Page 39 - CCB_Annual Report_2022
P. 39
38 Strategic Report 39
Principal Risk Governance Risk Appetite Statement Key Mitigants Comments Principal Risk Governance Risk Appetite Statement Key Mitigants Comments
Conduct Conduct Risk The Bank maintains a Monitoring of the The Bank Financial Model Risk The Bank maintains a Materiality assessment The Bank’s
Framework low appetite for Conduct Conduct Risk KPI’s prides itself Models Governance low appetite for Model for models at inception, Model Risk
The risk that Risk, employing a strategy on its strong Framework & Risk. We aim to minimise and annually thereafter Governance
customers Customer that is customer-centric, Complaints monitoring risk culture The risk that Policy incidents and losses arising Policy
suffer loss or & Product transparent, and built on and analysis. and focus the Bank incurs from model risk issues by Regular independent articulates the
detriment due Committee integrity, professionalism, Customer surveys on customer financial loss Model Risk maintaining and operating model validation principles and
to failures at Risk and fairness, ensuring outcomes. A because of Governance within an appropriate for high/medium standards for
any stage of Management that all our employees Independent review of Conduct Risk decisions Committee governance framework, rated models model use at
the customer Committee understand and fully customer calls Framework is in that could be Risk supported by a Model Regular model each stage of
journey, operate within regulatory Annual product reviews place to ensure principally based Management Governance Policy. We self-validation for low its life cycle,
including Risk & requirements (including continued on the output Committee have a clear definition of rated models with control
inadequate Compliance the FCA Conduct Rules), Analysis of the compliance of (internal) a model and maintain an and assurance
product design, Committee further the Bank’s Strategic ‘customer journey’ with all models, due Risk & inventory of all models Ongoing model requirements
sales/marketing Priorities (including Annual report from the requirements to errors in the Compliance within the Bank. We adopt monitoring for commensurate
processes and maintaining a culture of Chief Risk Officer on in this regard, development, Committee a proportionate risk-based key models. with the
operational ‘doing the right thing’ Conduct issues, feeding including implementation, approach according to the End User Computing model’s
delivery, data for our customers and into the remuneration detailed or use of materiality of each model, (EUC) framework materiality and
management staff’ and ‘delivering clear policy and practice. reporting such models. with specific requirements enhancements – level of risk.
and record and simple products’). to the risk regarding model requiring minimum
keeping or All our employees are Linkage of all variable committees. development, independent standards for databases
the failure of responsible for proactively pay schemes to validation, approval,
its staff or key managing Conduct customer satisfaction implementation, monitoring
providers of Risk and maintaining measures. and recommended
services, to act customer interests as the Development enhancements and future
with integrity highest priority. of Consumer developments. Oversight
and treat the Duty Principles. is provided by the second
customers’ best The Consumer Duty line of defence and the
interests as the regulation comes into quarterly Model Risk
highest priority. force in 2023 and the Bank Governance Committee.
continues to prepare for
these changes — ensuring Operational Maintaining Operational Resilience The Bank completes The Bank’s
we adopt the spirit of the Resilience Operational and Supplier Risk annual testing of its resiliency
regulation as well as the Resilience is a Management arrangements Important Business remains strong.
principles into the business. key regulatory have been significantly Services and has All actions from
and operational enhanced during 2022, completed its second test activity is
requirement to including Board approval cycle of this work. logged and
ensure the Bank of Important Business Testing includes the oversighted.
can prevent, Services (IBS’s) and Impact mapping, identification
respond to, Tolerances along with of vulnerabilities and
recover, and learn workshops held to assess stress testing of these.
from operational continuity of business
disruptions. services for the critical Resiliency is also tested
As several key scenarios. Continual via IT Disaster Recovery,
IT services are developments are being Crisis Management
outsourced, made and are subject Planning (both desktop
including the to Board and Executive and simulated scenario)
Bank’s core level oversight. and business continuity.
platform, Our third party’s
satisfactory resiliency forms
performance of its part of the Bank’s
service providers is internal testing.
an ongoing part of
ensuring continued
Operational
Resilience.