8. Operational risk Operational risk (OpRisk) is an integral part of doing business. Operational Risk Management (ORM) within Rabobank is aimed at having a healthy balance between the exposure to these risks and tools to manage these risks.The objective of ORM is to identify, measure, mitigate and monitor operational risk, and promote risk awareness and a healthy risk culture within Rabobank. Risk quantification and awareness helps management set priorities in their actions and allocate people and resources. Within Rabobank, operational risk is defined as the risk of losses resulting from inadequate or failed internal processes, people and systems or from external events, including potential reputational consequences. 8.7 Operational Risk Management framework Inhoudsopgave Voorwoord Bestuursverslag Corporate governance Consolidated Financial Statements Company Financial Statements Pillar 3 Rabobank Group has applied the Advanced Measurement Approach (AMA) to calculate operational risk capital requirements. The current version of Rabobank's capital model has been in use since January 2013. Incremental changes take place continuously to safeguard alignment of the model. The operational risk model of Rabobank includes the following elements: Internal data; External data from consortium; Scenario analyses; and Business environment and internal control factors (BEICFs). The option to reduce capital requirements through insurance mitigation or other risk-transfer instruments is currently not used. The internal loss data is captured from the mandatory reporting on operational losses of 10,000 euro and higher. Incident reporting is signed-off by management and validated by the Operational Risk function of the entity for quality assurance. Internal loss data is used in the capital model for defining frequency distributions and for calculating capital per entity. The external loss data is based on quarterly reports from a data consortium that specialises in operational risk loss data collection. External loss data is reviewed on relevance and suitability for the Rabobank organisation before being added to the capital model. Consortium data is used in the capital model for defining severity distributions. Rabobank has developed a number of loss scenarios which are used to substantiate and benchmark the model based on internal and external historical data. An example is an external fraud related scenario, which estimates the probability and impact for Rabobank of the execution of unauthorised transactions. BEICFs are based on reports available at Group level or from the entities. BEICFs are annually gathered using multiple risk identification methods. The BEICFs are used in the capital model as incentive to adjust the modelled capital. Rabobank uses the following BEICFs: Business Environment and Internal Control factor assessments at Group level; Scenario programme at Group level (as stated above); Risk and control self-assessment at entity level; and Indicators for key risks and controls at entity level. 347 8. Operational risk

Rabobank Bronnenarchief

Jaarverslagen Rabobank | 2016 | | pagina 348