1. The GEN rules require an Authorised Person or Recognised Body to establish and maintain systems and controls, including but not limited to financial and risk systems and controls that ensure that its affairs are managed effectively and responsibly by its senior management.
2. In complying with the GEN rules, an Authorised Person should establish and maintain a strong control environment that uses policies, processes and systems, appropriate internal controls and appropriate risk mitigation and/or transfer strategies.
3. In establishing systems and controls to address Operational Risk an Authorised Person should consider the following:
a. clear segregation of duties and dual control;
b. clearly established authorities and/or processes for approval;
c. close monitoring of adherence to assigned risk limits or thresholds;
d. safeguards for access to, and use of, the Authorised Person's assets and records;
e. appropriate staffing level and training to maintain expertise;
f. ongoing processes to identify business lines or products where returns appear to be out of line with reasonable expectations; and
g. regular verification and reconciliation of transactions and accounts.