Skip to Main Content
Risk Management
HT governance_risk management

Risk Management

Our internal risk control system to ensure transparency.

Banca Generali internal control system is structured on three levels:

  • first-level controls, aimed at ensuring that activities are conducted properly. Such controls are undertaken by production units or are included into procedures;
  • risk management controls, aimed at identifying, measuring, controlling and managing all risks (credit, market, operating and strategic risks, etc.);
  • compliance controls, aimed at preventing noncompliance with law in the rendering of services.

Within Banca Generali, such controls are entrusted to:

  • the Compliance function entrusted with preventing the risk of noncompliance with applicable legislation, including the risk of money laundering and financing of terrorism;
  • the Risk Management function, entrusted with the task of identifying, measuring, controlling and managing other risks (credit, market, operating and strategic risks, etc.);
  • internal audits (or thirdlevel controls), entrusted to the Internal Audit function, which performs controls aimed at identifying anomalous performances and violations of procedures and regulations, as well as assessing the overall functioning of the entire internal audit and risk management system.

The above-mentioned activities are complemented by those of the 262 Oversight function, with reference to the administrative-accounting risk (Law No. 262/2005).

Board of Directors

  • It is responsible for the internal control and risk management system: it plays a role of guidance and evaluation of the adequacy of the system and sets up an Internal Audit and Risk Committee within the Board.
  • It identifies the Company’s guidelines and, upon proposal of the Chief Executive Officer, defines the Risk Appetite Framework (RAF) and accordingly develops the corporate policies.
  • It regularly assesses the adequacy and efficacy of the system, reviewing, at least once a year, the activity plan and the periodical reports of the Company's control functions.

Internal Audit and Risk Committee

  • It is the Board committee charged with providing coordinated coverage of the management and control system for the risks assumed by the Group, in accordance with the Risk Appetite Framework.
  • It supports with investigative, propositional and advisory duties the Board of Directors and the Board of Statutory Auditors, in particular on matters of internal control and risk management, related party and connected party transactions, transactions of greater importance, statutory auditing and equity investments.

Board of Statutory Auditors

  • It oversees the adequacy, compliance and functioning of the internal control and risk management system.
  • It attends the collegial meetings with the heads of control functions, also in conjunction with the preparation of the activity plan.
  • It monitors the independence of the independent auditors, in terms of both compliance with the relevant requirements, and the nature and volume of non-auditing services rendered.

Managerial Risk Committee

  • It guarantees a coordinated coverage of the management and control system for the risks assumed by the Group, in accordance with the Risk Appetite Framework.
  • It monitors the Group’s risks, addressing specific operating issues pertaining to the definition and management of risk containment measures.
  • It exercises decision-making powers relating to the said risk containment measures.

Law 262 Organisational Unit

  • It supports the Manager in charge of the Company’s financial reports.
  • It addresses and coordinates the management of administrative and accounting risks and collaborates with the Internal Regulations Service to prepare the plan for the implementation of the remedial measures aimed at ensuring that such risk is monitored both within IT General Controls and processes.
  • It defines the methodological guidelines to implement all relevant FRR (Financial Reporting Risk) activities and disseminates them to the Banking Group’s structures involved, in addition to coordinating and assessing the efficacy of the control solutions and activities aimed at mitigating such risk.
  • It regularly assesses the effective implementation of the controls set forth by internal regulations on ESG reporting.

Risk Management

  • It identifies, measures, assesses and monitors all types of risk to which the Group is exposed, with the exception of the risk of non-compliance and the risk of money-laundering and financing of terrorism, reporting regularly to the Risk Committee.
  • It duly draws up a report, thereby contributing to define and implement the Risk Appetite Framework, as well as all related risk management policies.
  • It prepares an annual Risk Management Plan to identify and monitor the risks to which the Banking Group is exposed, in coordination with the Compliance Service, the Anti-Money Laundering Service and the Internal Audit Department.


  • It controls and assesses the adequacy and efficacy of the company processes and procedures in order to prevent and manage the risk of non-compliance with the rules and requirements governing the provision of services by the Banking Group companies, in accordance with a risk-based approach.
  • It fosters and supports the development of a culture of compliance within the Banking Group, contributing to training the personnel in order to disseminate the principles of honesty, integrity and respect for both the spirit and the letter of the law.
  • It periodically submits reports to the Board of Directors and Board of Statutory Auditors in respect of its activities, especially the process testing carried out and related findings, as well as measures to be taken to remedy any shortcomings and the concrete implementation thereof.
  • It provides consultancy and advice on compliance with the statutory requirements and implementation procedures applicable to investment activities and services.
  • It defines the overall activity of selecting, arranging and analysing inspections of the distribution network, subsequently carrying out the said controls.

