Page 41 - CCB_Full-Annual-Report-2021
P. 41
40 Strategic Report 41
Emerging risks and uncertainties
On a regular basis, the Bank will reassess the key risks to which it is exposed and add any Contents
Contents
which are emerging, within the environment in which it operates. The Bank’s emerging risks
during the year and at the time of the preparation of this document are assessed to be:
Emerging Risk Definition The Bank’s Response Emerging Risk Definition The Bank’s Response
Global macro As restrictions linked to Covid 19 are relaxed The Bank monitors a range of current Operational Securing Operational Resilience is a key Operational Resilience and Supplier Risk Strategic Report
economic there remains a risk of new waves/variants andforward-looking measures covering Resilience regulatory and operational requirement Management arrangements have been
outlook / and the extent of subsequent Government all susceptive risk types (primarily such that the Bank can prevent, respond significantly enhanced during 2021, including
COVID-19 response. These may include temporary operational, conduct, strategic, and credit). to, recover, and learn from operational Board approval of Important Business Services
staff shortages, supply-chain disruptions, These are reviewed by management disruptions. As several key IT services are (IBS’s) and Impact Tolerances. Continual
increased forbearance arrangements. and oversight forums on an ongoing outsourced, including the Bank’s core developments are being made and are subject
basis, and appropriate responsive action platform, satisfactory performance of to Board and Executive level oversight.
The onset of the Ukraine conflict, and wider undertaken. In mitigation to more severe its service providers is an essential part
associated geo-political risks, has increased scenarios, documented arrangements are of ensuring Operational Resilience.
this uncertainty primarily through the impact in place for each of the Bank’s ‘Important
on energy and commodity prices and Business Services’, and for each business Transformation The Bank’s change agenda and investment The risk is mitigated through a combination
potential supply disruptions, the impact of area, identifying key points of failure and in operations transformation to deliver of first-line management oversight, Corporate Governance Statement
sanctions, and the potential for firms to adopt management’s contingency arrangements. improved workflow and processing including maintaining effective operating
a ‘wait and see’ approach to investment.. efficiencies is designed to deliver clear structures, governance forums (Executive
business benefits. However, there remains & Business Change Committees), and
Hybrid Working With the development of more flexible working The Bank is focussed on maintaining a positive some risk of increased process errors, Risk and Control Self-Assessments, and
(Staffing) arrangements hybrid working arrangements culture, along with positive employee relations, due to the level of complexity and manual second and third line assurance.
could create a new set of expectations balancing both employer and employee intervention in the product life cycle.
(both employer and employee) which could needs. Regular staff feedback and surveys are
change the normal pattern of working. undertaken to inform management’s approach. Cyber Threat The nature of cyber-attacks across the CCB’s technology infrastructure is UK
industry began to change during the based and has a very small externally
UK Macro- As the impact of the pandemic unwinds Macro-economic risk is considered as pandemic with a greater proportion utilising facing footprint, and the Bank’s websites
Economic Risk there remains some risk of economic part of the Strategic Planning process previously unseen malware or methods, as are outside its perimeter, greatly reducing
uncertainties, impacting the Bank and its and monitored via various reporting to well as an increase in volume. More recently, the inherent exposure. Furthermore, the
customer base, resulting in the potential for Board and executive level committees. the Ukraine conflict has led GCHQ and Bank profile, suppliers, and customer-
the Bank being unable to achieve its business the National Cyber Security Centre (NCSC base does not make it an obvious Independent Auditor’s Report
targets – (growth/credit risk related). – the UK’s cyber watchdog) to warn of a target for state-sponsored hackers.
potential increase in cyber risk, as disruptive
Additionally, there remains a risk in relation attacks against organisations in Ukraine The Bank’s technology perimeter has
to the broader economic pressures may ‘spill over’ into supportive countries. been reviewed without issue, and
on the UK, including inflation risk. patching timescales are as aggressive
CCB’s operations are inherently reliant as possible. Technology arrangements
Development The risk that pursuing the business growth The key mitigant will be management upon its technology infrastructure, and the have been reviewed against the NCSC
of the 2021+ targets outlined in the most recent Strategic judgement, supported by Board oversight performance of third-party technology guidance, and no deficiencies or areas
Growth Plan Plan will bring additional operational in areas including due diligence, firms to maintain cyber security defences. for improvement were identified.
pressures and create increased risk, either management competency, and
Credit Risk or Operational/Fulfilment Risk. ensuring that the Bank recruits sufficient Advice has been taken from CCB’s new Board Financial Statements
resources/skills to manage the risk. advisory cyber experts, and the new OT and
operational consultancy, regarding this risk.
Climate Change Climate Change is a growing risk and ongoing This is a topic that the Bank takes very Current arrangements, including technical
consideration needs to be given to the seriously and has conducted a detailed report resiliency (firewalls, monitoring, patching,
longer-term impacts, particularly in relation in response to the PRA’s Climate Change etc.), staff training, documented and tested
to the loan portfolio. If left unchecked, will Requirements and plans for firms to manage recovery plans, and scenario playbooks,
lead to a medium/long term risk to the credit these risks. The Environmental, Social & meet the recommendations received.
quality of the book because of extreme Governance (ESG) Steering Committee,
climate events such as flood risk and poor chaired by the Chief Risk Officer, continues
preparedness and lack of attention given to develop the Bank’s action plans, in addition The Strategic report on pages 4 - 41 was approved, by order of the Board.
to this risk by the property industry (which to working with external bodies, such as
continues to tolerate low EPC grades) and UK Finance, to assess sector preparedness, Notes to the Financial Statements
impact on the Asset Finance and Classic planning and actions to ensure the Bank’s
Vehicles and Sports loan (CV&S) books. initiatives remain appropriate and relevant.
Both physical and transitional risks are being Regular progress reports are provided to Richard Bryan
factored into Risk Appetite, Key Risk Indicators, key stakeholders, including the Board. Company Secretary
and the credit grading model calculation.
12 April 2022