and violations should be in place. j) The risks of interruption and loss of access to IT systems due to eg fire, flood, electricity supply, must be minimized through appropriate physical security measures. Access to networks, devices and sensitive materials (storage media, documentation, etc) must be restricted to authorized individuals. k) Plans to assure the continuity of vital operations under all circumstances should be in place. In the event of unexpected disturbances or downtime, it should be possible to re-establish normal operation within a reasonable time. Such continuity plans should be updated and tested at regular intervals. 9 Internal audit function 9.1 Tasks of internal audit The internal audit function refers to an independent group of specialists within an organization that is generally directly subordinate to the managing director of the undertaking or the parent undertaking of a consolidated group. The task of this group is to analyze the operational processes of the organization and issue recommendations or statements on the basis of its findings. Due to the importance of a central securities depository for the smooth operation and stability of the securities markets, it must be subject to effective internal auditing. If the internal audit group reports directly to the managing director of a consolidation group, the central securities depository s board of directors and managing director must ensure that the internal control of the central securities depository is sufficient for carrying out the tasks and fulfilling the aims set out in this guideline. A central securities depository s board of directors should decide on internal audit tasks, authority and responsibilities as well as on general principles to be observed in the planning of audits and in the reporting of findings. It is generally recognized that the objectives and tasks of internal audit include the following: a) regular appraisals of the scope, adequacy, effectiveness and efficiency of internal control, including supervision of compliance with policies and procedures approved by management; b) control and review of the operation of risk management systems;
11 until further notice 11 (11) c) evaluation of the reliability and integrity of accounting systems, computer systems and other systems involved in the measurement, classification and reporting of financial and operative data; and d) testing for the correctness and legitimacy of transactions and the operation of related internal controls. Given their importance in internal control, the central securities depository s management should ensure that the tasks listed above are performed. 9.2 Role of internal audit The internal audit function should apply the following general principles: a) Independence from all other functions to be audited. b) Unlimited access to all operations to ensure that auditing covers all aspects of a central securities depository s activities. c) Adequate dimensioning to cope with the size and activities of the central securities depository; internal audit staff must possess adequate qualifications and experience. d) Standing within the organization to ensure due processing of audit reports and recommendations presented therein by the board of directors.
Guideline on risk management and other aspects of internal control in stock exchange
until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial
More informationREGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS
until further notice 1 (5) Applicable to investment firms REGULATION ON RISK MANAGEMENT AND OTHER ASPECTS OF INTERNAL CONTROL IN INVESTMENT FIRMS By virtue of section 29, paragraph 2, of the Investment
More informationGUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004
GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial
More informationStandard 4.1. Establishment and maintenance of internal control and risk management. Regulations and guidelines
Standard 4.1 Establishment and maintenance of internal control and risk management Regulations and guidelines THE FINANCIAL SUPERVISION AUTHORITY 4 Capital adequacy and risk management until further notice
More informationInternal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC)
Internal Control Systems and Maintenance of Accounting and Other Records for Interactive Gaming & Interactive Wagering Corporations (IGIWC) 1 Introduction 1.1 Section 316 (4) of the International Business
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationGUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES
20 th February, 2013 To Insurance Companies Reinsurance Companies GUIDELINES ON RISK MANAGEMENT AND INTERNAL CONTROLS FOR INSURANCE AND REINSURANCE COMPANIES These guidelines on Risk Management and Internal
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationRegulation for Establishing the Internal Control System of an Investment Management Company
Unofficial translation Riga, 11 November 2011 Regulation No. 246 (Minutes No. 43 of the meeting of the Board of the Financial and Capital Market Commission, item 8) Regulation for Establishing the Internal
More informationSystem of Governance
CEIOPS-DOC-29/09 CEIOPS Advice for Level 2 Implementing Measures on Solvency II: System of Governance (former Consultation Paper 33) October 2009 CEIOPS e.v. Westhafenplatz 1-60327 Frankfurt Germany Tel.
