PRU 4.3.3

(1) An Authorised Person must ensure that its Governing Body retains responsibility for the Credit Risk management framework and ensure it is appropriate for the nature, scale and complexity of operations, in the context of prevailing market and macro-economic conditions.
(2) An Authorised Person must ensure that its senior management, or an appropriate designated body, regularly reviews and understands the implications as well as the limitations of the risk management information that they receive from the Credit Risk management function, in order to evaluate the suitability and effectiveness of such information in enabling them to provide effective oversight over the Credit Risk management function.
(3) An Authorised Person must ensure that its Governing Body regularly reviews and understands the implications as well as the limitations of Credit Risk management information and reports presented to it, to ensure that the contents and the format of such reports are suitable for effective Governing Body oversight.
(4) An Authorised Person must ensure that its Governing Body is responsible for carrying out regular stress testing on the credit portfolio which is appropriate for the nature, scale and complexity of the Credit Risks assumed by the Authorised Person. An Authorised Person must ensure that its Governing Body annually reviews the stress scenarios and takes action to address any perceived issues arising from those reviews.
(5) An Authorised Person must establish and enforce internal controls and practices so that deviations from policies, procedures, limits and prudential guidelines are promptly reported to the appropriate level of management.