Securities firms that use modelling in management operations shall establish risk management systems that conform to the following regulations and incorporate such systems in the internal control procedures for control purposes:
- Securities firms shall establish appropriate policies and procedures for risk management, obtain approval from their boards for such policies and procedures, and review and amend the same from time to time, in order to assess and supervise the compliance of risk control mechanisms. Contents of the policies and procedures must include, at the very least:
- The organizational structure of risk management in regard to the supervision, planning, and execution of risk management affairs, including the board, the risk management unit, business unit, and other relevant departments, with their roles and responsibilities stipulated.
- The basis of the risk control mechanisms, including the regulations (procedures), directions (or rules) etc. , with the hierarchy for proposals and approvals specified.
- The implementation of risk control procedures, including setting limits on the extent of risk to be taken, examination and monitoring, handling over-limit risk, management by exception, risk reporting and other operating procedures.
- Procedures for examining the scope of risks, function of control and, accuracy and comprehensiveness of sources of data, as shall be covered by the risk management information system.
- Procedures for regular and irregular assessments of the effectiveness of risk management execution.
- Securities firms shall set out the roles and responsibilities of the board of directors, risk management unit, and other business units as follows:
- Board of directors:
- Ensure risk management is being effectively executed, and be ultimately responsible for risk management.
- Review and approve the risk management policies.
- Decide the approval hierarchy for each risk management regulation.
- Supervise the overall execution of the risk management system.
- Risk management unit:
- Establish risk management policies.
- Ensure the execution of the risk management policies approved by the board.
- Establish various risk management rules and directions, and control the execution accordingly.
- Be responsible for the day-to-day valuation, oversight, and assessment of risk.
- Periodically (each day, each week, or each month) produce a risk management summary report and submit the same to management according to the procedures set.
- Examine the pricing models for financial products used by the business unit.
- Develop and maintain, or assist with the development and maintenance of the risk management information system.
- Business unit:
- Be involved in the establishment of risk management mechanisms, executing regular risk management and reporting for departments it is in charge of.
- Ensure that the business unit is using the pricing models at a consistently credible standard.
- Efficiently executive the internal control procedures of the business unit in compliance with laws and regulations and risk management policies.
- In order to assist the board of directors in planning and executing risk management tasks, a securities firm shall establish a risk management unit that is independent of the business unit and is at a level that is at or higher than the general manager's. The risk management unit shall regularly submit a risk control report to the board of directors. If material risk exposure is discovered that is likely to harm the sound operation of the securities firm, the risk management unit shall immediately implement appropriate measures and report to the board.
- The appointment and removal of the risk management unit manager shall be approved by the board. The risk management department manager shall be responsible for evaluating, overseeing, and assessing the day-to-day risk conditions of the securities firm and remain informed of the actual conditions of the execution of risk management policies.
- The verification and management of pricing models shall be executed by a risk management unit that is independent of the business unit.
- A securities firm shall create a suitable personnel training system according to the types of traded products and conditions of business development, in order to achieve the goal of effectively managing pricing models.