CORPORATE RISK MANAGEMENT POLICY

Similar documents
MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Business Auditing - Enterprise Risk Management. October, 2018

Applying COSO s Enterprise Risk Management Integrated Framework

Enterprise Risk Management Integrated Framework

Kidsafe NSW Risk Management Plan. August 2014

Applying COSO s Enterprise Risk Management Integrated Framework. September 29, 2004

FIRMA Nashville Tennessee April 21, 2015

Product Recall Risk Assessment By Tony Munns. Product recall is a key area of risk for today s company. With greater focus

Risk Management: Principles, Methodologies and Techniques. Peter Getugi Internal Audit Manager ILRI

Procedures for Management of Risk

Special Considerations in Auditing Complex Financial Instruments Draft International Auditing Practice Statement 1000

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2017

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

GOV : Enterprise Risk Management Policy

GENERAL RISK CONTROL AND MANAGEMENT POLICY

Practical aspects of determining and applying a risk appetite for SMEs

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Certified Enterprise Risk Professional (CERP) Test Content Outline

Fathom Wealth Management Advisors Ltd Risk Management Disclosures Year Ended 31 December 2016

FINANCIAL INVESTMENT POLICY

Assessing Credit Risk

SOLID GROUP INC. ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT (ERM) GOVERNANCE POLICY PEDERNALES ELECTRIC COOPERATIVE, INC.

Desjardins Trust Inc. Financial Information and Information on Risk Management (unaudited)

Risk Management at Central Bank of Nepal

Energize Your Enterprise Risk Management

PILLAR III DISCLOSURES

PILLAR III DISCLOSURES

Risk Management Policy. Siguler Guff Brasil Gestora de Investimentos (Asset Management) Brasil Ltda.

USF System Compliance & Ethics Program. Risk Assessment Process. Enterprise-Wide Risk Assessment

Enterprise Risk Management Program

DECISION ON RISK MANAGEMENT BY BANKS

Perpetual s Risk Management Framework

INSIDER TRADING POLICY

Guidelines for Financial Assurance Planning

RISK MANAGEMENT FRAMEWORK

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Goodman Group. Risk Management Policy. Risk Management Policy

Pillar 3 Disclosures. Invesco UK Limited

Risk Management Policy

DECISION ON RISK MANAGEMENT BY BANKS

Risk Management. Webinar - July 2017

Risk Management Policy Adopted by:

TD BANK INTERNATIONAL S.A.

Risk Management. Seminar June Compiled by: Raaghieb Najjaar, Yaeesh Yasseen & Rashied Small

ABLV High Yield CIS Bond Fund Prospectus

BM&F FOREIGN EXCHANGE CLEARINGHOUSE RULEBOOK

Disclosure Prudential Disclosure Report. 12/31/2016 Derayah Financial

Credit Risk Management Santander Brazil

University Risk Management Policy

Summary Enterprise Risk Management Framework

FINANCIAL INVESTMENT POLICY

Romanian Court of Accounts RISK MANAGEMENT 24 April 2012 Warsaw, Poland

General Risk Control and 20/10/15

Best Practices in ENTERPRISE RISK MANAGEMENT. [ Managing Risks Holistically ]

ENTERPRISE RISK MANAGEMENT Framework

Basel III Pillar 3 Disclosures

UNITED NATIONS JOINT STAFF PENSION FUND. Enterprise-wide Risk Management Policy

Risk Management Policy

Risk Management Policy

Draft Guideline. Corporate Governance. Category: Sound Business and Financial Practices. I. Purpose and Scope of the Guideline. Date: November 2017

An Overview of the Enterprise Risk Management Process

PILLAR 3 REGULATORY DISCLOSURES REPORT AS AT 30 NOVEMBER 2017 LEUCADIA INVESTMENT MANAGEMENT LIMITED

RISK MANAGEMENT POLICY

EFFECTIVE TECHNIQUES IN RISK MANAGEMENT. Joseph W. Mayo, PMP, RMP, CRISC September 27, 2011

Merrill Lynch Kingdom of Saudi Arabia Company. Pillar 3 Disclosure. As at 31 December 2017

Overview of ERM Assessment Viewpoints (June 2016) Overview

Collective Allowances - Sound Credit Risk Assessment and Valuation Practices for Financial Instruments at Amortized Cost

BANK INDONESIA REGULATION NUMBER: 5/ 8 /PBI/2003 CONCERNING APPLICATION OF RISK MANAGEMENT FOR COMMERCIAL BANKS THE GOVERNOR OF BANK INDONESIA,

