1.4 Banking group — Operational risks

Qualitative information

A. General aspects, management procedures and measurement methods concerning the operational risk

Operational risk is the risk of losses arising from inadequate or dysfunctional procedures, human resources, internal systems or external events. Losses from fraud, human error, business disruption, unavailability of systems, breach of contract and natural disasters all fall under this category. Managing operational risks requires the ability to identify the risks entailed by all significant products, activities, processes and systems that could compromise the Group’s goals. Operational risks include the risks of judicial or administrative sanctions, significant financial losses or reputational damage following violations of mandatory legal provisions (laws and regulations, such as the laws on banking transparency, anti-money laundering, privacy and administrative liability of legal entities) or corporate governance provisions (for example, the Corporate Governance Code for listed companies).

Correctly managing operational risks strictly requires adequate organisational structures, operational procedures and IT support. It is also extremely important to properly train resources. Indeed, the Banca IFIS Group is constantly committed to the professional training and growth of its human resources.

During 2015, the Group further strengthened the controls over operational risks, also by progressively updating internal processes aimed at monitoring and identifying potential anomalous situations. In addition, it started a gradual process to enhance the methods for identifying and measuring operational risks, consistently with the sector's market practices.

Currently, the management of operational risks for the Polish subsidiary is guaranteed by the strong involvement of the Parent Company, which makes decisions in terms of strategies and risk management.

As far as business continuity is concerned, the Banca IFIS Group has adopted a Business Continuity Plan, that is a set of initiatives and counter-measures designed to keep business interruptions within the limits set in business continuity strategies. The Business Continuity Plan also includes the Disaster Recovery plan, designed to deal with events that could disrupt the corporate IT systems.

As for Basel 2 principles for calculating capital requirements against first-pillar operational risks, the Bank chose to adopt the Basic Indicator Approach.