CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
-
Upload
uzair-shakeel -
Category
Documents
-
view
213 -
download
0
Transcript of CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
-
7/29/2019 CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
1/4
1/4
CEIOPS-DOC-24-07
QIS4 Qualitative questionnaireOperational risk (both solo entities and groups)
1 INTRODUCTION .......................................................................... 22 QUALITATIVE QUESTIONNAIRE ..................................................... 33 MORE INPUT FROM UNDERTAKINGS .............................................. 4
-
7/29/2019 CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
2/4
2/4
1 INTRODUCTIONORQ.1. The QIS3 qualitative questionnaire allowed CEIOPS to evaluate
the status of implementation of operational risk managementsystems in (re)insurance undertakings.
ORQ.2. According to the governance requirements proposed in theLevel 1 Framework Directive Proposal, this questionnaire showed thecurrent situation and demonstrated the difficulties that some of the
undertakings will face in complying with the new risk management
rules.ORQ.3. Nevertheless, a majority of the market is anticipating
Solvency II and has implemented, or plans to implement, operational
risk management strategies, policies and procedures.
ORQ.4. The implementation of strategies, policies and proceduresconcerning operational risk is a necessary prerequisite to ensuring
that an undertaking identifies, assesses, manages, monitors andcontrols the operational risk in an appropriate manner; it does not
suffice to conclude that proper risk management actually takesplace.
ORQ.5.
The goal of supervision will be to assess the adequacy of thesystem implemented, taking into account the scale, nature and
complexity of the risks in order to feel confident that operational risk
is suitably dealt with.
ORQ.6. CEIOPS considers that the rationale behind the considerationof the quality of the operational risk management system to reducethe operational risk capital charge in the standard SCR formula
needs further discussion.
ORQ.7. While CEIOPS needs to elaborate more on this issue, itconsiders necessary asking undertakings for more information.
-
7/29/2019 CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
3/4
3/4
2 QUALITATIVE QUESTIONNAIREORQ.8. Please answer the following questions:
a. Does your operational risk management system capture theoperational risk events and near misses in day-to-day managementin practice?
b. Does your undertaking quantify and keep a record of the operationalrisk events and near misses that have occurred?
c. What are the methods used to quantify the operational risk eventsand near misses that have occurred?
d. Does your undertaking categorise the operational risk events andnear misses?If yes, in what categories?
e.What methods do you use to quantify operational risk, both inrespect of the size of possible events and their likelihood?
f. How far do records of operational risk events and near misses thathave occurred go back?
ORQ.9. Regarding the operational risk events and near misses thathave occurred in the last five years please answer the followingquestions:
g. How many operational risk events and near misses has yourundertaking registered?
h. Describe them, explain what kind of mitigation techniques were inplace at the time of the event, and quantify their impact.
i. Have your undertaking introduced new mitigation techniques afteranalysing the above described events and which ones?
-
7/29/2019 CEIOPS-DOC-24-07 QIS4 OpRisk - Qualitative Questionnaire
4/4
4/4
ORQ.10. In case the undertaking does not have an individualcategorisation, the following categories may be used in describingthese events:
ORQ.11. Categorisation of Operational risk events based on thecategories proposed by The Operational Risk Insurance Consortium
(ORIC):
- Intentional misconduct (internal fraud);- Unauthorised activities by external parties (external fraud);- Employment practices and workplace safety;- Clients, product and business practices;- Damage to physical assets;- Business disruption and system failures;- Business process risks.
ORQ.12. In case the undertaking has not quantified the impact it shouldbe categorised in the following classes:
- No effect;- Negligible effect;- Negative effect but no major impact on the day-to-day business;- Negative effect and potential major impact on the day-to-daybusiness;- Negative effect and major impact on the day-to-day business.
3 MORE INPUT FROM UNDERTAKINGSORQ.13. Please answer the following question:
j. Considering your operational risk management system implementedincluding the mitigation techniques, do you think the capital charge
of the standard formula, as calculated in QIS4, is adequate?Why or why not?
Regarding groups the questionnaire is the same, but groupsshould only answer when the operational risk management is
performed at a group level.