Annual report 2008
Binck Bank
- Report of the Management Board
- Risk management under Basel II and Pillar III disclosure
- In-control statement
- Personnel and organisation
- Corporate social responsibility
|
BinckBank operates according to the 'three lines of defence' principle. The business units are primarily responsible for managing risks. The management team, consisting of the heads of Retail, Professional Services, Operations, ICT and HR, is responsible for the first line of defence. The first-line departments are supported by second-line specialised departments, such as Risk Management, Finance & Control, Compliance, Internal Control and ICT Security. The Internal Audit Department (IAD), the Audit Committee and the Supervisory Board, together with the external regulators and external auditors, constitute the third line of defence in the control framework.
Risk assessment The Management Board, assisted by the Internal Audit Department (IAD), ensures that a systematic analysis is conducted annually to identify, analyse and assess all risks. The findings of the risk analysis are discussed at the meetings of the Management Board and the Audit Committee and the Management Board's meetings with the Supervisory Board. If necessary, the policy and business plan are adjusted on the basis of the findings of the risk analysis.
The results of the risk analysis are the input for planning the audit by the Internal Audit Department. As well as the regular risk analysis for the Management Board, the Internal Audit Department is also responsible for performing internal investigations of the configuration and function of the internal control and risk management measures. On the basis of the risk analysis, an internal audit schedule is drawn up, which ensures that all the risk areas that have been identified in all business units are subjected to an internal audit every three years. The audit schedule is fixed by the Audit Committee. The audit schedule includes follow-up audits in which the Internal Audit Department checks that the necessary action has been taken to address the shortcomings or other issues identified by previous audits. Each year, the Internal Audit Department updates the risk analysis on the basis of new activities/procedures and findings. The Internal Audit Department reports its findings to the responsible manager, the Management Board and the Audit Committee.
As well as several specifically agreed activities which did not result in an assessment, a total of 21 internal audits were conducted in 2008 to assess the internal control measures and the organisational structure. The assessment arrived at by the majority of the audits was positive (adequate/good). Unresolved issues mainly concern improvements in IT with regard to payments and improvements in the authorisation structure. A number of shortcomings were also identified in several operating processes, which will be rectified in the near future. In many processes, the organisation has become more professionalised, with the recruitment of new staff and improvements in systems and procedures. At a more general level, keeping pace with the organisation's rapid growth presents a challenge, especially since the integration of Binck and Alex, with all the attendant risks to operating processes and system support. At the request of the Audit Committee, the IAD monitored the progress of the integration exercise and reported to the Supervisory Board. With a few exceptions, the objectives formulated by the Management Board at the beginning of 2008 have been achieved and the internal control measures have been implemented throughout the organisation, i.e. within Binck and Alex. This does not apply, however, to the IT environment: IT integration is a project extending over several years, which is also being monitored by the IAD.
BinckBank made good progress in 2008 with the implementation of the internal risk control system in a GRC (Governance-Risk-Compliance) application. The processes, risks and control measures built into this application facilitate transparent recording of the effectiveness of the specified control measures.
Legal structure and segregation of assets BinckBank is a public limited company which is listed on NYSE Euronext Amsterdam. BinckBank has several Dutch subsidiaries and one active foreign subsidiary. BinckBank holds all the necessary licences. BinckBank also has branches in Belgium, France and Spain. The cash streams passing through those branches are managed centrally by the Treasury department, which ensures that each branch has sufficient liquidity to give clients in all the countries access to their cash at all times. BinckBank is regulated by De Nederlandsche Bank (DNB) and the Authority for the Financial Markets (AFM). Foreign subsidiary Binck België N.V. and the foreign branches are subject to supervision by the local securities regulators.
Higher-risk activities such as securities trading (formerly carried on by Binck Securities B.V., now Accion N.V.) were disposed of with effect from 30 June 2008 via a management buy-out, which has substantially improved BinckBank's risk profile. |
|
BinckBank's organisational structure guarantees functional segregation. There are also a number of consultative structures/departments which are closely involved in the management of certain types of risk. The most important of these are:
Risk Committee BinckBank's Risk Committee concerns itself primarily with the management of credit risk. It consists of the CEO and CFO, the Risk Manager and the Planning & Control Manager. Representatives of the business lines may also be invited to attend its meetings. The Risk Committee addresses such matters as collateralised lending policy and client acceptance. The Risk Manager has the option of referring issues upwards to the Audit Committee.
