Losses per risk type
Contents Foreword Management report Corporate governance Consolidated Financial Statements Company Financial Statements Pillar 3
Rabobank recognises the following operational risk types in line
with regulatory and industry practice:
Risk type
Definition
Management actions
Fraud
Risk that an internal or external party obtains an undue personal benefit at
the expense of our organisation (or at the expense of a customer or client
whose property we are responsible for safeguarding).
Rabobank has implemented measures on all levels in the
organisation to mitigate this risk, including scanning of
electronic banking and Know-your-customer (KYC) policies.
System Failure
(IT Risk)
Risk that infrastructure or systems fail, possibly leading to business
disruption, creating a financial impact. Also the risk of losses arising from
systems intrusion and invasion, online data fraud or deception schemes
for profit, external identity theft through system intrusion and skimming or
electronic eavesdropping.
Maintaining a well-functioning and secure IT environment is
crucial to the performance of Rabobank. To this end there is
a specific IT risk management team within OpRisk.
Clients, Products and
Business Practices
The risk of not exercising due care in dealings with clients and customers,
conduct and contract breaches by the organisation and its staff, conflicts
of interest, inappropriate products and business practices, as well as
compliance or governance breaches.
Various measures have been implemented to deal with this
area, including a Product Approval Process.
Execution, Delivery and
Process Management
The risk of direct and indirect losses incurred when a prearranged
operational task or transaction is executed improperly. Includes
transactional errors, non-transactional errors and errors relating to client
or customer service delivery and includes errors or mistakes arising from
reference data issues.
As this category is a part of the day-to-day operations of
Rabobank, primary responsibility lies with the entities units,
as they are the first line of defence.
Business Disruption
(Business Continuity)
The risk of impact to the organisation which disrupt its ability to continue
to deliver Rabobank products and services at acceptable predefined levels.
Although Business Continuity Management (BCM) is
not recognised as a specific Operational risk, OpRisk
has close links with BCM. Within Rabobank, a specific
BCM organisation liaises with the entities for effective
management of risks.
Damage to Physical Assets
and Injury
The risk of losses attributable to natural disaster, wilful injury or accident/
negligence, entailing significant property damage, contamination or
physical injury.
This category is primary managed by Business Continuity,
Security and amongst others by assessing specific risks and
controls in the Rabobank Scenario Programme and Risk
Assessments.
Employment Practices and
Workplace Safety
The risk of losses arising from acts inconsistent with laws or agreements
governing employment, employee health or safety, or from diversity or
discrimination events involving internal employees.
This category is managed by the first line of defence
supported by second line functions such as HR, Compliance,
Legal and Operational Risk Management.
All types of Operational Risk are mapped from Basel II event
types to specific oversight functions (departments) within
Rabobank, including impact types such as Reputational impact
and Legal impact.
Figure 4 shows the distribution of losses within Rabobank
in terms of the percentage of total net loss (blue) and the
number of losses (orange). The graph shows that the main
areas of risk remain comparable in 2015 and 2016, a pattern
which continues from previous years. However, in the main
areas the overall share of CPBP in the total comes forward more
dominantly. This is mainly due to the SME derivatives event
registered in 2016.
Figure 4: Distribution of operational risk losses.
Business disruption
and systems failure
Clients, products and
business practices
Damage to
physical assets
Employment practices Execution delivery and
and workplace safety process management
60
50
40
30
20
10
0
2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016 2015 2016
345 8. Operational risk