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More informationS t a n d a r d 4. 4 a. M a n a g e m e n t o f c r e d i t r i s k. Regulations and guidelines
S t a n d a r d 4. 4 a M a n a g e m e n t o f c r e d i t r i s k Regulations and guidelines THE FINANCIAL SUPERVISION AUTHORITY 4 Capital adequacy and risk management until further notice J. No. 1/120/2004
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationStatement of Guidance
Statement of Guidance Internal Audit Unrestricted Trust Companies 1. Statement of Objectives 1.1. To provide specific guidance on Internal Audit Functions as called for in section 3.6 of the Statement
More informationEURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS
D2725D-2013 EURIBOR - CODE OF OBLIGATIONS OF PANEL BANKS Version: 1 October 2013 1. Objectives The European Money Markets Institute EMMI previously known as Euribor-EBF, as Administrator for the Euribor
More information6/8/2016 OVERVIEW. Page 1 of 9
OVERVIEW Attachment Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion [Fotnote1 6/8/2016 Managing risks is fundamental to
More informationOn the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal
(Provisional translation) On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting (Council Opinions) Released on
More informationReserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI
Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 NOTICE TO INSURANCE COMPANIES LICENSED UNDER THE INSURANCE ACT 1998 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS
More informationUnderstanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
Understanding the Entity and Its Environment 1667 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55.) Source: SAS No. 109.
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationOfficial Journal of RS, No. 86/2006 of 11. 08. 2006 REGULATION
Official Journal of RS, No. 86/2006 of 11. 08. 2006 Pursuant to Articles 10, 23, 36, 40, 43, 47, 53, 54, 63, 71, 72, 73, 74, 88 and 91 of the Protection of Documents and Archives and Archival Institutions
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationMaster Document Audit Program
Activity Code 11510 B-1 Planning Considerations Information Technology General System Controls Audit Specific Independence Determination Members of the audit team and internal specialists consulting on
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationDETAIL AUDIT PROGRAM Information Systems General Controls Review
Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,
More informationOutsourcing Risk Guidance Note for Banks
Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the
More informationAdvisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities
Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationGAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.
GAO United States General Accounting Office Internal Control November 1999 Standards for Internal Control in the Federal Government GAO/AIMD-00-21.3.1 Foreword Federal policymakers and program managers
More informationChecklist. Standard for Medical Laboratory
Checklist Standard for Medical Laboratory Name of hospital..name of Laboratory..... Name. Position / Title...... DD/MM/YY.Revision... 1. Organization and Management 1. Laboratory shall have the organizational
More informationGROUP POLICY TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING. Anti-Money Laundering Policy
PAG. 1 DI 37 GROUP POLICY TO COMBAT MONEY LAUNDERING AND TERRORIST FINANCING Anti-Money Laundering Policy MACROPROCESS PROCESS TITLE DATE OF UPDATE PROTOCOL NO. 6 INTERNAL AND DEVELOPMENT PROCESSES 6.02
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationCONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE
CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on
More informationRegulations on Information Systems Security. I. General Provisions
Riga, 7 July 2015 Regulations No 112 (Meeting of the Board of the Financial and Capital Market Commission Min. No 25; paragraph 2) Regulations on Information Systems Security Issued in accordance with
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationInformation System Audit Report Office Of The State Comptroller
STATE OF CONNECTICUT Information System Audit Report Office Of The State Comptroller AUDITORS OF PUBLIC ACCOUNTS KEVIN P. JOHNSTON ROBERT G. JAEKLE TABLE OF CONTENTS EXECUTIVE SUMMARY...1 AUDIT OBJECTIVES,
More informationBANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994
BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION
More informationGeneral IT Controls Audit Program
Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews
More informationBoard of Directors and Senior Management 2. Audit Management 4. Internal IT Audit Staff 5. Operating Management 5. External Auditors 5.
