GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY SUPPLIERS
|
|
- Neil Jordan
- 6 years ago
- Views:
Transcription
1 GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY RATIONALE This Policy has been designed to assist in managing the risk of potential interruptions from a range of internal and external incidents or threats including environmental and climatic issues, terrorism, econominc instabilities, pandemic and operational incidents and to minimise the impact on customers, colleagues and the banking system. The overall risk includes the following risk drivers: Failure to effectively identify and classify business processes, their end to end dependencies and to plan, prepare and implement an effective Business Continuity strategy and response framework for significant incidents Failure to respond effectively to significant incidents Failure to assess the effectiveness of Business Continuity strategy and readiness to respond to significant incidents Failure to review and update the response framework for significant incidents Failure to maintain an effective and resilient end to end control environment for Critical Business Processes (CBPs) Failure to effectively prepare, respond and learn from Building Incidents Failure to plan an effective IT Disaster Recovery (DR) Proving Strategy Failure to implement effective ITDR proving and exercising Failure to assess an effective and fully assured ITDR position Failure to review and update the ITDR proving Strategy and provision. In addition this Policy has been designed to support compliance with the following legislation and / or regulations which includes but is not limited to: The Financial Conduct Authority (FCA) Handbook and the Prudential Regulation Authority (PRA) Rulebook. FCA Senior Management Arrangements, Systems and Controls (SYSC). The Operational Resilience requirements in this Policy apply to Suppliers providing a service in support of the Group s Critical Business Processes (CBPs) only. The Group has no appetite for disruptions beyond defined recovery timescales to its material business operations, including impacts to critical customer or colleague services, as a consequence of inadequate or ineffective resiliency and recovery strategies or continuity systems and controls. Customer Impact The Group s vision is to be the best bank for customers. The Group Continuity Policy supports this vision by ensuring; Appropriate availability of customer products and services and the infrastructure supporting them. The Group s requirements for delivering fair outcomes for customers can continue to be met in the event of an incident. Page 1 of 7
2 SCOPE A proactive and consistent approach to resilience across the Group, through increased knowledge of the CBPs. This third party version of the Policy applies to any Supplier that provides goods or services that may be impacted by continuity risks if any of the following apply: The service supplied to the Group has to be available in less than 24 hours. The service supplied to Group supports a Cat A, B, C CBP They host a Lloyds Banking Group system. They provide services either directly or indirectly to Group s customers. MANDATORY REQUIREMENTS GENERAL The Supplier must establish a Resilience & Continuity policy, which is approved in accordance with the Supplier s governance structure, that provides a framework for setting Resilience & Continuity objectives and defines the standards for their implementation and operation. This policy must be reviewed and updated at defined intervals, on a 12 monthly basis as a minimum. The Supplier must appoint a person, in accordance with the Supplier s governance structure, to be accountable for implementation of this policy, monitoring the Key Controls & Indicators defined below and for confirming to the Group s Supplier Manager that the Supplier s Resilience & Continuity capability meets the Group s requirements. The Group s approach to Resilience & Continuity is based on four core principles; Operational Resilience, Business Continuity Management, IT Disaster Recovery and Incident Response. Operational Resilience Suppliers who are critical to the delivery of the CBPs must meet the following requirements: The Supplier must provide sign off on an annual basis to the respective LBG Supplier Manager that the service outlined in the Security Schedule can be met and understand the role they play in the Recovery Time Objective (RTO) of the CBP. The Supplier must review their LBG contractual agreements on a 12 monthly basis with Supplier Manager to ensure it remains up to date and fit for purpose. The Supplier must provide confirmation that any changes made to the contractual agreements by LBG are understood & embedded within the agreed time scales set by the Supplier Manager. The Supplier must comply with any annual assurance undertaken by LBG. Issues identified as a result of the assurance must have appropriate action plans in place with defined dates for action closure. Page 2 of 7
3 The Supplier must define and document the roles and responsibilities of all key person dependencies that underpin the service supporting the LBG CBP. The Supplier must ensure that key staff supporting the CBP service are aware of their roles & responsibilities in relation to the service supporting the LBG CBP on a minimum 12 monthly basis through inductions or training. This may be evidenced by the maintenance of a local induction/training log for key staff. The Supplier must identify 4th party Suppliers that are critical to the delivery of the service supporting the LBG CBP and should evidence their ability to meet the CBP Recovery Time Objective (RTO) & Recovery Time Capability (RTC). Any deficiencies/risks must be documented, and actioned where necessary in line with risk appetite. The Supplier must identify and document those applications/systems that are critical to the delivery of their service