NATIXIS_REGISTRATION_DOCUMENT_2017
3 RISKS AND CAPITAL ADEQUACY Operational risks
OPERATIONAL RISK MONITORING 3.8.3
Risk mapping Riskmappingis centralto operationalrisk monitoring:
Business line and support function environment
Evaluation of the control environment
Incidents with nancial, legal and regulatory impacts
Analysis of the change in risk pro le of the business lines and support functions
Qualitative evaluation of the HR pro le of the support functions
Qualitative evaluation of business line and support function policies and procedures
Qualitative evaluation of business line and support function controls
KRI
Controls
P&P
RH
Incidents
Quantitative backtesting
Mapping
Qualitative evaluation of business line and support function risks
Reduction measures
Net risk
DMR
Gross risk
RSA
by their owners
Reduction measures
Regulatory environment / Compliance
Financial industry environment
Local and international regulations
Non-compliance risks
External database, Public incidents since 1995
Incidents
Scenario analysisis
KRI: Key risk indicator RMS: Risk management system RSA: Risk self-assessment HR: Human Resources P&P: Policies and Procedures
Every year the OperationalRisk Department,in conjunctionwith the other control functions, works with each business line, entity and support function to map operational risks. The exercise involves identifying and descriptively analyzing risks, quantifying the risk situations (average frequency, average and maximum loss), and taking into account existing risk managementmechanisms.This mapping is based on process analysis and is carried out for all of the bank's activities. Its consistency is verified through backtesting, in other words by using the incident history, as well as external data where relevant. The risk mapping process serves to identify Natixis' exposed business lines and its biggest risks in order to be able to managethemthroughcorrectiveactionand indicators. The mapping of “global and systemic risks” (extreme risk situations occurring infrequently, such as major natural disasters, pandemics, and attacks) draws on external data on incidents in the financial industry, especially for establishing
frequency. Also factored in are assumptionson unrealized net revenue items and the effectiveness of risk management mechanisms, as well as contingency and business continuity plans. In addition to risk mapping, there are over 700 key risk indicators (KRIs) in place with correspondinglimits, and which are monitoredregularly.KRIs dynamicallydetect any changesin the operational risk profile, and cover the seven Basel categories of loss-generating events. They apply either to Natixis (overall indicators), to the business lines, or to the support functions that, with the operational risk manager, set the indicators as relevant early warning indicators during the mapping process. These indicators are submitted to the Operational Risk Committee for approval. Any breach of their thresholds,that is the subject of a systematicalert, may trigger action to be carried out immediately or requiring Committee approval.
148
Natixis Registration Document 2017
Made with FlippingBook - Online catalogs