The Risk Management and Compliance Department is the second line of defence for the Central Bank of the UAE, responsible for the management and oversight of the financial risks and non-financial risks.
It Identifies, manages, and reports all financial and non-financial risks faced by all CBUAE functions. Its primary purpose is promoting awareness of risk management among CBUAE staff, and establishing a CBUAE risk-aware culture.
Financial risk management aims to identify, mitigate, and manage exposure to various financial risks stemming from the CBUAE’s activities. Financial risks can be classified into three main categories:
Market risk, credit risk, and liquidity risk.
Market risk is the potential for loss of value stemming from adverse changes in market rates or prices. Our exposure to market risk arises principally from the management of the nation’s foreign reserves. We have a market risk framework in place and operate prudently to mitigate market risk, taking into account expected returns, the external environment, and developments in our own balance sheet.
Credit risk is the potential for loss that could arise if a counterparty fails to meet its payments on time. The CBUAE has a credit risk framework in place, which outlines the limit-setting methodology, guidelines for the maintenance and monitoring of the exposure, and operating procedures for ensuring compliance and breach management. Consistent with widely- adopted approaches, we apply minimum standards for acceptable creditworthiness among counterparties and issuers, and use numerical limits to manage credit risk exposures.
Liquidity risk refers to the inability to buy or sell assets of a given size over a given period, without affecting the asset price adversely. Safeguarding the liquidity of foreign reserves is a core objective of the CBUAE. To achieve this, we have a liquidity risk framework that defines the methodology and criteria for measuring liquidity risk, and which stipulates rules for compliance monitoring.
The function has a reporting structure independent of the risk-generating departments.
A key mandate of the function is as follows:
- Design, maintenance and ongoing development of the Operational Risk Framework within the organisation.
- Facilitates and monitors the implementation of effective risk management practices, by assisting risk owners in defining the target risk exposure and reporting adequate risk-related information throughout the organisation.
- Developing and maintaining the operational risk management policies and procedures.
- Assist business areas in conducting risk and control self-assessments (RCSAs).
- Assist business areas in defining appropriate controls.
- Defining and monitoring Key Risk Indicators.
- Agreeing with business areas on risk mitigation plans and monitoring execution.
- Receiving reports on incidents and near-misses and analysing their root cause.
- Reporting to Senior Management, Risk Committee and Board Risk Committee on operational risk.
- Conduct other risk assessment processes (ORAP) as requested.
- Co-ordinate with other RMCD sections to ensure the consistent management of non-financial risks.
An independent second line of defence, which falls under the umbrella of Risk Management Department. The Business Continuity Function develops, implements, and manages the Business Continuity Management System (BCMS) across the CBUAE. The function is responsible for the overall readiness for potential disruptive scenarios that can affect normal functioning of business.
The key activities of the function are as follows:
An independent second line of defence, which falls under the umbrella of the Risk Management Department.
An independent second line of defence, which falls under the umbrella of the Risk Management Department, involved in numerous national cyber-security programmes.
The Information Security function is responsible for developing and maintaining the information security policies of the organisation's information security management system. The function conducts periodic information security and cyber-risk assessments across various departments, to enhance the robustness of internal information security controls.
The function plays a critical role in liaising with other governmental bodies, regulators, international organisations and external parties on information security matters.
Cyber-Security Centre of Excellence
As part of our broader efforts to ensure cyber-security across the UAE, we maintain a sector-wide situational awareness.
Rate this page
Thanks for rating
Last updated on: Wednesday 03 August 2022
Total visitors 4239