Annual Report & Accounts 2009 - Anglo Irish Bank
Annual Report & Accounts 2009 - Anglo Irish Bank
Annual Report & Accounts 2009 - Anglo Irish Bank
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Operational risk<br />
Operational risk is the risk of loss arising from inadequate controls and procedures, unauthorised activities, outsourcing, human<br />
error, systems failure and business continuity. In the case of legal risk, this includes the risk of loss due to litigation arising from<br />
errors, omissions and acts by the <strong>Bank</strong> in the conduct of business. Operational risk is inherent in every business organisation<br />
and covers a wide spectrum of issues.<br />
The Group's management of its exposure to operational risk is governed by a policy prepared by Group Risk Management and<br />
approved by the Risk and Compliance Committee. The policy specifies that the Group operates such measures of risk<br />
identification, assessment, monitoring and management as are necessary to ensure that operational risk management is<br />
consistent with the strategic goals of the Group. It is designed to safeguard the Group's assets while allowing sufficient<br />
operational freedom to conduct the Group's business. The policy document also sets out the responsibilities of senior<br />
management, the requirement for reporting of operational risk incidents and the role of Group Internal Audit in providing<br />
independent assurance.<br />
The operational risk management process consists of the setting of strategic objectives, the identification of risks and the<br />
implementation of action plans to mitigate the risks identified. Recognising that operational risk cannot be entirely eliminated,<br />
the Group implements risk mitigation controls including fraud prevention, contingency planning, information security and<br />
incident management. Where appropriate this strategy is further supported by risk transfer mechanisms such as insurance.<br />
The business units and support functions assess their operational risk profile on a semi-annual basis. The output of these<br />
assessments are consolidated by Group Risk Management and presented to the Risk and Compliance Committee. The process<br />
serves to ensure that key operational risks are proactively identified, evaluated, monitored and reported, and that appropriate<br />
action is taken. In addition, the Risk and Compliance Committee receives monthly information on significant operational risk<br />
incidents.<br />
Reputational risk<br />
Reputational risk is the risk of an adverse perception of the Group on the part of any stakeholder arising from an event or<br />
transaction of, or related to, the Group.<br />
Directors and employees are made aware of the role they have in maintaining the <strong>Bank</strong>’s reputation, and of their<br />
responsibilities and duties from a customer service, regulatory and ethical perspective. Independent control functions including<br />
Group Compliance, Company Secretarial, Group Finance, Group Risk Management and Group Internal Audit are responsible for<br />
ensuring compliance with relevant internal and external requirements, and are resourced with appropriately experienced and<br />
qualified teams. New products are reviewed by Group Compliance to ensure that they are clear, transparent and comply with<br />
both duties of care to customers and regulatory requirements. Comprehensive and timely procedures are in place to deal with<br />
customer complaints.<br />
Compliance and regulatory risk<br />
An independent Group Compliance function ('Group Compliance') is responsible for the overall management of compliance<br />
and regulatory risk for the Group. The CRO is currently seeking suitably qualified candidates to fulfil the role of Head of Group<br />
Compliance who will report to the CRO with oversight by the Risk and Compliance Committee.<br />
Management and Group Compliance are responsible for the Group's compliance with all relevant regulations and good<br />
practice guidelines in each of the jurisdictions in which the Group operates. This includes ensuring that all of the Group’s<br />
personnel are aware of, and take steps to comply with, Group policies and procedures. Non-compliance can give rise to<br />
reputational loss, legal or regulatory sanctions or material financial loss.<br />
<strong>Anglo</strong> <strong>Irish</strong> <strong>Bank</strong><br />
<strong>Annual</strong> <strong>Report</strong> & <strong>Accounts</strong> <strong>2009</strong><br />
Group Compliance is charged with defining and identifying regulatory and compliance risks and developing a programme for<br />
the Group that includes the implementation and review of specific policies and procedures, and the monitoring and education<br />
of Group staff on regulatory and compliance matters. This programme is risk-based and the Head of Group Compliance is<br />
responsible for ensuring appropriate coverage and co-ordination with other Group functions. The function liaises with all<br />
relevant external supervisory bodies.<br />
The Group is subject to substantial regulation in all of the jurisdictions in which it operates. In addition to prudential regulatory<br />
guidelines on capital, liquidity, risk concentrations, deposit protection and consumer protection, banks are also subject to<br />
specific legislation regarding, but not limited to, money laundering, insider dealing and market regulation. Group Compliance<br />
co-ordinates the Group's regulatory and legal responsibilities and works closely with Group Finance, Group Risk Management,<br />
Group Company Secretarial and Group Internal Audit.<br />
129