BNM published a policy document that provides comprehensive guidance on reporting governance, reporting procedures, mandatory data items, and reporting taxonomies of operational risk submission with regard to loss events, key risk indicators, and scenario analysis. To help users ensure quality submission, BNM also published a set of frequently asked questions (FAQs) and a user guide that contains the technical specifications for application accessibility and system functionality navigation. The policy document is applicable to certain financial institutions that include licensed banks, investment banks, Islamic banks, and international Islamic banks, with an effective date of March 01, 2021.
The guidance stipulates that the reporting entities must prepare and submit information on loss event data, key risk indicators, and scenario analysis to BNM through the Operational Risk Integrated Online Network (ORION). The guidance sets out the reportable operational risk events and explains their classification and the reporting timelines. The reportable events include robbery and theft, cyber threat, reputational impact events, operational risk events equal to or more than MYR 1 million, customer information breaches, actual and potential Shariah Non-Compliance events, credit and debit card frauds, overseas loss events, physical cash shortages, and actual loss equaling or exceeding MYR 1,000. The reporting data must include the operational risk events of foreign and offshore subsidiaries or branches of the reporting entities that resulted in financial-related losses. The recent revisions to the policy and the FAQs are intended to:
- Provide clarity on the reporting of Shariah non-compliance events
- Realign cyber-risk-related definitions and terminologies with the FSB cyber lexicon
- Enhance the granularity of reporting requirements to improve the accuracy of operational risk reporting
The guidance specifies that the reporting entities must put in place appropriate internal governance and processes to ensure completeness, accuracy, and timeliness of the data and information submission to BNM, including processes for consolidation, validation, and reconciliation of such data and information with the internal database, system, and financial accounts of the reporting entities. Financial institutions must submit information on the key risk indicators according to the applicability, description, and frequency set out in the key risk indicators taxonomy (refer to Appendix 15). Additionally, financial institutions must conduct scenario analysis as and when BNM requires and submit the results of the scenario analysis and other information to BNM, through ORION, within the prescribed time. Scenario analysis is a forward-looking tool that examines and explores predominantly emerging risks and rare tail-end events, which are usually low-frequency, high-impact events. This policy document supersedes the policy document on "Operational Risk Reporting Requirement – ORION" that was issued on June 22, 2018.
Effective Date: March 01, 2021
Keywords: Asia Pacific, Malaysia, Banking, Insurance, Operational Risk, ORION, Reporting, Islamic Banking, FAQ, BNM
Previous ArticleBaFin to Keep Countercyclical Capital Buffer at 0% Until End of 2021
The Bank for International Settlements (BIS) published a paper that studies impact of fintech lending on credit access for small businesses in U.S.
The Prudential Regulation Authority (PRA) issued the policy statement PS8/22 to amend the Own Funds and Eligible Liabilities (CRR) Part of the PRA Rulebook and update the supervisory statement SS7/13 titled "Definition of capital (CRR firms).
The European Banking Authority (EBA) launched the EU-wide transparency exercise for 2022, with results of the exercise expected to be published at the beginning of December, along with the annual Risk Assessment Report.
The Single Resolution Board (SRB) welcomed the adoption of the review of the Capital Requirements Regulation, or CRR, also known as the "CRR quick-fix."
The European Commission (EC) recently adopted the Delegated Regulation 2022/1622, which sets out the regulatory technical standards to specify the countries that constitute advanced economies for the purpose of specifying risk-weights for the sensitivities to equity.
The European Banking Authority (EBA) published the final draft regulatory technical standards specifying and, where relevant, calibrating the minimum performance-related triggers for simple.
The European Central Bank (ECB) is undertaking the integrated reporting framework (IReF) project to integrate statistical requirements for banks into a standardized reporting framework that would be applicable across the euro area and adopted by authorities in other EU member states.
The European Banking Authority (EBA) has been awarded the top European Standard for its environmental performance under the European Eco-Management and Audit Scheme (EMAS).
The Monetary Authority of Singapore (MAS) set out the Financial Services Industry Transformation Map 2025 and, in collaboration with the SGX Group, launched ESGenome.
The Basel Committee on Banking Supervision met, shortly after a gathering of the Group of Central Bank Governors and Heads of Supervision (GHOS), the oversight body of BCBS.