Risks are present in all banking activities and may cause adverse and serious consequences associated with losses resulting from several reasons.
The Risk Management is an indispensable instrument for decision-making process, being also a competitive advantage that enables the assessment of the risk-return ratios. To the extent that it offers support to business areas by helping them to maintain their activities and ensure the optimization of funds and capital allocation in benefit of shareholders and the society, risk management also indicates the Institution’s commitment to the best governance practices.
The risk management is treated as strategic issue for the Bank, given the growing complexity of the products and services offered by the Institution, as well as the increase in business and the searching for ongoing adhesion to best practices, local regulations and recommendations of the Basel Committee on Banking Supervision.
The adoption of strict risk control standards and regular update of related processes, methods and platforms, allow the expansion and improvement of the identification, follow-up, control and minimization of risks.
The Bank’s risk management practices have a wide scope that enable inherent risks to the Institution as a whole to be duly identified, measured (through mathematic and statistic modeling based on the best international practices), mitigated and controlled, aiming at supporting the sustainable development of its activities and ongoing improvement of risk management actions.
Our risk management committees and bodies form a strategic axle that supports a balanced and sustainable development. They seek to minimize losses through the adoption of an integrated vision that is centralized in the same executive office.
The successful implementation of effective risk management practices depends on the extensive commitment of our people to this process. Risk management must be incorporated to the corporate culture.
The most important components of our risk management culture are identification of risk exposure and determination of risk tolerance levels during the course of business. This choice should vary over the time, reflecting our business environment, the behavior of our peers, the needs of our clients and income estimates.
RISK MANAGEMENT STRUCTURE
There is a segregation of functions in the process of subordination of the various departments responsible for Internal Audit, Risk Management and Internal Control, which is in accordance with the size of the Institution.
The Controllership Officer is responsible and reports to the Brazilian Central Bank for the Risk Structure. However, this officer is not accountable for functions linked to the management of third-party funds or treasury transactions.
The risk management structure includes all the principal elements of control required by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), as well as by local and international regulations on environmental risk and structures within the scope of financial institutions.
|Upper Management||To sponsor management processes through the committees and
To approve and analyze all points of the structure, which is specific and independent, so as to assure the success of risk management measures.
|Internal Audit||To prepare the agenda on the assessment of risks and internal controls and
To keep managers informed about all audit actions regarding risks, compliance and controls identified in order to help them with their decision-making processes.
|Corporate Governance Department||To set up the directives for development, implementation, maintenance and application of risk management models
To support the upper management with relevant information for the management of the Institution’s risks; and
To control the limits established for the Institution’s risk appetite, as well as set forth risk estimation and determination models.
|Internal Controls||To maintain integrity standards and ethical values through the dissemination of the internal controls culture to all employees;
To ensure compliance with the laws and regulations issued by domestic and foreign supervisory authorities, and adhesion to all internal policies and procedures established;
To guarantee the structure of internal controls aiming at guaranteeing they are identified, assessed, monitored and controlled with efficiency and effectiveness;
|Market Risk||To perform risk calculations (VaR) on a daily basis
To monitor the settled limits;
To report a stress scenario proposal to the Treasury Committee; and
To carry out the backtesting of VaR models.
|Liquidity Risk||To report to the Treasury Committee a proposal on minimum daily liquidity limits taking into account stress scenarios;
To make immediate liquidity positions available on a daily basis;
To monitor and report any mismatch of limits, and
To develop and analyze the Bank’s cash flow.
|Credit Risk||To monitor risk/return ratios and the concentration/distribution of portfolios;
To administer the systems of portfolio risk management; and
To provide information to credit risk management models in the scope of the Basel Accords II and III.
|Operating Risk||To implement operating risk policies and procedures;
To guarantee loss mapping and grouping according to operating risk definitions;
To formalize the processes presenting risks and review and adjust them according to new necessities on a regular basis;
To establish, disclose and document all reports and rules regarding approval and management of the Institution's operating risks;
To adopt the best practices regarding management of operating risks; and
To organize an continuing flow of information intended to feed a database on the history of operating losses.
|Social and Environmental Risk||Based on values and principles that are divided in three pillars:
Business Continuity: this is based on the adoption of Responsible Investment Principles through the use of practices that allow the knowledge and monitoring of the performance of its value chain, valuing medium- and long-term business and relationships.
Corporate Social Responsibility:the engagement between the Bank and its stakeholders, towards the creation of a mutual confidence and respect to establish business partnerships that may stimulate long-lasting relationships based on ethical and transparent actions.
