Securities and Exchange Commission (SEC) has directed all Capital Market Operators to implement an Enterprise Risk Management (ERM) framework that conforms to international standards such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the International Organization for Standardization (ISO 31000), Financial Action Task Force (FATF) Recommendations and any other internationally recognized risk management standards.
According to SEC, adoption of comprehensive risk management practices is imperative in minimizing systemic impact and safeguarding the interests of all stakeholders.
Taking into account an entity’s operational structure, business activities, clients’ demography, products and services including delivery mechanism among others, the ERM framework shall be developed to encompass the following:
- Risk governance structure with clear roles and responsibilities, including the formation of a risk management committee.
- Systematic processes for identifying, analyzing, and prioritizing risks that may impact the organization’s objectives.
- Strategies to manage and mitigate identified risks.
- Risk appetite and tolerance statements.
- Monitoring of risk factors and regular reporting to senior management and the board of directors.
- Organizational risk-awareness programmes.
This directive is aimed at strengthening implementation of Risk-Based Supervision (RBS) including Anti-Money Laundering (AML)/Countering the Financing of Terrorism (CFT)/Countering Proliferation Financing (CPF) measures in the capital market. Consequently, all CMOs are required to submit a Board-approved risk management policy (selectable and searchable PDF format) on or before September 30, 2024 via the email rbs@sec.gov.ng to obtain a “No Objection”.
Every CMO is required to submit annual Risk Profile not later than January 31st. In addition, emerging threats and measures put in place to mitigate them must be assessed and reported to the Commission for review whenever any of the following occur:
- Development and introduction of new products and new business practices including new delivery mechanisms and technology.
- Awareness of new vulnerabilities and ML/TF/PF typologies in the market place.
- Significant changes in institutional factors (Beneficial ownership, business strategy etc.)
- Expansion to new geographic areas.
- Changes in Clients’ classification.