Contents Foreword Management report Corporate governance Consolidated Financial Statements Company Financial Statements Pillar 3
Key audit matter
Litigation, regulatory and client care
Refer to note 2.21 'Provisions', note 4.10 'Legal and arbitration
proceedings' and note 25 'Provisions'.
Given the continued regulatory focus on the financial services
industry, there is a risk that claims and/or regulatory investigations
emerge that could impact the financial statements.
There is an inherent risk across the Bank that emerging compliance
or litigation areas have not been identified and or addressed by
management for financial statement purposes. This includes the
consideration whether there is a need for the recognition of a
provision or a contingent liability disclosure.
The recognition and measurement of provisions and the disclosure
of contingent liabilities requires considerable management
judgement.
We were informed that the Bank decided to adopt the Uniform
Recovery Framework for SME Interest Rate Derivatives. As at 31
December 2016 the Bank included, in the aggregate, EUR 699
million in the SME provision.
How our audit addressed the matter
Internal controls
We understood, evaluated and tested the operating effectiveness of controls of the Bank to
identify litigation and regulatory exposures within the group. We determined that we could place
reliance on these controls for the purpose of our audit.
Substantive audit procedures
We met with different members of the Executive Board on a regular basis to understand the
emerging and potential exposures that they had identified. We challenged management's view
on these exposures based upon our knowledge and experience of emerging industry trends and
the regulatory environment.
We assessed customer complaints received and the analysis prepared by management of these
complaints. We tested a sample of complaints to ensure this analysis was properly prepared. We
used the analysis to understand whether there were indicators of more systematic exposures
being present for which provisions or disclosures should be made in the financial statements.
We read the Bank's relevant correspondence with the AFM, DNB and ECB. We met on a trilateral
and bilateral basis with the DNB and ECB during the year.
We read the minutes of the Executive Board and the Supervisory Board meetings and attended all
Risk- and Audit committee meeting throughout the year.
We held regular bilateral meetings with the Chairs of the Supervisory Board, Audit committee and
Risk committee.
Audit implications of Rabobank's strategy execution
Refer to note 2 'Accounting policies', note 15 'Property and
equipment' and note 25 'Provisions'.
Rabobank is in the midst of a transformation. Rabobank's strategic
objectives have a direct and indirect impact on its financial
statements.
The direct impact in the financial statements relates to:
Asset and portfolio disposals
Restructuring and related provisions
The accounting of asset and portfolio transactions are complex
from a legal and accounting perspective and require judgements
and estimates. The effects of the restructuring decisions involves
judgement and estimates in the timing and recognition of the
amounts involved.
Reliability and continuity of the information technology
The Bank relies on the continuity and reliability of information
technology (IT) for its operational, regulatory and financial reporting
processes.
The Bank's accounting and reporting processes, including
automated and IT dependent manual controls, are heavily
dependent on the continuity and reliability of information
technology. Deficiencies in IT general controls as such could have a
persuasive impact across the Bank's internal control framework.
Therefore we identified the continuity and reliability of information
technology of the Bank as a key audit matter.
We obtained legal letters from the external lawyers to validate the identified exposures.
The majority of our detailed audit work was on the significant provision for SME interest rate
derivatives. We assessed the reasonableness of assumptions and interpretations of the SME
framework by management in relation to their calculations supporting the recorded provision
and expenses.
Disclosures
Given the inherent uncertainty and the judgemental nature of contingent liabilities and
provisions, we evaluated the disclosures made in the financial statements. In particular we
focused on disclosures regarding SME interest rate derivatives, Libor/Euribor and Bank Secrecy
Act/Anti-Money Laundering) framework For Rabobank, N.A. (RNA).
We challenged management that the disclosures were significantly clear in highlighting the
exposures and significant uncertainties that exist.
Audit procedures
We assessed the following significant asset disposals:
Athlon car lease
RNHB Hypotheekbank
Mortgage portfolios
For these transactions we read the contracts, assessed the Bank's accounting paper and reviewed
the presentation in the financial statements. For mortgage portfolios we assessed in particular
whether the majority of the risk and rewards are transferred to the buyer and as a result the
assets could be derecognized from the balance sheet. Based on these procedures we concur with
management's position.
The restructuring provision at 31 December 2016 amounts to EUR 461 million. We assessed
the reasonableness of assumptions, calculations management provided and validated the
appropriate application of IAS 37 requirements.
On the property in own use we performed sample testing to validate the value at the lower of cost
or market value. Overall we believe the assumptions used are reasonable and that the outcome
falls within the range of reasonable outcomes.
Audit procedures
Our efforts relating to understanding, evaluating and testing the operating effectiveness of IT
General Controls (ITGCs) focused on:
Access to programs and data
- Logical access to applications, operating systems and data;
- Security of the IT infrastructure; and
- Physical access to datacenters.
Change Management
- Centralized change management process;
- Implementation of changes; and
- Security testing of changes.
Computer Operations
- Batch monitoring;
- Continuity management;
- Incident management;
- Problem management; and
- Vulnerability management.
We focused on the ITGCs to the extend relevant for the purpose our audit of the financial
statements. We noticed that these key controls where designed and implemented. Our test
procedures indicated that most of these controls operated effectively. For certain of the controls,
in particular relating to logical access, remedial actions were carried out by the Bank. Based on the
testing of controls and additional testing of the remedial actions we determined that we could
place reliance on these controls for the purpose of our audit.
246 Rabobank Annual Report 2016