hero-image-governance 2x

Internal Control System

Internal Control and Risk Management System

In compliance with prudent regulation and best market practice, there are three levels of control under the internal control and risk management system adopted by the illimity Group, which are complementary and synergistically structured into the following activities:
Operating and business functions;

Second level control functions (i.e. Chief Risk Officer and Compliance & AML);

Third level control functions (i.e. Internal Audit).

In addition, the illimity Group has a detailed Risk Management Process (RMP) which acts as a model of reference in organisational and process development and in the systematic performance of all operating and business activities. Consistent with the assigned mission, the strategies and the pursued objectives, the latter lead to the assumption and constant management of risk, in this way contributing to a sustainable value-creation process and, at the same time, ensuring regulatory compliance and requiring, among other things, a coordinated use of human resources, technologies and methodologies.

To ensure that the Risk Management Process works in an efficient and effective manner with respect to all current and future significant risks, in compliance with supervisory regulations the Group has introduced a Risk Appetite Framework (hereinafter also “RAF”), an Internal Capital Adequacy Assessment Process (ICAAP), an Internal Liquidity Adequacy Assessment Process (ILAAP), a process for establishing and updating the Recovery Plan and a process for the ex ante assessment of Significant Transactions (STs), with an opinion in advance on their credit and income sustainability and their consistency with the RAF.

Roles and responsibilites:

Role of corporate bodies

Role of business functions

The illimity Group’s main risks

The Group has established and codified a risk mapping operating process that enables the single types of risk to which the Group is or might be exposed to be identified, as well as assessed through specific drivers representing the significance and materiality of the risk itself.

On the basis of the current business model and the objectives of the strategic plan, as well as internal and external context factors, the result of the identification process has led to the inclusion of the following risks as significant for the Group.

Credit risk

Credit risk is the risk of incurring losses as the result of the failure of a counterparty to fulfil its contractual obligations to pay interest and/or repay capital (default risk), expressed as the difference between the amount of a loan and the amount actually recovered, or due to a deterioration in the creditworthiness of the counterparty (migration risk). The risk of a decrease in the value of assets received as collateral or acquired as part of purchases of portfolios of loans classified as doubtful or unlikely to pay is therefore also included.

Market risk

Market risk is the risk of changes in the market value of financial instruments held as assets as the result of unexpected changes in market conditions (adverse movements in market parameters such as interest rates, exchange rates, prices and volatility) or the Group’s creditworthiness.

Liquidity risk

Liquidity risk is the risk to the Bank of being unable to fulfil its payment obligations due to its inability to obtain funds or to have to obtain them at a cost exceeding that of market prices (funding liquidity risk), or the risk of limits existing on the disposal of assets (market liquidity risk), which if this is the case could lead to losses in equity. Liquidity risk is the result of a mismatching, by amount and/or date of emergence, of cash inflows and outflows for the assets held and liabilities assumed.

Operating risk

Operating risk is the risk of incurring losses resulting from the inadequacy or malfunctioning of procedures, human resources and internal systems, or from exogenous events. The following form part of this category, among others: losses arising from fraud, human error, interruption of operations, non-availability of systems, contractual non-fulfilment, natural disasters. This category also includes IT risk and legal risk, the latter understood as being the current or future risk of losses resulting from an inappropriate offer of financial services and the resulting court costs, including cases of intentionally inadequate or negligent conduct, as well as from the failure to comply with contractual and non-contractual responsibilities or from other disputes that may arise with counterparties in performing operations.

Compliance risk

Compliance risk is the current or future risk of violating obligations and requirements deriving from applicable laws and regulations.

Strategic and business risk

Strategic and business risk is the current or future risk of a fall in profits or capital resulting from changes in the operating situation, erroneous business decisions, the inappropriate implementation of decisions or a lack of a suitable reaction to changes in the competitive context.

Reputational risk

Reputational risk is the current or future risk of a fall in profits or capital resulting from a negative perception of the Group’s image by customers, counterparties, the Group’s shareholders, investors or supervisory authorities, local communities and employees.

ESG risks

ESG risks arise from the possibility of suffering economic damage or financial losses, directly or indirectly, as the result of the occurrence and intensification – in terms of frequency and impact – of the phenomena of climate change and environmental degradation (physical risk) and of the process of adjustment (technological, political-legislative, in market/consumer preferences) towards a low carbon-emission economy that is more sustainable from an environmental standpoint (transition risk).

The main ESG risk factors, suitably classified in the light of sustainability drivers (environment, society, human resources, human rights, anti-corruption, business profiles), can be traced back to the categories of economic and financial risk, asset risk and reputational risk determined by prudent supervisory regulation and best practice and identified as significant by the Group in its Internal Capital Adequacy Assessment Process (ICAAP), then noting the relative ways in which these should be managed and mitigated.

The following profiles affected by the management of ESG risks assume the greatest importance: the risk mapping process and the process for the development and application of specific risk indicators, the Risk Appetite Framework, stress testing, the strengthening of the ESG dimension on the origination of loan processes and internal and external disclosure.

Impact of Covid-19

In a situation characterised by the COVID-19 emergency and by the resulting economic and financial effects at both a national and international level, the illimity Group has implemented a series of measures to deal with the critical situation and mitigate the associated risks, at an operating level, of management of its credit strategies and policies and credit risk, the strategic management of the financial asset portfolio and the management of relations with customers and their business continuity models.

Confirmation has been obtained of the extent to which the efficacy of illimity’s commercial and technological proposal represents a strength in intercepting and satisfying the increase in the demand for remotely managed financial services, arising from the logistical limits resulting from the various government provisions on public health.

The Group’s very conservative approach to the pricing of investments and loans disbursed and the limited exposure to the economic sectors and asset classes hit the hardest by the effects of the pandemic are moreover factors testifying to the resilience of the business model with respect to a situation still characterised by significant risks.

The Group’s management committees and governance bodies periodically perform assessments of the actual and potential effects of the pandemic, of an economic, financial and operating nature, on the strategic and operational decisions of the various lines of business.