Management report
Corporate governance
Consolidated financial statements
Financial statements
Per business unit, business line and event type
Incident frequency
distributions
Stand-alone Annual
loss distributions
Internal loss data
Diversified Annual loss
distribution Group
RCand EC Group
RCandECBUs
Scenario data
External loss
Internal loss
Incident severity
distributions
Perbusiness line and event type
Per business unit
Incident frequency distributions
Poisson distribution
Average frequencies determined using weighting method
Stand-alone Annual loss distributions
Combination of frequency distribution and severity
distribution using Monte Carlo
Incident severity distributions
Body: Empirical distribution
Diversified Annual loss distribution Group
Aggregation of stand-alone Annual loss distributions
Tail: Parameterised distribution using copula approach
Figure 3: Capital model.
Rabobank recognises the following operational risk types:
Risk type
Definition
Management actions
Fraud
Risk that an internal or external party obtains an undue personal benefit
at the expense of our organ isation (or at the expense of a customer or
client whose property we are responsible for safeguarding).
Rabobank has implemented measures on all levels in the organisation to
mitigate this risk, including scanning of electronic banking and Know-
your-customer (KYC) policies.
IT
Risk that infrastructure or systems fail, possibly leading to business
disruption, creating a financial impact. Also the risk of losses arising from
systems intrusion and invasion, online data fraud or deception schemes
for profit, external identity theft through system intrusion and skimming
or electronic eavesdropping.
Maintaining a well-functioning and secure IT environment is crucial
to the performance of Rabobank. To this end there is a specific IT risk
managementteam within NFR.
Clients, Products
and Business
Practices
The risk of not exercising due care in dealings with clients and customers,
conduct and contract breaches by the organisation and its staff, conflicts
of interest, inappropriate products and business practices, as well as
compliance or governance breaches.
Various measures have been implemented to deal with this area,
including a Product Approval Process.
Execution,
Delivery
and Process
Management
The risk of direct and indirect losses incurred when a prearranged
operational task or transaction is executed improperly. Includes
transactional errors, non-transactional errors and errors relating to client
or customer service delivery and includes errors or mistakes arising from
reference data issues.
As this category is a part of the day-to-day operations of Rabobank,
primary responsibility lies with the entities units, as they are the first line
of defence.
Business
Continuity
The risk of impact to the organisation which disrupt its ability to continue
to deliver Rabobank products and services at acceptable predefined
levels.
Although Business Continuity Management (BCM) is not recognised
as a specific ORM risk, ORM has close links with BCM. Within Rabobank,
a specific BCM organisation liaises with the entities for effective
management of risks.
353 8. Operational risk
