Capitals: Financial, Social, Human, Intellectual, Manufactured and Natural
StakeholdersCLPIAICOFG
Stakeholder: Clients, Internal Public, Shareholders and Investors, Community/Society/Third Sector, Suppliers, Government (Regulatory Authorities)
Corporate risk control is exercised in an integrated and independent manner. The process preserves and values the joint decision making environment by means of methodologies, models and measurement and control instruments.
Committees provide support for the Board of Directors, the CEO and the Executive Board in strategic decisions related to capital and risk management.
The Integrated Risk Management and Capital Allocation Committee is supported by the Executive Capital Management Committee and the Executive Risk Management Committee. The Board of Directors is also aided by the Internal Controls and Compliance Committee in relation to the adoption of strategies, policies and measures aimed at installing a culture of internal controls, risk mitigation and compliance with applicable standards.
OUR CORPORATE RISK CONTROL MODEL IS BASED ON JOINT DECISION MAKING, INCORPORATING INPUTS FROM VARIOUS COMMITTEES
RISK MAP
Given the complexity and variety of products and services offered to our clients in all market segments, we are exposed to diverse types of risks stemming from either internal or external factors. Therefore, constant monitoring of all types of risks is indispensable to guarantee security and ease of mind for all company stakeholders. The main types of risk include:
MAP OF MAIN RISKS
Credit
Strategy
Counterpart credit
Legal or compliance
Concentration
Legal unpredictability (regulatory risk)
Market
Reputation
Liquidity
Social and environmental
Underwriting
Contagion*
Operational
Model*
* Included in 2016.
As a line of defense, risk management seeks to anticipate events and market situations, constantly improving management and control tools in order to mitigate potential adverse effects. In 2016, the following enhancements were implemented:
Integrated risk
Restructuring and optimization of the Risk Management Report – Pillar 3, taking into account the recommendations of the Basel Committee on Banking Supervision, as well as disclosing information on the leverage ratio, short-term liquidity ratio, emerging risks and the Global Systemic Importance Assessment Rate.
Review of governance structure, expanding the attributions of the Integrated Risk Management and Capital Allocation Committee and the Capital Management Executive Committee to cover actions related to the Banking Recovery Plan.
Institution of the Risk Management Policy, Standard and the Risk Management and Controls Committee for private equity funds under management.
Credit risk
Optimization of capital needs given the enhancement of operations involving credit clearance, credit limits, exchange and Credit Valuation Adjustment (CVA).
Improvement in the use of the value of vehicle and real estate guarantees in calculating the Allowance for Loan Losses (ALL).
CONSTANT MONITORING OF RISKS STEMMING FROM INTERNAL AND EXTERNAL FACTORS ENSURES SECURITY AND PEACE OF MIND FOR STAKEHOLDERS
Social and environmental risk
Development of a social and environmental rating methodology to calculate the level of risk involved in loan, financing and real estate guarantee operations, as well as suppliers and investments.
Extension of the scope of analysis with the inclusion of real estate guarantees, private equity operations, donations, as well as the inclusion of tobacco in the list of sectors with greater social and environmental exposure.
Development of a Social and Environmental News Bulletin, which consists of monitoring, analyzing and disseminating information gathered from online communication media, social media, search websites and blogs, covering data that may indicate risks from a legal, operational and image standpoint, in support of social and environmental risk analysis.
Operational risk
Expansion of use of indicators and scenarios in the internal risk measurement model.
Enhancement of operational risk mitigation instruments, with improvements in controls and monitoring of indicators.
We incorporate social and environmental rating methodology into our risk assessments
Business Continuity Management (BCM)
Implantation of the annual BCM cycle, comprehending the review of critical business processes, the assessment of third-parties considered important, the review and updating of business continuity plans, driving awareness, training and assessment in tests for these plans. This systematization will enable the creation of performance appraisal indicators to identify the degree of maturity of the organization’s sites in order to ensure the effective provision of support resources.
Market risk
Enhancement of the statistical tests applied in monitoring the performance of the Value at Risk (VaR) model.
Enhancement of the Banking Portfolio interest rate risk governance model.
Improvement of share valuation process governance.
Improvement of counterpart risk methodology for over-the-counter derivatives.
Liquidity risk
Implantation of process for the daily calculation of the short-term liquidity indicator, scheduled to begin in January 2017.
Model risk
Review of quantitative model governance aimed at enhancing the process of approving and monitoring models.
Creation of methodology for rating quantitative models, enabling the identification and proposal of mitigation measures for those generating greater model risk.
EMERGING RISKS
In addition to the main risks in the abovementioned map (page 61), the adoption of mechanisms for identifying and monitoring emerging risks is fundamental, enabling us to bring forward and implement measures to minimize potential adverse impacts related to our exposures.
We have our Risk Indicator Tracking Commission, comprising the risk, finance, treasury, economic, credit and insurance areas and which reports to the Integrated Risk Management and Capital Allocation Committee. The following emerging risks are particularly worthy of note:
MACROECONOMIC FACTORS
Unpredictability of North American economic policy: uncertainty about commercial policies involving China and Mexico and the geopolitical stance of the new government and the risk of an increase in inflation in the USA, accompanied by higher increases in the basic and future interest rates.
Europe: risk of insolvency of European banks and the impacts of Brexit on the real economy and on financial markets.
WHILE CLIMATE CHANGE MAY REPRESENT RISKS FOR CLIENTS, IT CAN ALSO OFFER OPPORTUNITIES
To identify, assess, mitigate and control exposures to risk, we have a robust risk management structure comprising committees that aid the Board of Directors, the CEO and the Executive Board in strategic decision making.
