Article 435

Capital Requirements Regulation (CRR) > PART EIGHT > TITLE II > Article 435
Article 435
Risk management objectives and policies
Main content: 

1. Institutions shall disclose their risk management objectives and policies for each separate category of risk, including the risks referred to under this Title. These disclosures shall include:

(a) the strategies and processes to manage those risks;

(b) the structure and organisation of the relevant risk management function including information on its authority and statute, or other appropriate arrangements;

(c) the scope and nature of risk reporting and measurement systems;

(d) the policies for hedging and mitigating risk, and the strategies and processes for monitoring the continuing effectiveness of hedges and mitigants;

(e) a declaration approved by the management body on the adequacy of risk management arrangements of the institution providing assurance that the risk management systems put in place are adequate with regard to the institution's profile and strategy;

(f) a concise risk statement approved by the management body succinctly describing the institution's overall risk profile associated with the business strategy. This statement shall include key ratios and figures providing external stakeholders with a comprehensive view of the institution's management of risk, including how the risk profile of the institution interacts with the risk tolerance set by the management body.

2. Institutions shall disclose the following information, including regular, at least annual updates, regarding governance arrangements:

(a) the number of directorships held by members of the management body;

(b) the recruitment policy for the selection of members of the management body and their actual knowledge, skills and expertise;

(c) the policy on diversity with regard to selection of members of the management body, its objectives and any relevant targets set out in that policy, and the extent to which these objectives and targets have been achieved;

(d) whether or not the institution has set up a separate risk committee and the number of times the risk committee has met;

(e) the description of the information flow on risk to the management body.