Operational risks refer to inadequate or failed processes, people and systems or external events, which result in loss. Within our risk appetite we consider operational risks with a financial impact higher than €1 million as high. These risks can occur when the integrity or continuity of critical processes are endangered. They are unacceptable and require immediate action. For other operational risks clear remediation dates are set and monitored.
Within the Basel II framework FMO uses the Standardized Approach to measure and manage operational risks. To review and ensure the proper execution of FMO’s operations, several tools are in place. Our internal audit function assesses the effectiveness and efficiency of the processes based on a risk analysis. FMO’s directors also perform annual operational risk self-assessments, which evaluate controls and set action plans to improve these controls. Strict follow-up on the action plans and audit findings is carried out quarterly. If operations have not functioned properly, we record an incident. Each quarter, an overview of incidents is reported to FMO’s Management Board. High operational risks or risks with a recurring character are also reported to the Audit & Risk Committee via a report by the Audit, Compliance & Control department (ACC). This report gives insight, for instance, into aspects that need to be improved and where FMO’s key risks lie.
In terms of FMO’s operations and Basel II definitions, the proper continuous performance of our processes carries the greatest risks. Knowledge of procedures and processes and effective coaching remain important priorities, especially when changes in regulations, for example, necessitate changes in internal procedures and processes. We therefore constantly review and improve process descriptions, which are accessible to everyone via the intranet. Knowledge and risk awareness are also an important aspect of management steering and control. Since FMO’s workforce is likely to grow substantially in coming years, we intend to intensify employee training and mentoring on these aspects. As far as soft controls in our organization are concerned, we will continue investing in behavioral and leadership skills, such as awareness, coaching and maintaining clear accountability.
Control of sometimes complex financial products can be complicated, so to address this we implemented a Product Approval Process in 2010. It may be, for instance, that products do not meet clients’ needs, that not all risks are identified or that the product cannot be registered properly. This Product Approval Process has proven to be a valuable tool.