Академический Документы
Профессиональный Документы
Культура Документы
COMPLIANCE
Type of risk Regulatory risk Impact on business Could result in significant financial loss, impairment of shareholders funds and/or outright closure of business occasioned by sanction/fine on the bank, or loss/suspension of banking licence. Mitigation measures Proactive implementation of the Banks robust compliance programme that ensures compliance by all stakeholders to relevant laws and regulations. This includes continuous updates of the Banks rule books as well as training of all stakeholders to understand regulatory obligations and the consequence of non-compliance. Responsibility The primary responsibility for complying with regulatory requirements lies with all members of staff conducting particular transactions or activity to which regulation applies. However, the Board of Directors is ultimately accountable for compliance performance through the Chief Compliance Officer. Type of risk Reputational risk Impact on business Could result in loss of correspondent banking relationships, loss of investor community confidence and significant financial loss; occasioned by damage to the Banks image as a result of negative publicity and eventual loss of business. Mitigation measures The Bank has put in place adequate measures to know our customers and implement processes for combating money laundering and terrorist financing. In this regard, FirstBank continuously reviews its Anti Money Laundering (AML)/Countering the Financing of Terrorism (CFT) Manual, incorporating any new regulatory guidelines for Know Your Customer (KYC)/Know Your Customers Business (KYB). Responsibility The primary responsibility for complying with regulatory requirements lies with all members of staff conducting particular transactions, or activity to which regulation applies. However, the Board of Directors is ultimately accountable for compliance through the Chief Compliance Officer.
PORTFOLIO
Type of risk Concentration risk Impact on business Breaches of portfolio limits and regulatory provisions could lead to sanctions and increased financial loss. Mitigation measures Adherence to portfolio limits and regulatory requirements. Responsibility Strategic Business Units Risk Management Chief Risk Officer
www.firstbanknigeria.com/annualreport/2010/
63
COMPANY INFORMATION
Impact on business Could lead to diminution in the value of investments. Mitigation measures S ignificant investments are approved by the Board and all others by the Management Committee. C ounterparties for investments are approved by executive management and the Board.
SHAREHOLDER INFORMATION
H ighly experienced professionals in the Strategy Unit who advise on strategic investments. S trong supervision by the parent company board on subsidiaries. Portfolio selection and diversification strategies.
64
OPERATIONAL RISK
Type of risk People risk Impact on business The risk of loss financial, reputational or otherwise, arising from a failure to properly manage the Banks human capital. This could manifest in the form of staff fraud, high staff attrition, knowledge gaps and a demotivated and disgruntled workforce. This would impact the Bank by way of negative service experiences for our customers and the attendant loss in market share, financial loss, and reputational damage, and the cumulative effect of being unable to deliver strong business performance that meets or exceeds stakeholders expectations. Mitigation measures T he Bank has put in place robust Human Capital Management and Development practices to achieve a strong and efficient workplace. E ffective background checks and thorough confirmation process on new hires. C ompetitive remuneration package and other hygiene factors to attract and retain the best talent. Enforcement of strong supervisory control. Zero tolerance to staff integrity issues and fraud. A fully fledged learning and development unit and infrastructures to cater for the training and development needs of staff. Strict enforcement of the requirements of the staff handbook. A disciplinary committee that meets regularly to deal with and resolve employee issues. A comprehensive Fidelity insurance policy. Encouragement of a worklife balance culture. Mitigation measures A comprehensive Control Administrative and Accounting Procedure (CAAP) Manual has been put in place to guide operational activities and processes of the Bank. E stablishment of a central processing centre specialising in various operations areas, and the migration of some activities, which were hitherto handled at the branches. T he introduction of a functional reporting structure to the operations job families to allow for effective supervisory control of the operations of the Bank. I ntroduction of a self-assessment programme to allow process owners to identify control weaknesses with a view to taking proactive remedial actions. Automation and re-engineering of our processes. P utting in place robust business continuity planning and disaster recovery programmes. Stepping up operational risk awareness training and programmes. M onitor and manage Key Risk Indicators (KRIs) in processes/ products/activities.
