|
Operational risk management
Operational risk, which is inherent in all business activities, is
the potential for financial loss, and business instability arising
from failures in internal controls, operational processes or the
systems that support them. It can occur in all the Group’s
businesses and includes errors, omissions, natural disasters
and deliberate acts such as fraud.
The goal of operational risk management is to balance cost
and risk within the constraints of the risk appetite of the
Group and to be consistent with the prudent management
required of a large financial organisation.
The Group manages this risk under an overall strategy
determined by the Group Risk Management Committee
supported by the Group Operational Process Risk, Group IT
Security Risk, Group Business Continuity Management, Group
Fraud Prevention, Group Premises Related Risk and Group
People Related Risk Functions. This strategy is implemented each business unit and monitored at Group level. Within this
structure, potential risk exposures are assessed to determine
the appropriate type of controls to be applied.
It is recognised that such risks can never be entirely eliminated
and that the cost of controls in minimising these risks may
outweigh the potential benefits. Accordingly, the Group
continues to invest in risk management and mitigation such as
business continuity management and incident management.
Where appropriate this is supported by risk transfer mechanisms
such as insurance. In reinforcement of the implementation of the
Group’s risk strategy by the business units, independent checks
on risk issues are undertaken by the internal audit function.
Compliance risk management
The Group is subject to a comprehensive supervisory and
regulatory structure in the UK, the European Union, the USA,
Asia-Pacific and in the many other countries around the world
in which it operates.
Compliance risk arises from a failure or inability to comply
with the laws, regulations or codes applicable to the financial
services industry. Non-compliance can lead to fines, public
reprimands, enforced suspension of operations or, in extreme
cases, withdrawal of authorisation to operate.
Responsibility for this risk lies with the Group Chief Executive
and the business heads, who are ultimately accountable
to the Board. They are supported in the discharge of their
responsibilities by the Group Compliance Director, the
compliance directors in each of the businesses and the
Group Regulatory Compliance function.
Legal risk management
Legal risk is the risk that the business activities of the Group
have unintended or unexpected legal consequences. It
includes risk arising from:
- Inadequate documentation, legal or regulatory incapacity,
insufficient authority of a counterparty and uncertainty
about the validity or enforceability of a contract in
counterparty insolvency;
- Actual or potential violations of law or regulation
(including activity unauthorised for a bank and which
may attract a civil or criminal fine or penalty);
- Failure to protect the Group’s property (including its
interest in its premises and its intellectual property such
as the Barclays logo, brand names and products); and
- The possibility of civil claims (including acts or other
events which may lead to litigation or other disputes).
The Group identifies and manages legal risk through effective
use of its internal and external legal advisers. The Group
General Counsel has ultimate responsibility for identifying,
monitoring and providing support necessary to identify,
manage and control legal risk across the Group.
Tax risk management
Tax risk is the risk of loss or increased charges associated with
changes in, or errors in the interpretation of, taxation rates or
law. Responsibility for control of this risk lies with the Group
Taxation Director.
|
