It is registered
Ministry of Justice
Russian Federation
On November 29, 2023 No. 76162
of October 2, 2023 No. 827-P
About requirements to risk management of the clearing organizations, the central partners, the central depositary and repositories regarding management of operational risk
This Provision based on Items 11 and 12 of part 1 of article 25 of the Federal Law of February 7, 2011 No. 7-FZ "About clearing, clearing activities and the central partner", Item 1 of article 32 of the Federal Law of December 7, 2011 No. 414-FZ "About the central depositary" and Item 5 of article 15.7 of the Federal Law of April 22, 1996 No. 39-FZ "About the security market" establishes requirements to risk management of the clearing organization regarding management of operational risk, requirements to risk management of the central partner regarding management of operational risk, requirements to activities of the central depositary regarding management of the operational risk connected with the implementation of activities of the central depositary, and the requirement to risk management system connected with implementation of repository activities regarding management of operational risk.
1. The clearing organization, the central partner, the central depositary and repository (further in case of joint mentioning - the financial organization) shall exercise risk management regarding risk of business disruption of the financial organization as a result of imperfection of internal business processes of the financial organization and (or) actions or failure to act of employees of the financial organization, mistakes in functioning of program technical means of the financial organization, and also as a result of external events and (or) actions or failure to act of the third parties (further - operational risk).
2. The financial organization shall perform on continuous basis identification of events of realization of operational risk (further - events of operational risk).
3. The financial organization shall determine the list of processes which violation owing to impact of events of operational risk attracts business disruption of the financial organization, including the engineering procedures requiring ensuring information exchange, processing and storage of information by means of program technical means of the financial organization (further respectively - crucial processes, the list of crucial processes), and also at least once a year to carry out the analysis of need of review of the list of crucial processes.
4. The financial organization shall distribute powers within management of operational risk between the board of directors (supervisory board), collegiate executive body of the financial organization (in case of its absence - sole executive body of the financial organization), and also between structural divisions of the financial organization.
5. The financial organization within management of operational risk shall:
5.1. Determine the list of program technical means which errors in functioning involve violation of crucial processes (further - crucial program technical means), and at least once a year to carry out the analysis of need of review of the list of crucial program technical means.
5.2. Identify threats which can lead to mistakes in functioning of crucial program technical means, and also perform permanent monitoring of condition of crucial program technical means regarding need of their updating.
5.3. Carry out test works concerning crucial program technical means in case of their putting into operation, including in case of their updating, taking into account possible change of amounts of the performed operations, prepare the report following the results of the carried-out test works and eliminate the defects revealed in operation of crucial program technical means following the results of the carried-out test works.
5.4. Perform replacement of crucial program technical means in case of exit them out of operation and (or) detection of their discrepancy to nature and to amount of the transactions made by the financial organization.
5.5. Establish, divide and exercise control of access rights of employees of the financial organization to crucial programmnotekhnichesky means.
5.6. Carry out at least once a year in the procedure established by the financial organization assessment of the performed activities for the purpose of identification of operational risk in case of which shall be performed:
identification and assessment by structural divisions of the financial organization of the operational risk arising in activities of structural division of the financial organization and (or) in activities of the financial organization by determination of probability of realization and negative impact from realization of operational risk (further - self-assessment), and also preparation of the report following the results of the carried-out self-assessment;
the modeling of scenarios of realization of operational risk including assessment of sources of emergence of event of operational risk and its negative impact on activities of the financial organization owing to implementation of the specified scenarios (further - modeling), and also preparation of the report following the results of the carried-out modeling.
5.7. Reveal the operational risk arising in connection with combination of activities of the financial organization with other activities and (or) transfer of separate functions of the financial organization to the third party.
5.8. Prevent cases of duplication of powers of structural divisions of the financial organization.
5.9. Provide protection against information safety hazards.
6. The financial organization within management of operational risk for the purpose of providing conditions for smooth functioning of crucial program technical means, and also recovery of activities of the financial organization in case of realization of event of operational risk shall:
6.1. Determine admissible (by the decision of the financial organization) time of recovery of crucial processes in case of their suspension.
6.2. Provide control of functioning of crucial program technical means.
6.3. Distribute powers between structural divisions of the financial organization in case of realization of event of operational risk.
6.4. Organize functioning of the reserve complex which is functionally duplicating the main complex of crucial program technical means (further respectively - the main complex, reserve complex), meeting the following requirements:
arrangement of reserve complex on the territorial removal from the main complex providing (according to the decision of the financial organization) protection of reserve complex against events of operational risk which source are the external events making impact on the main complex;
arrangement of reserve complex on the territorial removal from the main complex providing (according to the decision of the financial organization) possibility of employees of the financial organization to resume crucial processes in reserve complex during the time determined according to subitem 6.1 of this Item;
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.