Regulation
DNB SIRA — Systematic Integrity Risk Analysis
DNB requires all regulated institutions to conduct a Systematic Integrity Risk Analysis. It is the foundation of your integrity risk management framework — and a direct supervisory focus area.
What is the SIRA?
The Systematic Integrity Risk Analysis (SIRA) is DNB's framework for institutions to identify, assess and manage integrity risks. DNB expects every institution it supervises to have a current, comprehensive SIRA — documented, board-approved and operationalised in day-to-day risk management.
The SIRA is not a one-time exercise. DNB expects it to be a living document, updated when material changes occur and reviewed at minimum annually. It is frequently a starting point for DNB examinations.
Who is affected?
| Institution type | SIRA obligation |
|---|---|
| Banks | Mandatory — full SIRA with board approval |
| Insurers | Mandatory |
| Pension funds | Mandatory |
| Payment institutions | Mandatory |
| Investment firms | Mandatory (AFM for conduct; DNB for prudential) |
Key requirements
Integrity risk identification
The SIRA must cover all integrity risks relevant to the institution: money laundering, terrorist financing, corruption, fraud, market abuse, sanctions violations and reputational risks. The scope must reflect the institution's business model, client base, products and geographies.
Risk assessment
Each identified risk must be assessed for inherent risk (likelihood × impact before controls) and residual risk (after control effectiveness). DNB expects a structured, documented methodology — not a spreadsheet exercise.
Control framework linkage
The SIRA must connect to your control framework. Controls must be mapped to risks, and their effectiveness must be tested and documented. Gaps between inherent and residual risk must be explained and mitigated.
Board governance
The SIRA must be presented to and approved by the board or supervisory board. Management accountability for integrity risks must be clear and documented.
How Arcens helps
NFR management: We design and facilitate SIRA processes from risk identification through to board-ready documentation. We build the methodology, facilitate workshops and produce the final SIRA document.
Remediation: If DNB has challenged the quality or completeness of your SIRA, we rebuild it from the ground up — with a methodology that withstands supervisory scrutiny.
Quick facts
Full name: Systematische Integriteitsrisicoanalyse
Supervisor: DNB
Review cycle: Annual minimum
Board approval: Required
Ask our advisor about the SIRA
Get clarity on DNB's SIRA expectations, methodology requirements or how to structure your integrity risk taxonomy.