Our operational risk management goal is a continuous improvement of the Bank’s and clients’ security as well as reduction in the Bank’s operating costs and improvement of the operating effectiveness.
Having obtained the Supervisory Board’s approval, the Bank Management Board outlined the strategy for managing the operational risk. It implemented a coherent set of internal prescriptive documents. The said documents define the scope, principles and duties of organisational units and employees aimed at limiting the impact and probability of financial and reputational losses in that area. The operational risk management strategy of our Bank takes account of legal and regulatory requirements and uses ING Group good practices.
Furthermore, in liaison with the Supervisory Board, the Bank Management Board adopted the Risk Appetite Statement, wherein they specified the maximum acceptable limits of losses, capital limits and the risk that the Bank would be willing to undertake when achieving planned business goals in full compliance with the law and regulations. Limit utilisation is monitored and presented periodically to the Management Board, Risk Committee and Supervisory Board.
The operational risk management system applies to all spheres of our and group operations, cooperation with clients, vendors and partners. It forms a consistent, permanent practice. It covers the following elements:
- risk identification and assessment,
- risk mitigation and issue tracking,
- control, and
- quality assurance and monitoring.
Our Bank manages operational risk using the following general principles:
- we maintain a complete, consistent and transparent structure of operational risk management and clearly stated scope of duties and responsibilities,
- we identify the nature of internal and external environments – including limitations and vulnerabilities – we draw conclusions from internal and external events to determine the root cause of an event and identify potential irregularities in the control environment or determine unidentified risk exposures,
- we identify root causes, types and levels of risk we are ready to accept; we set standards of control activities and mitigating measures,
- we operate effective and consistent risk identification and control for all products, activities, processes and systems functioning at the Bank,
- we monitor and report the amount of required capital, risk profile and risk exposure,
- we continuously focus on raising employee and manager awareness; we ensure that employees are properly qualified to perform non-financial risk management activities and equipped with proper tools.
Effectiveness of risk management processes and high quality of used data are the priority.
Key operational risk drivers are:
- employee knowledge and competence,
- working conditions,
- proper segregation of duties and supervision of their fulfilment,
- integrity of business processes and IT and technical systems,
- quality of internal and external documentation,
- information (technology) security level,
- external events associated with changes in the business environment,
- natural disasters, failures and catastrophes, and