Whilst "the aim of this guidance is to assist supervisors in assessing and challenging firms' documentation and the way it is managed" as well as to "help Operational Risk functions at firms to meet the standardised approach requirements for operational risk", it actually reads like a best practice list which, in the shadow of Basel's efforts last week, is worthy of the attention of the insurance industry. My take was;
- Heavy on document maintenance (definition/descriptions/formula consistency)
- "Good practice" to map SYSC/BIPRU references to op risk documentation "on a periodic basis"
- Firm wide terms of reference, naming conventions and mutual references in documents noted as "good practice"
- Created 3 tiers of a "possible document hierarchy" which could be linked together in a firm-wide documentation map
- "Good practice" to implement controls around documentation ownership, and a central register of all documentation "could be practicable"
- Very unwieldy list of categories recommended for the document register
- "Recommended" that firms identify all policies and documents that are critical to the operation of the firm
- Practice of sticking revised documents on shared drives/intranet pages actively smacked down, advocating a proportional approach ranging from memos to formal training workshops
- Advocates KRIs (or KCIs, which was a new one on me!) for documentation monitoring - I actually quite liked their suggestions
- Recommends that firms meet a "use test" for documentation
No comments:
Post a Comment