Inhoudsopgave Bestuursverslag Corporate governance Jaarrekening Rabobank Groep Jaarrekening Rabobank Per business unit, business line and event type Internal loss data Incident frequency distributions Stand-alone Annual loss distributions Diversified Annual loss distribution Group Scenario data External loss Internal loss Incident severity distributions RCand EC Group RCandECBUs Perbusiness line and event type Per business unit Incident frequency distributions Poisson distribution Average frequencies determined using weighting method Stand-alone Annual loss distributions Combination of frequency distribution and severity distribution using Monte Carlo Incident severity distributions Diversified Annual loss distribution Group Body: Empirical distribution Aggregation of stand-alone Annual loss distributions Tail: Parameterised distribution using copula approach Figure 3: Capital model. Rabobank recognises the following operational risk types: Risk type Definition Fraud Risk that an internal or external party obtains an undue personal benefit at the expense of our organ isation (or at the expense of a customer or client whose property we are responsible for safeguarding). IT Risk that infrastructure or systems fail, possibly leading to business disruption, creating a financial impact. Also the risk of losses arising from systems intrusion and invasion, online data fraud or deception schemes for profit, external identity theft through system intrusion and skimming or electronic eavesdropping. Clients, Products The risk of not exercising due care in dealings with clients and customers, and Business conduct and contract breaches by the organisation and its staff, conflicts Practices of interest, inappropriate products and business practices, as well as compliance or governance breaches. Management actions Rabobank has implemented measures on all levels in the organisation to mitigate this risk, including scanning of electronic banking and Know- your-customer (KYC) policies. Maintaining a well-functioning and secure IT environment is crucial to the performance of Rabobank. To this end there is a specific IT risk managementteam within NFR. Various measures have been implemented to deal with this area, including a Product Approval Process. Execution, The risk of direct and indirect losses incurred when a prearranged As this category is a part of the day-to-day operations of Rabobank, Delivery operational task or transaction is executed improperly. Includes primary responsibility lies with the entities units, as they are the first line and Process transactional errors, non-transactional errors and errors relating to client of defence. Management or customer service delivery and includes errors or mistakes arising from reference data issues. Business The risk of impact to the organisation which disrupt its ability to continue Although Business Continuity Management (BCM) is not recognised Continuity to deliver Rabobank products and services at acceptable predefined as a specific ORM risk, ORM has close links with BCM. Within Rabobank, levels. a specific BCM organisation liaises with the entities for effective management of risks. 363 8. Operational risk

Rabobank Bronnenarchief

Jaarverslagen Rabobank | 2015 | | pagina 364