Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events, including legal risks, excluding strategic risks. This is the ‘Basel’ definition of operational risk.
Risk appetite and governance
Operational risks are not actively sought and have no direct material upside in terms of return/income generation, yet operational risk events are inherent in operating a business. Operational risk events can result in non-compliance with applicable (internal and external) standards, losses, misstatements in the financial reports, and reputational damage.
Overall, FMO is cautious with operational risks. Safe options, with low inherent risk are preferred, despite consequence of limited rewards (or higher costs). There is no appetite for high residual risk. Risk metrics are reported on a quarterly basis. These metrics cover operational risks in general, such as the amount of loss per quarter and timely follow-up of management actions, and specific metrics for risk-(sub)types.
Management of the first line of defense is primarily responsible for managing (embedded) risks in the day-to-day business processes. The first line acts within the risk management framework and supporting guidelines defined by specialized risk functions that make up the second line of defense. Internal Audit in its role of the third line of defense provides independent assurance on the effectiveness of the first and second lines.
Departmental risk control self-assessments are conducted annually in order to identify and assess risks and corresponding controls. The strategy and business objectives are also reviewed annually by the Directors in a risk perspective. Based on among others these Risk and Control Self Assessments, the Directors sign a departmental In Control Statement at the year-end, which provides the underpinning for the management declaration in the Annual Report. Despite all preventive measures, operational risk events cannot always be eliminated. FMO, however, systematically collects risk event information and analyses such events in order to take appropriate actions. Furthermore, operational risks resulting from changes in activities are assessed in FMO’s Change Risk Assessment Process and could trigger the Product Approval and Review Process. No risk events outside FMO’s risk appetite have been reported.
Information and Cyber Security
Information is one of the bank’s most valuable assets. In recognition of the importance of protecting the bank’s information, systems and infrastructure, FMO has established a dedicated second line function and structured approach to identify and assess Cyber risks and ensure the confidentiality, integrity and availability of information.
FMO uses models in various business areas including loan origination, financial reporting and compliance. Model risk is the risk of misspecified or inappropriately used models. In order to control and mitigate model risk, FMO has a model risk policy that prescribes sound practices for model development and use. The policy outlines the governance framework for model risk, including the responsibilities of model owners and the model risk oversight function.
FMO performs regular validations of models that have a material financial, regulatory or reputational impact. Furthermore, model results are regularly evaluated and compared with actual experience.
The definition of operational risk above is very broad and covers a wide range of potential risk events, causes and impacts. FMO adopted the ORX (Operational Risk data eXchange Association) risk taxonomy to structure all non-financial risk types. New policies have been introduced and are under development. A roadmap, aimed at further improvement of the maturity of internal control was approved by the Management Board. Centralized tooling was introduced to support Governance, Risk and Compliance processes.
Compliance Risk is the risk of failure to comply with laws, regulations, rules, related self-regulatory organization, standards and codes of conduct applicable to FMO’s services and activities.
Risk appetite & governance
FMO’s standards and policies and good business practices foster acting with integrity. FMO is committed to its employees, customers and counterparties, adhering to high ethical standards. FMO has a Compliance framework which entails identifying risks, designing policies, monitoring, training and providing advices. FMO has policies on topics such as financial economic crime (including KYC, sanctions, anti-bribery and corruption) conflicts of interest, internal fraud, private investments, privacy and speak-up. FMO also regularly trains its employees to raise awareness by means of e.g. virtual classroom trainings and mandatory compliance related e-learnings. Employees are also encouraged to speak up in case of suspected integrity violations conducted by an FMO employee. Management is periodically informed via the Compliance Committee or when required on an ad-hoc basis, on integrity related matters at client or employee level. In case of violations, management will take appropriate actions. The governance of compliance also entails the following key risks:
Financial Economic Crime, incl. sanctions
FMO’s financial economic crime procedures include, amongst others, screening of customers on compliance with applicable anti-money laundering, counter financing of terrorism and international sanctions laws and regulations. Due diligence is performed on customers, which includes checks such as verifying the ultimate beneficial owners of the customer we finance, identifying politically exposed persons, and screening against mandatory international sanction lists. These checks are also performed regularly during the relationship with existing customers. Following a DNB onsite inspection in 2018, DNB identified several shortcomings in the way FMO conducts Customer Due Diligence/Know Your Customer. As FMO sees this as an area where the risk of non-compliance with Wwft and Sanctions Law is present, a FEC Enhancement program was set up to demonstrate full compliance by the end of 2021. In 2019 FMO started with execution of the FEC EP which consisted of a.o. conducting the Systematic Integrity Risk Assessment (SIRA), the Risk Appetite Statement on Integrity, which was updated to include Tax Integrity Risk as well, and enhancing the CDD-AML Policy, CDD-AML Manual and a wide range of guidance notes. It became clear in September 2020 that the progress of the FEC Enhancement programme was not fast enough. The updated FEC Framework has meanwhile been implemented. Part of the FEC EP consists of remediation of the customer KYC files and bringing them in line with the updated framework. The remediation of customer KYC files will continue in 2021 and progress is closely monitored by the Management Board. As agreed with DNB, the remediation is to be finalized on December 31, 2021.