Decision on amendments to the Decision on risk management. Article 1

Pillar 3 Disclosure Statement

Senior arrangements, Systems and Controls. Chapter 13. Operational risk: systems and controls for insurers

THE INVESTOR FOR SECURITIES COMPANY. PILLAR III DISCLOSURE As of 31 December 2017

UBS Saudi Arabia (A SAUDI JOINT STOCK COMPANY) Pillar III Disclosure As of 31 December 2017

Enterprise Risk Management for Water Utilities. Justin Carlton, CMA, MBA Financial Analyst Tualatin Valley Water District

REGULATION. on Internal Governance Arrangements, the Management body and the Internal Capital Adequacy Assessment Process for Banks and Savings banks

Delivering Clarity to Credit Unions Through Expertise and Experience

ENTERPRISE RISK MANAGEMENT IN HEALTH CARE. April 27, 2017

Critical Reflection of Two State-of-the-Art Risk Management Frameworks (SRM004)

12 C.F.R. 917 FHFB REGULATIONS REGARDING THE POWERS AND RESPONSIBILITIES OF BANK BOARDS OF DIRECTORS AND SENIOR MANAGEMENT

Pillar 3 Disclosures for the year ending 31 December 2015

Basel Committee Norms

Understanding Enterprise Risk Management: An Overview

PRESENTATION TO CLASS 2 CREDIT UNIONS, BY DIRECTORS GLOBAL & BY BPS RESOLVER

BERMUDA INSURANCE (GROUP SUPERVISION) RULES 2011 BR 76 / 2011

ABLV Emerging Markets Bond Fund Prospectus

Sections of the ORSA Report

ITrade Global (CY) Ltd Regulated by the Cyprus Securities and Exchange Commission License no. 298/16

Disclosure Prudential Disclosure Report. 12/31/2017 Derayah Financial

Risk Management Framework

INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS GUIDELINE. Nepal Rastra Bank Bank Supervision Department. August 2012 (updated July 2013)

Guidance Note: Internal Capital Adequacy Assessment Process (ICAAP) Credit Unions with Total Assets Greater than $1 Billion.

GENERAL RISK CONTROL AND MANAGEMENT POLICY

Enterprise Risk Management

SOL PLAATJE MUNICIPALITY

Thirty-Second Board Meeting Risk Management Policy

Transcription:

11/8/2017 INFORMAÇÃO INTERNA

ÍNDICE 1 PURPOSE... 3 2 SCOPE... 3 3 REFERENCES... 3 4 CONCEPTS... 4 5 GUIDELINES... 6 6 RESPONSABILITIES... 8 7 CONTROL INFORMATION... 14 2 INFORMAÇÃO INTERNA

1 PURPOSE The purpose of this Policy is to establish the principles, guidelines and responsabilities to be observed in the process of managing corporate risks, so as to enable their adequate identification, evaluation, treatment, monitoring and communication. 2 SCOPE This Policy applies to B3 S.A. Brasil, Bolsa, Balcão and its subsidiaries in Brazil and abroad ( the Company ) in the management of risks that affect its environment in a corporate manner and the use of its own cash resources, except the Bank BM&FBOVESPA, which has its own policy, Credit, liquidity and market risks relating to the activities of the Company s clearinghouses in their role as central counterparty are covered by the clearinghouses rulebooks and manuals, as approved by the Central Bank of Brazil, the Brazilian Securities Commission (CVM), and specifically in the case of rulebooks also by B3 Board of Directors, and lie outside the scope of this Policy. 3 REFERENCES Bylaws. Code of Conduct. COSO ERM: Committee of Sponsoring Organizations of the Treadway Commission Enterprise Risk Management Framework. CVM Instruction 461/2007. Operational Risk Rule. Compliance and Internal Control Policy. Disclosure and Securities Trading Policy Manual. 3 INFORMAÇÃO INTERNA

