Risk Management

Summary of Operational Risk Management Structure

I - Introduction

BANCO INDUSTRIAL DO BRASIL S.A., aiming for the best practices on financial system and keeping and strengthening how to manage institutional risks, has established corporate policy dealing with Operational Risk Management (ORM).

II - Definitions

By means of Resolution No. 3,380 as of 29 July 2006, Banco Central do Brasil defined Operational Risk as ‘potential loss occurrence from fault, deficiency or inadequacy on internal processes, persons, and systems, or from external events.’

Such definition includes legal risk linked to inadequacy or deficiency regarding executed contracts by the institution, as well as sanctions considering breach of legal provisions and third party damage redress, from activities performed by institution.

III - Operational Risk Event

Central Bank Resolution No. 3380/06 defines event types as:

  • Internal fraud. Acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or company policy, excluding diversity/discrimination events, which involve at least one internal party. Examples include intentional misreporting of positions, employee theft, and insider trading on an employee’s own account.
  • External fraud. Acts by a third party, of a type intended to defraud, misappropriate property or circumvent the law. Examples include robbery, forgery, cheque kiting, and damage from computer hacking.
  • Employment practices and workplace safety. Acts inconsistent with employment, health or safety laws or agreements, or which result in payment of personal injury claims, or claims relating to diversity/discrimination issues. Examples include workers compensation claims, violation of employee health and safety rules, organized labor activities, discrimination claims, and general liability (for example, a customer slipping and falling at a branch office).
  • Clients, products and business practices. Unintentional or negligent failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements), or from the nature or design of a product. Examples include fiduciary breaches, misuse of confidential customer information, improper trading activities on the bank’s account, money laundering, and sale of unauthorized products.
  • Damage to physical assets. Loss or damage to physical assets from natural disaster or other events. Examples include terrorism, vandalism, earthquakes, fires and floods.
  • Business disruption and system failures. Disruption of business or system failures. Examples include hardware and software failures, telecommunication problems, and utility outages.
  • Execution, delivery and process management. Failed transaction processing or process management, and relations with trade counterparties and vendors. Examples include data entry errors, collateral management failures, incomplete legal documentation, unapproved access given to client accounts, non-client counterparty misperformance, and vendor disputes.

IV - Operational Risk Management Structure

The area of Compliance is responsible to centralize all operational risk management regarding Directorship and Management Board.

ORM progress also count on effective participation of several bank areas by its Managers and Compliance Officers, furthering recognition, assessment, monitoring, risk mitigation and control, incurred loss record, creating action plan to correct faults and result communication opportunely.

The activities consist of:

a) Finding and assessing risks;

b) implementing activities to control and assess its effectiveness sporadically;

c) monitoring losses from performing operational risk event;

d) corrective actions carried out, in order to correct slip-ups identified in the processes; and

e) reporting and communicating information on decision-making.

All such processes undergo independent internal audits, performed at least once a year.

V - Methodology

Banco Industrial do Brazil S.A. considers:

a) Advice from Basel based on the 25 principles developed by the Committee on Banking Supervision;

b) Control Objectives for Information and Related Information (COBIT), international practice to implement IT process monitoring and orientation;

c) Internal control systems required by Resolution CMN No. 2,554/98; and

d) Committee of Sponsoring Organizations (COSO) methodology.

System works by using Control Risk Self-Assessment (CRSA) methodology, applied to:

  • Analyze processes;
  • Identify risks related to processes;
  • Estimate impact of risks;
  • Identify control activities; and
  • Identify residual risks.

VI - Responsibilities

VI.1 - Area of Compliance

Responsible for managing, coordinating, implementing, and reviewing processes; formalizing policies and procedures, as well as management reports within one year to abide by Directorship and Management Board.

VI.2 - Local Managers and Compliance Officers

Have effective participation to further recognition, assessment, monitoring, risk control and mitigation, incurred loss record, creating action plan to correct faults, and result communication opportunely.

VI.3 - Internal Control Committees

There are two Committees established: The first consists of Board members and Compliance staff and has to assimilate Internal and External Audit work results, as well as control and operational risk processes, assessing it and fixing other measures, if necessary.

The second consists of Compliance Staff, Compliance Officers and Internal Audit representatives, aiming to discuss and improve work plan exhaustion, internal and external audit processes, reports, and results, before rising information to the Board Committee to assess it.

Vl.4 - Internal Audit

Develops sporadic control on ORM progress.

VI.5 - Directorship and Management Board

Review and approve, at least once a year, both ORM policies and exposing actions to be implemented to correct opportunely potential deficiency pointed out in operational risk management reports.

