Notes to the financial statements continued50. Risk management continuedMarket risk continuedDerivatives continuedReporting and measurement systemsThe Group designates certain derivatives as either fair value hedges (where the Group hedges the changes in fair value ofrecognised assets or liabilities or firm commitments) or cash flow hedges (where the Group hedges the exposure to variabilityof cash flows attributable to recognised assets or liabilities or highly probable <strong>for</strong>ecast transactions). With the exception ofdesignated hedging derivatives, as defined by IAS 39, derivatives are treated as held <strong>for</strong> trading. The held <strong>for</strong> tradingclassification comprises the Group's legacy trading book, economic hedges which do not meet the strict qualifying criteria <strong>for</strong>hedge accounting and derivatives managed in conjunction with financial instruments designated at fair value.The Group has been instructed to wind down its operations in an orderly manner over a period of up to ten years. Theoverriding objective internally is to make the Financial Markets team's operation and portfolio(s) smaller and more simple;thereby minimising operational risk.Further details in respect of derivatives are disclosed in note 21. The Group's accounting policy <strong>for</strong> derivatives is set out innote 1.Operational riskDefinitionOperational risk is the risk of loss arising from inadequate controls and procedures, unauthorised activities, outsourcing, humanerror, systems failure and business continuity. Operational risk also includes legal risk, which is the risk of loss due to litigationarising from errors, omissions and acts by the <strong>Bank</strong> in the conduct of business. Operational risk is inherent in every business unitthroughout the Group and covers a wide spectrum of issues.ObjectiveThe Group Compliance and Operational Risk unit aims to provide the framework and tools to identify, assess, monitor and<strong>report</strong> on operational risks within each of the business units and support functions of the Group to minimise losses and reduceerrors in line with the Group's Risk Appetite Statement.PoliciesThe Group's management of its exposure to operational risk is governed by a policy approved by the Risk and ComplianceCommittee. The policy specifies that the Group operates such measures of risk identification, assessment, monitoring andmanagement as are necessary to ensure that operational risk management is consistent with the strategic goals of the Group. Itis designed to safeguard the Group's assets while allowing sufficient operational freedom to conduct the Group's business. Thepolicy document also sets out the responsibilities of senior management, the requirement <strong>for</strong> <strong>report</strong>ing of operational riskincidents and the role of Group Internal Audit in providing independent assurance.Strategies and processesThe business units and support functions assess their operational risk profile on a quarterly basis. The output of theseassessments is consolidated and presented to the Risk and Compliance Committee. The process serves to ensure that keyoperational risks are proactively identified, evaluated, monitored and <strong>report</strong>ed, and that appropriate action is taken. Inaddition, the Risk and Compliance Committee receives monthly in<strong>for</strong>mation on significant operational risk incidents.Reporting and measurementThe <strong>Bank</strong> uses the Standardised Approach as defined by the Capital Requirements Directive <strong>for</strong> the calculation of its capitalrequirements <strong>for</strong> operational risk. This approach requires the activities of the <strong>Bank</strong> to be assigned to one or more of the eightgeneric categories identified under the Directive, with a beta factor being applied to the three-year average gross income ineach business line. Only four business lines are applicable to the Group (Commercial <strong>Bank</strong>ing, Trading and Sales, AssetManagement and Retail <strong>Bank</strong>ing).Risk mitigationThe operational risk management process consists of the setting of strategic objectives, the identification of risks and theimplementation of action plans to mitigate the risks identified. Recognising that operational risk cannot be entirely eliminated,the Group implements risk mitigation controls including fraud prevention, contingency planning, in<strong>for</strong>mation security andincident management. Where appropriate this strategy is further supported by risk transfer mechanisms such as insurance.130
