Reserve Bank of India

30.04.2024

Banking

Guidance Note on Operational Risk Management and Operational Resilience

MANU/RMIC/0068/2024

1. Purpose.

1.1 Operational Risk is inherent in all banking/ financial products, services, activities, processes, and systems. Effective management of Operational Risk is an integral part of the Regulated Entities' (REs) risk management framework. Sound Management of Operational Risk shows the overall effectiveness of the Board of Directors and Senior Management in administering the RE's portfolio of products, services, activities, processes, and systems.

1.2 An operational disruption can threaten the viability of an RE, impact its customers and other market participants, and ultimately have an impact on financial stability. It can result from man-made causes, Information Technology (IT) threats (e.g., cyber-attacks, changes in technology, technology failures, etc), geopolitical conflicts, business disruptions, internal/external frauds, execution/ delivery errors, third party dependencies, or natural causes (e.g., climate change, pandemic, etc.).

1.3 An RE needs to factor in the entire gamut of risks (including the aforesaid risks in its risk assessment policies/ processes), identify and assess them using appropriate tools, monitor its material operational exposures and devise appropriate risk mitigation/management strategies using strong internal controls to minimize operational disruptions and continue to deliver critical operations, thus ensuring operational resilience.

1.4 Until recently, the predominant Operational Risks that REs faced emanated from vulnerabilities related to increasing dependence and rapid adoption of technology for provision of financial services and intermediation. However, the financial sector's growing reliance on third-party providers (including technology service providers) exacerbated by Covid-19 pandemic with greater reliance on virtual working arrangements, has highlighted the increasing importance of Operational Risk Management and Operational Resilience; which not only benefits the RE by strengthening its ability to remain a viable going concern but also supports the financial system by ensuring continuous delivery of critical operations during any disruption.

1.5 In view of the foregoing, the Reserve Bank, through this Guidance Note on Operational Risk Management and Operational Resilience (hereafter 'Guidance Note') intends to:

1.5.1 promote and further improve the effectiveness of Operational Risk Management of the REs, and

1.5.2 enhance their Operational Resilience given the interconnections and interdependencies, within the financial system, that result from the complex and dynamic environment in which the REs operate.

1.6 This Guidance Note updates the "Guidance Note on Management of Operational Risk" dated October 14, 2005. It has been prepared based on the Basel Committee on Banking Supervision (BCBS) principles documents issued in March 2021, viz., (a) 'Revisions to the Principles for the Sound Management of Operational Risk' and (b) 'Principles for Operational Resilience' as well as the some of the international best practices.

1.7 The Guidance Note has adopted a principle-based and proportionate approach to ensure smooth implementation across REs of various sizes, nature, complexity, geographic location and risk profile of their businesses. Although the exact approach may vary from RE to RE, the Guidance Note provides an overarching guidance to REs for improving and further strengthening their Operational Risk Management Framework (ORMF). It gives adequate flexibility to REs for Operational Risk Management to enhance their ability to withstand, adapt and recover from potential operational disruptions and ensure their Operational Resilience. The systems, procedures and tools prescribed in this Guidance Note are indicative in nature and should be read in conjunction with the relevant instructions issued by Reserve Bank from time to time. In case of inconsistency, if any, the relevant instructions issued by the Reserve Bank would prevail.

1.8 The operational risk regulatory capital requirements shall continue to be guided by the applicable guidelines1.

2. Application

2.1 This Guidance Note shall apply to the following REs:

2.1.1 All Commercial Banks2;

2.1.2 All Primary (Urban) Co-operative Banks/State Co-operative Banks/Central Co-operative Banks;

2.1.3 All All-India Financial Institutions (viz., Exim Bank, NABARD, NHB, SIDBI, and NaBFID); and

2.1.4 All Non-Banking Financial Companies including Housing Finance Companies.

3. Repeal and Transitional Arrangements

With the issuance of this Guidance Note the "Guidance Note on Management of Operational Risk" dated October 14, 2005, stands repealed.

4. Key changes

Key changes carried out in this Guidance Note vis-a-vis the repealed Guidance Note are given in Annex.

Tags : Guidance Note Operational Risk Management Operational Resilience

Share :