Operational risks relate to losses Triodos Bank could incur as a result of inadequate or failing internal processes, systems, human behaviour or external events. Triodos Bank limits these risks with clear policies, procedures and controls for all business processes. The operational risk framework uses several tools and technologies to identify, measure and monitor those risks and monitors the level of control on an operational, tactical and strategic level. During 2018 formalised control testing and key control management was implemented to support the monitoring of identified operational risks. Changes in the risk event management process have led to improved data quality and enable the Operational Risk Management department to perform analyses on a continuous basis, as more metrics become available.
Operational Risk Management includes Information Security, Outsourcing and Business Continuity. Activities to manage risks related to these subjects are executed under the responsibility of the Chief Operating Officer in line with the operational risk framework.
The Non-Financial Risk Committee where the non-financial risks aspects are discussed including compliance and IT risk, meets on a monthly basis. During 2018 all operational risk related policies were reviewed and revised by the Operational Risk Management department. The Non-Financial Risk Committee reviewed and approved these, as part of their responsibility to approve and deciding on application of the Non-Financial Risk Strategy, frameworks and policies.
Triodos Bank applies a method based on the Basic Indicator Approach to calculate minimum capital requirements for operational risk.
The operational risk framework follows the principles mentioned in the Sound Practices for the Management and Supervision of Operational Risk. These sound practices provide guidelines for the qualitative implementation of operational risk management and are advised by the Bank of International Settlements. During 2018 no material losses occurred within Triodos Bank as a result of operational risk related events.