Information Security Policy. Policy on Related Party Transactions and other Potential Conflict of Interest Situations. ABNT Standard NBR ISO 31000:2009 Risk Management: Principles & Guidelines. 4 CONCEPTS Risk: The possibility of an event that negatively affects the Company s ability to achieve its objectives or to operate its processes. Corporate risk: The strategic, operational, technological, financial, regulatory, market, liquidity, credit, reputational and sócio-environmental risks associated with the Company s activities and its ability to achieve its business objectives. Strategic risk: The possibility of implementing an unsuccessful or ineffective strategy that fails to achieve the intended returns. Operational risk: The possibility of losses due to faults, deficiencies or inadequacies in internal processes, people, and technological environments, or external events. Includes legal risk, associated with inadequancies or deficiencies in contracts signed by the Company, penalties due to infringement of legal provisions, and third-party claims for compensation arising from the Company s activities. Events involving operational risk include internal and external fraud, labor litigation and workplace health and safety noncompliance, inadequate practices relating to customers, products and services, damage to physical assets, and an events causing interruptions to the Company s activities and information technology system and infrastructure failures. Financial risk: The possibility of exposure to fines and other penalties due to an incomplete, inaccurate or untimely reports on matters relating to finances, 4 INFORMAÇÃO INTERNA

management, regulation, taxation, statutory requirements and sustainability. Regulatory risk: The possibility of changes to rules and regulations or action by local and international regulators that may result in growing competitive pressure and significantly affect the Company s ability to manage its business efficiently. Market risk: The possibility of losses due to fluctuation in the Market value of positions held by the Company, including the risk associated with transactions subject to variations in exchange rates, interest rates, stock prices and commodity prices. Liquidity risk: The possibility that the Company is unable to discharge efficiently its current and future obligations, whether foreseen or unforeseen, including those associated with collateral and similar guarantees, without affecting its daily operations or incurring significant losses. Includes the possibility that the Company is unable to trade a position at Market prices owing to its large size relative to the amount normally traded or owing to Market discontinuity. Credit risk: The possibility of losses associated with failure by a borrower or counterparty to discharge its financial obligations according to the agreed terms and conditions, devaluation of a credit agreement due to deterioration in the borrower s risk rating, decreasing profits or returns, advantages granted in renegotiation, and recovery costs. Includes the central counterparty risk arising from the activities of the Company s clearinghouses in their role as guarantors of the transactions performed in the markets it manages. Reputational risk: The possibility of events, typically caused by other risks, that may damage the Company s reputation, credibility or brand equity, including negative publicity, whether truthful or not. Socio-environmental risk: The risk of losses due to negative effects on the environment and Society caused by environmental impact and impacts on 5 INFORMAÇÃO INTERNA

people, native communities, and protection of human health, cultural properties and biodiversity. Risk appetite: The level of risk which the Company is prepared to accept in pursuing and executing its strategy. Risk tolerance: The definition of the risk level which the Company are a willing to assume to achieve the strategic objectives. 5 GUIDELINES Based on the COSO ERM framework, the structure of the Company s risk management comprises the following five components: 5.1 Internal Environment The basis for all other components of the internal control structure, establishing its design, management, monitoring and discipline for executive officers, employees, interns and service providers who work on the Company s premises. The internal environment includes the organizational structure, human and physical resources, and the Company s culture and values (ethical values and integrity), as well as its competencies and capabilities. Strategic objectives are set by the Board of Directors in line with the Company s strategy and risk appetite, which governs the level of risk tolerance in the processes and activities executed at the various levels of the organization. Strategies are established to achieve the objectives set. The risk management framework ensures that management has put in place a process to set objectives and that the chosen objectives support the mission and vision, and are consistent with risk appetite. 5.2 Risk Assessment Assessment of risk-related events consists of identifying and analyzing the material risks capable of preventing the Company from achieving its objectives 6 INFORMAÇÃO INTERNA

as a basis for determining how risks should be managed. The Executive Board assesses the likelihood and impact of such events using quantitative and qualitative metrics. Risk assessment maps the Company s risks to provide a mechanism for prioritizing risks and hence a tool for channeling efforts to minimize the most significant risks through an internal control framework aligned with the Company s objectives. 5.3 Risk Treatment After the risk assessment, it s defined the risk treament and how it will be monitored and comunicated to related parties. Risk treatment it s decided based on accept-it, eliminate-it or transfer-it. The decision depends of the risk apetite level of the Company. The risk acceptance process considers that the risk it s below of the risk apetite established and it s assumed by the Company, without defined actions for its treatment. In this case, the decision must be submitted to the approval in accordance with the following table: Table of Risk Acceptance Hierarchy by the Administration Residual Risk Acceptance Propose Hierarchy Approval 5. Extreme 4. High Executive Board Board of Directors 3. Moderate Managing Director Executive Board 2. Low 1. Irrelevant Associate Director Managing Director The residual risk acceptance classified as exterme or high should be evaluated by the Board of Directos, in accordance with the Company s risk apetite. 7 INFORMAÇÃO INTERNA

