The CEB defines operational risk as the risk of potential loss resulting from inadequate or failed internal processes, people and systems or from external events and includes legal risk. It also takes into account reputational risks linked to its activities.
The Operational Risk Division (Directorate for Risk & Control) coordinates, in close cooperation with the business lines, the day-to-day management of operational risks. The centrally managed framework provides an evaluation of risks following a predefined methodology, risk mitigation measures and action plans. The collection of operational risk incidents ensures the effectiveness of the control framework and completes the risk mapping and assessment.
The permanent internal control framework ensures that each Directorate’s control environment is adequate in terms of design and effectiveness; its efficiency is asserted in an annual report.
Furthermore, through modelling the business line procedures the Operational Risk Division maintains a comprehensive procedure and control map.
Additionally, the Business Continuity Plan (BCP) hedges against disruption of the Bank’s business activities.
The Operational Risk Management Policy codifies the approach to identify, measure, control and report operational risks. It lays down sound practices to ensure effective and consistent management across the CEB.