Risk management frameworks of credit, market, operational and liquidity risks are narrated in the Sections , , , , and . We describe the risk management approaches for other material risks here, as below:
Strategic risk represents the risk of suffering unexpected operating losses (i.e. negative earnings) during the period covered by the model due to decreases in operating revenues which cannot be compensated by cost reductions. Strategic risk covers only revenue or cost volatility which is not attributable to position taking (market risk), credit losses (credit risk) and operational events (operational risk) since these elements are already covered in the respective risk types explicitly. We aim to mitigate strategic risk within our business units through portfolio diversification designed to reduce dependency on individual or a small set of markets or products, products innovations and close monitoring of the execution of our strategic and capital plan, and ensuring flexibility of the cost base, i.e. through outsourcing.
Our reputational risk is governed by the Reputational Risk Management Program (RRM Program). The RRM Program was established to provide consistent standards for the identification, escalation and resolution of reputational risk issues that arise from transactions with clients or through different business activities. Primary responsibility for the identification, escalation and resolution of reputational risk issues resides with the business divisions. Each employee is under an obligation, within the scope of his/her activities, to analyze and assess any imminent or intended transaction in terms of possible risk factors in order to minimize reputational risks. If a potential reputational risk is identified, it is required to be referred for further consideration at a sufficiently senior level within that respective business division. If issues remain, they should then be escalated for discussion among appropriate senior members of the relevant Business and Control Groups. Reputational risk issues not addressed to satisfactory conclusion through such informal discussions must then be escalated for further review and final determination via the established reputational risk escalation process.
The Group Reputational Risk Committee (“GRRC”) provides review and final determinations on all reputational risk issues and new client adoptions, where escalation of such issues is deemed necessary by senior Business and Regional Management, or required under the Group policies and procedures. Throughout 2014 the GRRC was a sub-committee of the Risk ExCo but it has since been elevated to be a sub-committee of the Management Board, with effectiveness in February 2015.
A new Model risk function was established in 2014, aggregating all core model risk management activities across the bank into one independent function:
- Model validation provides independent validation of the methodological aspects of models. The key objectives of model validation are to verify that models are performing as expected, in line with their design objectives and business uses, and to aim to ensure that models are logically and conceptually sound and assess the appropriateness and accuracy of the implementation methodology;
- Model risk governance supports establishment of a front-to-back model risk management framework which includes defining common standards for model development, usage and validation; identification and remediation of issues and inconsistencies in modeling; and maintenance of a bank-wide model inventory; and
- Key senior management forums to address model risk are the Group Model Risk Management Committee (“GMRMC”) and the Pricing Model Risk Management Committee (“PMRMC”). Both are subcommittees of the CaR and the Risk ExCo, and act on behalf of the Management Board. The PMRMC is responsible for management and oversight of model risk from valuation models (front office models that are used for official pricing and risk management of trading positions). The GMRMC is responsible for management and oversight of model risk from risk and capital models.
Compliance manages this risk through the following:
- Identifying material rules and regulations where non-compliance could lead to endangerment of the Bank’s assets (supported by the bank’s business divisions, infrastructure functions or Regional Management);
- Advising and supporting the Management Board concerning the adherence to material rules and regulations as well as acting to implement effective procedures for compliance with applicable material rules and regulations, and the setup of the corresponding controls;
- Monitoring the coverage of new or changed material rules and regulations by our business divisions, infrastructure functions or Regional Management including potential implementation plans for appropriate controls. Compliance is not explicitly requested to run its own monitoring programs but has the right to carry out monitoring activities;
- Assessing the coverage of all existing material rules and regulations by the bank’s business divisions, infrastructure functions or Regional Management and existence of a corresponding control environment; and
- Reporting to the Management and Supervisory Boards on at least an annual basis and on an ad hoc basis.