The Board has set up a Risk Management and Internal Control Committee within itself.
Composition and role of the Risk Management and Internal Control Committee (ex. Art 123-bis, para. 2, letter d) CFA)
This Committee is made up of the Director Giuseppe Benini (independent and non-executive) with the role of Chairman, and by the Directors Francesca Maderna (independent and non-executive), Andrea Martin (non-independent and non-executive) and Daniele Santosuosso (independent and non-executive).
Its works are coordinated by the Chairman and minutes are duly taken during its meetings.
During 2014, the Committee met twenty-six times, as shown in Table 2 enclosed with this report, with meetings lasting an average of two hours. Eight of these meetings were joint meetings with the Board of Statutory Auditors and one was a joint meeting with the Supervisory Body as per Legislative Decree 231/2001.
To date in 2015, the Committee has held six meetings, three of which were joint meetings with the Board of Statutory Auditors and one was a joint meeting with the Supervisory Body as per Legislative Decree 231/2001.
It is expected that the number of meetings that will be held by this Committee in 2015 will be no less than last year.
The Risk Management and Internal Control Committee is made up of four out of the nine Members of the Board of Directors, chosen from the Non-executive Directors, the majority of which being independent. Members of this Committee must have the necessary knowledge, competence and experience to be able to fully understand and monitor the risk strategies and appetite of the Bank.
At least one of its Members must have suitable experience in financial and accounting matters or in risk management, and this is assessed by the Board of Directors upon appointment. The Board of Directors has, from among its independent Members, deemed the Chairman of the Committee, Mr. Giuseppe Benini, as being the Member having the necessary experience in accounting and financial matters or risk management. The Board’s decision regarding Mr. Benini’s experience was reached during its meeting of 30 May 2013 and again later during the self-assessment process for summit bodies.
In addition to holding joint meetings with the Supervisory and Control bodies as per Legislative Decree 231/2001, during its meetings the Committee also interacted, based on prior agreement and to address individual topics, with the C.E.O., the General Manager, the Corporate Financial Reporting Officer, the Compliance and Anti-money Laundering Officer, the Anti-money Laundering Supervisor, the External Auditing firm and the Chief Risk Officer. It systematically interacted with the Internal Auditing Officer, who normally attends the Committee’s meetings with a view to achieving synergy between the various players in the Internal Auditing System.
This Committee, in a preparatory role as opposed to the Board’s, also had meetings with the Head and other Members of the Problem Credit Area, the Head of the Strategic Planning and Management Control Area and the Head and other Members of the Organisation and ICT Area.
It is normal for the Head of Corporate Affairs and other Members from this Office to be invited to Risk Management and Internal Control Committee meetings.
Duties of the Risk Management and Internal Control Committee
The Committee provides its preliminary opinion to the Board of Directors on:
- The Guidelines of the Internal Control and Risk Management System;
- The adequacy of the Internal Control and Risk Management System with respect to the company’s characteristics and to the assumed risk profile, as well as its efficacy;
- The work plan prepared by the Head of the Internal Auditing Office;
- The main characteristics of the Internal Control and Risk Management System and its adequacy;
- The results presented by the external auditor in the letter of recommendations, if any, and in the report on the main issues which came up during the external audit.
With regards to the appointment and revocation of the Head of the Internal Auditing Office and the allocation of resources suited to the fulfilment of his responsibilities by the Board of the Directors, the Risk Management and Internal Control Committee is required to provide its favourable opinion (which is binding).
When aiding the Board of Directors, the Risk Management and Internal Control Committee:
- Evaluates, together with the Corporate Financial Reporting Officer, and having heard the opinion of the External Auditor and of the Board of Statutory Auditors, the proper application of accounting standards and their uniformity for the purpose of drawing up the consolidated financial statements;
- Expresses opinions on specific aspects pertaining to the identification of the main corporate risks;
- Examines the periodical reports covering the evaluation of the Internal Control and Risk Management System, and the specifically relevant ones prepared by the Internal Auditing Office;
- Monitors the autonomy, adequacy, efficacy and efficiency of the Internal Auditing Office;
- May ask the Internal Auditing Office to carry out checks on specific operational areas, at the same time notifying the Chairman of the Board of Statutory Auditors;
- Examines the annual plans of the Control Office/Departments and the reports on their implementation.
The Risk Management and Internal Control Committee reported to the Board of Directors after the first half on its activities, as well as on the adequacy of the Internal Control and Risk Management System.
As regards finances, this Committee did not avail itself of its financial autonomy in 2014. As the Committee’s Chairman adopts a practice of reporting on its activities to the Board of Directors on a time to time basis at the first convenient meeting, during amendments to this Committee’s Regulations, the obligation to prepare an official half-yearly report was removed, as approved by the Board of Directors of 3 February this year. Said amendments were made in order to comply with the supervisory provisions introduced with the 1st Amendment (6 May 2014) of the Bank of Italy’s Circular 285 of 17 December 2013.
On the subject of transactions with related parties and/or affiliated subjects, the Risk Management and Internal Control Committee (consisting of independent Directors only), also performs the functions assigned to it by the Board of Directors, as governed within the scope of the ‘Procedure’ in force.
During 2014, the Committee’s activity regarded the following key guidelines:
- Procedure for transactions with related parties (obtaining the green light in advance from independent Directors and receiving a quarterly report on trends in these positions);
- Adaptation of corporate governance to the supervisory provisions introduced with the 1st Amendment (6 May 2014) of the Bank of Italy’s Circular 285 of 17 December 2013;
- Adaptation to the 15th update to Circular 263/2006 of 2 July 2013 on the Internal Control and Risk Management System;
- Presentation and implementation of the 2014-2016 Auditing Plan;
- Presentation and implementation of the activity plans for the Risk Management and the Compliance and Anti-money Laundering Offices;
- Preparatory work for the Board of Directors for matters concerning:
- Quarterly impairment losses/recoveries for non-performing and substandard loans;
- Liaison with the external auditing company (KPMG S.p.A. over the first few months of 2014, followed by Reconta Ernst and Young S.p.A.);
- Internal regulations (organisational policies, processes and procedures);
- Management of corporate projects;
- Management trends and prospects;
- Liaison with Supervisory Authorities.
The Chairman of the Board of Statutory Auditors - or another Auditor delegated by the Chairman from time to time - participates in the works of the Committee. If deemed appropriate in connection to the issues to be discussed, the Risk Management and Internal Control Committee and the Board of Statutory Auditors meet jointly.
Committee meetings were properly documented in minutes and signed by the Members.
The Risk Management and Internal Control Committee may access all company information deemed relevant for the performance of its tasks and may use, autonomously, the Bank’s financial resources in the amount established by the Board and with the requirement to report on any use of these funds.
The Board of Directors allocated the Risk Management and Internal Control Committee annual economic resources of 60,000 Euro, to be used autonomously, subject to reporting to the Board on their use of funds.