• INMA Part 4.2 INMA Part 4.2 Risk management

    • INMA 4.2.1 INMA 4.2.1 Risks to be addressed

      (1) In its risk management strategy an INMA firm must identify all the risks to which the firm is exposed.
      (2) An INMA firm's risk management policy must address at least operational risk, reputational risk and liquidity risk. Each of those kinds of risk is described in Schedule 1.
      (3) If an INMA firm is exposed (because of the nature, scale and complexity of its business, or for any other reason) to any of the other kinds of risk described in Schedule 1, or a risk of any other kind, that risk must also be addressed in the firm's risk management policy.
      Derived from QFCRA RM/2014-4 (as from 1st January 2015).

      • INMA 4.2.1 Guidance

        1 Schedule 1 gives guidance about what, in the Regulatory Authority's view, should be included in an INMA firm's risk management policy.
        2 The list in Schedule 1 is not exhaustive. With the exception of operational, reputational and liquidity risk, the Regulatory Authority accepts that not all firms will be exposed to all of the risks there described.
        Derived from QFCRA RM/2014-4 (as from 1st January 2015).

    • INMA 4.2.2 Risk management policy

      An INMA firm's risk management policy must reflect the nature, scale and complexity of the firm's operations and must include:

      (a) the kinds of risk mentioned in rule 4.2.1(2) and other kinds of risk that it has identified itself as exposed to;
      (b) the firm's strategies, policies, procedures and processes to deal with those risks;
      (c) the firm's assessment of whether its financial resources are adequate to address those risks;
      (d) procedures for reporting on compliance with the policy to the firm's governing body and senior management, and for ensuring that the policy is embedded within the firm's decision-making;
      (e) triggers and scope for reviewing the policy in the light of changed conditions and factors affecting the firm's risk appetite, risk profile, business activities and financial resources; and
      (f) procedures for reporting the results of the reviews to the firm's governing body and senior management.
      Derived from QFCRA RM/2014-4 (as from 1st January 2015).

    • INMA 4.2.3 Staff understanding of risks

      An IMNA firm must ensure that its staff clearly understand:

      (a) the firm's risk management strategy and policy; and
      (b) the kinds of risk mentioned in rule 4.2.1(2) and the other kinds of risk that the firm is exposed to;
      so that the staff can identify, assess, manage and mitigate those risks effectively.

      Derived from QFCRA RM/2014-4 (as from 1st January 2015).

    • INMA 4.2.4 Governing body's obligation

      An INMA firm's governing body must evaluate the suitability and effectiveness of the information and reports that it and the firm's senior management receive under the firm's risk management policy. The test of suitability and effectiveness is whether the information and reports are suitable for effectively overseeing and implementing the firm's risk management strategy and policy.

      so that the staff can identify, assess, manage and mitigate those risks effectively.

      Derived from QFCRA RM/2014-4 (as from 1st January 2015).