A. General aspects, management procedures and measurement methods concerning the operational risk
Operational risk is the risk of losses arising from inadequate or dysfunctional processes, human resources, internal systems or external events. This definition does not include strategic risk and reputational risk, but it does include legal risk (i.e. the risk of losses deriving from failure to comply with laws or regulations, contractual or extra-contractual liability, or other disputes), IT risk, risk of non-compliance, risk of money laundering and terrorist financing, and the risk of financial misrepresentation.
The main sources of operational risk are operational errors, inefficient or inadequate operational processes and controls, internal and external frauds, the outsourcing of business functions, the quality of physical and logical security, inadequate or unavailable hardware or software systems, the growing reliance on automation, staff below strength relative to the size of the business, and inadequate human resources management and training policies.
The Banca IFIS Group has adopted for a while now—consistently with the relevant regulatory provisions and industry best practices—an operational risk management framework. This consists in a set of rules, procedures, resources (human, technological and organisational), and controls aiming to identify, assess, monitor, prevent or mitigate all existing or potential operational risks in the various organisational units, as well as to communicate them to the competent levels. The key processes for properly managing operational risks are the Loss Data Collection and Risk Self Assessment.
During 2016, the Risk Management further consolidated the Loss Data Collection process through constant efforts to disseminate a culture of pro-actively managing operational risks among the various structures, and therefore to raise awareness about the Loss Data Collection process. In addition, in 2016 the Bank defined and launched specific mitigating measures to bolster operational risk controls. These measures were based on the evidence gathered from the Loss Data Collection and Risk Self Assessment processes, which allowed to identify the main operational problems and therefore establish the most appropriate mitigating measures.
As for the Companies of the Banca IFIS Group:
- concerning the Polish subsidiary IFIS Finance, currently the management of operational risks is guaranteed by the strong involvement of the Parent Company, which makes decisions in terms of strategies and risk management;
- concerning the subsidiaries Capital Interbanca, IFIS Factoring, IFIS Leasing, and IFIS Rental Services (deriving from the acquisition of the former GE Capital Interbanca Group in late 2016), the Bank is gradually integrating the operational risk management framework in order to establish a single approach at Group level.
To calculate capital requirements against operational risks, the Group adopted the Basic Indicator Approach.
Section 3 – Risks of other companies
There were no significant risks for the remaining consolidated companies that are not part of the Banking Group other than those disclosed in the section about the Banking Group.