Internal Control and Risk Management System

The strategic planning process of the Banca IFIS Banking Group is based on a three-year industrial plan approved by the Board of Directors on a yearly basis. Said Plan annually adjusts the strategic prospects drawn up in the previous document and extends their temporal horizon to the following year. On the basis of the strategic indications, dimensional objectives and additional qualitative-quantitative elements of the Industrial Plan, the ICAAP Report is drafted and approved by the Board of Directors every year.

Moreover, during the course of 2014, the Board also approved the Risk Appetite Framework.

The risk appetite of the Banca IFIS Group can be outlined as follows: 

  • Capital adequacy; 
  • Exposure to the interest rate risk;
  • Overall liquidity position. 

and it is operationally translated through key risk indicators that:

  • Provide an expression of both the current and future situations, under ordinary conditions and under conditions of stress;
  • Basically consist of operational limits that effectively guide future strategic choices (said operational limits are set out in specific policies).

The Board of Directors has also approved the Document on the Internal Control System – Guidelines which defines:

  • The principles underlying the Group Internal Control System;
  • The development process of this System, with a comprehensive description of the tasks assigned to the governance bodies with regards to the following phases: a) design of the Internal Control System; b) its implementation; c) its assessment; d) communication to the public on this System;
  • The elements that characterize risk governance;
  • The control organizational model;
  • The control roles and tasks assigned to the organizational units that carry out the company control functions;
  • The liaison methods between organizational units that carry out the company control functions;
  • Information flows between the organizational units that carry out the company control functions themselves and between these units and the corporate bodies.

The ‘Internal Control System’ consists of an ensemble of rules, functions, structures, resources, processes and procedures aimed at ensuring, in compliance with healthy and prudent management, the achievement of the following purposes: 

  1. Verifying the implementation of company strategies and policies; 
  2. Containing risks within the maximum accepted limit;
  3. Safeguarding the value of assets and protecting against losses; 
  4. Efficacy and efficiency of company processes;  
  5. Reliability and security of company information and of IT procedures;  
  6. Preventing the risk of the company being involved, including involuntarily, in illegal activities;  
  7. Compliance of transactions with the law and regulations, including of a supervisory nature, as well as with internal policies, regulations and procedures.

The term ‘Group Internal Control System’ means furthermore the set of rules, procedures and organizational structures aimed at allowing the Parent company to carry out:

  • Strategic control over both the trend of activities performed by the companies of the group, as well as over the latter’s acquisition and disposal policies;
  • Managerial control aimed at ensuring the maintenance of conditions of economic, financial and equity balance of both the individual subsidiaries and of the Group as a whole;
  • The technical-operational check aimed at evaluating the various risk profiles of each individual subsidiary and consequently the Group and of the Group’s overall risks.

Since July 2013, the Internal Control System was updated also in light of the 15th Amendment (dated 2 July 2013) of Bank of Italy’s Circular no. 263/2006 (New prudential supervisory provisions for banks) on the subject of the Internal Control System, the IT system and Business continuity. Specifically, the following documents defining corporate systems have been drawn up/updated and approved:

  • The Internal Control System – Guidelines;
  • Guidelines: Identification of the Main Operational Functions in Banca IFIS and IFIS Finance;
  • The regulations governing control functions. In particular:
    • Regulations governing the Group Internal Auditing Office;
    • Regulations governing the Group Risk Management Office;
    • Regulations governing the Compliance Office;
    • Regulations governing the Anti-money Laundering Office;
    • Regulations governing the Corporate Financial Reporting Officer;
  • Group policy for capital adequacy assessments (ICAAP);
  • Group policies for the control and management of the main corporate risks. In particular;
    • Group Policy for the Control and Management of the Credit Risk;
    • Group Policy for the Control and Management of the Operating Risk;
    • Group policy for the Control and Management of the Concentration Risk;
    • Group policy for the Control and Management of the Interest Rate Risk;
    • Group policy for the Control and Management of the Liquidity Risk;
  • Group Policy for the Outsourcing of Corporate Functions;
  • Group Policy for the Development and Certification of the Internal Rating System.
Last updated on 2015-03-16