Corporate governance
implementing measures from the regional offices to make
sure that smaller offices are in control.'
A further priority will be to make sure everyone knows who
they should report to. This issue highlights the challenge of
standardising activities and adopting the matrix structure
across so many different branches and operations around the
world. Butthat is precisely whythis kind ofanalysis is so
important. 'If the organisational structure is not clear, or there
is ambiguity about people's roles and responsibilities, you
create the potential for errors and unnecessary risk,' says Teule.
'We have to define logical structures for all our existing and
new businesses and make sure everyone understands and acts
upon them.'
Broadly speaking, corporate governance for Rabobank
International involves creating an organisational structure in
which there is a balance between commercial interests and
risk control. There are four main categories of risk; credit,
market, operational - subdivided into separate categories
such as fraud and human errors - and reputation risk, which is
the potential for damage to the Rabobank reputation or
brand. 'It is important for us to know we are very much in
control, in order to protect our financial strength and
reputation as a Triple A bank,' says Teule.
Based on the findings, the team will determine a follow-up
plan. Although it is too early to talk of any concrete improvement
actions, Teule hints that one of the changes may well bethe
information communicated to the Managing Board. 'For
example, communicating information on operational risks or
structural weaknesses in a particular office needs to be set up,
possibly on a monthly basis, in addition to the usual financial
and commercial data that is currently passed on.' The "In Control" requirements will be prescribed by Control
indirectly driven by two other developments; 'In Control' and provide clear evidence of this, and that the financial reporting
'Operational Risk Management', which Rl will combine in one process will be closely monitored and thoroughly audited.'
project as far as possible. The objective of the Operational Risk
Management part of the project is howto comply with BIS2
requirements by the end of 2006. The 'In Control' part is mainly From now on, a review of the organisational frameworkand
driven by Sarbanes Oxley. 'WhileSarbanes Oxley isa lawfor business processes will take place every year, as part of the 'In
companies listed in the US, and therefore does not apply to us, Control' and Operational Risk Management activities. Starting in
that doesn't mean we can ignore it,' says Teule. 'It has more or 2006, this review will take place on a more detailed level than the
less become a market Standard for large banks and corporates, current high-level initiative. 'What we plan to do is discuss the key
and we want to voluntarily comply with elements we consider risks with each of the businesses, and whether the associated key
most appropriate and which our customers appreciate. The controls are in place,' says Teule. 'We need to make sure that
most important one is that the Rabobank Group's CEO and potential risks are covered by appropriate measures.' Weaknesses
CFO sign an "In Control" statement, mainly regarding the or missing controls will be reported to senior management and
financial aspects of our company.' will have to be addressed within a few months.
This high-level assessment of corporate governance is
Rabobank Group, hopefully before the end of this year,' Teule
continues. 'However, we all know that we must be in control of
all key risks in our business anyway. I expect that we will have to
The Word 11