supporting the LBG CBP. The Supplier must have appropriate plans in place to manage cyber attacks relating to Confidentiality, Integrity and Availability of the service supporting the LBG CBP. The Supplier must ensure that there are no Single Point/s of Failure (SPOF) in relation to key person dependencies as part of the service supporting the LBG CBP. The Supplier must ensure that details of key person dependencies, BUs and their continuity arrangements are detailed in the appropriate Business Continuity Plan. The Supplier must ensure that, as a minimum, cross site capability is in place for those services provided in support of an LBG CBP. Business Continuity (BC) The Supplier must undertake a business continuity impact and risk assessment, at least annually (every ) or in the event of significant operational change. The assessment must identify and classify processes, operational locations, Suppliers/Providers, IT systems, applications and data relative to the impact their interruption or denial would have on the business activities they undertake for or on behalf of the Group and its customers. The assessment should also define minimum recovery requirements including timescales and resources required to continue to provide the contracted goods or services within agreed service levels. A Continuity strategy and plan to provide operational resilience to reduce the likelihood of interruptions and to mitigate the impact of incidents must be developed and documented. This must evidence as a minimum how the Supplier will manage the denial of people or premises, loss of IT systems or applications (including IT Disaster Recovery arrangements), data or telecommunications and disruption to their supply chain. The Supplier must implement and keep up to date documented plans on a 12 Page 3 of 7
4 monthly basis for managing an incident and any subsequent recovery based on objectives and timescales agreed with the Group. Where a material change to business operations is planned the Supplier must review and update all relevant Continuity documentation and provision ahead of this being implemented. A formal maintenance cycle must be put in place to achieve this requirement. The capability of the strategy and plans to meet the Group s requirements must be evidenced through an annual (12 monthly) programme of tests and exercises. IT Disaster Recovery (ITDR) Suppliers who host IT systems or applications used by the Group must also meet the following requirements: Design Requirements The Supplier must implement, as directed by the Group s Application (Data) Owner, IT Disaster Recovery requirements based on the required availability of the system or application. The level of availability will be derived from the Group s Business Impact Assessment (BIA) process and the requirements must be detailed in the contract for provision of the system or application. Those systems that are critical (break the service chain) to the Group s CBPs must be designed to be hosted in a data centre. Disaster Recovery Proving Requirements The Supplier must perform, as directed by the Group s Application (Data) Owner, proving of IT Disaster Recovery capability on target recovery infrastructure. Proving is required to evidence that recovery can be achieved in line with the objectives i.e. that the Recovery Time Capability (RTC) and Recovery Point Capability (RPC) meet the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) specified by the Group. ITDR capability and proving frequency requirements must be detailed in the contract for provision of the system or application. The critical and core infrastructure that underpins the Supplier s technology infrastructure must also be tested on an annual (12 month) basis. Any failed Disaster Recovery Proving must be retested successfully within 3 months of the failure and the Group s Supplier Manager advised so that non compliance to ITDR requirements can be notified to the Group s Application (Data) owner. Implementation Proving New implementations or significant changes to hosted systems or applications must complete Disaster Recovery Proving, including LBG connectivity, prior to release into production/live to evidence the recovery objectives can be met and should be advised to the Group s Supplier Manager so that they can engage appropriate resources within the Group. Page 4 of 7
5 Incident Response (IR) The Supplier must have a defined Incident Response structure to ensure that incidents will be identified, escalated and effectively managed. The structure should allow the Supplier to: Decide and communicate the Supplier s strategic response to the incident. Manage the operational outcomes of an incident, including implementation of actions to mitigate the impact to the Group. Provide the Group with an immediate report on becoming aware of an incident that may impact the Group s customers or the Supplier s ability to continue to provide the contracted goods or services within agreed service levels. The Incident Response structure must be tested through a relevant scenario based exercise at least annually (every ). DEFINITIONS Disaster Recovery Proving Recovery Time Objective Recovery Point Objective Recovery Time Capability Recovery Point Capability Proving Frequency Core Infrastructure Critical Infrastructure Process for performing structured proving of the system to determine the actual RTC and RPC against the RTO and RPC specified in the BIA The time required to switch from the Primary System to a Disaster Recovery System from the point of Recovery Invocation. The acceptable amount of data loss measured in time following the failure of a System The amount of time taken to switch from the primary System to a disaster recovery System from the point of Recovery Invocation The amount of data loss measured in time following the failure of a System The maximum time period between DR proving events. Core Infrastructure is what the Group might reasonably expect to be provided without having to specifically list them in the contract Examples: Antivirus, Active Directory. Critical Infrastructure is the underpinning infrastructure owned and supported by an IT Supplier that supports Group systems. Examples: Networks, DHCP, DNS. KEY CONTROLS and KEY INDICATORS The following indicators must be monitored and reported on by the business to evidence operating effectiveness of the mandatory key controls. Key Control(s) Key Indicator(s) Monitoring frequency Operational Resilience structure in place and tested annually 1. Critical CBP Suppliers must confirm and evidence their capability to meet CBP RTO requirements. This includes confirmation that: a) roles and responsibilities in Page 5 of 7
