Popular
BlogNEW
CompaniesNEW
Finance
Technology
Banking
Information Technology
Oil and Energy
Internet
Mining and Metals
Communications
Real Estate
Biotechnology
Automotive
Medical
Retail
Energy
SBN HOLDINGS LIMITED Annual Report 2022 slide image

SBN HOLDINGS LIMITED Annual Report 2022

142 OPERATIONAL RISK - UNAUDITED SBN HOLDINGS LIMITED Annual report 2022 Introduction Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. Reputational risk and strategic risk are, in line with general market convention, excluded from the definition of operational risk. Operational risk exists in the natural course of business activity. It is not an objective to eliminate all exposure to operational risk as this would be neither commercially viable nor indeed possible. The group's approach to managing operational risk is to adopt fit-for-purpose operational risk practices that assist business line management in understanding their inherent risk and reducing their risk profile in line with the group's risk tolerance, while maximising their operational performance and efficiency. Framework The group has set minimum requirements for managing operational risk through the group operational risk governance standard. These requirements have been fully implemented and embedded across the group. The framework sets out a structured and consistent approach for managing operational risk across the group. The risk management approach involves identifying, assessing, measuring, managing, mitigating, and monitoring the risks associated with operations, enabling comprehensive analysis and reporting of the group's operational risk profile. The framework is based on the following core components: ■Risk identification and control methodology: Facilitates the identification of risks and the management thereof across each business and operational function. It comprises of the following key elements: - Risk and control self-assessments: Each business unit and group enabling function is required to analyse its business activities and critical processes to identify the key operational risks to which it is exposed, and assess the adequacy and effectiveness of its controls. For any area where management concludes that the level of residual risk is beyond an acceptable level, it is required to define action plans to reduce the level of risk. The assessments are facilitated, monitored and challenged by the relevant operational risk function aligned to each business unit and group enabling function. - Indicators: Based on the key risks and controls identified above, relevant indicators are used to monitor key business environment and internal control factors that may influence the group's operational risk profile. Each indicator has trigger thresholds to provide an early-warning indicator of potential risk exposures and/or a potential breakdown of controls. Operational risk incidents: All areas are required to report operational risk incidents to their relevant operational risk function. The definition of operational risk incidents includes not only events resulting in actual loss, but those resulting in non-financial impacts and near misses. This process is intended to enable the root cause of individual incidents, or trends of incidents, to be analysed and actions taken to reduce the exposure or to enhance controls. All incidents relating to the group are consolidated within a central group database, which is also integrated with risk and control self-assessments and indicators. ■Reporting: Operational risk reports are produced on both a regular and an event-driven basis. The reports include a profile of the key risks to business units' achievement of their business objectives, relevant control issues and operational risk incidents. Specific reports are prepared on a regular basis for the relevant business unit committees and for the board risk committee. The primary responsibility for managing operational risk forms part of the day-to-day responsibilities of management and employees at all levels. Business line management is ultimately responsible for owning and managing risks resulting from their activities. The risks are managed where they arise. The operational risk management function is independent from business line management and is part of the second line of defence. It is organised as follows: ■Individual teams are dedicated to each business unit and group enabling functions. These teams are based alongside their business areas and facilitate the business's adoption of the operational risk framework. As part of the second line of defence, they also monitor and challenge the business units' and group enabling functions' management of their operational risk profile. ■ A central function, based at a group level, provides group wide oversight and reporting. It is also responsible for developing and maintaining the operational risk management framework. ■The primary oversight body for operational risk is RMC, which reports to Exco, the BRC and ultimately the board. RMC is chaired by the group head of risk and includes representation from group specialist functions and business units. RMC is also responsible for approving group wide operational risk policies and methodologies. ■In addition to the operational risk management function, there are individual focus areas on particular aspects of operational risk, including: specialist functions that are responsible for oversight of specific components of operational risk, including compliance, legal, financial crime, information security and business continuity management an internal financial controls framework has been established to ensure the robust control over balance sheet substantiation and other key financial controls within the group's IT and operations functions, there are dedicated areas focused on the day-to-day management of operations control and IT risk. Measuring