- Latest available (Revised)
- Original (As adopted by EU)
Commission Delegated Regulation (EU) 2018/959Show full title
Commission Delegated Regulation (EU) 2018/959of 14 March 2018supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards of the specification of the assessment methodology under which competent authorities permit institutions to use Advanced Measurement Approaches for operational risk(Text with EEA relevance)
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
Opening Options
More Resources
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: CHAPTER 1
Changes to legislation:
Commission Delegated Regulation (EU) 2018/959, CHAPTER 1 is up to date with all changes known to be in force on or before 26 January 2026. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
EUR 2018 No. 959 may be subject to amendment by EU Exit Instruments made by both the Prudential Regulation Authority and the Financial Conduct Authority under powers set out in The Financial Regulators’ Powers (Technical Standards etc.) (Amendment etc.) (EU Exit) Regulations 2018 (S.I. 2018/1115), regs. 2, 3, Sch. Pt. 4. These amendments are not currently available on legislation.gov.uk. Details of relevant amending instruments can be found on their website/s.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to Chapter 1:
- Regulation revoked by 2023 c. 29 Sch. 1 Pt. 1 3
CHAPTER 1U.K. GENERAL PROVISIONS
Article 1U.K.Assessment of Advanced Measurement Approaches
1.The assessment under which the competent authorities permit an institution to use Advanced Measurement Approaches (AMA) shall confirm that:
(a)the elements in Articles 3 to 6 are fulfilled;
(b)Chapters 2 and 3 are fulfilled;
(c)Chapter 4 is fulfilled where the institution has adopted the insurance and other risk transfer mechanisms referred to therein.
2.Chapters 1 to 4 shall be taken into account where competent authorities conduct the following:
(a)an assessment of the materiality of extensions and changes to the AMA used by an institution;
(b)an assessment of the sequential implementation plan to the AMA used by an institution;
(c)an assessment of an institution's return to the use of less sophisticated approaches in accordance with Article 313 of Regulation (EU) No 575/2013;
(d)the ongoing reviews of an AMA used by an institution.
Article 2U.K.Definitions
For the purposes of this Delegated Act, the following definitions shall apply:
(1)
‘body-tail modelling threshold’ means the loss value that separates the body from the tail of the loss distributions;
(2)
‘calculation data set’ means the portion of gathered data, either actual or constructed, that fulfils the necessary conditions to serve as input into the operational risk measurement system;
(3)
‘data collection threshold’ means the loss value from which an institution identifies and collects operational risk losses for management and measurement purposes;
(4)
‘date of accounting’ means the date when a loss or a provision against an operational risk event is first recognized in the Profit and Loss;
(5)
‘minimum modelling threshold’ means the loss value from which the frequency and severity distributions, either empirical or parametric, are fitted to the operational risk losses;
(6)
‘gross loss’ or ‘loss’ means the loss stemming from an operational risk event before recoveries of any type;
(7)
‘misconduct event’ means the operational risk event arising from willful or negligent misconduct, including inappropriate supply of financial services;
(8)
‘operational risk category’ means the level, such as the event type and the business line, at which an institution's operational risk measurement system generates separate frequency and severity distributions;
(9)
‘operational risk profile’ means the representation in absolute figures at a given point in time of an institution's actual and prospective operational risk;
(10)
‘operational risk tolerance’ means an institution's forward looking view, represented in absolute figures, of the aggregate level and types of operational risk that the institution is willing or prepared to incur which will not jeopardise its strategic objectives and business plan;
(11)
‘recovery’ means the occurrence related to the original loss that is independent of that loss and that is separate in time, in which funds or inflows of economic benefits are received from first or third parties;
(12)
‘risk measure’ means a single statistic on operational risk extracted from the aggregated loss distribution at the desired confidence level, including Value at Risk (VaR), or shortfall measures (e.g. Expected Shortfall, Median Shortfall);
(13)
‘System Development Life Cycle’ or ‘SDLC’ means the process for planning, creating, testing, and deploying an IT infrastructure;
(14)
‘timing loss’ means the negative economic impact booked in a financial accounting period due to an operational risk event impacting the cash flows or financial statements of previous financial accounting periods.
Article 3U.K.Operational risk events related to legal risk
1.Competent authorities shall confirm that an institution identifies, collects and treats data on operational risk events and losses related to legal risk for the purposes of both management of operational risk and calculation of the AMA own funds requirement by verifying at least all of the following:
(a)that the institution clearly identifies and classifies as operational risk losses or other expenses deriving from events that result in legal proceedings, including at least the following;
(i)
a failure to act where such action is necessary to comply with a legal rule;
(ii)
action taken to avoid compliance with a legal rule;
(iii)
misconduct events.