6 Business Continuity Strategy and Plans are tested annually Annual IT Disaster Recovery Proving programme for critical systems and core technology infrastructure in line with the proving schedule Incident Response structure in place and tested annually relation to key person CBP dependencies are defined and documented b) all applications/systems are critical to the delivery of their service have been identified and documented c) no Single Point/s of Failure (SPOF) in relation to key person dependencies have been identified as part of the service d) there is cross site capability for those services provided in support of the LBG CBP 2. Critical CBP Suppliers must provide evidence they have appropriate plans in place to manage cyber attacks relating to Confidentiality, Integrity and Availability of the service supporting the LBG CBP. 1. Undertake the risk assessment annually 2. Develop a strategy and plan 3. Undertake testing and provide proof that changes have been implemented 4. Provide proof that the Supplier s BC capability meets Group requirements 1. RTC and RPC for the system has been published by the Supplier 2. RTC & RPC meet RTO and RPO requirements as per relevant BIA(s) for system 3. Provide proof that the supplier s ITDR capability meets Group requirements 1. Incident Response structure defined and implemented 2. Undertake annual scenario based exercise 3. Number of incidents reported to the Group 4. Provide proof that the Supplier s IR capability meets Group requirements MANDATORY REQUIREMENTS NON-COMPLIANCE Page 6 of 7
7 Any material differences between the requirements set out above and the Supplier s own controls should be raised with the Accountable Executive for the relationship by the Supplier Manager and reported to relevant Risk team. Version Number Effective Date 1.0 April 2014 Next Planned Revision: March September January December June 2017 Page 7 of 7
GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP RESILIENCE & CONTINUITY POLICY (INCLUDING INCIDENT MANAGEMENT) SUMMARY FOR THIRD PARTY RATIONALE This Policy sets out the Group's requirements for a robust resilience and continuity approach to protect
More informationAn executive summary should include the purpose of having a BCP for your business and highlight the key points in your plan:
A Business Continuity Plan (BCP) helps you prepare for a major disruption to your business. It puts processes and plans in place to respond to these events and enable you to limit the impact these events
More informationASX CLEAR OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationAUSTRACLEAR REGULATIONS Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationPrincipal risks and uncertainties
Principal risks and uncertainties Our risk management approach We take a bottom up, top down approach to risk management, first building a picture of the principal risks at divisional level, then consolidating
More informationIntroduction. Aim. Respond to a disruptive incident (Incident Management Phase)
Page no: 1 of 10 Approved: 18 July 2016 Introduction... 1 Aim... 1 Action in the event of disruption... 2 Incident Management Phase... 2 Business Continuity Phase... 2 Resumption and Recovery Phase...
More informationRisks and uncertainties facing the business
Identifying and managing our risks The Board is responsible for the Group s system of risk management and internal control. Risk management is recognised as an integral part of the Group s activities.
More informationGROUP RECORDS MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP RECORDS MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE Lloyds Banking Group (the Group) and its Third Party Suppliers (suppliers) have moral, legal and regulatory obligations to create,
More informationContingency Plan and Continuity of Business for Regional and Global Companies
Contingency Plan and Continuity of Business for Regional and Global Companies Ramiro Antezana, Latam and Mexico TTS Operations Head & Customer Experience, Citi Evolution of Business Continuity shaped by
More informationBCMS APPROACH. Implementing Business Continuity for Organization
BCMS APPROACH Implementing Business Continuity for Organization BC INSTANCES Flight EK521 arriving from Trivandrum, India crash-lands in Dubai 282 passengers and 18 crew on board including 24 Britons One
More informationGROUP PAYMENTS POLICY SUPPLIER VERSION SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP PAYMENTS POLICY SUPPLIER VERSION SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE The Group Payments Policy ensures that the expectations of our customers are met when it comes to their transactional
More informationPRISM Supervisory Commentary 2018
PRISM Supervisory Commentary 2018 March 2018 Page 2 PRISM Supervisory Commentary 2018 Central Bank of Ireland Table of Contents 1. Foreword... 3 2. Executive Summary... 4 3. Background... 8 4. Overview
More informationCode Subsidiary Document No. 0007: Business Continuity Management
Code Subsidiary Document No. 0007: Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected Version 1.0 Page 2 of 28 Table of Contents 1. Introduction...
