917.3—Risk management.
(a) Risk management policy—
(1) Adoption.
Beginning August 29, 2000, each Bank's board of directors shall have in effect at all times a risk management policy that addresses the Bank's exposure to credit risk, market risk, liquidity risk, business risk and operations risk and that conforms to the requirements of paragraph (b) of this section and to all applicable Finance Board regulations and policies.
(iii)
Re-adopt the Bank's risk management policy, including interim amendments, not less often than every three years; and
(iv)
Ensure that policies and procedures are in place that are reasonably designed to achieve continuing Bank compliance with the risk management policy.
(b) Risk management policy requirements.
In addition to meeting any other requirements set forth in this chapter, each Bank's risk management policy shall:
(1)
After the Finance Board has approved a Bank's capital plan, but before the plan takes effect, the Bank shall amend its risk management policy to describe the specific steps the Bank will take to comply with its capital plan and to include specific target ratios of total capital and permanent capital to total assets at which the Bank intends to operate. The target operating capital-to-assets ratios to be specified in the risk management policy shall be in excess of the minimum leverage and risk-based capital ratios and may be expressed as a range of ratios or as a single ratio;
(3)
Set forth standards for the Bank's management of each risk component, including but not limited to:
(i)
Regarding credit risk arising from all secured and unsecured transactions, standards and criteria for, and timing of, periodic assessment of the creditworthiness of issuers, obligors, or other counterparties including identifying the criteria for selecting dealers, brokers and other securities firms with which the Bank may execute transactions;
(ii)
Regarding market risk, standards for the methods and models used to measure and monitor such risk;
(B)
The methodology to be used for determining the Bank's operational and contingency liquidity needs;
(iv)
Regarding operations risk, standards for an effective internal control system, including periodic testing and reporting; and
(v)
Regarding business risk, strategies for mitigating such risk, including contingency plans where appropriate.
(c) Risk assessment.
The senior management of each Bank shall perform, at least annually, a risk assessment that is reasonably designed to identify and evaluate all material risks, including both quantitative and qualitative aspects, that could adversely affect the achievement of the Bank's performance objectives and compliance requirements. The risk assessment shall be in written form and shall be reviewed by the Bank's board of directors promptly upon its completion.