Losses per risk type Inhoudsopgave Voorwoord Bestuursverslag Corporate governance Consolidated Financial Statements Company Financial Statements Pillar 3 Rabobank recognises the following operational risk types in line with regulatory and industry practice: Risk type Fraud System Failure (IT Risk) Clients, Products and Business Practices Execution, Delivery and Process Management Business Disruption (Business Continuity) Damage to Physical Assets and Injury Employment Practices and Workplace Safety Definition Risk that an internal or external party obtains an undue personal benefit at the expense of our organisation (or at the expense of a customer or client whose property we are responsible for safeguarding). Risk that infrastructure or systems fail, possibly leading to business disruption, creating a financial impact. Also the risk of losses arising from systems intrusion and invasion, online data fraud or deception schemes for profit, external identity theft through system intrusion and skimming or electronic eavesdropping. The risk of not exercising due care in dealings with clients and customers, conduct and contract breaches by the organisation and its staff, conflicts of interest, inappropriate products and business practices, as well as compliance or governance breaches. The risk of direct and indirect losses incurred when a prearranged operational task or transaction is executed improperly. Includes transactional errors, non-transactional errors and errors relating to client or customer service delivery and includes errors or mistakes arising from reference data issues. The risk of impact to the organisation which disrupt its ability to continue to deliver Rabobank products and services at acceptable predefined levels. The risk of losses attributable to natural disaster, wilful injury or accident/ negligence, entailing significant property damage, contamination or physical injury. The risk of losses arising from acts inconsistent with laws or agreements governing employment, employee health or safety, or from diversity or discrimination events involving internal employees. Management actions Rabobank has implemented measures on all levels in the organisation to mitigate this risk, including scanning of electronic banking and Know-your-customer (KYC) policies. Maintaining a well-functioning and secure IT environment is crucial to the performance of Rabobank. To this end there is a specific IT risk management team within OpRisk. Various measures have been implemented to deal with this area, including a Product Approval Process. As this category is a part of the day-to-day operations of Rabobank, primary responsibility lies with the entities units, as they are the first line of defence. Although Business Continuity Management (BCM) is not recognised as a specific Operational risk, OpRisk has close links with BCM. Within Rabobank, a specific BCM organisation liaises with the entities for effective management of risks. This category is primary managed by Business Continuity, Security and amongst others by assessing specific risks and controls in the Rabobank Scenario Programme and Risk Assessments. This category is managed by the first line of defence supported by second line functions such as HR, Compliance, Legal and Operational Risk Management. All types of Operational Risk are mapped from Basel II event types to specific oversight functions (departments) within Rabobank, including impact types such as Reputational impact and Legal impact. Figure 4 shows the distribution of losses within Rabobank in terms of the percentage of total net loss (blue) and the number of losses (orange). The graph shows that the main areas of risk remain comparable in 2015 and 2016, a pattern which continues from previous years. However, in the main areas the overall share of CPBP in the total comes forward more dominantly. This is mainly due to the SME derivatives event registered in 2016. Figure 4: Distribution of operational risk losses. 80 70 60 50 40 30 20 10 0 Business disruption and systems failure Clients, products and business practices Damage to physical assets Employment practices Execution delivery and and workplace safety process management 50 40 30 20 10 0 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 349 8. Operational risk

Rabobank Bronnenarchief

Jaarverslagen Rabobank | 2016 | | pagina 350