40  Strategic Report                                                                                             41


 Emerging risks and uncertainties


 On a regular basis, the Bank will reassess the key risks to which it is exposed and add any                       Contents
                                                                                                                   Contents
 which are emerging, within the environment in which it operates. The Bank’s emerging risks
 during the year and at the time of the preparation of this document are assessed to be:
 Emerging Risk  Definition  The Bank’s Response  Emerging Risk  Definition  The Bank’s Response


 Global macro   As restrictions linked to Covid 19 are relaxed   The Bank monitors a range of current   Operational   Securing Operational Resilience is a key   Operational Resilience and Supplier Risk   Strategic Report
 economic   there remains a risk of new waves/variants   andforward-looking measures covering   Resilience  regulatory and operational requirement   Management arrangements have been
 outlook /   and the extent of subsequent Government   all susceptive risk types (primarily   such that the Bank can prevent, respond   significantly enhanced during 2021, including
 COVID-19  response. These may include temporary   operational, conduct, strategic, and credit).   to, recover, and learn from operational   Board approval of Important Business Services
 staff shortages, supply-chain disruptions,   These are reviewed by management   disruptions. As several key IT services are   (IBS’s) and Impact Tolerances. Continual
 increased forbearance arrangements.  and oversight forums on an ongoing   outsourced, including the Bank’s core   developments are being made and are subject
 basis, and appropriate responsive action   platform, satisfactory performance of   to Board and Executive level oversight.
 The onset of the Ukraine conflict, and wider   undertaken. In mitigation to more severe   its service providers is an essential part
 associated geo-political risks, has increased   scenarios, documented arrangements are   of ensuring Operational Resilience.
 this uncertainty primarily through the impact   in place for each of the Bank’s ‘Important
 on energy and commodity prices and   Business Services’, and for each business   Transformation  The Bank’s change agenda and investment   The risk is mitigated through a combination
 potential supply disruptions, the impact of   area, identifying key points of failure and   in operations transformation to deliver   of first-line management oversight,   Corporate Governance Statement
 sanctions, and the potential for firms to adopt   management’s contingency arrangements.  improved workflow and processing   including maintaining effective operating
 a ‘wait and see’ approach to investment..  efficiencies is designed to deliver clear   structures, governance forums (Executive
                             business benefits. However, there remains   & Business Change Committees), and
 Hybrid Working   With the development of more flexible working  The Bank is focussed on maintaining a positive   some risk of increased process errors,   Risk and Control Self-Assessments, and
 (Staffing)  arrangements hybrid working arrangements   culture, along with positive employee relations,   due to the level of complexity and manual   second and third line assurance.
 could create a new set of expectations   balancing both employer and employee   intervention in the product life cycle.
 (both employer and employee) which could   needs. Regular staff feedback and surveys are
 change the normal pattern of working.  undertaken to inform management’s approach.  Cyber Threat  The nature of cyber-attacks across the   CCB’s technology infrastructure is UK
                             industry began to change during the      based and has a very small externally
 UK Macro-  As the impact of the pandemic unwinds   Macro-economic risk is considered as   pandemic with a greater proportion utilising   facing footprint, and the Bank’s websites
 Economic Risk  there remains some risk of economic   part of the Strategic Planning process   previously unseen malware or methods, as   are outside its perimeter, greatly reducing
 uncertainties, impacting the Bank and its   and monitored via various reporting to   well as an increase in volume. More recently,   the inherent exposure. Furthermore, the
 customer base, resulting in the potential for   Board and executive level committees.  the Ukraine conflict has led GCHQ and   Bank profile, suppliers, and customer-
 the Bank being unable to achieve its business   the National Cyber Security Centre (NCSC   base does not make it an obvious   Independent Auditor’s Report
 targets – (growth/credit risk related).  – the UK’s cyber watchdog) to warn of a   target for state-sponsored hackers.
                             potential increase in cyber risk, as disruptive
 Additionally, there remains a risk in relation   attacks against organisations in Ukraine   The Bank’s technology perimeter has
 to the broader economic pressures   may ‘spill over’ into supportive countries.  been reviewed without issue, and
 on the UK, including inflation risk.                                 patching timescales are as aggressive
                             CCB’s operations are inherently reliant   as possible. Technology arrangements
 Development   The risk that pursuing the business growth   The key mitigant will be management   upon its technology infrastructure, and the   have been reviewed against the NCSC
 of the 2021+   targets outlined in the most recent Strategic   judgement, supported by Board oversight   performance of third-party technology   guidance, and no deficiencies or areas
 Growth Plan  Plan will bring additional operational   in areas including due diligence,   firms to maintain cyber security defences.  for improvement were identified.
 pressures and create increased risk, either   management competency, and
 Credit Risk or Operational/Fulfilment Risk.  ensuring that the Bank recruits sufficient   Advice has been taken from CCB’s new Board   Financial Statements
 resources/skills to manage the risk.                                 advisory cyber experts, and the new OT and
                                                                      operational consultancy, regarding this risk.
 Climate Change  Climate Change is a growing risk and ongoing   This is a topic that the Bank takes very   Current arrangements, including technical
 consideration needs to be given to the   seriously and has conducted a detailed report   resiliency (firewalls, monitoring, patching,
 longer-term impacts, particularly in relation   in response to the PRA’s Climate Change   etc.), staff training, documented and tested
 to the loan portfolio. If left unchecked, will   Requirements and plans for firms to manage   recovery plans, and scenario playbooks,
 lead to a medium/long term risk to the credit   these risks. The Environmental, Social &   meet the recommendations received.
 quality of the book because of extreme   Governance (ESG) Steering Committee,
 climate events such as flood risk and poor   chaired by the Chief Risk Officer, continues
 preparedness and lack of attention given   to develop the Bank’s action plans, in addition   The Strategic report on pages 4 - 41 was approved, by order of the Board.
 to this risk by the property industry (which   to working with external bodies, such as
 continues to tolerate low EPC grades) and   UK Finance, to assess sector preparedness,                            Notes to the Financial Statements
 impact on the Asset Finance and Classic   planning and actions to ensure the Bank’s
 Vehicles and Sports loan (CV&S) books.   initiatives remain appropriate and relevant.
 Both physical and transitional risks are being   Regular progress reports are provided to   Richard Bryan
 factored into Risk Appetite, Key Risk Indicators,  key stakeholders, including the Board.  Company Secretary
 and the credit grading model calculation.
            12 April 2022