Notes to the financial statements continued50. Risk management continuedRisk oversight and corporate governance continuedThe <strong>Bank</strong>’s approach is further influenced by the principles of the Financial Reporting Council, including their guidelines <strong>for</strong>good corporate governance, publications which focus on risk identification and <strong>report</strong>ing, and also by the standards andguidelines set out by the European <strong>Bank</strong>ing Authority.The Central <strong>Bank</strong> of Ireland introduced a Corporate Governance Code <strong>for</strong> Credit Institutions and Insurance Undertakings whichapplied from 1 January <strong>2011</strong>. This governance code, amongst other matters, sets out the requirements <strong>for</strong> <strong>Irish</strong> creditinstitutions to prepare documented risk appetite statements and establish risk committees with responsibility <strong>for</strong> oversight andadvice to the Board on current risk exposures of the entity and future risk strategy.A description of the <strong>Bank</strong>'s corporate governance structure is set out in the Corporate governance statement on pages25 to 29.The <strong>Bank</strong>’s approach to corporate governance and risk management is to ensure that there is independent checking of keydecisions by management. The <strong>Bank</strong> has an established risk oversight framework to deliver on this approach. The key elementsof this framework are detailed below.Board of DirectorsAuditCommitteeGroup ChiefExecutiveRisk and ComplianceCommitteeGroup ChiefRisk OfficerGroupALCOCreditCommitteesGroup RiskGroup Compliance andOperational RiskRisk and Compliance CommitteeThe Risk and Compliance Committee's role is to oversee risk management and compliance within the Group. It reviews, onbehalf of the Board, the key risks and compliance issues inherent in the business and the system of internal control necessary tomanage them and presents its findings to the Board. This involves oversight of management's responsibility to assess andmanage the Group's risk profile and key risk exposures covering credit, liquidity and funding, market, operational, andcompliance and regulatory risks.The key responsibilities of the Committee include:▪ Review and oversight of the risk and compliance profile of the Group within the context of the Board determined riskappetite;▪ Making recommendations to the Board concerning the Group’s risk appetite and particular risk or compliance managementpractices of concern to the Committee;▪ Review and oversight of management’s plans <strong>for</strong> mitigation of the material risks faced by the various business units of theGroup; and▪ Oversight of the implementation and review of risk management and internal compliance and control systems throughoutthe Group.The <strong>Bank</strong>'s current risk appetite statement was approved by the Board on 30 November <strong>2011</strong>. The Committee also monitorsprogress of the <strong>Bank</strong>'s internal NAMA unit which has management responsibility in respect of NAMA asset transfers and loanmanagement <strong>for</strong> such assets, subject to the over-riding authority of NAMA itself.The Board delegates its monitoring and control responsibilities to the Credit Committees <strong>for</strong> credit risk (including banking andcounterparty credit risk) and to the Group Asset and Liability Committee ('ALCO') <strong>for</strong> market risk, and liquidity and funding risk.These Committees comprise of senior management from throughout the Group. Separate Credit Committees exist to managecredit risk in the commercial and residential mortgage portfolios of the <strong>Bank</strong>, and are supported by a dedicated Group Riskfunction which is headed by the CRO. All key areas of the Group contribute to and are represented on the ALCO, which issupported by Group Balance Sheet Management ('GBSM').104
<strong>Irish</strong> <strong>Bank</strong> <strong>Resolution</strong> <strong>Corporation</strong> LimitedAnnual Report & Accounts <strong>2011</strong>The CRO <strong>report</strong>s directly to the Group Chief Executive, and also has independent access to the Risk and ComplianceCommittee.GBSM is responsible <strong>for</strong> the management of balance sheet risks, with particular emphasis on the <strong>Bank</strong>'s current and projectedliquidity, interest rate and <strong>for</strong>eign exchange risks. Balance sheet risk exposures and related issues, together with mitigationstrategies, are <strong>report</strong>ed to the ALCO and the Risk and Compliance Committees. GBSM is also responsible <strong>for</strong> ensuring theexecution of approved strategies through the Financial Markets team.Audit CommitteeThe Audit Committee’s role in the Risk