<strong>Irish</strong> <strong>Bank</strong> <strong>Resolution</strong> <strong>Corporation</strong> LimitedAnnual Report & Accounts <strong>2011</strong>Reputational riskReputational risk is the risk of an adverse perception of the Group on the part of any stakeholder arising from an event ortransaction of, or related to, the Group. The rebranding of the corporate identity to <strong>IBRC</strong> on 17 October <strong>2011</strong> has rein<strong>for</strong>cedthe distinction between the current and <strong>for</strong>mer leadership teams. The <strong>Bank</strong> carries reputational risk in relation to its currentactivities. These relate to the effectiveness and efficiency with which it is meeting its objectives, including compliance with itslegal and regulatory obligations during a sustained period of restructuring and reorganisation. The <strong>Bank</strong> is vigilant in rebuildingconfidence and trust with all its stakeholders.Directors and employees are made aware of the role they have in rebuilding the <strong>Bank</strong>’s reputation, and of their responsibilitiesand duties from a customer service, regulatory and ethical perspective. In addition, independent control functions includingGroup Compliance, Company Secretarial, Group Finance, Group Risk and Group Internal Audit are resourced with appropriatelyexperienced and qualified teams.Legal riskThe <strong>Bank</strong> has an independent Legal Department <strong>report</strong>ing directly to the Group Chief Executive. The <strong>Bank</strong> is continuing todevelop this department to ensure that best practice in corporate governance and strict legal compliance is rigorously adheredto and <strong>for</strong> the purpose of mitigating legal risk and legal costs at all levels and across all divisions of the <strong>Bank</strong>’s business andoperations in support of an orderly wind-down of the <strong>Bank</strong>’s business and operations and achievement of maximum recoveryin the interests of the <strong>Bank</strong>, the Shareholder, and the taxpayer.In addition to the ongoing legal risk mitigation in assisting on strategic <strong>Bank</strong> initiatives and dealing with legal queries of avaried nature across the <strong>Bank</strong> on a day to day basis, it is sought to increasingly develop the resource capacity of the legalfunction to (i) ensure legal input to internal processes and procedures both at a strategic and practical level on a proactive andconsistent basis; (ii) ensure an awareness and translation of relevant legislation into the <strong>Bank</strong>’s business; and (iii) promoteeducation and training on relevant legal matters in conjunction with both the <strong>Bank</strong>’s internal and external legal advisers.Legal risk arises generally from the potential <strong>for</strong> loss resulting from adverse claims (whether or not resulting in litigation),unen<strong>for</strong>ceable or defective documents resulting in a transaction not having the intended legal effect, deficient corporategovernance and internal procedures, change of law, particularly, the risk of misinterpretation and a lack of awareness ofapplicable legislation, all of which can disrupt or otherwise negatively affect the operations, condition or financial orreputational standing of the Group.The legal risk of adverse claims is currently monitored through a Group-wide litigation register maintained by the LegalDepartment with the oversight of the Risk and Compliance Committee. This facilitates the assessment of potential losses, whichcould arise from adverse claims, and identification of trends and recurrence with a view to preventing same by addressingweaknesses giving rise to such claims. Frequent engagement with the relevant business divisions and external legal advisorsacting on potentially contentious <strong>Bank</strong> matters further assists in earlier awareness at Group level of potential adverse claimsand identification of matters requiring concentrated and specific strategic input and management time and resources.Separately, the Legal Department plays a central role in the management of legal matters relating to certain legacy issues whichpreviously arose in the <strong>Bank</strong> and the co-operative progression of the investigations initiated by relevant authorities in the periodsince December 2008.Conduct riskConduct risk is the risk posed to customers from the <strong>Bank</strong>’s direct interaction with them, and the risk of inadequate internal<strong>report</strong>ing of non-per<strong>for</strong>ming or poorly per<strong>for</strong>ming loans to management committees and boards and external disclosures ofcredit risk exposure and impairment provisions.The scope of the <strong>Bank</strong>’s work in relation to customers is now to ensure adherence to a high standard of customer care duringthe loan resolution phase whilst maintaining strong internal <strong>report</strong>ing and timely accurate external <strong>report</strong>ing of exposures andprovisions. The <strong>Bank</strong> is focussed on ensuring the fair treatment of the customer stakeholder group through adherence toregulatory, legal and good business practice.In relation to the risk of inadequate internal and external <strong>report</strong>ing to other stakeholders, the <strong>Bank</strong>’s focus is on ensuringadherence to robust policies and controls <strong>for</strong> the early detection, <strong>report</strong>ing, monitoring and loss risk assessment of <strong>for</strong>bearanceand customer impairment, strong management of non-per<strong>for</strong>ming loans, and transparent provisioning policies.131