4.4.3.3. Risk management function

Statutory and regulatory framework

  1. Brokerage Supervision Act: Articles 33 and 34
  2. NBB circulars: /
  3. International reference documents:
    • EBA/GL/2021/14 on internal governance => paragraphs 159 to 182

4:169 Pursuant to Article 33 §2 of the Brokerage Supervision Act, the risk management function ensures that all significant risks are detected, measured and duly reported. It should have access to all business lines and other internal units with the potential to generate risk, as well as to subsidiaries and affiliates. It should have an appropriate status and corresponding central position in the firm’s organisational structure. The risk management function should be actively involved in developing the firm’s risk strategy as well as in all management decisions with a significant impact in terms of risk and be able to provide a complete view of the entire range of risks to which the firm is exposed.

4:170 The tasks of the risk management function are described in detail in EBA/GL/2021/14. For more information on its role in (i) risk strategy and decisions, (ii) material changes, (iii) identifying, measuring, assessing, managing, mitigating, monitoring and reporting on risks, and (iv) risk limits, please see paragraphs 166 to 178 of EBA/GL/2021/14.

4:171 In accordance with Article 33 §3 of the Brokerage Supervision Act, the person responsible for the risk management function should in principle be a member of senior management or, where applicable, of the management committee. Moreover, the risk management function should be the sole function for which this person is responsible.  However, based on the proportionality principle, the NBB may allow the risk management function to be exercised by a senior member of staff (N-1), provided there is no conflict of interest on the part of this person. Furthermore, Article 33 §3, second subparagraph, provides for a derogation from the principle that a CRO who is a member of senior management should be responsible only for the risk management function. The NBB may authorise a CRO who is a member of senior management to be responsible for the compliance function as well, provided these two functions are performed separately.

4:172 For more information, please see paragraphs 179 to 182 of EBA/GL/2021/14.