P.
83
2018 Pillar 3 Disclosures
Annex
The implementation of the Action Plans arising out
of the control weaknesses observed in previous
assessment processes will be checked, contrasting
the resolution of the control incidents observed,
and the Operational Risk Unit will ascertain that the
improvements performed have been incorporated into
the following assessment process.
The Operational Risk Unit must analyse events that
have given rise to losses and re-assess the processes
affected both positively (reduction in losses) and
negatively (increase in losses), and propose any
improvements deemed necessary to those in charge of
the activities/processes that have produced losses.
In addition, any events that affect the bank’s
reputation shall be reported to the Regulatory
Compliance Department so it can adopt the preventive
measures it deems appropriate.
3.4 Mitigation of operational
risk
The Compliance and Operational Risk Committee will
approve the strategies proposed by the Operational
Risk Unit in order to mitigate those risk levels
deemed unacceptable. These strategies may be of the
following kinds:
•
Improvement actions, which aim to reduce the
potential impact on the bank of the risks assumed.
These actions may consist in the development of new
controls, redesign of processes and development of
contingency and continuity plans.
•
Actions to transfer the risks to other banks, for
example by means of insurance of any risks which the
bank may face over a period of time.
•
Coverage or insurance of the risks, for example
by means of the use of provisions to cover the
impacts of the risks or financial hedging at the point
of impact.
•
Acceptance of the current situation, having deemed
that the risk profile is aligned with the situation
desired by senior management.
The Control/Mitigation Strategies must be agreed with
the supervisors of the areas affected if these processes
entail increased allocations of human or technical
resources or significant restructuring of the processes.
4. Compliance risk
The Regulatory Compliance Department has devised a
comprehensive compliance risk management system
comprising three levels:
•
Risk maps,
identifying obligations for which
compliance is controlled with an incorporated
methodology to assess risks on the basis of objective
criteria (possible penalty applied by the supervisory
authority, and probability of reputation impact as a
result of publication of the penalty).
•
Control map, setting out the controls to cover the
risks identified on the risk map.
•
Design of a reporting system
by means of
which the results obtained from the controls are
reported to the Compliance and Operational Risk
Committee, in order for appropriate corrective
measures to be adopted. The annual reports on
compliance activities are also presented to the
Audit Committee.
5. Risk in equity
instruments not included
in the trading book
The bank maintains positions in equity instruments
not included in its trading book. These positions are
investments in entities that are held, generally, for
strategic purposes.
Monitoring of these positions is integrated into ordinary
risk management circuits.
Section 6 of this document includes information
on these instruments and the capital requirements
deriving from them.
6. Interest-rate risk in the
banking book
The structural interest-rate risk in the balance sheet
may be defined as the exposure of the financial and
economic situation and, thus, movements in interest
rates as a result of the differing time frames of
maturities and repricing of the overall balance sheet
entries. This risk comprises a substantial part of the
banking business, and could have a major impact on
the financial margin and economic value of capital.
A|A.I