Group-wide responsibility for the operational risk management function is held by Group
Risk Management.This directorate sets the policy and frameworks for all group entities.
The responsibility for managing specific operational risks rests with the senior management
of the individual group entities, because the risks differ considerably from one entity to the
next and need to be managed as close to the source as possible. Group Risk Management
ensures that the frameworks are adhered to operational risk policy and that the risks and the
control mechanisms are transparent throughout Rabobank Group. In addition, Group Risk
Management ensures that risks associated with more than one group entity are managed.
The Operational Risk Capital Model is based on the Loss Distribution Approach, a model
that uses internal and external loss data and scenario analyses, among other things. It also
includes a bonus/penalty system used to steer the group entities within the set frameworks.
Within the group entities, risk management committees have been established to identify,
manage and monitor, among other things, the operational risks, including business continuity
and fraud risks, of the relevant entity. Furthermore, product approval committees have been
established for Rabobank Group and at various levels within the Group. These committees
provide an additional safeguard as these committees regard the quality of new product and
process launches, and changes in existing products and processes.
Currency risk
Currency risk is the risk of changes in income or equity as a result of currency exchange
movements. In currency risk management, a distinction is made between positions in trading
books and positions in banking books. In the trading books, currency risk is part of market risk
and is controlled using Value at Risk and other limits, as are other market risks. In the banking
books, the only risk is translation risk related to non-euro net investments in foreign entities
and hybrid capital instruments that are not denominated in euros.
To monitor and manage the translation risk, Rabobank Group uses a dual-track approach to
protect its capital position. The hedge strategy is to cover the risk associated with non-euro
net investments in foreign entities while protecting the capital ratios against the effects of
exchange rate movements wherever possible.
Financial reporting controls
Rabobank Group constantly seeks to improve its corporate governance and overall internal
controls, with the aims of achieving an open, transparent culture of accountability in respect
of policies and supervision, and of keeping pace with leading international standards.
In this context, Rabobank Group voluntarily implemented internal financial reporting
controls in a manner that is similar to the way in which US-registered companies tend to apply
Sarbanes-Oxley 404. Rabobank Group is under no obligation to do this, since it is not
registered with the US Securities and Exchange Commission (SEC) and is therefore not subject
to related regulations and oversight.
Rabobank Group believes that internal financial reporting controls increase the effectiveness
of such reporting and offer opportunities to identify and rectify any deficiencies at an earlier
stage. This improves the quality of Rabobank Group's financial reporting.
Internal controls
Rabobank Group uses internal controls to provide reasonable assurance that:
- transactions are recorded as necessary to permit the preparation of financial statements
in accordance with International Financial Reporting Standards as adopted by the
European Union, and that receipts and expenditures are recognised only if approved
by the management;
- any unauthorised acquisition, use or disposal of assets that could have a material effect
on the financial statements is prevented or detected.
Rabobank Group's internal control framework is based on the framework developed by the
Committee of Sponsoring Organizations of theTreadway Commission (COSO). As set out in
the report included in the financial statements, the Executive Board has concluded that the
internal risk management and control systems are adequate and effective and provide
reasonable assurance that the financial reporting is free of material misstatement.
67
Risk management
