I have been informed by the Central Bank that it reviews the operational risk frameworks and the assessment processes that are in place in all the banks licensed in Ireland to assess and test for the proper functioning of processes and controls. This ongoing supervision and assessment of operational risk includes an assessment of banks' IT systems and policies and a review of the banks' internal audit programmes. Included in the operational risk framework are business continuity planning and contingency arrangements and the banks' own processes for testing those plans. The Central Bank does not test the operation of the contingency arrangements itself nor does it second guess the technical systems and processing arrangements that the banks have established as this would require technical knowledge of these systems and detailed knowledge of their operation. However, the Central Bank requires that the banks' plans are put through a proper governance process and are reviewed and approved by the relevant risk committees of the licensed banks.
The Central Bank in conjunction with the UK Financial Services Authority is undertaking a review of the situation that arose at Ulster Bank. This review will include a focus on lessons learnt, which will then be used by the Central Bank in its ongoing oversight of operational risks faced by all banks licensed in Ireland, including outsourcing risks.