Summary of Market Risk Management Structure

I - Introduction

BANCO INDUSTRIAL DO BRASIL S.A., aiming for both best practices on financial system and keeping and strengthening how to manage Institutional risks, has established corporate policy dealing with Market Risk Management (MRM).

II - Definitions

By means of Resolution No. 3,464 as of 26 July 2007, the National Monetary Council has defined Market Risk (MR) as ‘potential loss occurrence from market-value fluctuation on a position held by a financial Institution, including in it operation risks subject to exchange rate variation from interest rate, share prices, and product prices (commodities).

III - Market Risk Management Structure

The level of risk exposition is controlled by using analysis tools based on methodologies highly used by most financial market institutions, both national and international. The Bank uses an specific and controlled electronic system, from a renowned development company, to measure, monitor, and control market risk exposition, as well as generating analysis reports opportunely.

The area of Compliance is responsible for the coordination of the management process. The methodology description and others reference tools used by the Institution can be found publicized by internal communication channels.

IV - Responsibilities

IV.1 - Area of Compliance

Among other activities, the Area answers for:

  • Assessing and analyzing market position risk, by means of specific methodology;
  • Assessing active limits and informing to the Market Risk Committee when they be exceeded;
  • Monitoring Hedge operation effectiveness;
  • Identifying risks linked to new activities and products.

IV.2 - Market Risk Committee

Among other activities, responsible on defining market risk policies, macroeconomic, national and international scenario analysis, and limit review - e.g. V@R.

IV.3 - Directorship and Management Board

Ratify structure and market risk management policies at least once a year, as well as nominate market-risk responsible directors taking part in the Market Risk Committee.

Summary of Credit Risk Management Structure

I - Introduction

BANCO INDUSTRIAL DO BRASIL S.A., aiming for best practices on financial systems and strengthening the management Institutional risks, has established corporate policies to deal with Credit Risk Management (GRC).

II - Definitions

According to the Resolution No. 3,721 of April 30 th 2009, the National Monetary Council (CVM), has defined credit risk as the possibility of losses associated to the failure of the borrower or its counterparty to their respective financial obligations agreed on, the devaluation of the credit agreement due to the deterioration in the borrower‘s risk rating, reduction in profit or remuneration, the benefits granted in renegotiation and cost recovery.

III - Credit Risk Management Structure

The area of Risk & Compliance is the main responsible for the Credit Risk Management, it uses an automated system capable of ensuring the identification, assessment and mitigation of risks.

The company’s units of the Industrial of Conglomerate in Brazil must maintain in an orderly documented and adequately the structure established to control credit risk.

These controls allow periodic evaluations of the risk positions, in accordance with current regulations and the Credit Committee.

IV - Responsibilities

IV.1 - Management Board

  • Approve the appointment of the director in charge with the Central Bank of Brazil, to observ legal regulations and standards.
  • Approve and review annually, the institutional policy, procedures and systems necessary for the effective implementation of the management structure for credit risk.

IV.2 - Board of Directors

  • Approve the appointment of the director in charge with the Central Bank of Brazil, the observance of standards and legal regulations.
  • Be aware of the reports issued periodically by the Compliance & Risk Area, regarding the performance of risk management as a result of policies and strategies, and set appropriate adjustment action.
  • Approve and review annually, the institutional policy, procedures and systems necessary for effective implementation of the management structure for credit risk.

IV.3 - Credit Risk Committee

  • Analyze the macroeconomic scenarios for the national and international sectors.
  • Be aware of the managerial reports issued periodically by the Compliance area to the Board about the performance of risk management as a result of policies and strategies, and determine appropriate action adjustment.
  • Ensure compliance with Policy Management Credit Risk and effectiveness of their processes.

IV.4 - Area of Compliance and Risk Management

  • Deliberate on the propositions of credit risk management.
  • Guarantee on the credit limits control.
  • Ensure compliance for the methodology and measurement tools.
  • Elaborate scenarios, management reports and "Stress test" periodically.
  • Report informations and analysis to the board, as well as the conclusion and actions to be taken.
  • Monitor the risks of companies of the Industrial conglomerate in relation to its limits;
  • Monitor the excess risk in relation to its limits.

 

Risk Management - Internal Policies

 

Risk Management Report - Circular 3.678/13* 

*Portuguese only

Last updated on 2017-05-16T14:52:57

My Downloads

Select the files of your interest in the website and manage the download.

Selected Files

x
Download Documents Reset List