Management Framework includes ensuring Group compliance with regulatory,prudential and financial <strong>report</strong>ing responsibilities. It also <strong>report</strong>s to the Board on the effectiveness of both financial and nonfinancialcontrol processes operating throughout the Group. The Committee is supported by Group Finance and Group InternalAudit, which are central control functions independent of the business units. Group Internal Audit provides independent,objective assurance as to whether the Group’s Risk Management and Control Framework is appropriate and functioningeffectively.Group RiskGroup Risk is responsible <strong>for</strong> developing and embedding risk policy, measurement and frameworks to ensure that risk isidentified, managed and controlled across the <strong>Bank</strong>. The management of risk is a fundamental activity per<strong>for</strong>med throughoutthe <strong>Bank</strong>, and the adequacy and effectiveness of risk management processes are important elements in achieving a successfulwork-out of the <strong>Bank</strong>’s business activities. These processes remain subject to continuous review and enhancement.Management of risk is the responsibility of staff at all levels. However, primary responsibility <strong>for</strong> managing risk and <strong>for</strong> ensuringadequate controls are in place lies with the Group Risk function. The Group Risk function is responsible <strong>for</strong>:▪ Supporting senior management and the Board in setting the Group’s risk appetite and policies;▪ Supporting management in business decision making through independent and objective challenge to business unitmanagement of risk and exposures in line with agreed risk appetites;▪ Developing and communicating risk management policies, procedures, appetites and accountabilities; and▪ Analysing, monitoring and <strong>report</strong>ing risk management in<strong>for</strong>mation across all risk types and geographies topresent an aggregated view of the Group’s risk appetite to the senior management team and the Risk and ComplianceCommittee.During the year the Group Risk function initiated general improvements as part of an ongoing process review. Teams werereorganised, resulting in a more robust control environment. Some examples include:▪ Formation of a Credit Underwriting Group through the merger of credit risk teams;▪ Formation of a Risk Operating Group through centralisation of a number of teams in order to support management withthe policies and processes required to execute the strategy of the <strong>Bank</strong>;▪ Centralisation of model development into a single area of expertise; and▪ Formation of a Quality Assurance function (initiated in 2010) which provides an objective and independent assessment ofthe quality of loan portfolios and the effectiveness of the credit risk management processes.Risk appetite and strategyRisk appetite can be defined as the total exposure to risk the <strong>Bank</strong> is willing to accept in pursuit of its strategic objectives. Thisis outlined in detail in the <strong>Bank</strong>'s Risk Appetite Statement. The <strong>Bank</strong> has adopted a highly risk-averse attitude to new risktaking, consistent with its obligations to the authorities to discharge the Restructuring Plan approved on 29 June <strong>2011</strong> in amanner that minimises the cost to the <strong>Irish</strong> State arising from the <strong>Bank</strong>’s activities. The overall current risk exposure is in linewith the <strong>Bank</strong>’s risk bearing appetite, as measured by its capacity to absorb further loss, and assuming that there is nosignificant deterioration in core UK and Ireland markets. Nonetheless, reduction in risk exposure will remain a prioritythroughout the resolution process of the <strong>Bank</strong>.Scenarios and stress testingThe Group uses stress testing as an important instrument in the measurement, monitoring, management and mitigation of itsindividual risks as these arise.However, arising from the ongoing financial crisis and in light of significant new guidance from regulatory bodies, the <strong>Bank</strong>revised its Group-wide Stress Testing Framework in 2010. This revised framework addresses all regulatory requirements andtakes cognisance of regulatory guidance and best practice where identified.The Group-wide Stress Testing Framework addresses the risks to which the <strong>Bank</strong> is exposed arising from its day-to-dayoperations and general business activities across the Group. There<strong>for</strong>e, it applies to all of the <strong>Bank</strong>'s business operations acrossall geographies and captures both on-balance sheet and off-balance sheet exposures and trading and hedging positions of the<strong>Bank</strong>.105