Operational Risk Assessment meaning

Purpose of this Checklist This checklist supports Solvency II UK firms in aligning governance, systems and controls with the expectations of the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA). It should be read alongside Practice Note: Governance, systems and controls requirements for insurers, which provides a more detailed overview of the relevant requirements. Governance and organisational structure Confirm the board holds ultimate accountability for compliance with PRA, FCA and applicable legislative obligations. Establish a robust system of governance, featuring a transparent organisational structure with clearly allocated and segregated responsibilities. Regularly review and update written policies covering risk management, internal control, internal audit and, where relevant, outsourcing. Maintain documented governing body approvals for significant decisions and policy changes. Risk management Implement and embed an effective risk‑management system within decision‑making, ensuring ongoing identification, measurement, monitoring, management and reporting of risks. Incorporate comprehensive strategies, stress testing, scenario analysis and development of the own risk and...

This checklist supports an organisation with the due diligence and risk assessment vital to the effective selection of outsourcing service providers. Refer also to: Outsourcing supplier interview questions—checklist and Outsourcing supplier interview questions (finalist supplier selection)—checklist. Question Yes/No Comments Does the appraisal of the proposed supplier address some, if not all, of the following: Experience in delivering and supporting the proposed activity? [Yes/No] [comment] Audited financial statements for the supplier and its key affiliates? [Yes/No] [comment] Business reputation, complaints, and any litigation? [Yes/No] [comment] ...

Checklist Intensifying geopolitical conflict — including open hostilities, regional volatility, cyber interference and closure of sea lanes — can exert rapid, multifaceted strain on energy-sector contracts. This checklist offers a structured, practical approach to evaluating force majeure (FM) risk in an active conflict or war setting, and to judging whether FM can be effectively invoked under English law. It also maps how that assessment intersects with frustration and contractual termination rights, and sets out drafting considerations for parties to weigh in future transactions so that FM provisions expressly address war risks. It is intended for legal and commercial teams operating across oil and gas, LNG, trading, infrastructure and energy supply chains, where disruption frequently stems from direct physical impossibility at the point of delivery, or indirectly via upstream or downstream domino effects. The objective is not solely to test the viability of an FM claim, but also to enable informed, risk-aware choices in rapidly evolving conflict environments. This checklist focuses on FM arising from war-related physical and operational disruption....

In this issue: New technologies Internet Data protection Media Advertising, marketing and sponsorship Reputation management Telecommunications LexTalk®TMT: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary Trackers Useful information New technologies DSIT releases report and impact assessment on copyright and artificial intelligence DSIT, the Department for Culture, Media and Sport (DCMS) and the Intellectual Property Office have jointly issued a report and an impact assessment exploring the use of works protected by copyright in the training and development of AI systems. These have been published pursuant to sections 135 and 136 of the Data (Use and Access) Act 2025. See: LNB News 18/03/2026 44. EDPS unveils Compass on supervision and enforcement under the EU AI Act The European Data Protection Supervisor (EDPS) has released its Compass setting out its expanded role under the EU AI Act as a market surveillance authority...

In this issue: UK, EU and international regulators and bodies Prudential requirements Risk management and controls Operational resilience Financial crime and sanctions Complaints, compensation and claims management Investigations, enforcement and discipline Regulation of capital markets Sustainable finance and ESG Banks and mutuals Investment funds and asset management Consumer credit, mortgage and home finance Regulation of insurance Payment services and systems Fintech and cryptoassets Regulation of AI in FS Dates for your diary New and updated content Financial Services Enforcement Database Daily and weekly news alerts LexTalk®Financial Services: a Lexis®Nexis community UK, EU and international regulators and bodies ESAs publish spring 2026 joint risk update The three European Supervisory Authorities—the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority—have released their Joint Committee spring 2026 update examining risks and vulnerabilities across the EU financial system....

In this issue: UK, EU and international regulators and bodies Authorisation, approval and supervision Accountability, culture and social governance Prudential requirements Operational resilience Financial crime and sanctions Complaints, compensation and claims management Investigations, enforcement and discipline Regulation of capital markets Regulation of derivatives Banks and mutuals Investment funds and asset management MiFID II Regulation of insurance Payment services and systems Fintech and cryptoassets Financial Services Enforcement Database Daily and weekly news alerts Intraday news alerts New and updated content Dates for your diary UK, EU and international regulators and bodies ESAs highlight role of behavioural insights in supervisory and policy work The three European Supervisory Authorities — the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA) — have issued a joint report arising from their February 2024 workshop on integrating...

