(1) An Authorised Person must implement and maintain a policy which enables it to identify, assess, control and monitor its Non-Trading Book interest rate risk.
(2) The policy must be documented and include an appropriate interest rate risk strategy as well as an enterprise-wide interest rate risk management framework appropriate to the nature, scale and complexity of its Non- Trading Book activities. The strategy and management framework must:
(a) enable the Governing Body and senior management of the Authorised Person to have an enterprise-wide view of interest rate risk as it applies to non-trading activities;
(b) include a system for identifying and assessing Non-Trading Book interest rate risk and its sources;
(c) include a process for the measurement and monitoring of Non- Trading Book interest rate risk, using robust and consistent methods which enable the Authorised Person to implement the requirements set out in Rules 7.2.1 to 7.2.6; and
(d) include a system for controlling and managing Non-Trading Book interest rate risk which enables it to comply with the overall risk management standards expected of an Authorised Person and ensure continued compliance with these Rules.
(3) An Authorised Person must identify the Non-Trading Book interest rate risk impact of any new product, activity or service that it proposes to start and ensure that such impacts are duly addressed with adequate controls before the new product or activity is undertaken or introduced.
(4) An Authorised Person must:
(a) ensure that its risk management systems enable it to implement the Non-Trading Book interest rate risk policy;
(b) identify, assess, mitigate, control and monitor the risk; and
(c) review and update the policy at intervals that are appropriate to the nature, scale and complexity of its activities.