Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people, and systems, or from external events. It is managed through a mandated framework of internal procedures and monitoring mechanisms. Each subsidiary is obligated to implement a strict segregation of duties, where transaction booking, recording, and monitoring are performed by staff independent of those initiating the transactions.
Adherence to internal control policies including delegation of authority, exception reporting, exposure management, and timely remediation is mandatory. Also, it must be supported by reliable management reporting. Ongoing monitoring is enforced by independent Internal Control units to ensure absolute compliance with key control functions and to mitigate the risk of misrepresentation or failed internal processes.