Financial and capital market Commission, the provisions of regulations No 129 Riga 7 June 2013 (financial and capital market Commission Council meeting Protocol No 22 p 8.)
Information on operational risk event joining the case preparation and submission rules, regulations Issued under the law of credit institutions article 50.8 sixth and eighth article 50.9 i. General questions 1. "information on operational risk event joining the case preparation and submission to the legislative provisions" (hereinafter-the rules) are binding on the Republic of Latvia to the credit institutions established in the individual or the Group's or sub-group's consolidation level, where they are consolidated under the supervision of the financial and capital market Commission's regulatory rules 30.11.2007 No. 166 "regulations of consolidated supervision" (next the text also – a credit institution). 2. the rules provide information on operational risk event joining cases and the procedure for submission of preparation of individual or group's or sub-group's consolidation level. Credit institution systematically collects data on operational risk event joining cases and other related information, at least to the extent to ensure that requirements are met.
3. a credit institution in accordance with the information requirements of this Regulation shall draw up and submit for: 3.1. each reporting quarter registered operational risk event that occurs due to or not incurred losses or income, but according to credit institutions estimate the worst scenario in the case of accession would have the maximum potential loss that is equal to or greater than 5 000 euro equivalent. The purpose of these provisions for the operational risk events are regarded as they review the quarter registered and the same type of operational risk subcategory classified operational risk events that have the same cause and that the emergence of a separate accession due to the maximum possible losses of less than 5 000 euro equivalent, but that total is equal to or greater than 5 000 euro equivalent; 3.2. each one of the previous quarterly registered operational risk event that matches this rule, the requirements of paragraph 3.1 and 3.2.1 who loss exists: the risk in the future, i.e. show planned (expected) losses. Credit information about such event shall prepare and submit a report each quarter and the review quarter (inclusive), which no longer exists the risk of injury in the future, that is planned (expected) loss is zero; 3.2.2. for the reporting quarter of which change in accordance with the requirements of these provisions and prepared the information submitted. 4. This provision of the information referred to in paragraph 3 of the report prepared on a quarterly basis: 4.1. a credit institution that is not subject to consolidated supervision by the financial and capital market Commission – individually; 4.2. the credit institution is subject to consolidated supervision by the financial and capital market Commission, the consolidation group or subgroup level. 5. Information in accordance with the requirements of these regulations shall be prepared using the currency of the Republic of Latvia and the presentation of all numeric values in whole numbers and gross. If any one of the numeric values are in foreign currency, it converts the foreign currency according to the official rate of the Republic of Latvia monetary units accounting for recognition of the event day.
II. Information preparation procedure 6. Credit institution for each operational risk event occurs that matches the event this provision the requirements of paragraph 3, prepare the following information: event ID 6.1 internal sign; 6.2. event type; 6.3. event type subcategory; 6.4. in the event the date of accession; 6.5. determination of the date of the event; 6.6. the date of registration of the event; 4.2. Description of the event; 4.2. scope; 6.9. the actual losses; 6.10. actual income; 6.11. the planned (expected) losses; 6.12. the maximum possible losses; 6.13. received insurance compensation; 6.14. other remuneration received. 7. the preparation of the information use this in chapter III information (classifiers), choosing from them for each operational risk event according to the symptoms. Each operational risk event of each classifier selects one attribute. If the operational risk event has an impact on more than one area of activity, it is classified in the field, where it has the greatest impact. 8. Credit information in accordance with this rule 17, 18, 19 and 20 of the requirements shall be subject to the following requirements: 8.1 if operational risk event for which you have not incurred losses or income, you can estimate the maximum potential losses only, but can not be estimated planned (expected) losses, the estimated maximum potential losses in the relevant review quarter presented as planned (expected); 8.2. If an operational risk event for which you have incurred losses or income, you can estimate the maximum potential losses, but can not be estimated planned (expected) losses, the planned (expected) losses as the difference between the maximum possible damage and loss or income resulting from operational risk event occurs.
