NATIXIS // 2021 Universal Registration Document
RISK FACTORS, RISK MANAGEMENT AND PILLAR III Risk management
Operational risk monitoring
3.2.7.3
Risk mapping Risk mapping is central to operational risk monitoring:
Analysis of changes in the risk profile of the businesses and support functions
RCSA
Incidents with financial, legal, and regulatory impacts
Control environment assessment
KRI
Qualitative evaluation of businesses and support function controls
Qualitative evaluation of business line and support function policies and procedures
Incidents
Qualitative assessment of the HR profile of support functions
Mitigation actions decided by Committees
Controls
P&P
HR
3
Qualitative assessment of businesses and support functions risks by the risk owners
Risk Map
Quantitative backtesting
RMS
Net Risk
Gross Risk
RCSA
Mitigation actions decided by Committees
Regulatory environment / Compliance Division
Permanent control / Compliance Division
Annual review of first level controls based on risk assessment Results of first level controls. Each control is associated with one or several risks
Domestic and international regulations
Non Compliance Risk
PCL1 & 2
PCL1 & 2
Financial industry businesses & Operational environment
External database, public incidents since 1995
Scenario analysis on major risks
Mitigation actions decided by Committees
Incidents database
KRI: Key Risk Indicator RMS: Risk Management System RCSA: Risk Control & Self Assessment HR: Human Resources P&P: Policies and procedures
The department in charge of operational risks, together with each business line, entity or support function and in consultationwith the other control functions, manages the review of the operational risk mapping. The latter is based on the identification and descriptive analysis of risks, the quantificationof these risk situations (definition of an average frequency, an average loss and a maximum loss), taking into account existing risk management systems. This mapping, based on the analysis of processes, is carried out on all of the bank’s activities. A history of internal incidents is used to check the consistency of the results obtained (backtesting), as well as the analysis of the findings of internal audits and results of permanent controls.
The risk mapping process serves to identify Natixis’ exposed business lines and its biggest risks in order to be able to manage them through corrective action and indicators. The mapping of extreme risk situations (i.e. of very low frequency and severe impact, such as regulatory fines, major natural disasters, pandemics, terrorist attacks, etc.) is based on the use of external data including data on financial industry incidents.
145
www.natixis.com
NATIXIS UNIVERSAL REGISTRATION DOCUMENT 2021
Made with FlippingBook Annual report maker