(i) Review the Bank's risk management policy at least annually;
(ii) Amend the risk management policy as appropriate;
(iii) Re-adopt the Bank's risk management policy, including interim amendments, not less often than every three years; and
(iv) Ensure that policies and procedures are in place that are reasonably designed to achieve continuing Bank compliance with the risk management policy.
(b)Risk management policy requirements. In addition to meeting any other requirements set forth in this chapter, each Bank's risk management policy shall:
(1) After the Finance Board has approved a Bank's capital plan, but before the plan takes effect, the Bank shall amend its risk management policy to describe the specific steps the Bank will take to comply with its capital plan and to include specific target ratios of total capital and permanent capital to total assets at which the Bank intends to operate. The target operating capital-to-assets ratios to be specified in the risk management policy shall be in excess of the minimum leverage and risk-based capital ratios and may be expressed as a range of ratios or as a single ratio;
(2) Set forth the Bank's tolerance levels for the market and credit risk components; and
(3) Set forth standards for the Bank's management of each risk component, including but not limited to:
(i) Regarding credit risk arising from all secured and unsecured transactions, standards and criteria for, and timing of, periodic assessment of the creditworthiness of issuers, obligors, or other counterparties including identifying the criteria for selecting dealers, brokers and other securities firms with which the Bank may execute transactions;
(ii) Regarding market risk, standards for the methods and models used to measure and monitor such risk;
(iv) Regarding operations risk, standards for an effective internal control system, including periodic testing and reporting; and
(v) Regarding business risk, strategies for mitigating such risk, including contingency plans where appropriate.
(c)Risk assessment. The senior management of each Bank shall perform, at least annually, a risk assessment that is reasonably designed to identify and evaluate all material risks, including both quantitative and qualitative aspects, that could adversely affect the achievement of the Bank's performance objectives and compliance requirements. The risk assessment shall be in written form and shall be reviewed by the Bank's board of directors promptly upon its completion.