Operational Risk Management - GRC

  We manage the Operational Risks in a continuous improvement cycle and measure them with the data we accumulate. The operational risk management systems include definition, monitoring, update, confirmation and reporting of the operational risk loss data notifications, risk self-assessments, scenario analyses, plans for the action to be taken after incidents and risks, existing and to-be-developed controls, insurable risks, and business continuity plans. The system complies with the following regulations and drafts published by the BRSA:

Regulation on Internal Systems of Banks and Internal Capital Adequacy Assessment Process
Regulation on Measurement and Assessment of Capital Adequacy of Banks
Guideline on Operational Risk Management
Communique on Calculation of the Amount Subject to Operational Risk by Advanced Measurement
Draft Guideline on Evaluation and Validation of Approaches based on Internal Rating and Advanced Measurement Approach
Draft Guideline on Application Processes of Approaches based on Internal Rating and Advanced Measurement Approach
The main topics included in the system are as follows:

Operational Risk Loss Data
Operational Risk Self Assessment
Key Risk Indicators
Controls
Key Control Indicators
Scenario Analysis
Insurance Benefits,
Premiums and Claim Notifications Action Plans
Business Continuity Plans