There is always a risk that a client is involved or alleged to be involved in illicit acts (e.g. money laundering, fraud or corruption). If such an event occurs, FMO will initiate a dialogue with the client, if possible and appropriate given the circumstances, to understand the background in order to be able to assess and investigate the severity. When FMO is of the opinion that there is a breach of law that cannot be remedied or that no improvement by the client will be achieved (e.g. awareness, implementing controls) or that the risk to FMO’s reputation is unacceptably high, FMO may be able to exercise certain remedies under the contract such as the right to cancel a loan or suspend upcoming disbursements and will report to regulatory authorities if deemed necessary.
General Data Protection Act (GDPR)
After the implementation of the GDPR in 2018, FMO continued its effort towards the protection of personal data related to its employees, customers and other stakeholders. The data protection officer (DPO) monitors FMOs compliant behavior periodically. The DPO is involved in a.o. change management activities to advise on data protection risks and risk mitigation.
Corruption is a global problem, requiring a global response. FMO is guided by the OECD Convention on Combating Bribery and the UN Convention against Corruption, and is dedicated to fight corruption and bribery not only to adhere to the law, but also because such acts undermine sustainable development and the achievement of higher levels of economic and social welfare. Good governance, fair business practices and public trust in the private sector is necessary to unlock the full potential of an economy and its citizens. Corruption can be best prevented collaborative and FMO actively supports the Transparency International’s Netherlands branch and the International Chamber of Commerce in order to share best practices and stimulate the dialogue between Dutch corporates on best practices in doing international business.
In addition to above-mentioned developments, FMO incorporated tax integrity as part of the risk assessments. The KYC processes were re-designed to enhance the remediation process and new KYC IT solutions were implemented. Furthermore, FMO prepared an independent validation from a third party on its compliance towards the Wwft and Sanctions Act, which will take place in 2021.
Legal and Tax risk
Legal risk is defined as the risk of a counterparty (client, supplier, stakeholder or otherwise) not being liable to meet its obligations under law or FMO being liable at law for obligations not intended or expected, caused by lack of awareness or misunderstanding of, ambiguity in, or indifference to the way law and regulation apply to business, relationships, processes, products and services, leading to financial or reputational loss.
Tax risk includes Tax Accounting risk and Tax Integrity risk. Tax Accounting risk is defined as the risk of paying or filing an incorrect amount of tax (direct and indirect). Tax Integrity risk is defined as the risk of facilitating or involvement in unlawful tax evasion or undesirable tax avoidance by clients or investees.
Risk appetite and governance
Given the specific nature of legal risks that can occur, no risk appetite metrics are assigned to this risk type. Instead, the most relevant developments on this risk type are included in the risk appetite report on a quarterly basis. FMO’s transactional legal team is responsible for the review of the legal aspects of FMO’s contracts with its clients and for mitigating legal risks arising from FMO’s businesses and operations. The members of the team are qualified in a variety of jurisdictions and competent to provide expert and professional advice on a wide range of legal areas. Where applicable, the team seeks external expertise, particularly for legal analyses in emerging market jurisdictions in which FMO operates, or in the event of particularly complex matters. Members of the team also serve on several cross-departmental committees, enabling them to address legal risks at an early stage and share their knowledge where needed.
FMO is cautious with Tax Accounting risks regarding Dutch tax authorities. Some uncertainty is accepted regarding tax liabilities in developing countries because the attitude and sophistication of tax authorities can be less predictable. Mitigation is sought by engaging with local tax advisors.
