MAS Sets Out Good Practices to Manage Operational Risks Amid COVID
MAS and The Association of Banks in Singapore (ABS) jointly issued a paper that sets out good practices for the management of operational and other risks stemming from new work arrangements adopted by financial institutions amid the COVID-19 pandemic. The paper covers operational risks associated with outsourcing and other third-party arrangements, along with risks in the areas of information/data governance, cybersecurity, fraud and staff misconduct, and legal and regulatory compliance. The paper shares good practices adopted by financial institutions to mitigate such risks and encourages institutions to adopt these risk-mitigation practices on a risk-proportionate basis, according to their risk profiles and business activities. The mitigation practices set out in the paper are also applicable to non-bank financial institutions.
The paper predominantly focuses on the areas of risks where changes, due to remote working, have a direct impact on the risks and risk management challenges faced by financial institutions (referred to as direct risks). However, poorly managed direct risks of remote working could lead to heightened risks in areas that may not be directly impacted by remote working (referred to as indirect risks). The paper provides examples of indirect credit, market, and reputational risks. For instance, changes in validation processes that are conducted for credit assessment and monitoring purposes, such as replacement of customer site visits (for example, to ascertain existence of collateral pledged) with customer calls, could affect the ability of a financial institution to identify red flags in customer circumstances. The paper sets out the key actions that financial institutions are encouraged to adopt to manage remote working risks and these actions include the following:
- With respect to establishing appropriate internal control mechanisms, financial institutions are encouraged to implement compensating controls to manage identified risks within risk appetite statements approved by Board and senior management. Financial institutions are also encouraged to adopt robust change management procedures so that staff members understand and implement the new processes and controls as intended.
- With respect to outsourcing and other third-party arrangements, financial institutions should evaluate changes to vendor risk profiles with remote working, such as by assessing vendors’ remote working controls and operational resilience. Financial institutions should also implement appropriate safeguards and contingency plans to ensure continuity of services.
- For appropriate data/information governance, financial institutions should assess the risks and implications of information loss when determining which activities can be performed remotely. Financial institutions need to strengthen preventive and detective controls to mitigate these risks.
- To mitigate cyber risk, financial institutions are encouraged to implement controls to ensure that remote working infrastructure of staff, including personal devices, are secured. Financial institutions should also continue to adopt sound and robust technology risk management practices, to manage hardware and software deployed to facilitate large-scale remote working, including during the pandemic.
Keywords: Asia Pacific, Singapore, Banking, Insurance, Securities, COVID-19, Operational Risk, Operational Resilience, Technology Risk, Cyber Risk, Outsourcing Arrangements, Internal Controls, MAS
Related Articles
EBA Issues Erratum for Phase 2 Package of Reporting Framework 3.0
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
EBA Updates Lists of Entities for Use in Capital Calculations under SA
EBA published an erratum for the technical package on phase 2 of the reporting framework 3.0.
MAS Amends Notice on Related Party Transactions of Banks
MAS amended Notice 643A that addresses requirements for banks to prepare statements of exposures and credit facilities to related concerns or parties.
ECB Amends Guideline on Euro Short-Term Rate
ECB has published, in the Official Journal of the European Union, the Guideline 2021/565 on the euro short-term rate (€STR) and this guideline amends the previous ECB Guideline 2019/1265.
EBA Consults on Standards Related to FRTB-SA
EBA launched a consultation on the draft regulatory technical standards on the list of countries with an advanced economy for calculating the equity risk under the alternative standardized approach (FRTB-SA).
PRA Proposes Rules Related to IRB Approach for Credit Risk
PRA is proposing, via CP7/21, the approach to implementing new requirements related to the specification of the nature, severity, and duration of an economic downturn in the internal ratings-based (IRB) approach to credit risk.
BoE Outlines Regulatory Treatment of Recovery Loan Scheme of UK
The UK government launched the Recovery Loan Scheme (RLS) as part of its continued COVID-19 support for UK businesses, as announced by HM Treasury on March 03, 2021.
FSB Addresses G20 on COVID Measures, TBTF Reforms, and Climate Risks
FSB published a letter, from its Chair Randal K. Quarles, to the G20 Finance Ministers and Central Bank Governors, ahead of their virtual meeting on April 07, 2021.
OSFI Unwinds Temporary Increase to Covered Bond Limit for Banks
OSFI issued a letter to the deposit-taking institutions issuing covered bonds and announced the unwinding of the temporary increase to the covered bond limit for deposit-taking institutions, effective immediately.
EU Amends CRR and Securitization Regulation in Response to Pandemic
To support recovery from the COVID-19 crisis, EU has published two regulations to amend the securitization framework, as set out in the Securitization Regulation (2017/2402) and the Capital Requirements Regulation or CRR (575/2013).