Worthy of note in this structure is the Integrated Risk Management and Capital Allocation Committee whose function is to support the Board of Directors in managing and controlling risks and capital. This committee is supported by the Executive Capital Management Committee, by the following executive risk management committees: a) Credit, b) Market and Liquidity, c) Operational and Social and Environmental, as well as by d) Bradesco Seguros Group and BSP Empreendimentos Imobiliários and the Risk Indicator Tracking Commission. For further details, see the Risk Management Report – Pillar 3 (www.bradesco.com.br/ri).
CYBER ATTACKS
We consider information security and cybernetic security to be highly critical and these are addressed at the highest strategic level by the Board of Directors, the Executive Board and the other hierarchical levels.
To provide support in this area, there is a set of controls, comprising procedures, processes, organizational structures, policies, standards and IT solutions to guarantee the confidentiality, availability and integrity of information.
The risks inherent to information security are an integral part of the risk management structure. Financial losses resulting from cyber attacks are consolidated in the Operational Risk area, with support from diverse other areas involved in the risk management process.
We maintain a robust structure comprising the Internal Controls and Operational Risk Commission, charged with analyzing operational losses in the business areas/sites and ensuring the efficiency and effectiveness of the processes and controls adopted. The commission reports to the Operational, Social and Environmental Risk Management Executive Committee. Relevant questions discussed in this area are reported to the Integrated Risk Management and Capital Allocation Committee, which is subordinated to the Board of Directors.
Regarding responsibilities, the Corporate Security Department is charged with the governance of information security, which encompasses managing identity and access, policies and standards, awareness and assessment of related risks, as well as fraud prevention and security in electronic channels. The area also has technical commissions for Information Security, Fraud Prevention and Limits, and the executive in charge coordinates the Corporate Security Executive Committee.
Within this structure, the Data Processing and Communication Department is responsible for border defense cybernetic security, IT security and other activities related to infrastructure security.
The Information Security area takes part in encounters, forums, working groups, internal and external commission and sub-commissions to assist the Corporate Security Executive Committee.
In the Human Resources area, we have a wide-ranging training program that includes written materials, e-learning programs (treinet) and videos. The Corporate Information Security Policy and Standards are made available to all employees and stakeholders on the Investor Relations website.
Corporate Information Security Policy
To ensure the confidentiality, integrity and availability of the Organization’s information through the use of information security mechanisms, balancing risk factors, technology and cost;
To ensure the proper protection of information and systems against access, modification, destruction or unauthorized disclosure;
To ensure that information is used only for the purposes approved by the Organization, subject to monitoring and audit;
To ensure the participation of employees in the Corporate Information Security Awareness and Training Program; and
To ensure the compliance with the Organization’s Corporate Information Security Policies and Rules.
Climate change represents a major challenge in the short and long terms, presenting risks and opportunities for our businesses and those of our clients. Broadly speaking, we recognize the potential impacts, either direct, related to our operations and installations, or indirect, arising from their effects on diverse segments of the real economy and potential interference in the areas of credit, investment and insurance.
THE BOARD OF DIRECTORS TRACKS DISCUSSIONS ON SUSTAINABILITY AND CLIMATE CHANGE THROUGH THE SUSTAINABILITY COMMITTEE
As such, in our operations we constantly assess opportunities for improvements in eco-efficiency, working on measures to reduce emissions and seeking to anticipate factors related to risk assessment and management. In business, we constantly assess the demand for financial and insurance products that provide appropriate solutions for clients, both in terms of driving a low carbon economy and of protecting them from impacts or helping them to adapt to the transformations made necessary by climate change.
Discussions on sustainability and climate change are monitored by the Board of Directors through the Sustainability Committee.
We believe that a multi-industry agenda is fundamental for progress to be made in this area. For this reason, in addition to undertaking internal studies, we participate actively in forums such as the discussion groups promoted by the Conselho Empresarial Brasileiro para o Desenvolvimento Sustentável (CEBDS), the commissions and working groups organized by the banking association FEBRABAN (Federação Brasileira de Bancos) and the national insurance company confederation CNSeg (Confederação Nacional das Empresas de Seguros), in addition to the Empresas pelo Clima (EPC) platform run by the Center for Studies in Sustainability (GVces) at Fundação Getulio Vargas (FGV-EAESP).
In 2016, we participated in the Task Force on Climate-Related Financial Disclosures, the objective of which was the development of a set of recommendations for reporting climate-related risks in financial reports in order to meet the needs of creditors, insurers, investors and other users of disclosures, so that they may understand these material risks.
The overall recommendations for disclosures encompass governance, business strategy, risk management, metrics and assessment targets, as well as managing climate-related risks and opportunities. These will be evaluated by the Financial Stability Board (FSB) prior to the establishment of rules in this area.
We recognize the potential direct and indirect impacts of climate change
INDEPENDENT VALIDATION OF RISK AND CAPITAL MANAGEMENT AND MEASUREMENT MODELS
We use internal models, developed based on statistical, economic, financial, mathematical theories and the contributions of specialists, with the objective of supporting and facilitating the organization of subjects, the development of standards and streamlining decision making related to risk and capital management.
To identify, mitigate and control the risks inherent to our model, represented by potential adverse consequences arising from decisions based on incorrect or obsolete models, inadequate calibration of the models, failures in the development stage or inappropriate use, there is an independent validation process that undertakes a painstaking evaluation of these aspects, challenging the methodology, the underlying premises, the data used, the way the models are used, as well as the integrity and robustness of the environment in which they are implanted, reporting its results to managers, to internal audit and to the Internal Controls and Compliance Committee and the Integrated Risk Management and Capital Allocation Committee.
