Page 37 - CCB_Full-Annual-Report-2021
P. 37
36 Strategic Report 37
Contents
Contents
Principal Risk Governance Risk Appetite Statement Key Mitigants Comments Principal Risk Governance Risk Appetite Statement Key Mitigants Comments
Financial Crime Financial The Bank maintains a low ∞Adherence to the Ensuring Operational Operational The Bank maintains a low ∞Risk and Control Operational Strategic Report
Crime appetite for Financial Crime Financial Crime compliance Risk appetite for Operational Self Assessments Risk is one of
The risk that Framework risk, aiming to maintain a Framework with all The risk Management Risk. We aim to minimise and Risk Registers the key risks
inadequate low level of residual risk applicable that events Framework incidents and losses arising the Bank faces.
controls relating Risk and striving to ensure that ∞Undertaking business regulatory arising from from operational risk issues ∞Scenario Analysis However,
to financial Management we always remain within wide risk assessments requirements in inadequate or Risk by maintaining a resilient ∞Monitoring of Operational
crime could Committee the law and regulation. ∞Customer onboarding a fast-changing internal process Management infrastructure, including Operational Risk Risk related
give rise to Risk & Whilst we recognise that incorporating standard landscape is failure, people, Committee robust systems, employing, Events and ‘Deep losses have
fines, litigation, Compliance operational errors can occur, and enhanced due a challenge and systems or Risk & and training the right people, Dive’ analysis, where historically
sanctions, Committee we maintain zero tolerance diligence activities to which the from external Compliance minimising the impact of appropriate been low, the
reputational for breaches of compliance Bank devotes events cause Committee external events, and having a framework
damage, or with applicable financial ∞Risk based Source considerable regulatory framework in place to ensure ∞Reviewing projects has been Corporate Governance Statement
financial loss. of Funds & Source censure, and change
crime laws and regulations, of Wealth checks resources. The reputational operational risks are captured, management requests strengthened
deliberate facilitation of Financial Crime damage, monitored, and mitigated, with following an
tax evasion, bribery and ∞Individual customer Framework financial lessons learned from mistakes. ∞ Monitoring of the risk external review
facilitation payments and risk assessments is continually loss, service This includes clear first line posed using critical and and ongoing
internal fraud. All material which determine a under review disruption and/ ownership of operational outsourced suppliers enhancements
breaches are investigated customer’s risk profile and maintained or customer risks, review, and challenge ∞Horizon scanning are being
and reported to the Risk & ∞Third-party due in line with detriment. by the second line and to ensure continued undertaken
Compliance Committee in a diligence. leading assurance from the third line. adherence to regulatory to ensure that
timely manner, rule changes industry Focus is maintained on key requirements and the Bank’s
are implemented within ∞Ongoing automated practices. risks, including outsourcing, leading practices Operational
the applicable regulatory transaction monitoring operational resilience, people, Risk Framework
timelines and staff operate and screening Annual cyber and technology risks, ∞Regular training and is in line with
within documented policies ∞Receiving internal submission noting that the Bank has development of staff its regulatory Independent Auditor’s Report
and controls and, where suspicious activity of the MLRO a lower appetite for risks to ensure up to date requirements
applicable, industry guidelines. Report to associated with material knowledge base and leading
reports from any the Board. outsourcing and critical non- practices.
employee in the business ∞An enhanced Risk
outsourcing arrangements. We and Control Self-
∞Obtaining and will ensure that our systems Assessment process
using intelligence and operational capabilities has been rolled out
and national and are stable and resilient, with across the Bank
international findings preventative measures in
place to reduce the risk
∞Receiving reports of
of service disruptions, and
suspicious activity
effective business continuity
from any employee Financial Statements
and disaster recovery plans
in the business
maintained to limit the impact
∞Evaluating any of disruption events. A suite
suspicions of of KRIs is in place and a
money laundering/ framework for escalation of
terrorist financing issues to senior management
and the Board, regular reviews
∞Horizon scanning
are undertaken via Risk and
to ensure continued
adherence to regulatory Control Self Assessments,
requirements and Operational Risk Events
are captured, recorded,
∞Regular reviews of and reviewed with actions
training content and taken to avoid recurrence. Notes to the Financial Statements
training and oversight
of the development of
staff to ensure up to
date knowledge base