5.4 Controle Activities Control activities consist of policies and procedures established to ensure compliance at all times with the guidelines and objectives set by the Company to minimize risks. Control activities take place at all levels of the Company and include approvals, authorizations, signoff limits, verifications, reconciliations, operating performance reviews, asset security and segregation of duties. 5.5 Information & Communication Information and communication represent the practices used by the Company to capture and transmit relevant information in a form and timeframe that enable executive officers, employees, interns and service providers who work on the Company s premises to carry out their responsibilities. Control practices are applied to information systems to assure the relevance, availability and accuracy of such information as well as access to it. 5.6 Monitoring The entire internal control structure is monitored to evaluate the quality of controls and ensure they are updated frequently. This requires ongoing monitoring activities, independent evaluations performed at regular intervals or both. The main monitoring activities include reconciliations, monitoring of communications by external agents, inventories, auditing, self-assessments and continuous monitoring. 6 RESPONSABILITIES 6.1 Board of Directors Sets the Company s strategy for achieving its business objectives. Sets the Company s risk appetite level to business management. Approves the risk acceptance classified as High and Extreme. 8 INFORMAÇÃO INTERNA

Approves Corporate Risk Management Policy, and reviews them regularly. Approves internal control, compliance and corporate risk reports. 6.2 Board s Financial & Risk Committee Analyzes Corporate Risk Management Policy and any amendments, and submits these to the Board of Directors for approval. Approves the methodology to be used in corporate risk management. Oversees risk management systematically and align with objectives. Periodically reviews the Company s risk management strategy to assure its adequacy. Validates corporate risk reports. 6.3 Audit Committee Analyzes Corporate Risk Management Policy and any amendments, and submits these to the Board of Directors for approval. Oversees risk management systematically and align with objectives. Supervise the activities of the internal control area of the Company and its subsidiaries. Evaluete the effectiveness and sufficiency of operational risk management and control systems. 6.4 Market Risk Technical Committee Evaluates the macroeconomic outlook and its effects in risk terms on the Market in which the Company operates. Sets the criteria and parameters to be used to calculate margin requirements. 9 INFORMAÇÃO INTERNA

Sets the criteria and parameters to be used to value the assets accepted as colateral. Sets the categories and/or values of colateral for transactions performed during trading sessions and/or registered by any of the trading, registration clearing and settlement systems managed by the Company, including those applicable to open interest. Proposes the colateral management policy. Analyzes the level of leverage in the system. Suggest criteria, limits and parameters for controlling participants credit risk. Analyzes and suggests improvements to risk systems. Performs any other analysis deemed necessary. 6.5 Credit Risk Technical Committee Approves risk limits for participants in the Company s clearinghouses. Monitors and periodically assesses the counterparty risk represented by clearing members, trading participants, custodians and principals. Sets criteria and parameters for requiring additional colateral from participants, whenever necessary. Performs any other analyses deemed necessary. 6.6 Corporate Risk Advisory Committee Promote the risk culture in the Company. Identify and analyse the risk types that compromises the Company s objectives. 10 INFORMAÇÃO INTERNA

Supports the Company in the coporative risk priorization. Assess the risk contained in the coporative risk report. Discuss the scale of impact and likelihood used to assess the types of risk. Discuss the corporative risk apetite and tolerance. Apprize the results of the Risk Indicators (Key Risk Indicators). Identify proactively new types of risk for the Company. 6.7 Executive Board Implements the strategies and guidelines approved by the Board of Directors. Follow the Company s corporate governance guidelines and policies, and monitors compliance with them throughout the organization. Identifies risks preventively and manages them appropriately, assessing the likelihood of the occurrence and taking steps to prevent and minimize them. Proposes the level of the Company s risk apetite and tolerance to the Board of Directos. Proposes the risk acceptance classified as High and Extreme to the Board of Directors. Approves the risk acceptance classified as Moderate. Proposes and implements a system of internal controls, including policies and signoff limits, in the line with the level of risk appetite and tolerance. Proposes sustainability for its operations, taking environmental and social impacts into consideration in executing its activities. Sponsors the implementation of corporate risk management by the Company. 11 INFORMAÇÃO INTERNA

