Operational risk is a possible loss caused by insufficient or non-functioning processes, employees and information systems or external factors.
The involvement of employees in the risk assessment process improves the general risk culture. For performing transactions different limits are used to minimise possible losses. The four-eye principle in use, under which the confirmation of at least two employees independent of each other or that of a unit is necessary for the performance of a transaction or a procedure, reduces the possible occurrence of human errors and mistakes. The four-eye principle is also applied in other departments and for all different transactions including all agreements and legal documents. The management considers the legal protection of the Group to be good.
The management estimates that the dependence of the Group’s activities on IT systems is high and continuous investments are made to increase its security and reliability. The responsibility for managing operational risk lies with the Management Board of the Group and the management boards of the subsidiaries.