operational risk The group continues to calculate capital based on the standardised approach in accordance with BoN requirements Specialist operational risk types The definition of operational risk is very broad. Operational risk contains specific sub-risks that are subject to management and oversight by dedicated specialist functions. Model risk The term model refers to a quantitative method, system or approach that applies statistical, economic, financial, or mathematical principles and processes to translate input data into quantitative estimates. The group uses models to measure risk across the various risk types. Examples include credit grading, pricing, valuation and risk appetite metrics. Model risk is the potential for adverse consequences from measurement, pricing and management decisions based on incorrect or inappropriate use of models. Incorrect or inappropriate use of models may arise from incorrect assumptions, incomplete information, inaccurate implementation and limited model understanding leading to incorrect conclusions by the user. The group's approach to managing model risk is based on the following principles: ■ All new models, both internal and external, are subject to validation and independent review in which the various components of a model and its overall functioning are evaluated to determine whether the model is performing as intended. ■The three lines of defence governance model is adopted, being model development, independent model validation and internal audit oversight functions. ■ Appropriateness and fit-for-purpose use of models in technical forums is challenged. ■Model validation summaries that highlight model limitations and recommend improvements. ■Implementation of approved models into production systems is controlled. ■Model performance, including requirements for an annual review process, is monitored on an ongoing basis. ■Data that is used as model inputs, which includes independent price testing of mark-to-market positions is reviewed and governed. Where this is not available, industry consensus services are used. ■Governance is achieved through committees with appropriate board and executive management members for material models, and through policies which deal with minimum standards, materiality, validation criteria, approval criteria, roles and responsibilities. ■Auditable, skilled and experienced pool of technically competent staff is maintained. Taxation risk In terms of the group tax policy, the group fulfils its responsibilities under tax law in each jurisdiction in which it operates, both in terms of domestic and international taxes with specific reference to transfer pricing principles across jurisdictions, whether in relation to compliance, planning or client service matters. Tax law includes all responsibilities which the group may have in relation to group taxes, personal taxes, indirect taxes and tax administration. Compliance with this policy is aimed at ensuring that the group pays neither more nor less tax than tax law requires. The group continually reviews its existing and planned operations in this regard and ensures that, where clients participate in group products, these clients are either aware of the probable tax implications or are advised to consult with independent professionals to assess these implications, or both. The framework to achieve compliance with the group tax policy comprises four elements: ■Identification and management of tax risk ■Human resources policies, including an optimal mix of staffing and outsourcing ■Skills development, including methods to maintain and improve managerial and technical competency ■Communication of information affecting tax within the group. Good corporate governance in the tax context requires that each of these elements is in place, as the absence of any one would seriously undermine the others. Legal risk Legal risk is defined as exposure to the adverse consequences of non-compliance with legal or statutory responsibilities and/ or inaccurately drafted contracts and their execution, as well as the absence of written agreements or inadequate agreements. This includes exposure to new laws, as well as changes in interpretations of existing law by appropriate authorities. This applies to the full scope of group activities and may also include others acting on behalf of the group. Legal risk arises where: ■the group's businesses or functions may not be conducted in accordance with, or benefit from, applicable laws in the countries in which it operates ■regulatory requirements are incorrectly applied ■the group may be liable for damages to third parties ■contractual obligations may be enforced against the group in an adverse way, resulting from legal proceedings being instituted against it. The following sub-categories of legal risk are recognised: Contract non-conclusion risk ■Contract unenforceability risk ■Security interest failure risk ■Netting and set-off disallowance risk Adverse tax and regulatory treatment risk ■Contract breach, damages and fines risk Copyright loss or contravention risk ■Litigation risk ■Anti-competitive behaviour risk. The group has processes and controls in place to manage its legal risk. Failure to manage these risks effectively could result in legal proceedings impacting the group adversely, both financially and reputationally. 143
View entire presentation

Product

HomeSearchAccount

Categories

Finance PresentationsTechnology PresentationsBanking PresentationsInformation Technology PresentationsOil and Energy PresentationsInternet PresentationsMining and Metals PresentationsCommunications PresentationsReal Estate PresentationsBiotechnology PresentationsAutomotive PresentationsMedical PresentationsRetail PresentationsEnergy Presentations

Company

InsightsContactSupport

Legal

Terms of ServicePrivacy Policy

Connect

TwitterLinkedInInstagramYouTube