Operational Risk Committee Operational risk management has been delegated to a sub-committee, the Operational Risk Committee (ORC), which consists of representatives of line management and specialist staff functions. The ORC manages risks relating to human factors and shortcomings in business processes, such as IT security risk, legal risk and compliance risk. Its principal tasks include decision-making on sound and controlled operation, coordination and promotion of operational risk control and design of the main business processes. The framework of standards and guidelines within which these decisions are made has been configured by specialist staff functions which support decision-making and policy implementation by line management.
Risk Management department The Risk Management department is responsible
Treasury Committee The Treasury Committee is concerned primarily with the management of liquidity risk and interest-rate risk and determines the investment policy for interest-rate-dependent operations. This relates to matters such as strategic allocation of freely available funds to the investment portfolio and determination of the funds to be held in cash. With regard to funds to be held in cash, this includes investments in call loans, the risk measures (ratings) employed and the maximum exposure per counterparty and sector. The Treasury Committee is also responsible for managing currency risk. Management of the investment portfolio is outsourced to Florint B.V., with which BinckBank has signed an asset management agreement. Additions to and withdrawals from the investment portfolio are determined monthly by the Treasury Committee. The Treasury Committee consists of the CEO, the CFO, the Treasury Manager, the Risk Manager and the Planning & Control Manager.
Compliance department The Compliance department is responsible for monitoring compliance with the applicable codes of conduct and the relevant securities legislation and regulations and is concerned primarily with management of integrity risk. Through its code of conduct, insider trading regulations and whistleblower's charter, BinckBank demonstrates the importance it attaches to values such as integrity and dependability. The Management Board has given the Compliance department direct access to all information with regard to its entire area of responsibility and authority to make use of any available tools which it considers necessary to the performance of its tasks. The Management Board also provides the Compliance department with sufficient resources to perform its duties responsibly and expertly. The Compliance department reports to the Chairman of the Management Board and has the option of referring matters upwards to the Audit Committee. The findings of the Compliance department are discussed by the Audit Committee.
Internal Control Department The Internal Control Department exists to facilitate operational improvement, by supporting the business units in defining their administrative organisation and internal control structures and verifying the existence of risk control measures. The area of responsibility of the Internal Control Department covers all operational and IT processes of all BinckBank entities.
IT Security department The IT Security department is responsible for formulating and implementing information security policy. The IT Security department has the option of referring issues upwards to the Chairman of the Management Board.
Information and communication Each year, the Management Board formulates a business plan defining the strategy, the targets and the expected risks, which is first submitted to the Supervisory Board for approval. After approval, the responsible department heads are given a presentation of the strategy, the broad targets and the specific targets for their individual departments. These targets are a standard part of the job profiles of these department heads. Each month, BinckBank's financial progress is discussed at the meeting of the Management Board on the basis of the management reports, covering such items as the income statement and balance sheet for the past month and the current year in relation to the budget. On the basis of these discussions, the policy is assessed and evaluated and, where necessary, adjusted.
External regulators BinckBank is a public limited company which is listed on NYSE-Euronext Amsterdam. BinckBank is regulated by both De Nederlandsche Bank (DNB) and the Authority for the Financial Markets (AFM). Its foreign activities are subject to supervision by the local securities regulators.
Supervisory Board BinckBank has a two-tier management structure, which means that the executive and supervisory functions are assigned to different corporate bodies; the Management Board and the Supervisory Board. BinckBank believes that this structure ensures an adequate system of checks and balances, whereby the Management Board is responsible for the day-to-day running of the company and its strategy, while the Supervisory Board oversees and advises the Management Board. Each year, the Supervisory Board discusses the strategy of and risks associated with the business and, on the basis of reports, assesses the implementation and operation of the internal risk management and control systems.
Audit Committee The Audit Committee is responsible for overseeing the implementation and operation of the system of internal control and risk management and monitoring the implementation of the external auditors' recommendations and the functioning of the Internal Audit Department. Supervision of the company's financial reporting is the responsibility of the Supervisory Board.
Internal Audit Department (IAD) The IAD is an independent function which is separate from the line organisation and the internal control built into the different areas of the business processes. The Internal Audit Department exists to facilitate operational improvement by examining and assessing the management of critical processes. The area of responsibility of the Internal Audit Department covers all BinckBank activities and entities, which are audited at least once every three years. The audit schedule is based on a risk analysis. Internal Audit is part of the portfolio of the Chairman of the Management Board. The IAD reports to both the Chairman of the Management Board and the Audit Committee.
|