Start of main content
Procedures in place for the identification, measurement, management, control and internal reporting of risks
Risk management is a strategic pillar of the Organisation. Its main objective is to preserve the Group’s financial and capital strength, driving value creation and business development in accordance with the risk appetite and risk tolerance set by the governing bodies. It also provides tools that can be used to assess, control and monitor requested and authorised risk, manage non-performing loans and recover defaulted loans.
Within the framework of the Risk Function Transformation Plan, designed in June 2013, various initiatives have been implemented as part of the continuous improvement process in which Bankia is engaged.
The risk function transformation process rests on three main pillars:
- The general principles that must govern the risk function.
- An organisational model based on a comprehensive view of the complete risk life cycle, segregating risk management in two risk units (Wholesale and Retail), which bring together, each within its scope, the full range of risk approval, monitoring and recovery functions.
- A transformation plan: the change of model culminates in the definition and implementation of a raft of initiatives that will serve to substantially improve management, in line with the chosen general principles.
General principles governing risk management:
- Independent, Group-wide risk function, providing the information needed for decision making at all levels.
- Objective decision making, incorporating all relevant risk factors (both quantitative and qualitative).
- Active management of risk throughout the risk life cycle, from pre-approval analysis to the moment the risk is extinguished.
- Clear processes and procedures, reviewed at regular intervals in light of changing needs, with clearly defined lines of responsibility.
- Integrated management of all risks through risk identification and quantification, and consistent management based on a common measure (economic capital).
- Differentiated treatment of risk, approval levels and procedures based on risk characteristics.
- Creation, implementation and diffusion of advanced decision support tools, with effective use of new technologies, so as to facilitate risk management.
- Decentralised decision making, using the available methodologies and tools.
- Inclusion of risk as a variable in business decisions in all areas, both strategic, tactical and operational.
- Alignment of the objectives of the risk function and of its individual members with the objectives of Bankia as a whole, so as to maximise value creation.
Details of the main milestones achieved within the framework of the abovementioned transformation plan:
Creation of a Risk Advisory Committee
This measure represents an improvement of corporate governance and ensures compliance with the provisions of Law 10/2014 of 26 June on the ordering, supervision and solvency of credit institutions.
Implementation of a Risk Appetite Framework
The Risk Appetite Framework was approved by the Boards of Bankia and BFA at their meetings on 23 and 24 September 2014, respectively, bringing major changes to the management and control of the Bank’s risks.
Review of recovery management in the Bank.
Work is currently under way to implement the Recovery computer tool, which will allow effective and efficient recovery while reducing human resources both in central services and in the Bank’s Regional and Business Unit Headquarters.
Changes to the System of Credit Risk Approval Authorities in the Bank
At its meeting on 23 September, the Board of Directors approved a new system of Credit Risk Approval Authorities for the Bank. The new system improves risk management by simplifying the calculation method, so as to allow greater flexibility and agility in authorising transactions, and by introducing new levels of delegated authority, which will increase the degree of control and discrimination, depending on the observed use of the delegated authority.
Formal definition and documentation of processes.
The Bank’s main work processes have been formally defined, so as to ensure that they are properly documented and can be consulted and audited both internally and by external authorities such as the single European supervisor.
The Internal Control Policies approved in 2014 have already undergone their first annual review, which was accepted by the Board of Directors at its meeting on 28 October 2015. Work is currently under way to consolidate the function by documenting procedures, establishing new controls and communicating at all levels the importance of having an appropriate risk control framework.
Implementation of tax risk control, documenting the related control process. All transactions approved by Centralised Committees or governing bodies must have the opinion of the Tax Advisory service or, failing that, of the approved external tax adviser. A tax opinion must also be obtained by the New Products Committee at each launch of a new product or service. In the rest of the committees, the groupings responsible for proposals must check that a tax opinion has been obtained where necessary under the established criteria.
Internal control mechanisms, including administrative and accounting procedures
Internal control of risks refers to the set of processes executed continuously and successively over time with a view to obtaining reasonable assurance in business processes, seen from three angles:
- Appropriate management of risks in line with the strategic objectives.
- Effectiveness and efficiency of the established risk management processes and controls.
- Compliance with applicable risk-related laws and regulations and with internal policies and procedures.
Under the new regulatory framework, internal control systems have acquired particular importance. The BFA-Bankia Group conceives of internal control as a function that demands the involvement and commitment of all members of the organisation. Internal control is therefore divided into three lines of defence, the first line being the operational areas, business lines or support units, the second, Internal Control and the third, Internal Audit.
The updated Internal Risk Control Policies, which were approved by the Bank’s Board of Directors on 28/10/2015, describe the responsibilities and tasks of the internal risk control function, whose main functions are as follows:
- Define the internal risk control policy for approval by the Board of Directors.
- Supervise the effectiveness of the internal control system in respect of risks, the application of risk-related policies and guidelines and the correct documentation of processes, risks, events and controls and evidence that they have been performed.
- Review the existence of an effective system for communicating relevant information on the internal risk control system to all levels of the organisation.
- Identify the weaknesses of the internal risk control system and make recommendations to the operational, business and support areas for action plans to correct and mitigate them, monitoring the implementation of these plans as appropriate.
End of main content