Skip to Main Content
Risk Management
Home Banking
HT governance_risk management

Risk Management

Our internal risk control system to ensure transparency.

Banca Generali internal control system is structured on three levels:

  • first-level controls, aimed at ensuring that activities are conducted properly. Such controls are undertaken by production units or are included into procedures;
  • risk management controls, aimed at identifying, measuring, controlling and managing all risks (credit, market, operating and strategic risks, etc.);
  • compliance controls, aimed at preventing noncompliance with law in the rendering of services.

Within Banca Generali, such controls are entrusted to:

  • the Compliance function entrusted with preventing the risk of noncompliance with applicable legislation, including the risk of money laundering and financing of terrorism;
  • the Risk Management function, entrusted with the task of identifying, measuring, controlling and managing other risks (credit, market, operating and strategic risks, etc.);
  • internal audits (or thirdlevel controls), entrusted to the Internal Audit function, which performs controls aimed at identifying anomalous performances and violations of procedures and regulations, as well as assessing the overall functioning of the entire internal audit and risk management system.

The above-mentioned activities are complemented by those of the 262 Oversight function, with reference to the administrative-accounting risk (Law No. 262/2005).

Board of Directors

  • It is responsible for the internal control and risk management system: it plays a role of guidance and evaluation of the adequacy of the system and sets up an Internal Audit and Risk Committee within the Board.
  • It identifies the Company’s guidelines and, upon proposal of the Chief Executive Officer, defines the Risk Appetite Framework (RAF) and accordingly develops the corporate policies.
  • It regularly assesses the adequacy and efficacy of the system, reviewing, at least once a year, the activity plan and the periodical reports of the Company's control functions.

Internal Audit and Risk Committee

  • It is the Board committee charged with providing coordinated coverage of the management and control system for the risks assumed by the Group, in accordance with the Risk Appetite Framework.
  • It supports with investigative, propositional and advisory duties the Board of Directors and the Board of Statutory Auditors, in particular on matters of internal control and risk management, related party and connected party transactions, transactions of greater importance, statutory auditing and equity investments.

Board of Statutory Auditors

  • It oversees the adequacy, compliance and functioning of the internal control and risk management system.
  • It attends the collegial meetings with the heads of control functions, also in conjunction with the preparation of the activity plan.
  • It monitors the independence of the independent auditors, in terms of both compliance with the relevant requirements, and the nature and volume of non-auditing services rendered.

Managerial Risk Committee

  • It guarantees a coordinated coverage of the management and control system for the risks assumed by the Group, in accordance with the Risk Appetite Framework.
  • It monitors the Group’s risks, addressing specific operating issues pertaining to the definition and management of risk containment measures.
  • It exercises decision-making powers relating to the said risk containment measures.

Law 262 Organisational Unit

  • It supports the Manager in charge of the Company’s financial reports.
  • It addresses and coordinates the management of administrative and accounting risks and collaborates with the Internal Regulations Service to prepare the plan for the implementation of the remedial measures aimed at ensuring that such risk is monitored both within IT General Controls and processes.
  • It defines the methodological guidelines to implement all relevant FRR (Financial Reporting Risk) activities and disseminates them to the Banking Group’s structures involved, in addition to coordinating and assessing the efficacy of the control solutions and activities aimed at mitigating such risk.
  • It regularly assesses the effective implementation of the controls set forth by internal regulations on ESG reporting.

Risk Management

  • It identifies, measures, assesses and monitors all types of risk to which the Group is exposed, with the exception of the risk of non-compliance and the risk of money-laundering and financing of terrorism, reporting regularly to the Risk Committee.
  • It duly draws up a report, thereby contributing to define and implement the Risk Appetite Framework, as well as all related risk management policies.
  • It prepares an annual Risk Management Plan to identify and monitor the risks to which the Banking Group is exposed, in coordination with the Compliance Service, the Anti-Money Laundering Service and the Internal Audit Department.

