Operational risks refer to the risk of loss due to incorrect or non-appropriate internal processes and procedures, human errors, incorrect systems or external events, including legal risks.
Operational risks include:
- process risks – risks that arise due to process weaknesses.
- personnel risks – changes in personnel; weaknesses in project management, corporate culture and communication; errors by personnel, etc.
- IT / systemic risks – risk of significant impact on business operations as a result of weaknesses in IT systems.
- external risks – risks arising from fraud, or events caused by external parties, natural disasters or lack of physical security.
- legal risks – the risk that an agreement is not fully or partially enforceable, lawsuits, adverse judgements or other legal processes that disrupt or adversely impact the business or the requisite conditions for operating a credit institution. Legal risks also include compliance risk, which arises as a result of failure to comply with laws, rules, regulations, agreements, prescribed practices and ethical standards, and which can lead to current or future risks as regards earnings and capital. Other risks – including risks associated with remuneration systems.
The Group manages operational risks using measures/tools for identifying, evaluating, documenting, controlling and reporting risks and for building risk expertise and designing risk training. Focus is on reducing significant risks as far as possible by identifying and documenting processes and procedures.
For example, the Group has had a strong focus on establishing a procedure-driven organisation with policies, guidelines and procedures designed to achieve a high level of internal governance and control. Group processes have been mapped with controls to ensure that identified risks are managed and monitored effectively.
The Group has a procedure for approving new or significant changes in existing products/services, markets, processes or other major changes in the business operations. The procedure is aimed at enabling the Group to effectively and efficiently manage risks arising from the introduction of such new or significantly changed products or services.