Annual REPORT
2015-Annual-Report-Financial-Statements
2015-Annual-Report-Financial-Statements
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NOTES TO THE FINANCIAL STATEMENTS (Continued)<br />
ANNUAL <strong>REPORT</strong> AND FINANCIAL STATEMENTS<br />
FOR THE YEAR ENDED 31 DECEMBER 2015<br />
4 FINANCIAL MANAGEMENT OBJECTIVES AND POLICIES (Continued)<br />
(d)<br />
Other risks (Continued)<br />
ii) Operational risk (Continued)<br />
How we manage operational risk<br />
Our operational risk management framework is designed to ensure key risk exposures are proactively managed<br />
within acceptable levels. It incorporates best practice and meets regulatory guidelines through:<br />
· Governance and Policy: Management as well as Committee reporting and organisational structures emphasise<br />
accountability, ownership and effective oversight of each business unit’s operational risk exposures.<br />
Furthermore, the Board Risk Management Committee and Senior Management’s expectations are set out via<br />
enterprise-wide policies.<br />
· Risk and Control Self-Assessment: Through quarterly comprehensive assessments of our key operational risk<br />
exposures and internal control environments, Senior Management is able to evaluate.<br />
· its effectiveness and implement appropriate additional corrective actions where needed, to offset or reduce<br />
unacceptable risks.<br />
· Operational Risk Event Monitoring: Our policies require that internal and industry-wide operational risk<br />
events are identified, tracked, and reported to the right levels to ensure they are analysed appropriately and<br />
corrective action taken in a timely manner.<br />
· Risk Reporting: Significant operational risk issues together with measures to address them are tracked,<br />
assessed and reported to Senior Management and the Board of Directors to ensure accountability is maintained<br />
over current and emerging risks.<br />
· Insurance: A comprehensive portfolio of insurance and other risk mitigating arrangements are maintained<br />
with the type and level of insurance coverage continually assessed to ensure both risk tolerance and statutory<br />
requirements are met. This includes identifying opportunities for transferring our risks to third parties<br />
where appropriate.<br />
· Technology and Information: The key risks here revolve around our reliance on technology and information<br />
and their impact on operational availability, integrity and security of our information data and systems /<br />
infrastructure. Our risk framework and programs use best practice and include robust threat and vulnerability<br />
assessments, as well as security and change management practices.<br />
· Business Continuity Management: Business Continuity Management supports the ability of Senior Management<br />
to continue to operate their businesses, and provide customer access to products and services in times<br />
of disruptions. This program includes formal crisis management protocols and continuity strategies. All key<br />
functions of the Group are regularly tested to confirm their contingency plan designs are able to respond to a<br />
broad range of potentially disruptive scenarios.<br />
iii) Compliance risk<br />
Compliance risk refers to the potential of loss arising from non-compliance with laws, rules, regulations, obligatory<br />
practices / standards, contractual agreements, or other legal requirements including the effectiveness of preventing<br />
and handling litigation. It is not actively or deliberately pursued in the expectation of a return but occurs<br />
in the normal course of our business operations.<br />
The Group meets high standards of compliance with policy, legal and regulatory requirements in all business<br />
dealings and transactions. As a result of high financial business regulation we are exposed to regulatory and legal<br />
risks in virtually all our activities. Failure to comply with regulation not only poses a risk of censure and litigation<br />
but may lead to serious reputational risks. Financial penalties and costs related to litigation may also substantially<br />
erode the Bank’s earnings.<br />
75