Financial Crime World

Bank of Ghana Directive on Risk Management Frameworks for Regulated Financial Institutions

The Bank of Ghana (BoG) has issued a directive outlining the requirements for Risk Management Frameworks (RMFs) and Risk Management Declarations for Regulated Financial Institutions (RFIs). The key points of this directive are outlined below.

Risk Management Framework Requirements

In order to ensure effective risk management, RFIs must have an RMF that is:

  • Effective: The RMF should be designed to identify, measure, evaluate, control, mitigate, and report material risks.
  • Supported by adequate resources: The RFI must have sufficient human, financial, and technological resources to implement and maintain the RMF.
  • Compliant with this directive: The RMF must comply with all requirements outlined in this directive.

Comprehensive Review of Risk Management Framework

The BoG requires a comprehensive review of the RMF at least once every 3 years to assess whether it remains:

  • Appropriate: The RMF should be aligned with the RFI’s business strategy and risk appetite.
  • Consistent with the Board’s risk appetite: The RMF should reflect the Board’s risk tolerance and ensure that risks are managed in accordance with their risk appetite.
  • Effective: The RMF should be effective in identifying, measuring, evaluating, controlling, mitigating, and reporting material risks.

Risk Management Declaration

The Board must make an annual declaration on risk management, signed by:

  • Chairperson of the Board
  • Chairperson of the Board Risk Committee

This declaration should state that the RFI has put in place systems for ensuring compliance with prudential requirements, identified material risks, and ensured the effectiveness of its processes.

Notification Requirements

RFIs must notify the BoG within 10 business days of any:

  • Significant breach or deviation from the RMF: The RFI should report any significant breaches or deviations from the RMF to the BoG.
  • Material revision to their RMF: The RFI should inform the BoG of any material revisions to their RMF.
  • Changes to their operations that may affect their risk management framework: The RFI should notify the BoG of any changes to their operations that may impact their risk management framework.

Exemptions and Additional Directives

The BoG may:

  • Exempt categories of RFIs from specific requirements of this directive: Certain categories of RFIs may be exempted from specific requirements of this directive.
  • Issue further directives on material risk areas: The BoG may issue additional directives on material risk areas.

Annexure A: Specific Requirements for the Risk Management Declaration

The following are the specific requirements for the Risk Management Declaration:

  1. Compliance with prudential requirements: The RFI must ensure compliance with all relevant prudential requirements.
  2. Appropriate systems and resources for identifying, measuring, evaluating, controlling, mitigating, and reporting material risks: The RFI should have adequate systems and resources in place to identify, measure, evaluate, control, mitigate, and report material risks.
  3. Effective operation of internal control systems: The RFI’s internal control systems should be effective in ensuring the accuracy and reliability of financial information.
  4. Compliance with the RMF and RMS: The RFI must comply with all requirements outlined in their RMF and RMS.
  5. Satisfaction with the effectiveness of processes and management information systems: The RFI should be satisfied that its processes and management information systems are effective in ensuring compliance with prudential requirements.