TlB Annual Report 2009 - Triodos Bank
TlB Annual Report 2009 - Triodos Bank
TlB Annual Report 2009 - Triodos Bank
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Risk Management and Compliance<br />
<strong>Triodos</strong> <strong>Bank</strong> uses and maintains a framework<br />
of systems, procedures, limits,<br />
reports and checks to manage the risks it<br />
faces. The structure and organisation of its<br />
business processes comply with the applicable<br />
legislation and regulations for financial<br />
institutions and <strong>Triodos</strong> <strong>Bank</strong>’s sustainability<br />
aims. The three lines of defence model is the<br />
basis for managing the risks within the Group.<br />
The business units and departments are responsible<br />
for managing their own risks (first line of<br />
defence). Group Risk Management and local<br />
risk officers (second line of defence) support and<br />
advise the business units and departments in<br />
embedding these processes in the organisation.<br />
Finally, Group Audit (third line of defence)<br />
periodically assess the design and effectiveness<br />
of internal processes and controls.<br />
Risk management is monitored on a day-to-day<br />
basis by Group Risk Management. The head of<br />
this department reports directly to the Executive<br />
Board of <strong>Triodos</strong> <strong>Bank</strong>. The Group Risk<br />
Management department’s primary task is to<br />
support the business in identifying, assessing,<br />
mitigating and monitoring their risks. It also<br />
analyses risks, prepares policies and guidelines<br />
and coordinates the management of the operational,<br />
credit, market and liquidity risks facing<br />
<strong>Triodos</strong> <strong>Bank</strong>. Other major responsibilities are<br />
to make sure that all business units and departments<br />
embed a coherent risk framework, and to<br />
guarantee that professional knowledge in a<br />
number of relevant fields is properly managed.<br />
To support this role, the organisation is continuously<br />
building an enterprise risk management<br />
framework. This framework is developed by<br />
Group Risk Management under the responsibility<br />
of the cfo. In line with this framework risk<br />
co-ordinators at each of the <strong>Bank</strong>’s business<br />
units are appointed to align the overall enterprise<br />
risk framework into the business.<br />
Group risk management policies are approved<br />
by <strong>Triodos</strong> <strong>Bank</strong>’s Executive Board on the<br />
advice of the responsible risk manager and<br />
consultation of the International Management<br />
Counsel (imc). The Executive Board has assigned<br />
an advisory responsibility for balance sheet<br />
management and related risks to the Assets and<br />
Liabilities Committee that operates under the<br />
responsibility of the cfo.<br />
<strong>Triodos</strong> <strong>Bank</strong> has performed an impact analysis<br />
of the Dutch <strong>Bank</strong>ing Code of the Dutch<br />
<strong>Bank</strong>ers’ Association (nvb). Recommendations<br />
of the Code are all being considered for implementation<br />
in 2010. One of the initiatives relates<br />
to the extending of the Audit Committee to an<br />
Audit & Risk Committee as a subcommittee of<br />
the Supervisory Board.<br />
OPERATIONAL RISK<br />
In the course of its normal business, <strong>Triodos</strong><br />
<strong>Bank</strong> runs operational risks. These risks relate<br />
to losses the <strong>Bank</strong> could incur as a result of<br />
inadequate or failing internal processes, systems,<br />
human behaviour or external events. <strong>Triodos</strong><br />
<strong>Bank</strong> tries to limit these risks as much as possible<br />
by making sure there are clear policies,<br />
reports and procedures in place for all business<br />
processes. Numerous control measures are<br />
embedded in it-systems and recorded in monitoring<br />
procedures and work instructions.<br />
Training, level of experience and involvement<br />
of the co-workers all support this, because<br />
people are key in the success of a risk management<br />
process. Nevertheless, the size of the<br />
organisation involves a limited dependency on<br />
certain key individuals. The Operational Risk<br />
Framework has been updated based on the<br />
Enterprise Risk Framework. While the framework<br />
has been written, the policies that come<br />
from it will be ready by the end of 2010. The<br />
operational risk framework uses several tools<br />
and technologies to identify, measure, mitigate<br />
and monitor risks on an operational, tactical<br />
and strategic level.<br />
<strong>Triodos</strong> <strong>Bank</strong> started the first phase of the<br />
implementation of a product approval process<br />
to assess new projects, products and (any<br />
outsourcing of) processes, which systematically<br />
maps out risks. This process takes into account<br />
our duty of care to clients, and <strong>Triodos</strong> <strong>Bank</strong>’s<br />
substantial objective, such as screening for<br />
environmental criteria.<br />
A special part of Operational Risk Management<br />
is it Security and Business Continuity. Activities<br />
to manage risks related to these subjects are<br />
executed under the responsibility of the coo.<br />
In <strong>2009</strong>, live tests have been performed on<br />
Business Continuity in addition to the annual<br />
TRIODOS BANK - ANNUAL REPORT <strong>2009</strong> 53