About report

For the second time now, the ING Bank Śląski S.A. Group has compiled the annual report in line with the best global practices of integrated reporting. To help readers use the interactive tools, we prepared a user guide with key features. We encourage you to watch a short animated video before reading the report.

zamknij
PL ENG A wersja-kontrastowa informacja
Brak notatek
Basket is empty
Send to print
Delete

The non-financial risk covers the operational and compliance risk management functions based on the common framework which lays down clear rules and standards of risk identification, assessment, monitoring, mitigation and reporting. Non-financial risk management processes are supervised by the Non-Financial Risk Committee established by the Bank Management Board. The Bank Management Board accepts the joint Non-Financial Risk Appetite Statement which is approved by the Supervisory Board upon recommendation of the Risk Committee. Compliance with the declared risk appetite is monitored using the periodic Non-Financial Risk Dashboard.

The common non-financial risk management framework enables us to identify the main threats and gaps as well as related risks which may trigger undesirable events. We are supported by such processes as risk and control self-assessment, scenario analyses, monitoring of key risk indicators or key control testing. Results of internal and external event analyses are continuously used to improve the adequacy and effectiveness of the internal control system of the Bank.

Operational risk

We understand the operational risk as the risk of direct or indirect loss from inadequate or failed internal processes, people and systems, or from external events. We recognise the legal risk as an element of the operational risk.

The definition of operational risk is broad and covers the following areas:

  • Control risk. It is the risk of loss caused by a failure to apply the controls established within management procedures or project management methods at our Bank.
  • Unauthorised activity risk. It is the risk of loss caused by unauthorised activities of employees or overstepping of authority.
  • Processing risk. It is the risk of loss resulting from human error or omission during data processing caused by occurrence of unexpected or unpredicted problems. It also includes the risk of loss caused by wrong processing or a mismanaged processing operation. Those errors are usually unintentional and occur when documenting or finalising current business transactions.
  • HR and workplace security risk. It is the risk of loss caused by a failure to apply employment practices and rules, labour law, EHS regulations, agreements signed with employees or payments of claims for damages resulting from accidents at work and discrimination events.
  • Staff and physical security risk. It is the risk that pertains to criminal, civilisation or environment threats which may affect security or have an adverse impact on personnel, customers, and Bank resources.
  • IT risk. It is the risk of loss due to the loss of confidentiality, integrity or availability of information resulting from incorrect securing of information or information asset.
  • Business continuity risk. It is the risk of event posing a threat to continuity of the business activity or inability to restore operations after failure. It may be caused by such events as catastrophes, natural disasters, failures and lack of personnel.
  • Internal and external fraud risk. It is the risk of loss caused by an intentional abuse of procedures, systems, funds, products or services in order to obtain personal benefits in an unlawful or fraudulent manner or benefits for other persons.

Our operational risk management goal is a continuous improvement of the Bank’s and clients’ security as well as reduction in the Bank’s operating costs and improvement of the operating effectiveness.

Having obtained the Supervisory Board’s approval, the Bank Management Board outlined the strategy for managing the operational risk. It implemented a coherent set of internal prescriptive documents. The said documents define the scope, principles and duties of organisational units and employees aimed at limiting the impact and probability of financial and reputational losses in that area. The operational risk management strategy of our Bank takes account of legal and regulatory requirements and uses ING Group good practices.

Furthermore, in liaison with the Supervisory Board, the Bank Management Board adopted the Risk Appetite Statement, wherein they specified the maximum acceptable limits of losses, capital limits and the risk that the Bank would be willing to undertake when achieving planned business goals in full compliance with the law and regulations. Limit utilisation is monitored and presented periodically to the Management Board, Risk Committee and Supervisory Board.

The operational risk management system applies to all spheres of our and group operations, cooperation with clients, vendors and partners. It forms a consistent, permanent practice. It covers the following elements:

  • risk identification and assessment,
  • risk mitigation and issue tracking,
  • control, and
  • quality assurance and monitoring.