More informationS L tr lo a y t d egy s Cyber -Attack
Lloyd s Cyber-Attack Strategy 02 Introduction The focus of this paper is on insurance losses arising from malicious electronic acts, referred to throughout as cyber-attack. The malicious act is the proximate
More informationGoodman Group. Risk Management Policy. Risk Management Policy
Goodman Group Contents 1. Overview... 3 1.1 Introduction... 3 1.2 Objectives of the... 3 1.3 Application... 3 1.4 Operative Provisions... 4 2. Risk Management... 5 2.1 Overview of Risk Management... 5
More informationPolicy Statement PS12/16 Financial Services Compensation Scheme management expenses levy limit 2016/17. March 2016
Policy Statement PS12/16 Financial Services Compensation Scheme management expenses levy limit 2016/17 March 2016 Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority,
More informationRSMR Portfolio Services Limited RSMR-PS Pillar 3 Disclosure
RSMR Portfolio Services Limited RSMR-PS Pillar 3 Disclosure 1 Introduction Firms are required under the Senior Management Arrangements, Systems and Controls (SYSC) manual of the Financial Conduct Authority
More informationBAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2018
BAILLIE GIFFORD Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2018 Contents Introduction and Context 3 Purpose of Disclosures Scope Basis of Preparation Governance Arrangements
More informationFinancial Review. Volume (case equivalents) 8.4m 8.2m 2% Core revenue 706.7m 663.1m 7% Brand investment expenditure 125.7m 120.
Financial Review MANAGEMENT KEY PERFORMANCE INDICATORS 2018 2017 % movement Volume (case equivalents) 8.4m 8.2m 2% Presented in constant currency rates: Core revenue 706.7m 663.1m 7% Brand investment expenditure
More informationRisks and risk management
Strategic report Risks and risk management In 20 we undertook a comprehensive risk review and present our updated findings in this report. Nick Anderson Chairman, Risk Management Committee Board Reports
More informationRisk Management: Process and Culture in ESB
Risk Management: Process and Culture in ESB Marie Sinnott Group Compliance, Risk and Environment Manager esb.ie ESB s Risk Profile esb.ie ESB Overview: Vertically Integrated Utility Networks Generation
More informationBANK OF AMERICA MERRILL LYNCH FINANCIALS CONFERENCE. George Culmer 25 September 2018
BANK OF AMERICA MERRILL LYNCH FINANCIALS CONFERENCE George Culmer 25 September 2018 Unique business model generating strong and sustainable returns Distinctive competitive strengths Differentiated multi-brand,
More informationSenior arrangements, Systems and Controls. Chapter 13. Operational risk: systems and controls for insurers
Senior arrangements, Systems and Controls Chapter Operational risk: systems and controls for insurers SYSC : Operational risk: Section.1 : Application.1 Application.1.1 SYSC applies to an insurer unless
More informationPillar 3 Disclosures Year ended 31 st December 2017
Pillar 3 Disclosures Year ended 31 st December 2017 1 Contents 1. Introduction 3 2. Board and Committee structure 3 3. Capital resources 4 4. Capital requirements 4 5. Key risks 5 6. Directors 9 2 1. Introduction
More informationPILLAR 3 DISCLOSURES MERCER UK AUGUST 2016
PILLAR 3 DISCLOSURES MERCER UK AUGUST 2016 CONTENTS 1. Background... 1 1.1 Basis of Disclosures... 2 1.2 Frequency of Publication... 2 1.3 Verification... 2 1.4 Media & Location of Publication... 2 2.
More informationLloyds Bank plc. Half-Year Management Report. For the half-year to 30 June Member of the Lloyds Banking Group
Lloyds Bank plc Half-Year Management Report For the half-year to 30 June 2015 Member of the Lloyds Banking Group FORWARD LOOKING STATEMENTS This document contains certain forward looking statements with
More informationPrinciples, Regulations & Standards for Business Continuity Management. Richard Bale, Head of BCM, London IBM BC&RS User Group 7 February 2007
Principles, Regulations & Standards for Business Continuity Management Richard Bale, Head of BCM, London IBM BC&RS User Group 7 February 2007 1 Agenda Principles Regulations Other Regulatory Activities
More informationBAILLIE GIFFORD. Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2017
BAILLIE GIFFORD Governance, Risk Management and Capital Disclosures ( Pillar 3 ) June 2017 Contents Introduction and Context 3 Purpose of Disclosures Scope Basis of Preparation Governance Arrangements
More informationSouth Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG001 Version: Version 1 Approval date 27 March 2014 Date ratified: 27 March 2014 Name of Author and Lead Jules
More informationRisk Management Policy
Risk Management Policy 1 Purpose and scope of this Policy 1.1 CSG Limited (CSG) is committed to managing its risks in a consistent and practical manner. Effective risk management is directly focussed on
More informationBreaking down OpRisk Value-at-Risk for management purposes
for management purposes Stefan Look, Deutsche Börse 1 OpRisk Value-at-Risk at Deutsche Börse Group Breaking down OpRisk Value-at-Risk Deutsche Börse Group 2 Operational Risk Analysis Operational Risk at
More informationWater risk identification
OECD/Dutch Ministry of Economic Affairs, 9th Nov 2016: Managing Water Risks for Agriculture - a Discussion with the Private Sector Water risk identification Dr Nicole Dando Senior Technical Manager - Water
More informationRISK MANAGEMENT MODULE
RISK MANAGEMENT MODULE MODULE RM (Risk Management) Table of Contents RM-A RM-B RM-1 RM-2 RM-3 RM-4 RM-5 RM-6 RM-7 RM-8 Date Last Changed Introduction RM-A.1 Purpose 01/2011 RM-A.2 Module History 04/2014
More informationEnhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking
Draft 11/29/16 Enhanced Cyber Risk Management Standards Advance Notice of Proposed Rulemaking The left column in the table below sets forth the general concepts that the federal banking agencies are considering
More informationStrategic Report Risk and risk management ENGINEERING SUSTAINABLE VALUE BY MANAGING RISK
Strategic Report Risk and risk management ENGINEERING SUSTAINABLE VALUE BY MANAGING RISK In 2016 we undertook a risk appetite assessment and in 2017 we will be reviewing the structure of our internal audit
More informationRedburn (Europe) Limited Pillar 3 Disclosures
REDBURN PILLAR 3 DISCLOSURES 30 SEPTEMBER 2017 Important Notice On 20 September 2017, the FCA approved a variation in regulatory permissions requested by Redburn (Europe) Limited (the Company ), such that
More information1.1. This document forms the Council s Risk Management Strategy. It sets out:
1. Introduction Bovey Tracey Town Council RISK MANAGEMENT STRATEGY 1.1. This document forms the Council s Risk Management Strategy. It sets out: - What is risk management - Why the Council needs a risk
More informationNagement. Revenue Scotland. Risk Management Framework
Nagement Revenue Scotland Risk Management Framework Table of Contents 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy statement... 3 3. Risk management approach... 4 3.1 Risk management
More informationRISK MANAGEMENT FRAMEWORK
RISK MANAGEMENT FRAMEWORK Approving authority Approval date University Council 5 August 2013 (3/2013 meeting) Advisor Vice President (Corporate Services) vpcorporateservices@griffith.edu.au (07) 373 57343
More informationBank of Scotland plc Half-Year Results. Member of the Lloyds Banking Group
Bank of Scotland plc 2018 Half-Year Results Member of the Lloyds Banking Group FORWARD LOOKING STATEMENTS This document contains certain forward looking statements with respect to the business, strategy,
More informationRISK MANAGEMENT POLICY
B A R R A M U N D I L I M I T E D RISK MANAGEMENT POLICY February 2018 THE OBJECTIVES OF RI SK MANAGEMENT Risk management is the systematic process of managing an organisation's risk exposures to achieve
More informationValu-Trac Investment Management Limited Pillar 3 Disclosure
Valu-Trac Investment Management Limited Pillar 3 Disclosure The Capital Requirements Directive (CRD) of the European Union created a revised regulatory capital framework across Europe governing how much
More informationSCOTTISH JUNIOR FOOTBALL ASSOCIATION DISASTER RECOVERY PLAN (DRP) & BUSINESS CONTINUITY PLAN
SCOTTISH JUNIOR FOOTBALL ASSOCIATION DISASTER RECOVERY PLAN (DRP) & BUSINESS CONTINUITY PLAN CONTENTS Section1: Section 2: Section 3: Section 4: Section 5: Section 6: Statement of Intent Policy Statement
More informationDraft: Memorandum of Understanding between the Prudential Regulation Authority and the Financial Services Compensation Scheme Ltd.
Draft: Memorandum of Understanding between the Prudential Regulation Authority and the Financial Services Compensation Scheme Ltd. Purpose and Scope 1 The Financial Services Compensation Scheme (the Scheme)
More informationTopic RISK MANAGEMENT Procedure Category Risk Management Updated 07/2011
Topic RISK MANAGEMENT Procedure 07.01 Category Risk Management Updated 07/2011 RELATED POLICIES, PROCEDURES AND FORMS Policies Procedures Forms Risk Management Policy Code of Conduct Public Interest Disclosure
More informationEnterprise England is a small charity, currently with no staff and relying upon outsourced consultants.
