PRU 6.3.1

An Authorised Person must:

(a) ensure that it identifies and assesses the Operational Risks inherent in all the Authorised Person's products, activities, processes and systems;
(b) ensure the inherent risks in (a) are understood by relevant Employees of the Authorised Person;
(c) systematically track Operational Risk events and any financial impact associated with such events; and
(d) ensure that the tracking in (c) is consistent with the Operational Risk event types described in the Basel III framework.