Article 76
ISRB ToC ToC

Path:
Capital Requirements Directive (CRD) > TITLE VII > CHAPTER 2 > Section II > Sub-Section 2 > Article 76
Title:
Article 76
Links:
Description: 
Treatment of risks
Main content: 
1.  
Member States shall ensure that the management body approves and periodically reviews the strategies and policies for taking up, managing, monitoring and mitigating the risks the institution is or might be exposed to, including those posed by the macroeconomic environment in which it operates in relation to the status of the business cycle.
2.  
Member States shall ensure that the management body devotes sufficient time to consideration of risk issues. The management body shall be actively involved in and ensure that adequate resources are allocated to the management of all material risks addressed in this Directive and in Regulation (EU) No 575/2013 as well as in the valuation of assets, the use of external credit ratings and internal models relating to those risks. The institution shall establish reporting lines to the management body that cover all material risks and risk management policies and changes thereof.
3.  
Member States shall ensure that institutions that are significant in terms of their size, internal organisation and the nature, scope and complexity of their activities establish a risk committee composed of members of the management body who do not perform any executive function in the institution concerned. Members of the risk committee shall have appropriate knowledge, skills and expertise to fully understand and monitor the risk strategy and the risk appetite of the institution.

The risk committee shall advise the management body on the institution's overall current and future risk appetite and strategy and assist the management body in overseeing the implementation of that strategy by senior management. The management body shall retain overall responsibility for risks.

The risk committee shall review whether prices of liabilities and assets offered to clients take fully into account the institution's business model and risk strategy. Where prices do not properly reflect risks in accordance with the business model and risk strategy, the risk committee shall present a remedy plan to the management body.

Competent authorities may allow an institution which is not considered significant as referred to in the first subparagraph to combine the risk committee with the audit committee as referred to in Article 41 of Directive 2006/43/EC. Members of the combined committee shall have the knowledge, skills and expertise required for the risk committee and for the audit committee.

4.  
Member States shall ensure that the management body in its supervisory function and, where a risk committee has been established, the risk committee have adequate access to information on the risk situation of the institution and, if necessary and appropriate, to the risk management function and to external expert advice.

The management body in its supervisory function and, where one has been established, the risk committee shall determine the nature, the amount, the format, and the frequency of the information on risk which it is to receive. In order to assist in the establishment of sound remuneration policies and practices, the risk committee shall, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risk, capital, liquidity and the likelihood and timing of earnings.

5.  
Member States shall, in accordance with the proportionality requirement laid down in Article 7(2) of Commission Directive 2006/73/EC ( 16 ), ensure that institutions have a risk management function independent from the operational functions and which shall have sufficient authority, stature, resources and access to the management body.

Member States shall ensure that the risk management function ensures that all material risks are identified, measured and properly reported. They shall ensure that the risk management function is actively involved in elaborating the institution's risk strategy and in all material risk management decisions and that it can deliver a complete view of the whole range of risks of the institution.

Where necessary, Member States shall ensure that the risk management function can report directly to the management body in its supervisory function, independent from senior management, and can raise concerns and warn that body, where appropriate, where specific risk developments affect or may affect the institution, without prejudice to the responsibilities of the management body in its supervisory and/or managerial functions pursuant to this Directive and Regulation (EU) No 575/2013.

The head of the risk management function shall be an independent senior manager with distinct responsibility for the risk management function. Where the nature, scale and complexity of the activities of the institution do not justify a specially appointed person, another senior person within the institution may fulfil that function, provided there is no conflict of interest.

The head of the risk management function shall not be removed without prior approval of the management body in its supervisory function and shall be able to have direct access to the management body in its supervisory function where necessary.

( 1 ) Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).

( 2 ) OJ L 390, 31.12.2004, p. 38.

( 3 ) Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48).

( 4 ) Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (OJ L 173, 12.6.2014, p. 84).

( 5 ) OJ L 309, 25.11.2005, p. 15.

( 6 ) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

( 7 ) Regulation (EU) 2019/2033 of the European Parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms and amending Regulations (EU) No 1093/2010, (EU) No 575/2013, (EU) No 600/2014 and (EU) No 806/2014 (OJ L 314, 5.12.2019, p. 1).

( 8 ) Directive (EU) 2019/2034 of the European Parliament and of the Council of 27 November 2019 on the prudential supervision of investment firms and amending Directives 2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU (OJ L 314, 5.12.2019, p. 64).

( 9 ) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).

( 10 ) OJ L 331, 15.12.2010, p. 48.

( 11 ) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

( 12 ) OJ L 157, 9.6.2006, p. 87.

( 13 ) OJ L 222, 14.8.1978, p. 11.

( 14 ) OJ L 193, 18.7.1983, p. 1.

( 15 ) OJ L 120, 15.5.2009, p. 22.

( 16 ) Commission Directive 2006/73/EC of 10 August 2006 implementing Directive 2004/39/EC of the European Parliament and of the Council as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that Directive (OJ L 241, 2.9.2006, p. 26).

( 17 ) Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (OJ L 156, 19.6.2018, p. 43).

( 18 ) Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (OJ L 347, 28.12.2017, p. 35).

( 19 ) Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1).

( 20 ) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market and amending Directives 2002/65/EC, 2009/110/EC, 2013/36/EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35).

Topic: 
Internal governance
Q&A :
Paragraph: 
5
Links: 
2019_4972 Chief Risk Officer (CRO) Chairman Credit Risk Committee