Issue 2: 1 February 2018 Business Continuity Plan Introduction Enterprise England is committed to ensuring business continuity in the event of an unplanned crisis or incident. This document aims analyse
More informationCBRE Clarion Securities UK Limited PILLAR 3 RISK DISCLOSURES April 2017
CBRE Clarion Securities UK Limited PILLAR 3 RISK DISCLOSURES April 2017 1. Introduction The Capital Requirements Directive (CRD) sets out regulatory capital adequacy standards and an associated supervisory
More informationRelevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority
Relevance of Operational Risk to the FCA Jill Savager Manager, Operational Risk, Financial Conduct Authority IOR Scottish Chapter Annual Conference Glasgow Caledonian University 01/11/13 1 What we will
More informationENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK
ANNEXURE A ENTERPRISE RISK MANAGEMENT POLICY FRAMEWORK CONTENTS 1. Enterprise Risk Management Policy Commitment 3 2. Introduction 4 3. Reporting requirements 5 3.1 Internal reporting processes for risk
More informationInternal governance. Supervisory Statement SS21/15. April 2015
Supervisory Statement SS21/15 Internal governance April 2015 (Updated August 2015) Prudential Regulation Authority 20 Moorgate London EC2R 6DA Prudential Regulation Authority, registered office: 8 Lothbury,
More informationFinancial Risk. Operational Risk. Strategic Risk. Compliance Risk. Chapter 2 Risk management. What is risk?
Chapter 2 Risk management What is risk? Business risk is a circumstance or factor that may have a significant negative impact on the operations or profitability of a given business. Business risk can result
More informationRisk Management at Central Bank of Nepal
Risk Management at Central Bank of Nepal A. Introduction to Supervisory Risk Management Framework in Banks Nepal Rastra Bank(NRB) Act, 2058, section 35 (a) requires the NRB management is to design and
More informationASX SETTLEMENT OPERATING RULES Guidance Note 9
OFFSHORING AND OUTSOURCING The purpose of this Guidance Note The main points it covers To provide guidance to participants on some of the issues they need to address when offshoring or outsourcing their
More informationTilman Brewin Dolphin Limited Pillar 3 Disclosures
Tilman Brewin Dolphin Limited Pillar 3 Disclosures 23 rd December 2016 Contents Section 1. Overview 2. Disclosures 3. Risk Management Objectives and Policies 4. Operational Risks 5. Financial Risks 6.
More informationEnterprise Risk Management
Enterprise Risk Management Dave Heller Vice President and Chief Compliance Officer Qwest Risk Management September 21, 2004 Acknowledgement The information contained within the first half of this presentation
More informationRisk category Category description Risk appetite
V. RISK MANAGEMENT Doing business inherently involves taking risks. By managing these risks, TNT strives to secure a sustainable performance. Therefore, TNT operates a risk management framework that allows
More informationM_o_R (2011) Foundation EN exam prep questions
M_o_R (2011) Foundation EN exam prep questions 1. It is a responsibility of Senior Team: a) Ensures that appropriate governance and internal controls are in place b) Monitors and acts on escalated risks
More informationPillar 3 Disclosure and Policy. Stenham Asset Management (UK) Plc. ( The Firm )
Pillar 3 Disclosure and Policy Stenham Asset Management (UK) Plc. ( The Firm ) May 2017 The following information is provided pursuant to the Pillar 3 disclosure rules as laid out by the Financial Conduct
More informationPerpetual s Risk Management Framework
Perpetual s Risk Management Framework Perpetual s Risk Management Framework Context Perpetual Limited (Perpetual) is a diversified financial services firm, listed on the Australian Securities Exchange.
More informationPRINCE2 Sample Papers
PRINCE2 Sample Papers The Official PRINCE2 Accreditor Sample Examination Papers Terms of use Please note that by downloading and/or using this document, you agree to comply with the terms of use outlined
More informationRisk Management Strategy
Resources Risk Management Strategy Successful organisations are not afraid to take risks; Unsuccessful organisations take risks without understanding them. Issue: Version 3 - November 2011 Group: Resources
More informationNagement. Revenue Scotland. Risk Management Framework. Revised [ ]February Table of Contents Nagement... 0
Nagement Revenue Scotland Risk Management Framework Revised [ ]February 2016 Table of Contents Nagement... 0 1. Introduction... 2 1.2 Overview of risk management... 2 2. Policy Statement... 3 3. Risk Management
More informationSupervisory Statement SS21/15 Internal governance. April (Updating October 2014)
Supervisory Statement SS21/15 Internal governance April 2017 (Updating October 2014) Prudential Regulation Authority 20 Moorgate London EC2R 6DA Supervisory Statement SS21/15 Internal governance April
More informationLLOYDS BANKING GROUP PLC ANNUAL REPORT AND ACCOUNTS FOR THE YEAR ENDED 31 DECEMBER 2017
21 February 2018 LLOYDS BANKING GROUP PLC ANNUAL REPORT AND ACCOUNTS FOR THE YEAR ENDED 31 DECEMBER In accordance with Listing Rule 9.6.1, Lloyds Banking Group plc has submitted today the following document
More informationSpecial Edition: FCA Regulatory Business Plan 18/19
Special Edition: FCA Regulatory Business Plan 18/19 The FCA has released its annual Business Plan setting out its priorities for the financial year. As well as setting out new crosssector priorities, some
More informationRisk Management Policy and Strategy
Risk Management Policy and Strategy Version: 2.1 Bodies consulted: Approved by: Directors and Managers responsible for risk Board of Directors Date Approved: 28 March 2017 Lead Manager: Lead Director:
More informationInsuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements?
Insuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements? With developments in technology and the increasing value of intangible assets, does the insurance
More informationCapital and Risk Management Pillar 3 Disclosures
Capital and Risk Management Pillar 3 Disclosures For Year Ended 31 st December 2016 Contents 1. Introduction... 3 1.1 Background... 3 1.2 Scope... 3 1.3 Frequency of Disclosure... 4 2. Key Measures & Ratios...
More informationRISK MANAGEMENT ANNUAL REPORT
ITEM 15B RISK MANAGEMENT ANNUAL REPORT 2017/2018 Lead Executive Director Report Prepared By Mr Calum Campbell, Chief Executive Mrs Carol McGhee, Corporate Risk Manager Approved By Corporate Management
More informationContents. Copyright The City of Calgary. All rights reserved. Reprinted with Permission.
Contents 1 What is business continuity? 3 Why should my business have a plan? 3 How to develop a business continuity plan 4 STEP ONE: Analyze your business 5 STEP TWO: Assess the risks 6 STEP THREE: Develop
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationPreparing a business continuity plan
Preparing a business continuity plan Disaster strikes when you least expect it. Hopefully, a disaster will never happen, but if it does you need to be prepared so that the disruption to your organisation
More informationInternational Certificate in Financial Services Risk Management. Qualification Syllabus. Building excellence in risk management
Institute of Risk Management International Certificate in Financial Services Risk Management Building excellence in risk management Qualification Syllabus 0 2017 Institute of Risk Management Overview of
More informationMUSTER AG RISK MANAGEMENT
MUSTER AG RISK MANAGEMENT Risk Management Policy Risk Management Process Risk Management Guidelines Version 1.0 as of 9. October 2011 TABLE OF CONTENTS 1. PRINCIPLES OF RISK MANAGEMENT... 3 1.1. Concept...
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer
More informationConsultation Paper CP29/17 International banks: the Prudential Regulation Authority s approach to branch authorisation and supervision
Consultation Paper CP29/17 International banks: the Prudential Regulation Authority s approach to branch authorisation and supervision December 2017 Consultation Paper CP29/17 International banks: the
More informationOccupational Health and Safety (OHS) Incident Management: The Role of Business Continuity
Occupational Health and Safety (OHS) Incident Management: The Role of Business Continuity Michael Torrance, Senior Associate, Occupational Health, Safety and Security 21 March 2013 Introduction Topics
More informationFinalised guidance. Individual Liquidity Systems Assessment (ILSA) Simplified ILAS BIPRU Firms (ILSA) Simplified ILAS BIPRU Firms.