Table of Contents Introduction 1 IT Audit Roles and Responsibilities 2 Board of Directors and Senior Management 2 Audit Management 4 Internal IT Audit Staff 5 Operating Management 5 External Auditors 5
More informationChecklist for Operational Risk Management
Checklist for Operational Risk Management I. Development and Establishment of Comprehensive Operational Risk Management System by Management Checkpoints - Operational risk is the risk of loss resulting
More informationINSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES
SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting
More informationFinansinspektionen s Regulatory Code
Finansinspektionen s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 This translation is furnished for information purposes only and is not itself a legal document. Finansinspektionen's
More informationB o a r d of Governors of the Federal Reserve System. Supplemental Policy Statement on the. Internal Audit Function and Its Outsourcing
B o a r d of Governors of the Federal Reserve System Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing January 23, 2013 P U R P O S E This policy statement is being issued
More informationIV. CREDIT CARD PROGRAM DEVELOPMENT
IV. CREDIT CARD PROGRAM DEVELOPMENT The board of directors is responsible for conducting the bank s affairs, including credit card activities. Credit card programs differ considerably among banks because
More informationPayment Procedures. Corruption Prevention Department
Payment Procedures Corruption Prevention Department best practices 貪 CONTENTS Pages Introduction 1 Procedural Guidelines 1 Payment Methods 2 Autopay 2 Cheques 3 Petty Cash 3 Payment Records 4 Control and
More informationGUIDANCE NOTE ON ACCOUNTING AND OTHER RECORDS AND INTERNAL CONTROL SYSTEMS AND REPORTING ACCOUNTANTS REPORTS THEREON
GUIDANCE NOTE ON ACCOUNTING AND OTHER RECORDS AND INTERNAL CONTROL SYSTEMS AND REPORTING ACCOUNTANTS REPORTS THEREON 1. PREFACE 1.1 The maintenance of adequate records and systems is an implicit requirement
More informationGUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS
SUPERVISORY AND REGULATORY GUIDELINES Guidelines Issued: 22 December 2015 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS 1. INTRODUCTION 1.1 The Central Bank of The Bahamas ( the Central
More informationTERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS
CHINA COMMUNICATIONS CONSTRUCTION COMPANY LIMITED (A joint stock limited company incorporated in the People s Republic of China with limited liability) (Stock Code: 1800) TERMS OF REFERENCE OF THE AUDIT
More informationNOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE
STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52
More informationTITLE III INFORMATION SECURITY
H. R. 2458 48 (1) maximize the degree to which unclassified geographic information from various sources can be made electronically compatible and accessible; and (2) promote the development of interoperable
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationRS Official Gazette, No 23/2013 and 113/2013
RS Official Gazette, No 23/2013 and 113/2013 Pursuant to Article 15, paragraph 1 and Article 63, paragraph 2 of the Law on the National Bank of Serbia (RS Official Gazette, Nos 72/2003, 55/2004, 85/2005
More informationPART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2
PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More informationi-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company )
1 Membership i-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company ) TERMS OF REFERENCE OF THE AUDIT COMMITTEE (AMENDED AND ADOPTED BY THE
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationInsurance Undertakings and Compliance Requirements
REGULATION N. 20 OF 26 MARCH 2008 (Only the Italian version is authentic) REGULATION CONCERNING INTERNAL CONTROLS, RISK MANAGEMENT, COMPLIANCE AND THE OUTSOURCING OF ACTIVITIES OF INSURANCE UNDERTAKINGS,
More informationPolicy on the Security of Informational Assets
Policy on the Security of Informational Assets Policy on the Security of Informational Assets 1 1. Context Canam Group Inc. recognizes that it depends on a certain number of strategic information resources
More informationHigh level principles for risk management
16 February 2010 High level principles for risk management Background and introduction 1. In their declaration of 15 November 2008, the G-20 leaders stated that regulators should develop enhanced guidance
More informationSFC ELECTRONIC TRADING REGIME
SFC ELECTRONIC TRADING REGIME CompliancePlus 2013 Year End Training 18 December 2013 Limited 801, Two Exchange Square, 8 Connaught Place, Central, Hong Kong Tel: (852) 3487 6903 www.complianceplus.hk Disclaimer
More informationINFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
More informationTABLE OF CONTENTS. 2006.1259 Information Systems Security Handbook. 7 2006.1260 Information Systems Security program elements. 7
PART 2006 - MANAGEMENT Subpart Z - Information Systems Security TABLE OF CONTENTS Sec. 2006.1251 Purpose. 2006.1252 Policy. 2006.1253 Definitions. 2006.1254 Authority. (a) National. (b) Departmental. 2006.1255
More informationGuidelines for the Management of Country Risk Swiss Bankers Association
Guidelines for the Management of Country Risk Swiss Bankers Association Contents Introduction 23 I Country Risk 24 II Risk Policy 25 1. Content 25 2. Responsibility 25 3. Minimum Requirements 25 III Recording
More informationM-Aud. Comptroller of the Currency Administrator of National Banks. Internal and External Audits. Comptroller s Handbook. April 2003.
