1. The GEN rules require an Authorised Person or Recognised Body to establish and maintain arrangements to provide its Governing Body and senior management with the information necessary to organise and control its activities, to comply with legislation applicable in the ADGM and to manage risks.
2. Rule 6.4.1 is intended to complement GEN and requires Authorised Persons to establish and maintain reporting mechanisms specifically addressing the Operational Risk matters.
3. The frequency of internal reporting of Operational Risks required by Rule 6.4.1(b) should reflect the risks involved and the pace and nature of changes in the Authorised Person's operating environment.
4. The following lists some of the items that an Authorised Person should consider including in its internal reporting of Operational Risks:
a. the results of monitoring activities;
b. assessments of the Operational Risk framework performed by control functions such as internal audit, compliance, risk management and/or external audit;
c. reports generated by (and/or for) supervisory authorities;
d. material breaches of the Authorised Person's risk appetite and tolerance with respect to Operational Risk;
e. details of recent significant internal Operational Risk events and losses, including near misses or events that resulted in a positive return; and
f. relevant external events and any potential impact on the Authorised Person and its Operational Risk framework, including Operational Risk capital.