Respect to the Environment: The management of environmental impacts deriving from the Bank’s operations (such as: waste generation, greenhouse gas emissions (GGEs) and consumption of natural resources and energy) is the opportunity to improve operations and positively influence the Bank´s stakeholders.
|Illegal Actions Risk||The prevention to illegal actions is divided in three principal risks:
Legal Risk.:CCB BRASIL's compliance with the laws, standards and complementary regulations applicable to the prevention and detection of "Money Laundering, Terrorist Financing and Corruption” in all its subsidiaries in Brazil and abroad.
Operating Risk.: Unrestricted application of the Policies; Definition of the duties of the employees in each hierarchical level of the institution; Ongoing monitoring and analysis of all financial transactions made by clients; Training programs are offered to all employees;
Reputation Risk.: Assessment of CCB BRASIL’s products and services in order to identify any risks linked to “Money Laundering, Terrorist Financing and Corruption,” and ways to mitigate them; Monitoring of major news websites or engagement of a news clipping provider in order to identify articles that may relate to the reputation of the Bank’s customers, especially regarding their alleged involvement in Money Laundering, Terrorist Financing and Corruption; Queries made with major newspapers and magazines, as well as on Internet sites in order to identify individuals and legal entities allegedly involved in money laundering, and check out whether these individuals and related persons are CCB BRASIL clients; Preparation of internal restrictive lists including individuals and legal entities.
|Information Security Risk||Information Technology Security Risk
Fraud Operating Risk – Mitigators - Assessment of the systems and resources that comprise the bank’s technological infrastructure regarding any vulnerability that may allow the fulfillment of threats.
Systems Operating Risk – Mitigators - Conduction of regular invasion testing so as to ensure that systems settings and resources would not fail due to the action of external hackers.
Continuity, Availability, Integrity and Undue Access Operating Risks – Mitigators - Monitoring of systems regarding undue use, as well as access control so as to allow access to authorized persons only.
Information Security Risk relating to Processes – Mitigators - To maintain a group of policies and procedures that form the General Information Security Policy, which includes directives that are based on best practices and the ISO 27001 standard.
Information Security Risk relating to People – Mitigator - To conduct awareness campaigns on a regular basis for the group’s employees, addressing subjects such as Social Engineering, password sharing, Internet and e-mail access, information classification and disposal, among others.
1. External Risk
This is represented by risks related to external factors that are beyond control of the Institution.
External risks are listed below:
Actions taken by peer companies or new market players in order to establish or maintain competitive advantages.
1.2. Capital Availability
Any threat against organizational development, execution of strategies or future generation of financial income due to the absence of own funds (originated from shareholders) or third-party funds.
Changes in regulations, or other actions taken by the regulatory authorities, which may adversely impact the Bank’s transactions.
Impossibility of sustaining banking transactions, providing essential services or recovering operating costs that may result from controllable or uncontrollable disasters.
2. Operating Risk
The risk of loss as a result of improper or defective internal processes, persons or systems or as a result of external events.
Operating risks are as follows:
2.1. Non-Authorized Activity
Activities that violates the policies, standards and procedures previously established.
2.2. Internal Fraud
Fraudulent and/or criminal behaviors intended to obtain personal advantages and/or steal the property of others to the benefit of the company.
2.3. External Fraud
Irregular activities performed by persons not related to the Bank and in their own benefit.
2.4. Information Security
This comprises the access of external persons to data and information, as well as the performance of illegal transactions by these persons through non-authorized access to the Bank's systems.
2.5. Labor Claims
Court decisions as a result of practices that are not in compliance with labor laws and agreements or may cause damage the health and safety of the employees; or due to discriminatory treatment.
Impossibility of getting information due to lack of communication, loss of processing capacity, or any difficulty arising from the operation of systems.
Exposure of the Bank’s image and/or payment of indemnity due to accidental or non-authorized disclosure of sensitive client records.
Non-compliance with the ethical and behavioral standards established or inappropriate practices by our sales teams.
2.9. Product Failure
Improper conception/modeling of banking products/services.
2.10. Liabilities with Clients
Breach of contract or improper selection of clients.
Improper counseling advisory to clients leading to false expectations regarding the profitability/cost of transactions.
Recording or processing of invalid or incomplete data.
Availability of invalid, incomplete or untimely information to external entities, regulatory authorities, shareholders and investors.
Inexistent, insufficient, inappropriate or incorrect information regarding admission of clients, credit concession, funding or provision of services.
Damage caused to client assets.
Bad performance or disputes with business partners.
