ING Direct 2015 Annual Report Download - page 213

Download and view the complete annual report

Please find page 213 of the 2015 ING Direct annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 286

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286

Contents
Who we are
Report of the
Management
Board
Corporate
Governance
Consolidated
annual accounts
Parent company
annual accounts
Other
information
Additional
information
Notes to the Consolidated annual accounts of ING Bank - continued
Legal risk is defined as the risk related to (i) a failure (or perceived failure) to adhere to applicable laws, regulations and standards, (ii)
contractual liabilities or contractual obligations that are defaulted or cannot be enforced as intended, or are enforced in an
unexpected or adverse way, and (iii) liability (tort) towards third parties due to an act or omission contributable to ING Bank
(potentially) resulting in impairment of ING Bank’s integrity, leading to damage to ING Bank’s reputation, legal or regulatory sanctions,
or financial loss.
Given the heavy reliance on IT systems in financial institutions, controls that monitor the various aspects of IT risk, such as integrity
and confidentiality, are embedded in ING Bank’s risk and control framework.
Main developments in 2015
Internal and external fraud
ING Bank is continuously working on strengthening its global fraud resilience including enhanced collaboration against cybercrime.
Exploring and combining existing data search tools that can be used for monitoring or early detection of fraudulent incoming and
outgoing payments is becoming more and more important in fraud prevention. They are being further developed into an effective set
of organisational controls.
The risk of clients and ING Bank staff being targeted by fraudsters using social engineering techniques to execute payments has
increased. Efforts are undertaken to mitigate the risk of CEO impersonation fraud such as creating awareness for customers and staff
about this type of fraud. ING Bank continues to strengthen its control environment as fraudsters are increasingly shifting their interest
to the end-user. ING Bank continues to stringently monitor both this type of fraud and new emerging fraud methodologies.
Cybercrime
Cybercrime is a continuous threat to companies in general and to financial institutions specifically. Both the frequency and the
intensity of attacks increase on a global scale. ING Bank continued building on its Cybercrime Resilience Programme moving to further
enhance the control environment to protect, detect and respond to e-banking fraud, Distributed Denial of Service (DDoS) and targeted
attacks (also called Advanced Persistent Threats). Additional controls are being embedded in the organisation as part of the overall
internal control framework and re-assessed against existing and new threats.
ING Bank is continuously working on strengthening its global cybercrime resilience including strengthened collaboration against
cybercrime with the financial industry, law enforcement authorities, government (e.g. National Cyber Security Center) and Internet
Service Providers (ISPs).
Compliance risk
Compliance risk is defined as the risk of impairment of ING Bank’s integrity as a result of failure (or perceived failure) to comply with
applicable laws, regulations, ING Bank policies and minimum standards and the ING Values as part of the Orange Code. We aim to
effectively manage compliance risks that could expose ING Bank to reputational damage, fines, civil and criminal penalties, payment
of damages, court orders and suspension or revocation of licenses that would adversely impact our customers, staff, shareholders and
other stakeholders.
Within NFR, the Bank Compliance Risk Management function established a compliance control framework in which controls are
defined based on laws, regulations and standards that are part of the internal control framework of ING Bank. To support
management in mitigating compliance risks, the Bank Compliance Risk Management function actively educates and supports the
business in managing compliance risks related to e.g. money laundering, terrorist financing, sanction and export control compliance,
conflicts of interests, mis-selling, corruption and protection of customers’ interests.
ING Bank categorises compliance risk into four conduct-related integrity risk areas:
Client conduct related integrity risk is the risk ING Bank is exposed to through our clients;
Personal conduct related integrity risk is the risk of compromising ING Bank through non-compliant employee behaviour, aiming to
promote individual integrity of all employees and to create an overall culture that is led by integrity;
Financial Services conduct related integrity risk is the risk that business practices and systems compromise ING Bank as a
participant in the financial services industry taking into account its high standards when carrying on business and at all times
striving to observe the letter as well as the spirit of the law; and
Organisational conduct related integrity risk, is the risk of compromising ING Bank or its businesses through deficiencies in
management, supervision and/or the effectiveness of governance structures.
The controls to mitigate the compliance risks associated with the above mentioned risk areas are designed and embedded in day-to-
day processes. The effectiveness of the controls as designed is tested periodically, and senior management is aware about their
responsibility to ensure their processes are compliant with applicable laws and regulations, ING Bank’s internal policies and the Orange
Code.
ING Bank Annual Report 2015 211