Page 36 - CCB_Annual Report_2022
P. 36
36 Strategic Report 37
Principal Risk Governance Risk Appetite Statement Key Mitigants Comments Principal Risk Governance Risk Appetite Statement Key Mitigants Comments
Financial Financial Crime The Bank maintains a low Adherence to the Ensuring Operational Operational Risk The Bank maintains a low Risk and Control Self Operational
Crime Framework appetite for Financial Crime Financial Crime compliance The risk Management appetite for Operational Assessments and Risk is a key
risk, aiming to maintain a Framework with all Framework/ Risk. We aim to minimise Risk Registers risk for the
The risk that Risk low level of residual risk applicable that events Policy incidents and losses arising Bank. However,
inadequate Management and striving to ensure that Undertaking business regulatory arising from from operational risk issues Scenario Analysis Operational
controls Committee we always remain within wide risk assessments requirements in inadequate Risk by maintaining a resilient Monitoring of Risk related
relating to Risk & the law and regulation. Customer onboarding a fast-changing or internal Management infrastructure, including Operational Risk Events losses have
financial crime Compliance Whilst we recognise that incorporating standard landscape is process failure, Committee robust systems, employing, and ‘Deep Dive’ analysis, historically
could give Committee operational errors can and enhanced due a challenge people, and Risk & and training the right where appropriate been low, the
rise to fines, occur, we maintain zero diligence activities. to which the systems or Compliance people, minimising the framework
litigation, tolerance for breaches Bank devotes from external Committee impact of external events, Reviewing projects and has been
sanctions, of compliance with Risk based Source of considerable events cause and having a framework in change management strengthened
reputational applicable financial crime Funds and Source of resources. The regulatory place to ensure operational requests. following an
damage, or laws and regulations, Wealth checks. Financial Crime censure, risks are captured, Monitoring of the risk external review
financial loss. reputational
deliberate facilitation of Individual customer Framework damage, monitored, and mitigated, posed using critical and and ongoing
tax evasion, bribery and risk assessments which is continually financial with lessons learned from outsourced suppliers. enhancements
facilitation payments and determine a customer’s under review loss, service mistakes. This includes Horizon scanning are being
internal fraud. All material risk profile and maintained disruption and/ clear first line ownership of to ensure continued undertaken
breaches are investigated Third-party due in line with or customer operational risks, review, adherence to regulatory to ensure that
and reported to the Risk diligence. leading industry detriment. and challenge by the requirements and the Bank’s
Management Committee practices. second line and assurance leading practices. Operational
and Risk & Compliance Ongoing automated Annual from the third line. Focus Risk Framework
Committee in a timely transaction monitoring submission is maintained on key risks, Maintaining knowledge is in line with
manner, rule changes and screening of the MLRO including outsourcing, of industry standards its regulatory
are implemented within Receiving internal Report to operational resilience, and changes requirements
the applicable regulatory suspicious activity the Board people, cyber and Regular training and and leading
timelines and staff operate reports from any technology risks, noting development of staff practices.
within documented employee in the business that the Bank has a lower to ensure up to date
policies and controls appetite for risks associated knowledge base and
and, where applicable, High risk customers are with material outsourcing embedded Risk and
industry guidelines. approved by the MLRO and critical non- Control Self-Assessment
outsourcing arrangements.
Obtaining and using We will ensure that our process.
intelligence and national systems and operational
and international findings
capabilities are stable and
Receiving reports of resilient, with preventative
suspicious activity measures in place to
from any employee in reduce the risk of service
the business disruptions, and effective
business continuity and
Evaluating any suspicions disaster recovery plans
of money laundering/ maintained to limit the
terrorist financing
impact of disruption
Horizon scanning events. A suite of KRIs is
to ensure continued in place and a framework
adherence to regulatory for escalation of issues to
requirements. senior management and
the Board, regular reviews
Regular reviews of are undertaken via Risk and
training content and Control Self Assessments,
training and oversight and Operational Risk Events
of the development of are captured, recorded, and
staff to ensure up to date reviewed with actions taken
knowledge base
to avoid recurrence.
