Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Final Report on Guidelines on internal governance under Directive 2013/36/EU (EBA/GL/2021/05) (applicable from 31 December 2021)Executive summaryBackground and rationaleGuidelines on internal governance1. Compliance and reporting obligations (paras. 1-4)Status of these guidelines (paras. 1-2)Reporting requirements (paras. 3-4)2. Subject matter, scope and definitions (paras. 5-13)Subject matter (para. 5)Scope of application (para. 6-13)Definitions (para. 13)3. Implementation (paras. 14-15)Date of application (para. 14)Repeal (para. 15)4. Guidelines (paras. 16-234)Title I - Proportionality (paras. 16-19)Title II - Role and composition of the management body and committees (paras. 19-67)1 Role and responsibilities of the management body (paras. 19-27)2 Management function of the management body (paras. 28-31)3 Supervisory function of the management body (paras. 32-34)4 Role of the chair of the management body (paras. 35-39)5 Committees of the management body in its supervisory function (paras. 40-67)5.1 Setting up committees (paras. 40-45)5.2 Composition of committees (paras. 46-55)5.3 Committees’ processes (paras. 56-60)5.4 Role of the risk committee (paras. 61-63)5.5 Role of the audit committee (para. 64)5.6 Combined committees (paras.65-67)Title III - Governance framework (paras. 68-93)6 Organisational framework and structure (paras. 68-82)6.1 Organisational framework (paras. 68-70)6.2 Know your structure (paras,. 71-75)6.3 Complex structures and non-standard or non-transparent activities (paras. 76-82)7 Organisational framework in a group context (paras. 83-90)8 Outsourcing policy (paras. 91-93)Title IV - Risk culture and business conduct (paras. 94-140)9 Risk culture (paras. 94-98)10 Corporate values and code of conduct (pars. 99-104)11 Conflict of interest policy at institutional level (paras. 105-107)12 Conflict of interest policy for staff (paras. 108-131)12.1 Conflict of interest policy in the context of loans and other transactions with members of the management body and their related parties (paras. 120-128)12.2 Documentation of loans to members of the management body and their related parties and additional information (paras. 129-131)13 Internal alert procedures (paras. 132-138)14 Reporting of breaches to competent authorities (paras. 139-140)Title V - Internal control framework and mechanisms (paras. 141-224)15 Internal control framework (paras. 141-145)16 Implementing an internal control framework (paras. 146-151)17 Risk management framework (paras. 152-162)18 New products and significant changes (paras. 163-168)19 Internal control functions (paras. 169-178)19.1 Heads of the internal control functions (paras. 172-174)19.2 Independence of internal control functions (paras. 175)19.3 Combination of internal control functions (para. 176)19.4 Resources of internal control functions (paras. 177-178)20 Risk management function (paras. 179-203)20.1 RMF’s role in risk strategy and decisions (paras. 187-188)20.2 RMF’s role in material changes (paras. 189-190)20.3 RMF’s role in identifying, measuring, assessing, managing, mitigating, monitoring and reporting risks (paras. 191-197)20.4 RMF’s role in unapproved exposures (paras. 198-199)20.5 Head of the risk management function (paras. 200-203)21 Compliance function (paras. 204-213)22 Internal audit function (paras. 214-224)Title VI - Business continuity management (paras. 225-230)Title VII - Transparency (paras. 231-234)Annex I - Aspects to take into account when developing an internal governance policy5. Accompanying documents5.1. Draft cost-benefit analysis/impact assessment5.2. Summary of responses to the consultation and the EBA’s analysis
Related
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2 
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
None generated
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 20th June 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of 20 Risk management function (paras. 179-203)

PreviousNext
Version date: 2 July 2021 - onwards

20 Risk management function (paras. 179-203)

179. Institutions should establish a risk management function (RMF) covering the whole institution. The RMF should have sufficient authority, stature and resources, taking into account the proportionality criteria listed in Title I, to implement risk policies and the risk management framework as set out in Section 17.

180. The RMF should have, where necessary, direct access to the management body in its supervisory function and its committees, where established, including in particular the risk committee.

181. The RMF should have access to all business lines and other internal units that have the potential to generate risk, as well as to relevant subsidiaries and affiliates.

182. Staff within the RMF should possess sufficient knowledge, skills and experience in relation to risk management techniques and procedures, and markets and products, and should have access to regular training.

183. The RMF should be independent of the business lines and units whose risks it controls but should not be prevented from interacting with them. Interaction between the operational functions and the RMF should help to achieve the objective of all the institution’s staff bearing responsibility for managing risk.
20.1 RMF’s role in risk strategy and decisions (paras. 187-188)
20.2 RMF’s role in material changes (paras. 189-190)
20.3 RMF’s role in identifying, measuring, assessing, managing, mitigating, monitoring and reporting risks (paras. 191-197)
20.4 RMF’s role in unapproved exposures (paras. 198-199)
20.5 Head of the risk management function (paras. 200-203)
PreviousNext