(b)that the institution clearly identifies and classifies as operational risk losses or other expenses resulting from voluntary actions intended to avoid or mitigate legal risks arising from operational risk events, including refunds or discounts of future services offered to customers voluntarily where such refunds are not offered as a result of customer complaints;
(c)that the institution clearly identifies and classifies as operational risk losses resulting from errors and omissions in contracts and documentation;
(d)that the institution does not classify the following as operational risk:
(i)
refunds to third parties or employees and goodwill payments due to business opportunities, where no breach of any rules or ethical conduct has occurred and where the institution has fulfilled its obligations on a timely basis;
(ii)
external legal costs where the underlying event is not an operational risk event.
For the purposes of paragraph (a), legal proceedings shall be considered to be all legal settlements, including both mandated court settlements and out of court settlements.
2.For the purposes of this Article, legal rules shall include at least the following:
(a)any requirement derived from national or international statutory or legislative provisions;
(b)any requirement derived from contractual arrangements, internal rules and codes of conduct established in accordance with national or international norms and practices.
(c)ethical rules.
Article 4U.K.Operational risk events related to model risk
Competent authorities shall confirm the following when assessing that an institution identifies, collects and treats data on operational risk events and losses that are related to model risk, as defined in point (11) of Article 3(1) of Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013, for the purposes of both management of operational risk and calculation of the AMA own funds requirement:
(a)
that at least the following events, and the related losses, resulting from models used for decision-making are classified as operational risk:
(i)
improper definition of a selected model and its characteristics;
(ii)
inadequate verification of a selected model's suitability for the financial instrument to be evaluated or the product to be priced, or its suitability for the applicable market conditions;
(iii)
errors in the implementation of a selected model;
(iv)
incorrect mark-to-market valuations and risk measurement as a result of a mistake when booking a trade into the trading system;
(v)
use of a selected model or its outputs for a purpose for which it was not intended or designed, including manipulation of the modelling parameters;
(vi)
untimely and ineffective monitoring of model performance to confirm whether the model remains fit for purpose.
(b)
that events related to the under-estimation of own funds requirements by internal models authorized by competent authorities are not included in the identification, collection and treatment of data on operational risk events and losses related to model risk.
Article 5U.K.Operational risk events related to financial transactions including those related to market risk
Competent authorities shall confirm that at least the following events, and the related losses, are classified as operational risk when assessing that an institution identifies, collects and treats data on operational risk events and losses that are related to financial transactions and market risk for the purposes of both management of operational risk and calculation of the AMA own funds requirement:
(a)
events due to operational and data entry errors, including the following:
(i)
failures and errors during the introduction or execution of orders;
(ii)
loss of data or misunderstanding of the data flow from the front to the middle and back offices of the institution;
(iii)
errors in classification;
(iv)
incorrect specification of deals in the term-sheet, including errors related to the transaction amount, maturities and financial features.
(b)
events due to failures in internal controls, including the following:
(i)
failures in properly executing an order to unwind a market position in case of adverse price movements;
(ii)
unauthorised positions taken in excess of allocated limits, irrespective of the type of risk they relate to.
(c)
events due to inadequate data quality and unavailability of IT environment, including technical unavailability of access to the market resulting in an inability to close contracts.
Article 6U.K.Quality and auditability of documentation
1.Competent authorities shall verify the quality of the documentation relating to the AMA used by an institution by confirming at least the following:
(a)that the documentation is approved at the appropriate management level of the institution;
(b)that the institution has policies in place outlining standards to ensure the high quality of internal documentation including specific accountability for ensuring that the documentation maintained is complete, consistent, accurate, updated, approved and secure;
(c)that the layout of the documentation set out in the policies referred to in point (b) identifies at least the following items:
(i)
type of document;
(ii)
author;
(iii)
reviewer;
(iv)
authorising agent and owner;
(v)
dates of development and approval;
(vi)
version number;
(vii)
history of changes to the document.
(d)that the institution thoroughly documents its policies, procedures and methodologies.
2.Competent authorities shall verify the auditability of the documentation relating to the AMA used by an institution by confirming at least the following:
(a)that the documentation is sufficiently detailed and accurate to allow examination of the AMA by third parties, including:
(i)
the understanding of the reasoning and procedures underlying its development;
(ii)
the understanding of the operational risk measurement system in order to determine how the AMA own funds requirements operates, its limitations and key assumptions and being able to replicate the model development.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThis Chapter only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.