III. Information (classifiers) 9. identification of internal Events feature displays the attribute applied to the credit institution, in accordance with which it identifies its operational risk event database. 10. Type of event presentation of operational risk event kind of condition in accordance with the following classification: internal fraudulent transactions – the events related to that type of operation, the purpose of which is fraud, embezzlement of property or the laws or the policies and procedures of the credit institution and in which circumvention involved in at least one of those working in the credit institution (for example, a deliberate false information in reports, employee theft, carried out confidential information, as well as the position of the service personal gain) 1 external fraudulent transactions-events related to that type of operation, the purpose of which is fraud, embezzlement of property or circumvention by a third party (such as robbery, counterfeiting, unauthorized external access to information resources, and malignant t.sk. hacking software attacks carried out via) 2 inadequate employment practices and workplace safety – an event arising from legislation or agreements that govern the labour relations, the protection of health or safety, inappropriate activities , or events that are related to personal injury or discrimination cases (such as staff health and safety procedures, non-compliance with the provisions of the termination, or organized strikes, psychological terror (mobbing/my boss)) 3 incorrect attitude towards customers, products and business practices – the events arising from professional negligence with regard to the performance of specific customers or product type or nature (such as trust abuse, confidential customer information misuse not according to the trading activities of credit institutions, money laundering, illegal sales of tangible assets) 4-damage events that arise from the loss of tangible assets, or the damage of natural disasters or other events (for example, terrorism, vandalism, earthquakes, fires, floods) 5 business disruption and system errors (faults) — events that occur in commercial breakthrough and system error (fault) error (for example, technical support and software errors telecommunications problems, electricity blackouts) 6 failures of execution, delivery and process control, the events that occur in the transaction processing or process management and relations with business partners or vendors (e.g., data entry errors, the mortgage management errors, incomplete documentation, legal outsourcing contract default) 7 other operational risk events – events that are not classified as any of the rules referred to in paragraph 8 11 10. Event type subcategory Displays operational risk event type subcategory attribute according to the following classification :

Internal transactions are fraudulent unauthorised activity with the intent to benefit or damage the property of others 11 internal fraud or theft, fraudulent transactions 12 external external fraud or theft of 21 security system (for example, an unauthorized external access to information resources, and malignant t.sk. hacking through the software attacks, carried out attacks on ATMs) 22 non-employment practices and workplace safety working relationship safe working environment 31 32 33 discrimination incorrect attitude towards customers without the appropriate products and commercial practice suitability/conformity, disclosure of information and the use of fiduciary transactions (such as abuse of confidential information, aggressive sales) 41 commercial or non-market practices in 42 product or service deficiencies 43 inadequate customer research 44 45 consultative activities tangible assets damage from natural disasters and other events 51 commercial breakthrough and system errors (faults) system failures, 61 in the delivery and management of business start up execution and management, (for example, missed deadlines, counting, calculation or communication errors, the limit overrun without the intention to benefit) 71 Monitoring and reporting (for example, failure of a reporting requirement or erroneously prepared messages) 72 customer information and documentation (e.g., incomplete documentation, or the lack thereof) 73 74 customer account management for trading with financial instruments, business partners and suppliers of products, services 75 (e.g. outsourcing, outsourcing surveillance and management) 76 other operational risk events events that is not classified as any of the rules referred to in paragraph 11 81 12. Event date of accession presented operational risk event onset date or operational risk event that lasts more than one day, joining the starting date in the following format: yyyy. URdd.mm. 13. date of capture of the Event presented operational risk event identification date in the following format: yyyy. URdd.mm. 14. date of registration of the event presented operational risk event registration date in the following format: yyyy. URdd.mm. 15. Event Description displays the description of the operational risk event. Operational risk event description maximum length is 4,000 characters, and it is prohibited to use the symbols such as, for example, "", "", & > "]] >". 16. scope 16.1. operational risk event presented the scope attribute in accordance with the following classification: Company finances (for example, the financial instrument for the redemption to the initial deployment or during initial deployment will not accommodate the redemption of derivatives instruments, financial instruments with redemption services, advice on investments in financial instruments, recommendations to commercial companies for capital structure, financing, strategy and related matters, as well as advice and service relating to mergers and acquisitions of companies , investment research, financial analysis, investment recommendations, and other general recommendations relating to transactions in financial instruments) (1) and Trade (such as trading on their own behalf, money market transactions, the order of transactions in one or more financial instruments and release, execution of orders on behalf of clients placing of financial instruments, if the authority does not guarantee their redemption, the multilateral trading system management) 2 mediation services for individuals or small and medium companies (for example , the order of transactions in one or more financial instruments and release, execution of orders on behalf of clients placing of financial instruments, if the authority does not guarantee their redemption card (such as a credit card or debit card) and room service, URt.sk., if the contract is for the card issuance and servicing is concluded with a corporate client) 3 corporate customer service (for example, deposits and other repayable funds solicitation, credit, financial leasing, non-trading portfolio securities held , guarantees (guarantees) and other off-balance-sheet commitments, such as the issuance of the credit liabilities (commitment)) 4 individuals or small and medium service companies (such as deposits and other repayable funds solicitation, credit, financial leasing, guarantees (guarantees) and other off-balance-sheet commitments, such as the issuance of the credit liabilities (commitment)) 5 payments and billing (such as money transfers, means of payment and release of room service, the card (such as a credit card or debit card) clearing the provision to third parties) 6 agent services (for example financial instruments, storage and management of the client order, t.sk. storage of securities and similar services such as cash/collateral management) 7 asset management (for example, individual investment portfolio management, investments made in the open-ended investment funds and those funds, managing pielīdzināmo, other asset management services) 8 other activities (for example, actions that are not classified as any of the rules referred to in paragraph 16.1) 16.2 9. If the operational risk event classification in all areas of activity of the credit institution, to present a more "action" of a credit institution using the attribute "10". 17. Actual losses show losses resulting from operational risk event occurs.