Validates corporate risk and internal control reports. 6.8 All Departments Identify risk preventively and manage them appropriately, assessing the likelihood of their occurrence and taking steps to prevent and minimize them. Proposes acceptance of the risks classified as Moderate to the Executive Board. Approves the risk acceptance classified as Low and Irrelevant. Implement the system of internal controls, including policies and signoff limits. Validade the risk inherent in the Company s operations, taking their relevance and likelihood into consideration. Contribute to the production of corporate risk reports. 6.9 Department of Internal Controls, Compliance & Corporate Risk Establishes the process to be used to manage internal controls, compliance and corporate risk. Coordinates and sets the standards to be followed with regards to internal control, compliance and corporate risk processes, the respective support systems, and the forms and frequency of reporting. Consolidates the Company s risk assessments by producing regular reports and submitting them to the Executive Board, the Audit Committee, the Board of Directors Financial & Risk Committee and the Board of Directors. Ensures all executives are aware of the importance of risk management and the responsability of executive officers, employees, interns and service providers who work on the Company s premise in this regards. 12 INFORMAÇÃO INTERNA

6.10 Department of Internal Auditing Provides the Board of Directors, Audit Committee and Executive Board with independente, impartial and timely assessment of the effectiveness of risk management and governance processes, the adequacy of controls, and compliance with the norms and regulations associated with the Company s operations. 6.11 Associate Directors Proposes the risk acceptance classified as Low and Irrelevant to the departments. 13 INFORMAÇÃO INTERNA

7 CONTROL INFORMATION Validity: from August 2016. 1st Version: 04/2013 Areas responsible for the document: Responsible for: Drafting Revision Approval Area Corporate Processes & Risks Division Department of Internal Controls, Compliance & Corporate Risk Board of Directors Change log: Version Item changed Change Rationale Date 1 - - - April 2013 2 5. GUIDELINE S Following items deleted: 5.2. Objective Setting; 5.3. Event Identification; 5.5. Risk Alignment with COSO III May 2014 6. RESPONSIB ILITIES Response. Credit Risk Technical Committee included Credit Risk Technical Committee set up in February 2014 May 2014 Corporate Risk Advisory Committee included Corporate Risk Advisory Committee set up in May 2013 May 2014 1. PURPOS E 4. CONCEPTS Internal Auditing Dept. May 2014 included 3rd line of defense Technological risk included Evolution of corporate risks April 2015 Technological risk included Evolution of corporate risks April 2015 3 Amendment of the nomenclature of "Regulatory risk" to "Regulatory risk" Evolution of corporate risks April 2015Abril/2015 5. GUIDELINE S Strategy substituted for mission and vision as yardstick for risk appetite Evolution of corporate risks April 2015 14 INFORMAÇÃO INTERNA

6. RESPONSIB ILITIES Risk Committee s responsibility for approving corporate risk methodology deleted Evolution of corporate risks April 2015 4 6. RESPONSIB ILITIES 5 1. PURPOSE 2. SCOPE 4. CONCEPTS 5. GUIDELINE S 6. RESPONSIB ILITIES 6 4. CONCEPTS 6. RESPONSIB ILITIES Corporate risk methodology approved by Risk Committee Change of nomenclature: employees, interns and service providers substituted for employees ; Scope of Policy adjusted to show that clearinghouses liquidity, credit and market risks in central counterparty function are covered by Company s rulebooks and manuals as approved by regulators and Board of Directors; Responsibility of Board of Directors adjusted to include definition of Company s risk appetite; Change of nomenclature: Board of Directors Financial & Risk Committee substituted for Risk Committee. Adjustment in the description of the concepts of operational risk and risk appetite. Inclusion of the concept of risk tolerance. Request submitted by Board of Directors to Risk Committee More accurate terminology for personnel who work for the Company (CI 004/2016- DRH); Formalization of risk appetite deriving from new corporate risk management methodology; Alignment of nomenclature with Corporate Bylaws and bylaws of Board of Directors Financial & Risk Committee. September 2015 May 2016 May 2017 Inclusion of the responsibility to define and approve risk tolerance by the Board of Executive Officers and Board of Directors, respectively. Inclusion of the other responsibilities of the Credit Risk Technical Committee and the Corporate Risk Advisory Committee. 7 2. SCOPE Affiliates exclusion August 2017 15 INFORMAÇÃO INTERNA

4.3. Risk Treatment 6. RESPONSIB ILITIES Inclusion of risk acceptance hierarchy Affiliates exclusion 16 INFORMAÇÃO INTERNA

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback