The definition of operational risk, according to the guidelines, is the peril of financial and legal damage caused by wrongful internal processes, people, and systems or from external incidents. The Central Bank acknowledges these guidelines manifest in different forms based on the conditions and characteristics of financial institutions. However, these guidelines are expected to followed by all licensed financial institution by the Central Bank of The Bahamas, except nominee trust companies or restricted trust companies manage one client or clients who are members of the same family.
The guidelines categorize risk management into three lines of defense: business line, independent corporate oprational risk, and an independent review. Business line management identifies the possible risks that could rise internally. Independent corporate operational risk function mainly challenges the first line of defense, and measure the risk and report systematically. Independent Review is analogous to internal audit. At this level, broad range of framework, which has implemented should be reported and evaluated by an outsourced company.
In the executive tier of the companies will have roles to supervise risk management. The executive tier includes the board of directors, senior management. The licensed financial institutions are also mandated to closely monitor the environment or risk management of their own. Utilizing information technology is strongly encouraged along with public disclosure for transparency.