This Practice Note contains guidance on assessing the risk of your organisation causing or contributing to an adverse human rights impact Human rights due diligence and risk assessment are not presently mandated by UK law; however, they remain a core element of the corporate responsibility to respect human rights under the UN Guiding Principles on Business and Human Rights (UNGPs). Adopting these practices is also sound business sense, helping to safeguard an organisation against operational and reputational risks linked to causing or contributing to adverse human rights impacts. In addition, particular facets of the responsibility to respect human rights may already be required by domestic legislation, such as health and safety, non-discrimination, or environmental laws. The EU Corporate Sustainability Due Diligence Directive, Directive (EU) 2024/1760 (CSDDD), further introduces compulsory human rights and environmental due diligence obligations for the largest companies within the European Union and, in some instances, for those operating outside it...

1. What is the applicable legislation? The core law regulating foreign direct investment in Indonesia is Law No. 25 of 2007 on Capital Investment (the Investment Law). Several of its provisions have been updated by Law No. 6 of 2023 on the Stipulation of Government Regulation in Lieu of Law No. 2 of 2022 on Job Creation (the Omnibus Law). In addition, a number of implementing regulations apply, some of which are noted below. 2. Which government or other body (or bodies) reviews foreign investments? In general, the Ministry of Law and Human Rights of the Republic of Indonesia (MOLHR) supervises corporate activities in Indonesia, including foreign investment. Supervision is also carried out by the Ministry of Investment/Indonesia Investment Coordinating Board (Badan Koordinasi Penanaman Modal or BKPM). Regarding licensing, foreign investment licences and facilities are centralised at BKPM via the Online Single Submission (OSS) business licensing platform, with approvals issued under a risk-based assessment. Certain operational licences needed for particular sectors or business activities are processed...

Real estate finance is a type of secured lending. Some motivations for taking security in a real estate finance deal mirror in practice the general benefits of security seen in commercial lending (see Practice Note: Difference between security and quasi-security—Why take security and/or quasi-security?). However, security assumes heightened significance here because the borrower is commonly a special purpose vehicle (SPV) (also referred to as a special purpose company or SPC) incorporated solely for the contemplated transaction (that is, to acquire, or to acquire and develop, a property). Consequently, the borrower will lack an operational track record and its assets will be limited to the property itself and, where relevant, the development of that property. See Practice Note: Introduction to real estate finance—the lending structure—Borrower entities in real estate finance transactions. Due to the SPV structure, a lender’s assessment of the borrower’s standalone credit risk typically carries less weight in real estate finance than under a conventional corporate loan. One method by which the borrower can strengthen its credit profile...

1 Introduction 1.1 We have carried out an organisation-wide review to identify where we face the greatest exposure to involvement in money laundering, terrorist financing and/or proliferation financing. This record sets out the risks considered and the determinations made. The individual accountable for this risk assessment is [ insert name/role ]. 1.2 Our review took into account: the profile and demographic of our customer base; the geographical areas we operate in; the sectors we operate in; the [ services AND/OR products ] we offer; the type of transactions we are involved in, including delivery channels; existing and future business partnerships and opportunities; and our internal or operational risks...

This corporate criminal liability risk management plan documents the actions we have taken to design and roll out suitable measures to manage corporate criminal liability risks within [ insert organisation name ]. It addresses six key areas: risk assessment; risk-based measures; top-level commitment; due diligence; communication and training; and monitoring and review. 1 Risk assessment Carry out a risk assessment. Action Comment □ Pinpoint senior managers and define the breadth of their authority. [ Add any notes you wish to include in connection with this action point ] □ Examine governance processes. [ Add any notes you wish to include in connection with this action point ] □ Evaluate the offences encompassed by corporate criminal liability provisions. [ Add any notes you wish to include in connection with this action point ] □ Review day-to-day operational risk factors, eg around senior management recruitment. [ Add any notes you wish to include in connection with this action point ] [ □...

1 Introduction 1.1 This policy provides a summary of the Company’s measures to ensure we fulfil our health and safety duties towards employees and wider stakeholders, including people visiting our sites and anyone impacted by our activities, effectively and consistently. 1.2 This policy is non-contractual, and the Company may change it at any time. 1.3 The Company intends this policy to serve as guidance to support our continuing operational decision-making, and as a benchmark against which any procedures put in place can be evaluated...