Type of risk System or technology risk Impact on business The risk of failing to develop, implement or operate the Banks technology platforms and solutions to meet stakeholder requirements. This could manifest in the form of: system downtime resulting in irate customers and a tarnished reputation; software failures; systems change process management failures; seizure of technical support; hardware failures; obsolete hardware; and no support from the manufacturers. Mitigation measures
Type of risk Operations risk Impact on business The risk for the Bank to incur financial loss as a result of inadequacies or failures in Operations processes, systems or staff. Operations risk additionally incorporates the risk arising from disruption of Operations activities caused by external events. Examples are: transaction capture, execution and maintenance errors or failures; failures in the customer intake and documentation process; failed mandatory reporting obligations; limit breach due to inadequate internal processes; inadequate reconciliation processes; and manual intensive processes. Impact on business ranges from negative customer impact and the attendant loss in market share, financial loss and reputational damage, and the cumulative effect of being unable to deliver strong business performance that meets or exceeds stakeholders expectations.
The Bank has a Disaster Recovery Centre (DRC). A comprehensive Service Level Agreement (SLA) with IT service providers. Regular IT audit and control. H ardware policies covering hardware purchase, use, replacement and disposal. S oftware policies covering purchase or design, enhancement, patching, replacement and disposal. use,
B uilding resilience into the Banks network platform through the installation of a back-up link to over 90% of our branches. A n articulated medium-term transformation plan to optimise the Banks investment in technology.
www.firstbanknigeria.com/annualreport/2010/
65
INTRODUCTION
Type of risk External events and third-party risk Impact on business External events could lead to disruption in business and financial loss to the Bank. Third-party failure could lead to poor service, reputational damage and financial loss to the Bank. Technology failure due to activities of hackers, and inadequate financial capacity to fulfil obligations could impact negatively on the Banks service delivery. Mitigation measures Hedging against external events with adequate insurance cover. A robust business continuity arrangement is being put in place to improve the Banks resilience. R egular monitoring and review of all outsourcing arrangements in the Bank. Strict adherence to the Banks outsourcing policy. Enforcement of SLA, sanctions for breach of contracts. Real-time reporting of high-risk incidents or exposure. T he Bank has also put in place a Physical Security and Personal and Business Protection Policy to mitigate internal and external threats.
Mitigation measures T he Bank has put in place a fully fledged Compliance team to drive and implement the Banks compliance framework. E ffective monitoring of the Banks compliance with laws and regulations, its code of conduct, and corporate governance practices. T he Bank has a process for ensuring new and changed legal and regulatory requirements are identified, monitored and reflected in the Banks process and rule book. E nsuring that regulatory requirements are incorporated in the operational procedures manual where appropriate. Prompt submission of regulatory reports. S ound corporate governance practices and the setting of the right tone from the top with respect to regulatory issues.
BUSINESS REVIEW
Type of risk Legal risk Impact on business Could lead to financial loss from defective transaction or contracts, non-compliance to a change in the law and jurisdictional risk. Mitigation measures T he Bank has a process for ensuring new and changed legal and regulatory requirements are identified, monitored and reflected in the Bank process. E nsuring that regulatory requirements are incorporated in the operational procedures manual where appropriate. Adequate defence for claims and counterclaims. V etting of all contractual documents and agreements by the Legal Services Department before execution. RISK MANAGEMENT AND GOVERNANCE
Type of risk Regulatory and compliance risk Impact on business Could lead to financial and reputational losses to the Bank as a result of failure to comply with the laws, regulations or codes applicable to the financial services industry. The impact of this risk category on the Bank ranges from financial loss arising from fines and penalties, loss of revenue due to temporary suspension or ban from certain market activities. Possible loss in share price and negative investor perception occasioned by disclosure of regulatory infractions in our Annual Report and withdrawal of licence.
FINANCIAL STATEMENTS
Responsibility for operational risk Please note that the primary responsibility for mitigating the operational risks lies with the risk-taking units of the Bank, which include all the Business units and Support functions, e.g., Branches, Operations group, E-Business and HCMD. However, the operational risk management function serves as thought partner in risk management and mitigation, develops operational risk toolsets, and coordinates and aggregates the operational risk management activities of the business units and support functions. COMPANY INFORMATION SHAREHOLDER INFORMATION
66
CORPORATE/Contract risk
Type of risk Failure of vendors to deliver on contracts entered into with the Bank. Impact on business This could lead to financial loss, inability to deliver its desired services and reputational risk. Mitigation measures This risk is being mitigated by ensuring proper scrutiny of vendors through due diligence and referencing obtaining indemnity from vendors, proper scrutiny of contract document to guarantee enforceability. This has ensured minimal difficult rate by vendors. Responsibility Head, Legal Services, Head, General Services, and Head, Learning and Development