ING Direct 2009 Annual Report Download - page 238

Download and view the complete annual report

Please find page 238 of the 2009 ING Direct annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 312

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312

ING Group – Non-financial risks
Information (Technology) risk
ING has fully reviewed and updated its IT risk policy and minimum standards and aligned it with regulatory and (external) international
ISO standards. All IT-related staff worldwide were informed about the changes in policy and standards and e-learning is being developed.
ING’s quarterly monitoring process through NFRD was also aligned with the new policy and standards.
Continued risk mitigation efforts were made in the IT risk domain worldwide as IT is a key resource and enabler for ING businesses.
Managing IT risk is amongst ING’s key management priorities. The Executive IT Risk Steering Committee is chaired by INGs CEO.
ING developed a Risk Forecasting methodology that shows over time the effects on the risk profile of Business Units from ongoing and
intended mitigating actions. In the course of 2009, forecasting has been implemented successfully for the Information (Technology) area.
Continuity risk
A continuity risk forecasting model has been introduced. Through this model, Management can determine if current actions are sufficient
to maintain the continuity risks at an acceptable level or if additional mitigation projects are necessary. Furthermore an overall Group value
chain ranking list for critical products and services has been introduced in which management can prioritise supporting activities. Because
of the worldwide influenza (H1N1) pandemic outbreak special focus has been put on business continuity planning and crisis management
using a realistic scenario of a staff absence of 50%.
COMPLIANCE RISKS
Compliance Risk is defined as the risk of damage to ING’s integrity as a result of failure (or perceived failure) to comply with relevant laws,
regulations, internal policies, procedures and ethical standards. In addition to reputational damage, failure to effectively manage
Compliance Risk could expose ING to fines, civil and criminal penalties, and payment of damages, court orders and suspension or
revocation of licenses, which would adversely impact customers, staff and shareholders of ING.
ING believes that fully embedded Compliance Risk Management preserves and enhances the trust of its customers, shareholders and staff.
Being trusted is essential to building sustainable businesses. INGs Business Principles set the foundation for the high ethical standards ING
expects of all our business activities.
ING’s Business Principles require all staff at every level to conduct themselves, not only in compliance with laws and regulations, but also by
acting with integrity, being open and clear, respectful, and responsible.
Clear and practical policies and procedures are embedded in ING business processes in all Business Lines. Systems are in place to enable
management to track current and emerging Compliance Risk issues, to communicate these to internal and external stakeholders, and to
drive continuous improvement. ING understands that good Compliance Risk Management involves understanding and delivering on the
expectations of customers and other stakeholders, thereby strengthening the quality of key relationships.
The Scope of the Compliance Risk Management function
The Compliance Risk Management function focuses on managing the risks arising from laws, regulations and standards which are specific
to the financial services industry. The Compliance Risk Management function actively educates and supports the business in managing
areas including anti-money laundering, preventing terrorist financing, conflicts of interest, proper sales and trading conduct and protection
of customer interest.
ING separates Compliance Risk into four conduct-related integrity risk areas. These are shown below with examples of the sub-risks in
each risk area:
Client Related Integrity Risk
Personal Conduct
Related Integrity Risk
Organisational Conduct
Related Integrity Risk
Financial Services Conduct
Related Integrity Risk
Money laundering•
Terrorist financing•
Political or reputational •
exposed person
Client engagements or •
transactions with (ultra) high
risk countries
Market abuse & personal •
trading
Breaches of the ING Business •
Principles or local code of
conduct
Outside positions by ING •
officers
Gifts or entertainment given or •
received; bribery.
External incident reporting•
Organisational conflicts of •
interest, market abuse and
insider trading.
Anti-trust/competition law•
New or modified products and •
services (e.g. customer base,
design) and governance
changes
Agreed sector /industry •
standards.
Regulatory registration and •
reporting requirements
Third party intermediaries as •
representatives of ING
Marketing, sales & •
Marketing, sales & trading
conduct
Conduct of advisory business •
Complaint handling•
Transparency of product •
offerings (e.g. costs,
disclosures).
Risk management (continued)
2.1 Consolidated annual accounts
ING Group Annual Report 2009
236