Three Lines of Defense
About this
Report
Chairman's
Foreword
Management Report Appendices
Corporate
Governance
Consolidated Financial
Statements
Company Financial
Statements
(Operational) losses and incidents are however closely monitored
and analyzed in order to reduce the risk of reoccurrence in the
future. In this regard we also take into account that in an
environment of innovation and change, it is important to ensure
clear risk ownership and a correct balance between strategic
changes and risk mitigation. Additionally, a number of risks in
areas where applicable regulations are unclear, subject to
multiple interpretations or under development, are in conflict
with each other, or when regulators revise their guidance or when
courts set new legal standards.
Risk Governance
Both the Risk Management Charter and the Compliance Charter
define Rabobank's governance and decision framework for both
Financial and Operational Risks. The Charters are in place to
support efficient and effective risk management at all levels of the
Rabobank Group.
To ensure effectiveness of risk management across the group,
Rabobank works with the Three Lines of Defense' (3LoD) model.
First-line functions own and manage risk within the bank, the
second line functions (Risk Management and Compliance)
oversee and advise on risk. An independent third-line function
(Audit) provides assurance on the effectiveness of the first and
second lines of defense. In this way the 3LoD model provides
cleardivision of activities and responsibilities in risk management
across the organization. The 3LoD model is represented in the
following figure.
line of defense
Business owns and
manages risks
Managing Supervisory Board Audit committee Risk committee
line of defense
Functions that oversee
and challenge risk
Risk Management
line of defense
Functions that provides
independent assurance
The risk management framework covers regular banking risk
types, such as credit risks, market risks, interest rate risks in the
banking book, liquidity risks, compliance risks and operational
risks (including tax risks and legal risks). Risk classification allows
for clear definitions and promotes a common understanding of
risk management throughout the organization. In addition to the
main risk types, the risk management framework also uses a more
granular classification for risks such as FX-translation risk and
model risk.The riskappetite is determined per risktypeto manage
risk profile alignment with the Strategic Framework 2016-2020.
Generally, the risk teams are firmly at the table in the key
management teams of the group. They foster better
understanding ofand cooperation on riskand business, and they
encourage additional informed decision-making. In 2018, we
have strengthened the process by establishing 'In Control'
meetings at various levels of the organization. We have expanded
our policy for new products and material changes (e.g.
organizations, strategic refocus) with a new Business Approval
and Review Committee. Moreover, we have enhanced the
process around client integrity and financial crime issues such as
CDD, AML and Sanctions with a committee now reporting
directly to the Managing Board.
Risk Management Strategy
Rabobank's mission 'Growing a better world together' underlines
ourcooperative roots and emphasizes ourdedication to enabling
our customers to achieve their ambitions. Rabobank's strategy
defines priorities, objectives and targets including a capital
strategy. Rabobank's Risk Strategy supports management in
executing the business strategy. Rabobank's RiskStrategyfocuses
on the following goals:
Support the business through the delivery of excellent and
appropriate customer focus. We accomplish this by
conducting our business nearby our customers, by meeting
high standards, and by keeping process and system errors to
Annual Report 2018 - Management Report
60