M-Aud Comptroller of the Currency Administrator of National Banks Internal and External Audits Comptroller s Handbook April 2003 M Management Internal and External Audits Table of Contents Introduction...1
More informationEffective Internal Audit in the Financial Services Sector
Effective Internal Audit in the Financial Services Sector Recommendations from the Committee on Internal Audit Guidance for Financial Services: How They Relate to the Global Institute of Internal Auditors
More informationSimon Bolivarplein 1 Willemstad Curaçao. Phone: (599 9) 434-5500 Fax: (599 9) 461-5004 E-mail: info@centralbank.cw Website: http://www.centralbank.
C E N T R A L E B A N K V A N C U R A Ç A O E N S I N T M A A R T E N ( C e n t r a l B a n k ) Simon Bolivarplein 1 Willemstad Curaçao Phone: (599 9) 434-5500 Fax: (599 9) 461-5004 E-mail: info@centralbank.cw
More informationPART A AUTHORISATION FOR CARRYING ON BUSINESS OF INSURANCE
PART A AUTHORISATION FOR CARRYING ON BUSINESS OF INSURANCE Chapter 1: The Application Process 1.1 Introduction 1.1.1 The application for authorisation to carry on business of insurance shall be considered
More informationAPPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1
APPENDIX A NCUA S CAMEL RATING SYSTEM (CAMEL) 1 The CAMEL rating system is based upon an evaluation of five critical elements of a credit union's operations: Capital Adequacy, Asset Quality, Management,
More informationSolvency II Detailed guidance notes
Solvency II Detailed guidance notes March 2010 Section 1 - System of governance Section 1: System of Governance Overview This section outlines the Solvency II requirements for an effective system of governance,
More informationGUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS
GUIDELINES ON CORPORATE GOVERNANCE FOR LABUAN BANKS 1.0 Introduction 1.1 Good corporate governance practice improves safety and soundness through effective risk management and creates the ability to execute
More informationBARRAMUNDI L IMITED RISK MANAGEMENT POLICY
BARRAMUNDI L IMITED RISK MANAGEMENT POLICY Last updated: 25 August 2014 THE OBJECTIVES OF RISK MANAGEMENT Risk management is the systematic process of managing an organisation's risk exposures to achieve
More informationSeptember 2008. Claims Guideline
September 2008 Claims Guideline CLAIMS GUIDELINE Table of Contents 1 INTRODUCTION... 1 2 PURPOSE OF THE GUIDELINE... 1 3 DEFINITIONS... 2 MARKET CONDUCT 4 GENERAL REQUIREMENTS... 3 5 CLAIMS NOTIFICATION...
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationBusiness Continuity System for the KDPW Group
Business Continuity System for the KDPW Group Master Document BCS Policy (abstract) Warsaw, 21 June 2013 Contents 1. Introduction... 3 2. BCS general principles... 3 2.1. Applicability... 3 2.2. Processes...