Our Bank manages operational risk using the following general principles:

  • we maintain a complete, consistent and transparent structure of operational risk management and clearly stated scope of duties and responsibilities,
  • we identify the nature of internal and external environments – including limitations and vulnerabilities – we draw conclusions from internal and external events to determine the root cause of an event and identify potential irregularities in the control environment or determine unidentified risk exposures,
  • we identify root causes, types and levels of risk we are ready to accept; we set standards of control activities and mitigating measures,
  • we operate effective and consistent risk identification and control for all products, activities, processes and systems functioning at the Bank,
  • we monitor and report the amount of required capital, risk profile and risk exposure,
  • we continuously focus on raising employee and manager awareness; we ensure that employees are properly qualified to perform non-financial risk management activities and equipped with proper tools.

Effectiveness of risk management processes and high quality of used data are the priority.

Key operational risk drivers are:

  • employee knowledge and competence,
  • working conditions,
  • proper segregation of duties and supervision of their fulfilment,
  • integrity of business processes and IT and technical systems,
  • quality of internal and external documentation,
  • information (technology) security level,
  • external events associated with changes in the business environment,
  • natural disasters, failures and catastrophes, and
  • outsourcing.

We are continuously improving security systems and solutions used to protect our clients and the Bank itself. In the world facing growing numbers of cyberattacks which are more and more intensified, we create an efficient control environment which is designed to predict, protect against, detect, respond to and limit the consequences of cybercrime, distributed denial of service attacks or advanced persistent threats. We raise client awareness of fraud and abuse risk by conducting extensive communication and education campaigns.

We keep and update existing tools as well as implement new tools to detect any and all instances of fraud and abuse, information leakage prevention included.

We strive after improving our cybercrime prevention ability using the programmes initiated by ING Group. We actively collaborate with other financial institutions, government agencies, law enforcement bodies and internet service providers.

In that way, we managed to prevent major cybercrime incidents in 2017.

In 2017, we continued our efforts to ensure compliance with the new regulatory requirements and enhance the risk management system by introducing new information risk assessment methods. We defined a new internal control framework as well as functioning and monitoring of the controls and control function matrix. We continue to structure and standardise the key controls for individual areas and processes of the Bank.

We started works on using advanced data analysis in operational risk management.

Compliance risk

The mission of the Bank is to ensurecompliance by building the corporate culture which is underpinned by knowledge of and compliance with laws, internal regulations, market standards and ING Values and Behaviours delineated in the Orange Code.

The Bank Supervisory Board has oversight of compliance risk management at the Bank, and the Bank Management Board is responsible for the effective compliance risk management at the Bank, including responsibility for: implementing organisational solutions, regulations and procedures enabling effective compliance risk management and for ensuring adequate resources and funds as may be required to perform tasks in this area.

The compliance Department is the organisational unit dedicated to compliance risk management. Tasks of the complianceDepartment cover: identification, assessment, mitigation, monitoring and reporting of compliancerisk for the following key threats: customer activity, employee activity, provision of financial services and functioning of the organisation.

In 2017, the Bank was intensively working on the implementation of regulatory requirements: the Common Reporting Standard, MIFID II and MIFIR as well as STIR and Split Payment government programmes. To implement the requirements, we introduced internal regulations, adapted business processes and took training initiatives.

With the aim to ensure effective compliance risk management, the compliance Department continued to perform independent controls, develop and monitor performance of training programmes and issue guidance and recommendations within the advice-seeking process concerning changes in products, legislation and marketing materials.

The Bank Supervisory Board has oversight of compliance risk management at the Bank, and the Bank Management Board is responsible for the effective compliance risk management at the Bank, including responsibility for: implementing organisational solutions, regulations and procedures enabling effective compliance risk management and for ensuring adequate resources and funds as may be required to perform tasks in this area.

The compliance Department is the organisational unit dedicated to compliance risk management. Tasks of the complianceDepartment cover: identification, assessment, mitigation, monitoring and reporting of compliancerisk for the following key threats: customer activity, employee activity, provision of financial services and functioning of the organisation.

In 2017, the Bank was intensively working on the implementation of regulatory requirements: the Common Reporting Standard, MIFID II and MIFIR as well as STIR and Split Payment government programmes. To implement the requirements, we introduced internal regulations, adapted business processes and took training initiatives.

With the aim to ensure effective compliance risk management, the compliance Department continued to perform independent controls, develop and monitor performance of training programmes and issue guidance and recommendations within the advice-seeking process concerning changes in products, legislation and marketing materials.

I am a client

I am a staff member

I represent the market and media

ustawienia
zamknij

Change currency to:

Change :

zamknij

Search results: