Operational risk is defined as the one that could potentially cause losses due to human errors, inadequate or faulty internal processes, system failures or external events. This definition includes legal risk, but excludes strategic and/or business risk.
Operational risk is inherent to all banking activities, products, systems and processes. Its origins are diverse (processes, internal and external fraud, technology, human resources, suppliers, commercial practices, disasters). Operational risk management is integrated into the Group’s global risk management structure.
As part of a process of continuous improvement of the operational risk model, the implementation of an integrated internal control and operational risk methodology began in 2011. This methodology allows identifying risks in organizational units, it better identifies and prioritizes residual risks and links them to the Bank’s processes. It also establishes an objective risk level for each risk type to identify and manage gaps by comparing it with the residual risk level. In order to provide the required support for this methodology, the Group has developed a new corporate IT system.
