• CTRL 7.1.3 CTRL 7.1.3 What is risk management?

    Risk management, for an authorised firm, includes some or all of the following, according to the nature, scale and complexity of the firm’s business:

    (a) identifying, assessing and reporting risk management information (including information dealing with issues of corporate strategy, mergers and acquisitions, and major projects and investments) to the firm’s governing body and the firm’s senior executive function and senior management in a timely way;
    (b) assessing risk positions, risk exposures, the steps being taken to manage them and, if appropriate, pre-defined risk limits;
    (c) participating in the process of approving new products or significant changes to existing products;
    (d) preparing periodic reports to the firm’s governing body setting out an overview of risk management during the relevant period, sending a copy of each such report to the firm’s internal auditor and making the report available to the firm’s external auditors;
    (e) assessing risk events and identifying appropriate remedial action;
    (f) assessing changes in the firm’s risk profile;
    (g) identifying available resources to manage the firm’s risks;
    (h) facilitating business continuity planning and disaster recovery for the firm;
    (i) developing and maintaining external relationships relevant to risk management in the firm;
    (j) developing and maintaining effective risk management communication within the firm;
    (k) monitoring and assessing the adequacy and effectiveness of the firm’s risk management policies, procedures and controls.


    Derived from QFCRA RM/2020-4 (as from 1st July 2021)

    • CTRL 7.1.3 Guidance

      Other rules may contain specific requirements as to risk management for firms authorised to carry on particular regulated activities. In particular, operational risk is of particular importance to banking business firms and Islamic banking business firms. (For the meaning of operational risk, see BANK, rule 7.1.1 (2) and IBANK, rule 7.1.1 (2).) For the management of operational risk in banking business firms, see BANK, Part 7.2, and in Islamic banking business firms, see IBANK, Part 7.2.


      Derived from QFCRA RM/2020-4 (as from 1st July 2021)