Regulasi PILAR Basel ; PILAR 2 Dan PILAR 3
Pilar II : Proses pengawasan
Pilar yang kedua berfokus kepada aspek kegiatan pengawasan yang dilakukan sebuah badan dewan pengawas nasional yang bertanggung jawab terhadap penilaian dari kualitas sistem manajemen risiko perbankan. Tugasnya antara lain
- Melakukan monitoring terhadap kepatuhan terhadap persyaratan minimum, termasuk pengungkapannya
- Memberikan proses pengembangan dan teknik dalam manajemen risiko
- Meneragamkan kualitas penilaian risiko internal dan pencapaian kecukupan permodalan
- Mencegah dan mendeteksi ketika terjadi penurunan permodalan
Empat kunci utama dari sebuah bentuk pengawasan kepada perbankan yaitu :
- Bank wajib menilai keseluruhan kebutuhan permodalannya
- Supervisor menilai dan mengevaluasi penilaian permodalan
- Bank harus menjalankan aturan minimum rasio permodalan
- Pengawasan awal dari supervisor
Pilar III : Disiplin Pasar
Tujuan dari pilar III ini adalah untuk memastikan bahwa disiplin terhadap pasar menjadi pendukung terhadap pilar-pilar lainnya. Pengungkapan risiko data akan memberikan umpan balik mengenai informasi yang akan didapatkan di dalam institusi. Untuk hal itu, sudah menjadi kewajiban bagi semua bank untuk mengungkapkan kebijakan dan aturan yang di setujui oleh direksi.
Banks should have a formal disclosure policy approved by the board of directors. As part
of this policy the bank’s strategy and objectives with a view to disclosure of information
about the financial situation and profitability should be specified. In addition, banks
should implement a process for assessing the appropriateness of their disclosures.
Persyaratan mengenai pengungkapan ini meliputi 4 hal utama antara lain :
- Ruang lingkup
- Struktur modal
- Risiko potensial yang dapat terjadi
- Kecukupan modal
Prisnsip-Prisnsip BASEL dan Hubungannya dengan IT :
| No | Prinsip-prinsip BASEL | Hubungannya dengan IT |
| 1 | The board of directors should be aware of the importance of operational risk. There is a need for an operational risk management framework. | IT is a critical component of operational risk (systems, processes failure, etc.) and, therefore, must be managed as an operational risk type. |
| 2. | The operational risk management framework is subject to effective and comprehensive internal audit. | The internal IT audit function should be adequately skilled and staffed in line with the IT risk profile, including adequate funding and the use of external specialist resources, where appropriate. |
| 3. | Develope policies, processes and procedures for managing operational risk. | IT should use GRC frameworks (e.g., COSO) to integrate IT-specific risk within the overall corporate risk management process. Information security, business continuity, disaster recover and other relevant policies, procedures and standards should provide a basis for addressing operational risk. |
| 4. | Identify and assess operational risk. | IT should conduct technology-specific risk assessments to identify the potential operational impact of technology-related threats and vulnerabilities. Risk assessment results should be integrated with other risk assessments and incorporated into the GRC framework |
| 5. | Regularly monitor operational risk profiles and material exposure to losses. | IT should identify acceptable limits of risk and develop metrics to measure performance against these profiles. |
| 6. | Have policies, processes and procedures to control and/or mitigate material operational risks. | The IT risks within operational risk should be subject to an IT risk policy and subsidiary procedures. The policy should in be in line with overall GRC policies and procedures. |
| 7. | Have contingency and business continuity plans. | IT should have IT continuity plans and management procedures that link to corporate business continuity and incident response management. |
| 8. | Have framework in place to identify, assess, monitor and control/mitigate material operational risks. | IT should identify relevant parts of the corporate GRC framework, including COSO, and develop an IT-specific risk management framework. |
| 9. | Conduct regular independent evaluation of a bank’s policies, procedures and practices related to operational risk. | IT should document the IT risk profile for the supervisory review process. The external IT audit function should perform reviews of IT-related operational risk management in line with the IT risk profile |
| 10. | Provide sufficient public disclosure | IT should identify all relevant risks that constitute a material operational risk in the sense of disclosure as defined by senior management (Annex 13 of the “Basel Sound Practices” paper), escalate where necessary to appropriate stakeholders and take corrective action. |
Inti dari prinsip-prinsip di atas terdiri dari :
- Perhatian terhadap Risiko Operasi
- Internal audit requirement
- Kebijakan manajemen, Proses dan Prosedur-prosedurnya
- Risk Assesment
- Risk and Loss Monitoring
- Kebijakan, proses dan prosedur pengawasan
- Kontiunitas Manajemen
- Kerangka Penilaian Risiko
- Penilaian Independen
- Pengungkapan
Fitur Pengendalian Intern pada Basel II
Konsep Internal Control:
- Pengamanan aset:
- Penerapan credit risks
- Penerapan operational risks
Memfasilitasi kegiatan lebih efisien:
- penggunaan managerial benefits
2. Kepatuhan terhadap kebijakan manajemen:
a. minimum regulatory capital requirements
- supervisory oversight of the minimum requirements and other capital issues
Sumber : http://elrafa.wordpress.com/2010/03/05/basel-ii/
Komentar