18. Actual income report income resulting from operational risk event occurs. 19. (expected) loss planned to produce operational risk loss event occurs, according to the estimate of the credit institution will arise in the future. 20. The maximum possible losses show that operational risk loss event occurs, according to credit institutions estimate, would have taken the worst case scenario in the event of accession. 21. The receipt of claims exhibit operational risk event occurs due to claims received. 22. other remuneration received the presentation of operational risk event occurs due to receive other forms of compensation.
IV. procedure for the submission of information 23. a credit institution or an individual group or sub-group consolidation level prepare information in accordance with the requirements of this regulation for the reporting quarter electronically to the Extensible Markup Language (XML) file format in accordance with the Commission prepared an XSD (XML Schema Definition) schema, which the Commission shall publish the data reporting system (Web site https://dati.fktk.lv) and sent to the Commission following the reporting quarter, month 30. date. 24. Information on operational risk event joining the case file shall be prepared and transmitted to the Commission according to Commission rules, regulations No 14.10.2008.146 "prepared statements electronically submit the legislative provisions". If the current shipment date falls on a holiday or feast day, information on operational risk event joining the case file shall prepare and transmit to the Commission the following working day. 25. If the Commission finds that the information concerning operational risk events joining the case file prepared in error, it will be notified to the applicant in that file. If the Commission has not indicated otherwise, edit the file to be submitted not later than the fifth working day following the notification of the existence of the error from the Commission. In force is considered to be the last submitted information on operational risk event joining the case file. 26. Advice for information on operational risk event joining the case file preparation and submission to provide the Commission with information technology and regulatory requirements.
V. concluding questions

27. The first time information on operational risk event onset cases file a credit institution or an individual group or sub-group consolidation level prepare for the 2013 3. quarter. 28. Information in accordance with this regulation, the requirements of point 3.2 shall prepare and submit to the operational risk event with registration date 1 July 2013 or later. Records information on operational risk event joining the case file will look like this: ORN58 | 1 | 15.03.2013 | 15.03.2013. | 15.03.2013. | Found the theft of funds from the Treasury $6 000.00. What was the overall funds $15 000.00. The fault was not found. | 5 | 6 000 15 000 | |, which provides information about the following operational risk event occurs: 1. identification of the event feature: internal operational risk event with the attribute ORN58; 2. event type: operational risk event scheduled the event to "internal transactions fraudulent"; 3. type of events subcategory: operational risk event type of the event is classified in the subcategory "internal fraud or theft"; 4. in the event of accession date: operational risk event accession date is 15.03.2013. 5. determination of the date of the event: operational risk event identification date is 15.03.2013. 6. event registration date: operational risk event registration date is 15.03.2013. 7. the description of the event: Found money theft from cash $6 000.00. What was the overall funds $15 000.00. The guilty official was not found; 8. scope: operational risk event classified "Individuals or small and medium-sized companies service"; 9. the actual loss: operational risk event occurs due to incurred losses of $6 000.00; 10. actual income: operational risk event occurs is not incurred income; 11. planned (expected): operational risk loss event occurs because there is no planned (expected) the risk of loss in the future, that is planned (expected) loss is zero; 12. the maximum possible losses: operational risk event occurs due to the worst case scenario in the case of accession would have the maximum possible losses of $15 000; 13. the receipt of claims: claims not received; 14. other remuneration received: other types of remuneration not received (incurred losses have not been recovered because the guilty official was not found). Financial and capital market Commission President k. Zakuli States