ING Direct 2015 Annual Report Download - page 211

Download and view the complete annual report

Please find page 211 of the 2015 ING Direct annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 286

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286

Contents
Who we are
Report of the
Management
Board
Corporate
Governance
Consolidated
annual accounts
Parent company
annual accounts
Other
information
Additional
information
Notes to the Consolidated annual accounts of ING Bank - continued
The Head of NFR reports to the Chief Risk Officer (CRO) and is responsible for developing the framework of non-financial risk policies
and standards within ING Bank and for monitoring the quality of non-financial risk management in the divisions. Whilst the Head of
Corporate Operational Risk Management (CORM) reports to the Head of NFR, the Chief Compliance Officer reports functionally to the
CRO and hierarchically to the Head of NFR.
The Head of CORM provides management on country, divisional and bank level through the NFR Dashboard with an overview of key
risks within the non-financial risk areas including compliance risks, information security risks, continuity risks, control risks, fraud and
unauthorised activities risks and personal and physical security risks, enabling management to focus and set priorities.
The Chief Compliance Officer (CCO) is the general manager of the Bank Compliance Risk Management department and the Head of the
Compliance Risk Management function within the Bank. This is an independent function responsible for developing and establishing
the Bank-wide Compliance Risk Management charter & framework which establishes the policies and minimum standards for
managing compliance risks. The CCO assists and supports the Management Board Banking in managing ING Bank’s compliance risks
and control framework.
The NFR department uses a layered functional approach within divisions to ensure systematic and consistent implementation of the
framework of policies and minimum standards within ING Bank. To avoid potential conflicts of interests, it is imperative that the staff
working in the department is independent and objective when advising business management on non-financial risk matters in their
business unit or business line. To facilitate this, a strong functional reporting line to the next higher level within Operational Risk
Management (ORM) and Compliance is in place. The functional reporting line has clear accountabilities with regard to objectives
setting, remuneration, performance management and appointment of new staff as well as obligations to veto and escalate.
Framework
ING Bank has a comprehensive framework for operational and compliance risks. This supports and governs the process of identifying,
measuring, mitigating, monitoring and reporting non-financial risks thus reflecting the stages described in the Enterprise Risk
Management model of COSO (Committee of Sponsoring Organisations of the Treadway Commission).
The risk appetite (defined as the acceptable and authorised maximum level of risk) is set by the Bank NFRC. Adherence to this risk
appetite is monitored quarterly through the NFR Dashboard which reports the key non-financial risk exposures.
Processes are in place to identify key threats, vulnerabilities and the associated risks which might cause adverse events. Event
identification is performed proactively and precedes a risk assessment. Different techniques for event identification exist within ING
Bank, e.g. Risk & Control Self-Assessments, scenario analysis, external events inventories, internal events analyses (e.g. lessons learned
based on information from event reporting), key risk indicators and threat scans.
Risk & Control Self-Assessment
Identification and assessment of non-financial risks inherent to ING Bank products, activities, people, processes and systems provide
management with an understanding of the operational risk profile. Based on the identification and assessment, internal controls are
designed to support mitigation of risks to remain within the risk appetite.
Business Environment Assessment
The Business Environment Assessment (BEA) assesses all internal control factors and external factors that could influence the internal
and external operating environment and may lead to unacceptable operational risk exposure.
Scenario analysis
Scenario analysis is a process used to consider the impact of rare, significant, yet plausible future events, taking into consideration
alternative possible outcomes for those events, their severity and frequency. Input for scenario analysis includes the results of various
internal and external assessments such as the BEA. Scenario analysis is an important component in the calculation of operational risk
capital.
Internal events analyses
Analysis of internal non-financial loss data assists in identifying, quantifying, mitigating and monitoring operational risk exposure. It
provides insight into causes and effectiveness of associated controls.
External events inventories
External non-financial loss data provides valuable information about the losses experienced by other businesses, and assists ING Bank
to quantify its exposure to risk events that have not been experienced internally.
ING Bank Annual Report 2015 209