Losses per risk type
Inhoudsopgave Voorwoord Bestuursverslag Corporate governance Consolidated Financial Statements Company Financial Statements Pillar 3
Rabobank recognises the following operational risk types in line
with regulatory and industry practice:
Risk type
Fraud
System Failure
(IT Risk)
Clients, Products and
Business Practices
Execution, Delivery and
Process Management
Business Disruption
(Business Continuity)
Damage to Physical Assets
and Injury
Employment Practices and
Workplace Safety
Definition
Risk that an internal or external party obtains an undue personal benefit at
the expense of our organisation (or at the expense of a customer or client
whose property we are responsible for safeguarding).
Risk that infrastructure or systems fail, possibly leading to business
disruption, creating a financial impact. Also the risk of losses arising from
systems intrusion and invasion, online data fraud or deception schemes
for profit, external identity theft through system intrusion and skimming or
electronic eavesdropping.
The risk of not exercising due care in dealings with clients and customers,
conduct and contract breaches by the organisation and its staff, conflicts
of interest, inappropriate products and business practices, as well as
compliance or governance breaches.
The risk of direct and indirect losses incurred when a prearranged
operational task or transaction is executed improperly. Includes
transactional errors, non-transactional errors and errors relating to client
or customer service delivery and includes errors or mistakes arising from
reference data issues.
The risk of impact to the organisation which disrupt its ability to continue
to deliver Rabobank products and services at acceptable predefined levels.
The risk of losses attributable to natural disaster, wilful injury or accident/
negligence, entailing significant property damage, contamination or
physical injury.
The risk of losses arising from acts inconsistent with laws or agreements
governing employment, employee health or safety, or from diversity or
discrimination events involving internal employees.
Management actions
Rabobank has implemented measures on all levels in the
organisation to mitigate this risk, including scanning of
electronic banking and Know-your-customer (KYC) policies.
Maintaining a well-functioning and secure IT environment is
crucial to the performance of Rabobank. To this end there is
a specific IT risk management team within OpRisk.
Various measures have been implemented to deal with this
area, including a Product Approval Process.
As this category is a part of the day-to-day operations of
Rabobank, primary responsibility lies with the entities units,
as they are the first line of defence.
Although Business Continuity Management (BCM) is
not recognised as a specific Operational risk, OpRisk
has close links with BCM. Within Rabobank, a specific
BCM organisation liaises with the entities for effective
management of risks.
This category is primary managed by Business Continuity,
Security and amongst others by assessing specific risks and
controls in the Rabobank Scenario Programme and Risk
Assessments.
This category is managed by the first line of defence
supported by second line functions such as HR, Compliance,
Legal and Operational Risk Management.
All types of Operational Risk are mapped from Basel II event
types to specific oversight functions (departments) within
Rabobank, including impact types such as Reputational impact
and Legal impact.
Figure 4 shows the distribution of losses within Rabobank
in terms of the percentage of total net loss (blue) and the
number of losses (orange). The graph shows that the main
areas of risk remain comparable in 2015 and 2016, a pattern
which continues from previous years. However, in the main
areas the overall share of CPBP in the total comes forward more
dominantly. This is mainly due to the SME derivatives event
registered in 2016.
Figure 4: Distribution of operational risk losses.
80
70
60
50
40
30
20
10
0
Business disruption
and systems failure
Clients, products and
business practices
Damage to
physical assets
Employment practices Execution delivery and
and workplace safety process management
50
40
30
20
10
0
2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016
349 8. Operational risk