More informationPrinciples for An. Effective Risk Appetite Framework
Principles for An Effective Risk Appetite Framework 18 November 2013 Table of Contents Page I. Introduction... 1 II. Key definitions... 2 III. Principles... 3 1. Risk appetite framework... 3 1.1 An effective
More informationRevised May 2007. Corporate Governance Guideline
Revised May 2007 Corporate Governance Guideline Table of Contents 1. INTRODUCTION 1 2. PURPOSES OF GUIDELINE 1 3. APPLICATION AND SCOPE 2 4. DEFINITIONS OF KEY TERMS 2 5. FRAMEWORK USED BY CENTRAL BANK
More informationANNOUNCEMENT OF THE MANAGEMENT BOARD OF mbank S.A. WITH ITS REGISTERED SEAT IN WARSAW ON CONVENING THE ORDINARY GENERAL MEETING
ANNOUNCEMENT OF THE MANAGEMENT BOARD OF mbank S.A. WITH ITS REGISTERED SEAT IN WARSAW ON CONVENING THE ORDINARY GENERAL MEETING The Management Board of mbank S.A. with its registered seat in Warsaw (the
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationR000. Revision Summary Revision Number Date Description of Revisions R000 Feb. 18, 2011 Initial issue of the document.
2 of 34 Revision Summary Revision Number Date Description of Revisions Initial issue of the document. Table of Contents Item Description Page 1. Introduction and Purpose... 5 2. Project Management Approach...
More information(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For
Unofficial Translation by the courtesy of The Foreign Banks' Association This translation is for the convenience of those unfamiliar with the Thai language. Please refer to the Thai text for the official
More informationBERMUDA MONETARY AUTHORITY
BERMUDA MONETARY AUTHORITY BANKS AND DEPOSIT COMPANIES ACT 1999 THE BERMUDA MONETARY AUTHORITY S RELATIONSHIP WITH AUDITORS AND REPORTING ACCOUNTANTS OF BANKS AND DEPOSIT COMPANIES DECEMBER 2012 Table
More informationElectronic Trading Information Template
Electronic Trading Information Template Preface This Electronic Trading Information Template (the "Template") has been created through the collaborative efforts of the professional associations listed
More informationInformation Technology Risks
Information Technology Risks Heidi Richards Board 1 Overview Supervision of IT Risks Internet Banking: What s Different? Information Technology Risks Financial Operational Compliance Supervisory Approaches
More informationGuideline on good pharmacovigilance practices (GVP)
22 June 2012 EMA/541760/2011 Guideline on good pharmacovigilance practices (GVP) Module I Pharmacovigilance systems and their quality systems Draft finalised by the Agency in collaboration with Member
More informationDNV GL Assessment Checklist ISO 9001:2015
DNV GL Assessment Checklist ISO 9001:2015 Rev 0 - December 2015 4 Context of the Organization No. Question Proc. Ref. Comments 4.1 Understanding the Organization and its context 1 Has the organization
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More information(Translation) hereinafter referred to individually as the 'Authority' and collectively as the 'Authorities',
(Translation) General Memorandum of Understanding for collaboration between the National Bank of Belgium and the Financial Services and Markets Authority to ensure the coordination of the supervision of
More informationManagement Standards for Information Security Measures for the Central Government Computer Systems
Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
More informationGuidance Note: Corporate Governance - Board of Directors. March 2015. Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors March 2015 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationService Children s Education
Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and
More informationWho should submit the application
Operational risk: Application to use an Advanced Measurement Approach February 2007 1 Contents This document contains Finansinspektionen s requirements regarding the content and structure of an application
More informationTIER II STANDARD FOR AUDITORS
Job Classification Manual Page 1 of 37 TIER II STANDARD FOR AUDITORS INTRODUCTION 1. This grade level standard illustrates the application of the ICSC Master Standard (Tier I) to a specific field of work
More informationFMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015
FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria
More informationStrategic Planning and Organizational Structure Standard
Table of contents Strategic Planning and Organizational Structure Standard 1. General provisions Grounds for application of the Standard Provisions of the Standard 2. Contents of the Standard 3. Corporate
More informationAn organization properly establishes and operates its control over risks regarding the information system to fulfill the following objectives:
p. 1 System Management Standards Proposed on October 8, 2004 Preface Today, the information system of an organization works as an important infrastructure of the organization to implement its management
More information