Financial Services Authority Finalised guidance Individual Liquidity Systems Assessment (ILSA) Simplified ILAS BIPRU Firms April 2011 Individual Liquidity Systems Assessment (ILSA) Simplified ILAS BIPRU
More informationPrincipal risks and uncertainties
Principal risks and uncertainties A key challenge for any business is to identify the principal risks it faces and to develop and monitor appropriate controls. A successful risk management process balances
More informationThe ITC Compliance Network
i The ITC Compliance Network The Concept From 14th January 2005, any business engaging in General Insurance activity must be regulated by the Financial Conduct Authority (FCA), formerly the Financial Services
More informationAnnual Report and Accounts 2017
Annual Report and Accounts 2017 Financial review Page Strategic report 3 Report of the directors 73 Statement of directors responsibilities 79 Independent auditor s report to the members of National Westminster
More informationBusiness Case for BCM
The Business Case for BCM The Business Case for BCM The Business Continuity Institute s report on the tangible benefits of BCM programmes based on a worldwide survey of practitioners Published March 2010
More informationBUSINESS CONTINUITY PLANNING. Alberta Public Housing Administrators Association Conference October 2017
BUSINESS CONTINUITY PLANNING Alberta Public Housing Administrators Association Conference October 2017 Recent Major Disasters Horse River wildfires Southern Alberta floods Gainford CN Derailment Slave
More informationMEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework
MEMORANDUM To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 Re: ERM Policy and Framework Executive Summary Attached are the draft Enterprise Risk Management
More informationBlack Pearl Securities Limited Black Pearl Governance Arrangement and Management of Risk Framework
Black Pearl Securities Limited Black Pearl Governance Arrangement and Management of Risk Framework 1 Introduction Firms are required under the Senior Management Arrangements, Systems and Controls (SYSC)
More informationHELPING BRITAIN PROSPER
HELPING BRITAIN PROSPER Lloyds Banking Group CONTENTS Executive summary 2 Introduction 3 Disclosure policy 4 Scope of consolidation 5 Risk management 10 The regulatory capital framework 12 Capital management
More informationRisk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY
NHS Education for Scotland RISK MANAGEMENT STRATEGY January 2016 1 Contents 1. NES STATEMENT ON RISK MANAGEMENT 2 RISK MANAGEMENT STRATEGY 3 RISK MANAGEMENT STRUCTURES 4 RISK MANAGEMENT PROCESSES 5 RISK
More informationIFRS 9 Financial Instruments : Transition. Lloyds Banking Group plc
IFRS 9 Financial Instruments : Transition Lloyds Banking Group plc March 2018 BASIS OF PREPARATION At 31 December 2017, Lloyds Banking Group plc and its subsidiaries (the Group) prepared its financial
More informationBusiness Continuity Plan. The 12 Steps Model. Business Continuity Plan. Emergency Contingency Crisis Castastrophe Disaster.
1 Origin (Manufactur er / Supplier) Dispatching Port Business Continuity Plan. Unloading Port The 12 Steps Model Destination Fundamentals 2 Emergency Contingency Crisis Castastrophe Disaster 1 Emergencies
More informationLloyd s City Risk Index
Lloyd s City Risk Index 2015-2025 lloyds.com/cityriskindex Executive Summary About Lloyd s Lloyd s is the world s only specialist insurance and reinsurance market that offers a unique concentration of
More informationCONTROLLED DOCUMENT. Version Number: 4.1. On: January 2018 Review Date: June 2016 Distribution: Essential Reading for: Information for: 1 of 15
Risk Management Strategy and Policy CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: PURPOSE: Controlled Number: Document Strategy/Policy Governance To set out the principles and framework for the management
More informationBS11: OUTSOURCING POLICY
BS11: OUTSOURCING POLICY Purpose of document This document sets out the Reserve Bank s policy for outsourcing by banks. Prudential Supervision Department Document BS11 Document version history 2 January
More information17. Reduction. 17 REDUCTION p1
17. Reduction Summary Reduction involves identifying and analysing risks to life and property from hazards, taking steps to eliminate those risks if practicable, and, if not, reducing the magnitude of
More informationRisk Management Policy & Procedures. Premier Ltd.
Risk Management Policy & Procedures Premier Ltd. [1] Risk management is attempting to identify and then manage threats that could severely impact the organization. Generally, this involves reviewing operations
More informationManaging Olympic Risks. Dr Will Jennings University of Southampton
Managing Olympic Risks Dr Will Jennings University of Southampton Outline 1. Risk and mega-events: complexity and decision-making under uncertainty 2. A brief history of risk management and the Olympics
More informationLloyds Bank plc. Q Interim Management Statement. 25 October 2017
Lloyds Bank plc Q3 2017 Interim Management Statement 25 October 2017 BASIS OF PRESENTATION This release covers the results of Lloyds Bank plc (the Bank) together with its subsidiaries (the Group) for the
More informationSupervisory Statement SS5/17 Dealing with a market turning event in the general insurance sector. July 2017
Supervisory Statement SS5/17 Dealing with a market turning event in the general insurance sector July 2017 Supervisory Statement SS5/17 Dealing with a market turning event in the general insurance sector
More informationRISK MANAGEMENT ANNUAL REPORT 2016/2017
RISK MANAGEMENT ANNUAL REPORT 2016/2017 Lead Executive Director Dr Iain Wallace, Medical Director Report Prepared By Mrs Carol McGhee, Corporate Risk Manager Approved By Corporate Management Team May 2017
More informationInperio Limited, 150 Minories, London, EC3N 1LS, United Kingdom Tel +44 (0)
UK Terrorism Insurance Brochure Prepared August 2016 Inperio Limited, 150 Minories, London, EC3N 1LS, United Kingdom Tel +44 (0)203 176 5640 www.inperio.co.uk Company Registration number 09052181An Appointed
More information