With regards to Tax Integrity risk, FMO is indirectly exposed to the tax matters of its investees and clients through its investments. FMO could unwittingly support or be perceived to support aggressive tax structures. FMO could breach EU DAC6 reporting requirements on potentially aggressive tax planning arrangements involving an EU member state. Certain ownership structures could contain indicators of tax evasion that require reporting of financial crime. FMO is averse to Tax structures that are clearly aggressive. FMO is cautious with accepting structures that have been set up for multiple underlying purposes and where the principle purpose is not tax. FMO seeks to transpose its Responsible Tax Principles to its clients. Further, the EU delegation programs which have been allocated to FMO, subjects FMO to EU tax integrity requirements and as Dutch licensed bank FMO must follow the client acceptance tax standards of the Dutch Central Bank.
Brexit. Following the adoption of the Withdrawal Agreement, the United Kingdom has left the European Union. It is considered now a ‘third country’. A ‘hard Brexit’ was temporarily avoided, due to the transition period, where regulatory equivalence was recognised was granted to the UK, this transition period was lapsed on the 31st of December 2020. FMO’s Brexit Working Group, identified only the following two legal items of attention:
English Law governed contracts. FMO has many contracts under English law. Current assessment (supported by indications from external counsel) is that Brexit has no impact on this. Due to existing EU Regulation (Rome I Regulation) Brexit will not change the obligation on courts in EU member states to uphold the parties’ choice of English law governed contracts. However, as required by European Banking Regulation FMO shall ensure to include the required EEA Bail-In Regulation language under all new contracts governed by English Law. Already existing contracts do not need to be amended for this, which mitigates this requirement for FMO. Is noted that a large number of the exiting English law governed contracts in FMO already include this wording.
Trading and Clearing with UK entities. FMO’s Derivatives Working Group novated all its documentation with UK banks to their EU entities. This ensures that FMO can at any time transact with the banks that it has normal dealings with. As such FMO’s attention lies with its legacy portfolio and trading life cycle events. FMO’s legacy portfolio would most encounter the following life cycle events: Novation, the Transfer of Collateral, and general cash flow through transactions and swaps. Considering FMO is an EU remaining party, FMO will be able to novate its legacy portfolio from UK to EU entities – this was also the case prior to Brexit. This means no immediate action is required. When FMO wants to exercise any life-cycle events it can novate a transaction from UK to an EU entity prior to doing so. Non-Cash Transfers of Collateral are regulated, however cash transfers of collateral and general cash flow are not regulated. FMO only has cash collateral, as such this risk is not applicable to FMO’s legacy portfolio. Legally this should not pose additional risks. Having said the above, this is still all dependent on the implications of a possible Comprehensive Free Trade Agreement between the EU and UK, so FMO’s Brexit Working Group will continue to monitor developments.
LIBOR / new Benchmark Regulation. On March 5, 2021, ICE Benchmark Administration (IBA) stated that it would cease publication of the following USD LIBOR benchmark rates after 30-jun-23: Overnight and 1-, 3-, 6- and 12-mo USD LIBOR. The discontinuation of LIBOR impacts the products and services which are currently provided to FMO, its customers and investors. Discontinued benchmarks will be replaced with alternative reference rates (ARRs), and the ARRs and its provider need to comply with the EU Benchmark Regulation. This will require amendment of all the contracts that include interest rates referenced to discontinued benchmarks (USD LIBOR is the most important interest rate benchmark for FMO).
FMO is preparing for contract transitioning away from USD LIBOR. The actual transition from LIBOR to the ARR (SOFR for USD LIBOR) will be distributed over multiple years into 2023 ultimately. FMO’s loan contracts include fallback back language in case of LIBOR cessation, with the ultimate fallback to cost of funds. FMO adhered to the ISDA protocol for its derivatives contracts.
Mandatory disclosure rules (DAC6) are applicable to EU taxpayers and intermediaries, hence also to FMO. The regulations require FMO to report aggressive tax structures (as defined by DAC6) as taxpayer or as ‘intermediary’. DAC6 analyses are part of FMO’s tax integrity analyses during investment process.
A high court decision of December 2018 in relation to non-deductible cost related to the acquisition and sale of shares/participations will impact the allowable deductions for FMO. An acceptable approach will be aligned with the tax authorities.
FMO in 2020 has submitted an appeal to court – ‘in agreement’ with the tax authorities – relating to a sale of shares in 2017 (JSC bank Georgia). There is no conflict with the tax authorities on the facts, the step to court is meant to get clarity on the interpretation of a specific provision in the corporate income tax Act. No additional tax liabilities can be the result of the appeal, because FMO reported conservatively, following the tax authority’s position.