Operational risk management

 

We define operational risk based on the Basel II definition. Operational risk is the risk of direct or indirect loss resulting from inadequate or failed processes or systems, from human error or external events including legal risk that affect our reputation, operational earnings and/or have an adverse effect on capital value. In addition, we have included reputation and strategic business risk as sub-categories of operational risk. For our organisation, both of these risk categories are driven by operational risk components.

 

The responsibility for monitoring and managing operational risk lies with our Operational Risk Manager and the business unit manager, who are responsible for implementing the enterprise wide operational risk framework. The framework sets out the roles and responsibilities for management supervision, as well as those tools and methods used within the bank for identifying, measuring, reporting, monitoring, and controlling operational risk. Sound Practices for the Management and Supervision of Operational Risk, published by the Basel Committee on Banking Supervision, has been used in the development of the operational risk framework to ensure robust and effective management and supervision. The framework is based on the principle that our Managing Board and Supervisory Board and senior management are actively involved in risk management, and that our risk management system is independent, conceptually sound and implemented with integrity. Finally, we need to ensure that there are sufficient resources available to execute the purpose and strategy of operational risk management and the business units, as well as implement control, compliance, and audit functions.

 

We manage operational risk at both a bank and operating segment level. The Managing Board provides consistency and oversight of significant operational issues, and oversees the adoption of best practice across the bank. At the operating segment level and below, managers are responsible for adherence to the operational risk management policy framework, for oversight of all operational risks specific to the business, and for reporting of all operational events and losses. The Operational Risk Manager, working in conjunction with business unit managers, has developed tools to assist in managing, monitoring, reporting and reducing the effects of operational risk. The tools utilised by managers provides for an integrated view of the risk self assessment, control identification, action planning, and event and loss registration. This integrated view assists in identifying, evaluating, and reducing operational risk and planning mitigation measures. The evaluation process assists in identifying emerging operational risk issues and determining how they should be pro-actively managed.

 

We have sought to incorporate operational risk management into all our business processes. We monitor operational risk on a daily basis and perform self assessments semi-annually. The year-end self assessment forms the basis for our In Control Report section of the annual report. ‘In control’ reporting seeks to ensure that the operational risk management policy framework is integrated into the daily activities of all our employees and that it forms an integral part of our internal control system. The reporting system is focused on control of the identified risks related to the operational execution of the different business activities.