Compliance

  • It controls and assesses the adequacy and efficacy of the company processes and procedures in order to prevent and manage the risk of non-compliance with the rules and requirements governing the provision of services by the Banking Group companies, in accordance with a risk-based approach.
  • It fosters and supports the development of a culture of compliance within the Banking Group, contributing to training the personnel in order to disseminate the principles of honesty, integrity and respect for both the spirit and the letter of the law.
  • It periodically submits reports to the Board of Directors and Board of Statutory Auditors in respect of its activities, especially the process testing carried out and related findings, as well as measures to be taken to remedy any shortcomings and the concrete implementation thereof.
  • It provides consultancy and advice on compliance with the statutory requirements and implementation procedures applicable to investment activities and services.
  • It defines the overall activity of selecting, arranging and analysing inspections of the distribution network, subsequently carrying out the said controls.

Anti Money Laundering

  • It prevents and combats transactions involving money laundering and financing of terrorism guaranteeing compliance with the procedures endorsed also by the Wolfsberg Questionnaire (CBDDQ) and the Declaration pursuant to the USA Patriot Act issued on 26 October 2001.
  • It constantly assesses that company procedures are consistent with the aim of preventing and combating the violation of provisions concerning money-laundering and financing of terrorism, and collaborates in identifying the internal control system to prevent and combat such risks.
  • It is responsible for managing, evaluating and reporting suspect transactions, effectively identifying other situations that trigger reporting obligations, and for supervising the anti-money laundering obligations within its purview in accordance with the Anti-Money Laundering Policy approved by the Board of Directors.

Internal Audit

  • It oversees and assesses the efficiency and effectiveness of the Internal Control System.
  • Regularly verify the completeness, adequacy, compliance and reliability of the controls carried out by the Compliance and Risk Management Functions as required by the current laws and regulations.
  • It constantly monitors the risk of fraud carrying out ad-hoc detailed analyses of specific events.
  • It controls, at least annually, the main IT service supplier, which is certified ISO 27001:2013, the standard that defines the requirements of the Information Security Management System (ISMS).

Security and Business Continuity Plan (BCP) Service

  • It reports to the Chief Security Officer who, directly reporting to the Head of C.O.O. & Innovation Area, develops the strategic vision of the Bank’s security by applying the principle of Group One Security based on a strong integration among IT Security, Cybersecurity, Corporate Security and Physical Security.
  • It periodically supports the training and awareness-raising activities on issues related to IT & Cybersecurity and BCP.

The main risks and uncertainties to which the Banking Group is exposed are:

  • credit risk: it is the risk associated with the possibility that a counterparty may become insolvent, or the likelihood that a debtor may fail to fulfil its obligations or fulfil its obligations on a delayed basis with respect to predetermined due dates;
  • counterparty risk: it is the risk associated with the possibility that a counterparty to a securities transaction may default before said transaction is settled. The counterparty risk is a sub-category of credit risk;
  • operating risk: it is the risk of loss resulting from the inadequacy or failure of processes, human resources or internal systems, or from external events. This type of risk includes, inter alia, losses due to fraud, human error, interruptions of operation, unavailability of systems, breach of contract and natural disasters. The legal risk is included in the operating risk, whereas strategic and reputation risks are not included;
  • market risk: it is the risk associated with the possibility to suffer losses due to variations in the value of a security or a portfolio of securities associated with unexpected variations in market conditions (share prices, interest rates, exchange rates, the prices of goods and the volatility of risk factors);
  • interest rate risk to which the banking book is exposed: it is the risk of incurring losses due to potential fluctuations in interest rates. This risk is generated by the gaps between the maturities and time required to re-set the interest rate on the Group’s assets and liabilities. Where such gaps are present, fluctuations in interest rates result in variations of net profit, and therefore expected net profit, as well as variations in the market value of the assets and liabilities, and therefore of net equity;
  • liquidity risk: it is manifested in the form of the breach of payment obligations, which may be caused by an inability to procure funding (funding liquidity risk) or the existence of limits on the divestment of assets (market liquidity risk). Liquidity risk also includes the risk of fulfilling payment obligations at above-market costs, incurring a high cost of funding, or incurring capital losses on the divestment of assets;
  • concentration risk: it is the risk arising from exposures to counterparties, groups of related counterparties, and counterparties operating in the same business segment, engaging in the same activity, or based in the same geographical area;
  • residual risk: it is the risk that the recognised credit risk mitigation techniques used prove less effective than foreseen;
  • reputational risk: it is the current or prospective risk of a decrease in profits or capital arising from a negative perception of the corporate image by clients, counterparties, shareholders, investors or regulatory authorities;
  • strategic risk: the actual or prospective risk of a decrease in profits or capital arising from changes in the operating context or poor company decisions, the inadequate implementation of decisions, or insufficient reaction to changes in the competitive scenario;
  • compliance risk: it is the risk of incurring legal or administrative penalties, significant financial losses or damages to reputation due to breaches of compulsory provisions (of laws or regulations) or self-imposed rules (e.g., articles of association, codes of conduct, self-regulatory codes).

The Group has formally defined a policy for each of the above risks that lays down: the general principles, roles and responsibilities of the company bodies and functions involved in risk management; guidelines on risk management in accordance with its business model, risk appetite, internal control system, system of delegated powers established by the Board of Directors and instructions of supervisory authorities.

The integration of the ESG factors into the risk management system

Banca Generali is engaged in a dynamic environment that pays increasing attention to sustainability issues, also in light of the worsening of the climate crisis.

Managing ESG risks requires consideration not only of the impact of these risks on the Bank’s organisation, but also of the potential risks to which the Bank exposes its stakeholders and the environment through its operations. The Bank therefore adopts a holistic approach to ESG matters, based on:

  • definition of a Banking Group ESG strategy according to the guidelines provided by the Corporate Bodies and supported by the Internal Governance Structures;
  • management of sustainability matters in sensitive sectors through its own regulatory framework, also aimed at defining criteria for limiting and excluding lending to or investing in business sectors considered most exposed to ESG risks;
  • integration of ESG factors into the general risk management framework and, in particular, the provision within the Risk Appetite Framework of a specific section dedicated to ESG and climate change risks that defines specific limits and criteria.

Identification of climate-related risks

The process for identifying ESG risks to which the Banking Group is potentially exposed was partly revised and strengthened in 2023 to fully understand the impact of climate-related risks on the main categories of existing risks. In detail, climate-related risks are understood to comprise two concepts, namely physical risk and transition risk:

  • Physical risk: impact of a changing climate, therefore categorised as “acute” when it arises from extreme events, and “chronic” when it arises from progressive shifts,
  • Transition risk: an institution’s financial loss that can result, directly or indirectly, from the process of adjustment towards a lower-carbon and more environmentally sustainable economy.

The transmission channels through which the climate-related and environmental factors affect the traditional risk categories are:

  • Credit risk: climate-related and environmental risk factors may have impacts on the counterparties’ creditworthiness and on collateral valuations;
  • Market risk: climate-related and environmental risks may have adverse repercussions on business continuity or the performance of investee companies and government entities;
  • Operational risk: climate-related and environmental risk factors — and in particular physical risk — may give rise to impacts on the Bank’s business continuity, as a result of potential damages to owned properties or suppliers’ operating facilities. Transition risk includes the potential additional or higher costs of maintenance and renovation of the Banking Group’s offices, branches, and other physical assets due to new laws and regulations.
  • Liquidity risk: climate-related and environmental risks may affect the liquidity risk in terms of direct and/or indirect impacts on the Bank’s liquidity position;
  • Strategic/reputational risk: climate-related and environmental risk factors may influence the economic sustainability of some business lines and cause strategic risk tied to non-development and non-distribution of products arising from specific investment processes and instruments to take into account ESG factors.

In order to integrate climate-related and environmental risks into the Risk Management Framework, the materiality assessment has been updated using a quantitative approach, described within the paragraph “Risk Management and Business Management Transparency” of our Annual Integrated Report 2023.

governance

Discover our external auditors
It carries out audit work and draws up audit reports.