ING Direct 2011 Annual Report Download - page 246

Download and view the complete annual report

Please find page 246 of the 2011 ING Direct annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 332

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
  • 325
  • 326
  • 327
  • 328
  • 329
  • 330
  • 331
  • 332

Risk management continued
ING Bank
The General Manager Operational Risk Management (ORM) is responsible for monitoring operational risks and developing and establishing
the Operational Risk Framework within ING Bank. The General Manager ORM also establishes and approves the policies and minimum
standards, supports the business line ORM staff, monitors the quality of operational risk management and assists and supports the
Management Board Bank in managing ING Bank’s operational risks. The NFRC is the primary approval and oversight committee. The
Non-Financial Risk dashboard (NFRD) enables management to focus on the ten operational risk areas through the quarterly report on
regional, divisional and Bank level.
The ORM function consists of functional departments for Operational risks (including policies, systems, SOX testing, capital allocation and
reporting), for Information (Technology) risks and for Security & Investigations.
ORM uses a layered functional approach within business lines to ensure systematic and consistent implementation of the group-wide ORM
framework, policies and minimum standards. To avoid potential conflicts of interests, it is imperative that the ORM ofcer is impartial and
objective when advising business management on operational risk matters in their business unit or business line. To facilitate this, a strong
functional reporting line to the next higher level ORM officer is in place. The functional reporting line has clear accountabilities with regard
to objective setting, remuneration, performance management and appointment of new ORM staff.
Operational risk framework
ING Bank has developed a comprehensive framework supporting and governing the process of identifying, mitigating, measuring and
monitoring operational risks thus reflecting the stages described in the Enterprise Risk Management model of COSO (Committee of
Sponsoring Organisations of the Treadway Commission).
The operational risk appetite within ING Bank is defined as the acceptable and authorised maximum level of risk, in each of the operational
risk areas that must be adhered to in order for ING Bank to achieve its business plan within approved budgets. This risk appetite is
quarterly monitored through the Non-Financial Risk Dashboard which reports the key non-financial risk exposures.
Processes are in place to identify key threats, vulnerabilities and the associated risks which might cause adverse events. Event identification
is performed proactively and precedes a risk assessment. Different techniques for event identification exist within ING Bank, e.g. risk &
control self assessments, scenario analysis, external events inventories, internal incident analysis (e.g. lessons learned based on information
from incident reporting), key risk indicator events and threat scans.
At least once a year business units and departments perform an integrated risk assessment with involvement of the business and their
Operational Risk, Compliance, Legal and Finance departments.
Based on the results of the risk assessment, response measures must be determined for the identified risks beyond the risk appetite.
Riskresponse actions balance the expected cost for implementing these measures with the expected benefits regarding the risk reduction.
Risk response can be achieved through several combinations of mitigation strategies, for example reducing likelihood of occurrence,
reducing impact, risk avoidance, risk acceptance or through the transfer of risk. Tracking takes place through ING Bank’s central risk
management system.
The yearly objective setting process for both business management and ORM professionals aims to keep improving the management of
operational risk throughout ING Bank to ensure that ING stays in control of its current and future operational risks. ING Bank’s ORM
Framework is further maturing towards an integrated controls framework according to pre-agreed requirements and development stages
in the individual business units. This development is measured through the scorecard process.
Model disclosure
The Operational Risk Capital model of ING Bank is based on a Loss Distribution Approach (LDA). The Loss Distribution is based on both
external and internal loss data exceeding EUR 1 million. The model is adjusted for the specific measured quality of control in a business line
and the occurrence of large incidents (‘bonus/malus’). This provides an incentive to local (operational risk) management to better manage
operational risk.
Loss Distribution approach
The main objective of the LDA approach is to derive an objective Operational Risk capital amount based on the risk profile of a bank and its
business units. This approach estimates the distribution of operational risk losses for each combination of business line and loss event type.
Risk profile
The AMA capital for the fourth quarter of 2011 amounts EUR 2,836 million. This is slightly below the capital estimate of previous year. This
is explained by a capital reduction resulting from the divestments of ING Car Lease and REIM Fee Business, which is partially offset by a
capital increase resulting from the regular external incident data update.
244 ING Group Annual Report 2011