2.17. Suppliers and Third Parties
Non-compliance of service suppliers with the regulations in effect or with the amounts, objectives and authority limits established by the Institution, or outsourced companies competing between them due to outsourcing of strategic processes.
2.18. Illegal actions taken by the Institution
Risk of illegal practices by the Institution's managers or employees against third parties, such as:
- Disclosure of false financial statements with the purpose of deceiving external users;
- Non-compliance with labor regulations; involvement of managers in bribery schemes and influence peddling;
- Tax evasion practices; frauds against clients; or other schemes that may unlawfully benefit the institution.
Said actions may result in fines, sanctions, interruption of activities, contingencies, loss of clients and damage to reputation.
2.19. Compliance Risk
Risk linked to non-compliance of an entity with law and regulatory requirements (SUSEP - private insurance superintendence, ANS – Brazilian health agency) relating to operating management issues.
The following are examples of said requirements: compliance with operating limits for risk acceptance, terms for the issuance of policies, and payment of claims; registration of personal data of clients, and recordkeeping, among others.
2.20. Tax Credit and Contingencies
These relate to the impact of these amounts on the equity structure and financial performance of the institution, such as the probability of non realization of tax credits and potential loss of civil or labor claims.
3. Market Risk
Risk of change in the value of a financial instrument or a portfolio of financial instruments due to the volatility of market variables (interest rates, exchange rates, stock, commodities etc.).
Market risks are classified as:
3.1. Interest Rates
Increase in funding costs or reduction in gains from financial investments due to unexpected fluctuations in interest rates.
3.2. Foreign Exchange
Adverse impact on the Institution’s assets and liabilities as a result of changes in interest rates.
Lower-than-expected return on investments or not suitable to the risk of the investment.
Insufficiency of funds to comply with financial commitments, which may result in the payment of interest/fines or the interruption of business.
Decrease in revenues or increase in costs due to the fluctuation in prices of products that are widely traded on the market, such as: agribusiness products, electricity, gas, oil or minerals.
Losses due to the inappropriate use or lack of knowledge about the aspects considered in the valuation of derivatives that are express or implied in their relevant agreements and financial instruments, such as: expected exposure, interest rate curve, base/spread, options, reinvestment, rollover, imperfect hedging.
4. Credit Risk
Risk occurring when a debtor or borrower fails to comply with the terms of the agreements they hold with the Bank, or, otherwise, with the conditions agreed upon. It derives from all activities whose success depends on the fulfillment of obligations by the counterparty, be it the issuer or the borrower.
They are namely:
Non compliance with the obligations assumed by the counterparty (delivery of goods, services or funds).
4.2. Non compliance with the obligations assumed by the counterparty (delivery of goods, services or funds)
Failure in the delivery of securities by a clearing agent on the due date because of errors, delays or cancellation of transactions that had been confirmed by the counterparty.
Total or partial reduction in the realization of the guarantees received due to the depreciation of assets; decrease in credit capacity of guarantors; fluctuation in the interest rates and exchange rates that define the market value of financial instruments offered as guarantee.
Impossibility of achieving the results expected due to dependence on one single client, industry or economic segment with high share in transactions.
5. Strategic Risk
Chance of loss as a result of processes or decision making that may impact the Bank's survival, growth or obtainment of competitive advantages.
Strategic risks are as follows:
Preparation of the strategic planning and/or budget based on inappropriate performance assumptions and/or measures.
Non-compatibility between the prices defined and market prices or the Institution’s cost structure.
5.3. Opportunity Cost
Impairment of financial funds due to loss in the value of money across time, mismatching of cash flows, or insufficient investment return if compared to other options with similar risk levels.
5.4. Indicators and Targets
Inappropriate assessment of the performance and risk relating to processes, transactions, suppliers or employees.
5.5. Human Resources
Procedures carried out by persons with insufficient skills, training or experience to support the achievement of the Institution’s objectives. Dependence on key employees.
6. Illegal Actions Risk
Risk of the Institution’s being spontaneously involved in or induced to or taking passive actions that may lead clients, suppliers, business partners, or representatives to perform illegal actions and/or money laundering.
“Illegal actions” is the process of laundering earnings from illegal activities so as to make them apparently legalized after various transactions that theoretically include three independent phases that frequently take place at the same time.
7.Social and Environmental Risk
Potential loss caused to society or the environment by an activity that results from business relationships between suppliers, clients, service suppliers, business partners and representatives.
8.Information Security Risk
Portion resulting from the lack of guarantee that information, in whatever format, is protected against access of non-authorized persons, is available whenever needed and is reliable and unimpaired.