(1) Subject to subsection (2), an authorized institution shall disclose a description of the main types of risk which arise from its business.
(2) Without prejudice to the generality of subsection (1), an authorized institution shall ensure that the description it discloses pursuant to that subsection¡X
(a) includes its credit, market, operational, liquidity, interest rate and foreign exchange risks (referred to in this subsection as "principal risks");
(b) covers the policies, procedures and controls it uses for identifying, measuring, monitoring and controlling the principal risks and for managing the capital required to support its exposures to the principal risks; and
(c) includes a description of¡X
(i) the titles or positions of the members of the board of directors or the senior management who¡X (L.N. 268 of 2006)
(A) oversee risk management;
(B) set the strategy and policy for each type of principal risk; and
(C) set the means for ensuring that the strategy and policy referred to in sub-subparagraph (B) is implemented;
(ii) the methods it uses to identify and measure the various types of principal risk;
(iii) the particulars relating to the approval of transactions (including the delegation of credit authority) and the approval process for new products and activities;
(iv) the methods it uses to monitor and control the principal risks;
(v) the use of limits for controlling the principal risks;
(vi) the particulars of operational controls; and
(vii) the role of internal audit.