In the field of risk management, the Board of Directors is responsible for approving the risk control and management policy, as well as periodically monitoring internal reporting and control systems. In order to properly perform this duty, the Board is supported by the Executive Committee and a Risk Committee. Both the corporate Global Risk Management (GRM) area and the risk units in the business areas also play an essential role in the Group’s risk management, each with well defined roles and responsibilities. The corporate GRM area establishes the global risk management strategies and policies, while the risk units in the business areas propose and maintain the risk profile of each customer independently, but within the corporate framework for action.
The Group’s risk function is a unique, independent and global function whose principles are:
- The assumed risks must be compatible with the target capital adequacy and must be identified, measured and assessed. Monitoring and management procedures and sound control and mitigation systems must likewise be in place.
- All risks must be managed integrally during their life cycle. They must be treated differently depending on their type and with active portfolio management based on a common variable: economic capital.
- It is each business area’s responsibility to propose and maintain its own risk profile both independently and within the corporate action framework (defined as the set of risk policies and procedures), using an adequate risk infrastructure.
- The risk infrastructure must be suitable in terms of people, tools, databases, information systems and procedures so that there is a clear definition of roles and responsibilities, ensuring efficient allocation of resources between the corporate area and the risk units in the business areas.
The Group has developed an integrated risk management system based on these principles and structured around three main core elements:
- A set of tools, circuits and procedures that make up different management schemes.
- A system of internal controls.
- A corporate risk governance plan which separates functions and responsibilities.