Skip to Content
Whole SectionText only Print Print Manager Link


Conventional bank licenseesG must ensure that the risk management framework is subject to independent review by a third party consultant, other than the external auditor, when there are material changes in the relevant Rulebook requirements or to the business conducted by the bank and / or its risk profile. The review must cover, at a minimum, the following:

(a) the appropriateness of risk appetite/tolerance levels and capital planning;
(b) the strength of the internal control infrastructure, given the nature, scope and complexity of the bank's business;
(c) the appropriateness of third-party inputs or other tools used for management information purposes, such as risk measures and models.
(d) the identification of large exposures and risk concentrations;
(e) the accuracy and completeness of data input into the assessment process;
(f) Model governance and model validation procedures where models are used for computation of risk measures or estimates;
(g) the reasonableness and validity of scenarios used in the assessment process; and
(h) The use of stress-testing, including an analysis of the underlying assumptions and inputs.
Added: July 2018
(1 Version)
Jul 1 2018 onwards
Back to top