- Latest available (Revised)
- Original (As adopted by EU)
Commission Delegated Regulation (EU) 2018/959Show full title
Commission Delegated Regulation (EU) 2018/959of 14 March 2018supplementing Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to regulatory technical standards of the specification of the assessment methodology under which competent authorities permit institutions to use Advanced Measurement Approaches for operational risk(Text with EEA relevance)
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
Opening Options
More Resources
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: SECTION 1
Changes to legislation:
Commission Delegated Regulation (EU) 2018/959,
SECTION 1
is up to date with all changes known to be in force on or before 16 February 2026. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
EUR 2018 No. 959 may be subject to amendment by EU Exit Instruments made by both the Prudential Regulation Authority and the Financial Conduct Authority under powers set out in The Financial Regulators’ Powers (Technical Standards etc.) (Amendment etc.) (EU Exit) Regulations 2018 (S.I. 2018/1115), regs. 2, 3, Sch. Pt. 4. These amendments are not currently available on legislation.gov.uk. Details of relevant amending instruments can be found on their website/s.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to Chapter 2 Section 1:
- Regulation revoked by 2023 c. 29 Sch. 1 Pt. 1 3
SECTION 1 U.K. Governance
Article 7U.K.Operational risk management process
1.Competent authorities shall assess the efficacy of an institution's AMA framework for the governance and management of operational risk and that a clear organisational structure with well-defined, transparent and consistent lines of responsibility exists by confirming at least the following:
(a)that the institution's management body discusses and approves the governance of operational risk, the operational risk management process and the operational risk measurement system;
(b)that the institution's management body clearly defines and determines the following on at least an annual basis:
(i)
the institution's operational risk tolerance;
(ii)
the institution's operational risk tolerance written statement on the aggregate level of operational risk loss and event types, containing both qualitative and quantitative measures including thresholds and limits based on operational risk loss metrics that the institution is willing or prepared to incur in order to achieve its strategic objectives and business plan, ensuring that it is available and understood throughout the institution;
(c)that the institution's management body monitors the institution's compliance with the operational risk tolerance statement referred to in point (b) (ii) on a continuous basis;
(d)that the institution applies an on-going operational risk management process to identify, assess and measure, monitor and report operational risk, including misconduct events, and is able to identify the staff responsible for the management of operational risk process;
(e)that the information resulting from the process referred to in point (d) is transmitted to the relevant committees and executive bodies of the institution, and that the decisions arising from those committees are communicated to those responsible within the institution for the collection, control, monitoring and management of operational risk and to those responsible for managing activities that give rise to operational risk;
(f)that the institution evaluates the effectiveness of its operational risk governance, operational risk management process and operational risk measurement system on at least an annual basis;
(g)that the institution notifies the relevant competent authority of the findings of the evaluation referred to in point (f) on at least an annual basis.
2.For the purposes of the assessment referred to in paragraph 1, competent authorities shall take into account the impact of the operational risk governance structure on the level of engagement in operational risk management and culture by the staff of the institution, including at least the following:
(a)the level of awareness, on behalf of the staff of the institution, of operational risk policies and procedures;
(b)the institution's internal process for challenging the design and the effectiveness of the AMA framework.
Article 8U.K.Independent operational risk management function
1.Competent authorities shall assess the independence of the operational risk management function from the institution's business units by confirming at least the following:
(a)that the operational risk management function undertakes the following tasks separately from the institution's business lines:
(i)
the design, development, implementation, maintenance and oversight of the operational risk management process and the operational risk measurement system;
(ii)
the analysis of the operational risk associated with the introduction and development of new products, markets, lines of business, processes, systems and significant changes to existing products;
(iii)
the oversight of business activities that may give rise to an operational risk exposure that could breach the institution's risk tolerance;
(b)that the operational risk management function receives appropriate commitment by the management body and senior management and is of adequate stature within the organization for fulfilling its tasks;
(c)that the operational risk management function is not also responsible for the internal audit function;
(d)that the head of the operational risk management function meets at least the following requirements:
(i)
an appropriate level of experience to manage the actual and prospective operational risk, as indicated by the operational risk profile;
(ii)
regular communication with the management body and its committees as mandated by the risk management structure of the institution;
(iii)
active involvement in the elaboration of the institution's operational risk tolerance and strategy for its management and mitigation;
(iv)
independence from the operational units and functions reviewed by the operational risk management function;
(v)
allocation of a budget for the operational risk management function by the head of risk management referred to in the fourth subparagraph of Article 76(5) of Directive 2013/36/EU or a member of the management body in a supervisory capacity and not by a business unit or executive function.
Article 9U.K.Senior management involvement
Competent authorities shall assess the degree of involvement of senior management of an institution by confirming at least the following:
(a)
that senior management is responsible for implementing the operational risk governance and management framework approved by the management body;
(b)
that senior management has been empowered by the management body to develop policies, processes and procedures for managing operational risk;
(c)
that senior management is implementing the policies, processes and procedures for managing operational risk referred to in point (b).
Article 10U.K.Reporting
Competent authorities shall assess whether the reporting of an institution's operational risk profile and management of operational risk is sufficiently regular, timely and robust by confirming at least the following:
(a)
that problems relating to the institution's reporting systems and internal controls are identified quickly and accurately;
(b)
that the institution's operational risk reports are distributed to appropriate levels of management and to areas of the institution which the reports have identified as an area of concern;
(c)
that the institution's senior management receives at least quarterly reports on the latest status of the institution's operational risk profile and uses these reports in the decision making process;
(d)
that the institution's operational risk reports contain relevant management information and at least a high-level summary of the top operational risks of the institution and of the relevant subsidiaries as well as business units;
(e)
that the institution uses ad hoc reports in case of certain deficiencies in the policies, processes and procedures for managing operational risk to promptly detect and address these deficiencies and therefore substantially reduce the potential frequency and severity of a loss event.’
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Chapter
PrintThis Section only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.