In the field of risk management, it is the Board of Directors that is responsible for approving the risk control and management policy, as well as periodically monitoring internal reporting and control systems. To perform this duty correctly, the Board is supported by the Executive Committee and a Risk Committee. Both the corporate Risk area and the risk units in the business areas also play an essential role in the Group’s risk management, each with well-defined roles and responsibilities. Thus, the corporate Risk area establishes the global risk management strategies and policies, while the risk units in the business areas propose and maintain the risk profile of each customer independently, but within the corporate action framework.
The Group’s risk function, Global Risk Management, is a unique, independent and global function whose principles are:
- The assumed risks must be compatible with the target capital adequacy and must be identified, measured and assessed. Monitoring and management procedures and sound control and mitigation systems must likewise be in place.
- All risks must be managed integrally during their life cycle, being treated differently depending on their type and with active portfolio management based on a common measurement, economic capital.
- It is each business area’s responsibility to propose and maintain its own risk profile, within their independence in the corporate action framework (defined as the set of risk policies and procedures), using a proper risk infrastructure.
- The risk infrastructure must be suitable in terms of people, tools, databases, information systems and procedures so that there is a clear definition of roles and responsibilities, ensuring efficient allocation of resources between the corporate area and the risk units in the business areas.
Based on these principles, the Group has developed an integrated risk management system that is structured around three main lines of action:
- A set of tools, circuits and procedures that make up differentiated management systems.
- A system of internal control mechanisms.
- A corporate risk governance plan which separates functions and responsibilities.
