BNM published a policy document that provides comprehensive guidance on reporting governance, reporting procedures, mandatory data items, and reporting taxonomies of operational risk submission with regard to loss events, key risk indicators, and scenario analysis. To help users ensure quality submission, BNM also published a set of frequently asked questions (FAQs) and a user guide that contains the technical specifications for application accessibility and system functionality navigation. The policy document is applicable to certain financial institutions that include licensed banks, investment banks, Islamic banks, and international Islamic banks, with an effective date of March 01, 2021.
The guidance stipulates that the reporting entities must prepare and submit information on loss event data, key risk indicators, and scenario analysis to BNM through the Operational Risk Integrated Online Network (ORION). The guidance sets out the reportable operational risk events and explains their classification and the reporting timelines. The reportable events include robbery and theft, cyber threat, reputational impact events, operational risk events equal to or more than MYR 1 million, customer information breaches, actual and potential Shariah Non-Compliance events, credit and debit card frauds, overseas loss events, physical cash shortages, and actual loss equaling or exceeding MYR 1,000. The reporting data must include the operational risk events of foreign and offshore subsidiaries or branches of the reporting entities that resulted in financial-related losses. The recent revisions to the policy and the FAQs are intended to:
- Provide clarity on the reporting of Shariah non-compliance events
- Realign cyber-risk-related definitions and terminologies with the FSB cyber lexicon
- Enhance the granularity of reporting requirements to improve the accuracy of operational risk reporting
The guidance specifies that the reporting entities must put in place appropriate internal governance and processes to ensure completeness, accuracy, and timeliness of the data and information submission to BNM, including processes for consolidation, validation, and reconciliation of such data and information with the internal database, system, and financial accounts of the reporting entities. Financial institutions must submit information on the key risk indicators according to the applicability, description, and frequency set out in the key risk indicators taxonomy (refer to Appendix 15). Additionally, financial institutions must conduct scenario analysis as and when BNM requires and submit the results of the scenario analysis and other information to BNM, through ORION, within the prescribed time. Scenario analysis is a forward-looking tool that examines and explores predominantly emerging risks and rare tail-end events, which are usually low-frequency, high-impact events. This policy document supersedes the policy document on "Operational Risk Reporting Requirement – ORION" that was issued on June 22, 2018.
Effective Date: March 01, 2021
Keywords: Asia Pacific, Malaysia, Banking, Insurance, Operational Risk, ORION, Reporting, Islamic Banking, FAQ, BNM
Previous ArticleBaFin to Keep Countercyclical Capital Buffer at 0% Until End of 2021
PRA published the policy statement PS8/21, which contains the final supervisory statement SS3/21 on the PRA approach to supervision of the new and growing non-systemic banks in UK.
EBA published a report that sets out the final draft regulatory technical standards specifying the conditions according to which consolidation shall be carried out in line with Article 18 of the Capital Requirements Regulation (CRR).
EBA updated the list of other systemically important institutions (O-SIIs) in EU.
BCBS published two reports that discuss transmission channels of climate-related risks to the banking system and the measurement methodologies of climate-related financial risks.
UK Authorities (FCA and PRA) welcomed the findings of FSB peer review on the implementation of financial sector remuneration reforms in the UK.
PRA and FCA jointly issued a letter that highlights risks associated with the increasing volumes of deposits that are placed with banks and building societies via deposit aggregators and how to mitigate these risks.
MFSA announced that amendments to the Banking Act, Subsidiary Legislation, and Banking Rules will be issued in the coming months, to transpose the Capital Requirements Directive (CRD5) into the national regulatory framework.
EC finalized the Delegated Regulation 2021/598 that supplements the Capital Requirements Regulation (CRR or 575/2013) and lays out the regulatory technical standards for assigning risk-weights to specialized lending exposures.
OSFI launched a consultation to explore ways to enhance the OSFI assurance over capital, leverage, and liquidity returns for banks and insurers, given the increasing complexity arising from the evolving regulatory reporting framework due to IFRS 17 (Insurance Contracts) standard and Basel III reforms.
ECB published results of the benchmarking analysis of the recovery plan cycle for 2019.