Anti Money Laundering

  • It prevents and combats transactions involving money laundering and financing of terrorism guaranteeing compliance with the procedures endorsed also by the Wolfsberg Questionnaire (CBDDQ) and the Declaration pursuant to the USA Patriot Act issued on 26 October 2001.
  • It constantly assesses that company procedures are consistent with the aim of preventing and combating the violation of provisions concerning money-laundering and financing of terrorism, and collaborates in identifying the internal control system to prevent and combat such risks.
  • It is responsible for managing, evaluating and reporting suspect transactions, effectively identifying other situations that trigger reporting obligations, and for supervising the anti-money laundering obligations within its purview in accordance with the Anti-Money Laundering Policy approved by the Board of Directors.

Internal Audit

  • It oversees and assesses the efficiency and effectiveness of the Internal Control System.
  • Regularly verify the completeness, adequacy, compliance and reliability of the controls carried out by the Compliance and Risk Management Functions as required by the current laws and regulations.
  • It constantly monitors the risk of fraud carrying out ad-hoc detailed analyses of specific events.
  • It controls, at least annually, the main IT service supplier, which is certified ISO 27001:2013, the standard that defines the requirements of the Information Security Management System (ISMS).

Security and Business Continuity Plan (BCP) Service

  • It reports to the Chief Security Officer who, directly reporting to the Head of C.O.O. & Innovation Area, develops the strategic vision of the Bank’s security by applying the principle of Group One Security based on a strong integration among IT Security, Cybersecurity, Corporate Security and Physical Security.
  • It periodically supports the training and awareness-raising activities on issues related to IT & Cybersecurity and BCP.

The main risks and uncertainties to which the Banking Group is exposed are:

  • credit risk: it is the risk associated with the possibility that a counterparty may become insolvent, or the likelihood that a debtor may fail to fulfil its obligations or fulfil its obligations on a delayed basis with respect to predetermined due dates;
  • counterparty risk: it is the risk associated with the possibility that a counterparty to a securities transaction may default before said transaction is settled. The counterparty risk is a sub-category of credit risk;
  • operating risk: it is the risk of loss resulting from the inadequacy or failure of processes, human resources or internal systems, or from external events. This type of risk includes, inter alia, losses due to fraud, human error, interruptions of operation, unavailability of systems, breach of contract and natural disasters. The legal risk is included in the operating risk, whereas strategic and reputation risks are not included;
  • market risk: it is the risk associated with the possibility to suffer losses due to variations in the value of a security or a portfolio of securities associated with unexpected variations in market conditions (share prices, interest rates, exchange rates, the prices of goods and the volatility of risk factors);
  • interest rate risk to which the banking book is exposed: it is the risk of incurring losses due to potential fluctuations in interest rates. This risk is generated by the gaps between the maturities and time required to re-set the interest rate on the Group’s assets and liabilities. Where such gaps are present, fluctuations in interest rates result in variations of net profit, and therefore expected net profit, as well as variations in the market value of the assets and liabilities, and therefore of net equity;
  • liquidity risk: it is manifested in the form of the breach of payment obligations, which may be caused by an inability to procure funding (funding liquidity risk) or the existence of limits on the divestment of assets (market liquidity risk). Liquidity risk also includes the risk of fulfilling payment obligations at above-market costs, incurring a high cost of funding, or incurring capital losses on the divestment of assets;
  • concentration risk: it is the risk arising from exposures to counterparties, groups of related counterparties, and counterparties operating in the same business segment, engaging in the same activity, or based in the same geographical area;
  • residual risk: it is the risk that the recognised credit risk mitigation techniques used prove less effective than foreseen;
  • reputational risk: it is the current or prospective risk of a decrease in profits or capital arising from a negative perception of the corporate image by clients, counterparties, shareholders, investors or regulatory authorities;
  • strategic risk: the actual or prospective risk of a decrease in profits or capital arising from changes in the operating context or poor company decisions, the inadequate implementation of decisions, or insufficient reaction to changes in the competitive scenario;
  • compliance risk: it is the risk of incurring legal or administrative penalties, significant financial losses or damages to reputation due to breaches of compulsory provisions (of laws or regulations) or self-imposed rules (e.g., articles of association, codes of conduct, self-regulatory codes).

The Group has formally defined a policy for each of the above risks that lays down: the general principles, roles and responsibilities of the company bodies and functions involved in risk management; guidelines on risk management in accordance with its business model, risk appetite, internal control system, system of delegated powers established by the Board of Directors and instructions of supervisory authorities.

The integration of the ESG factors into the risk management system

Environmental, social and governance factors (e.g., climate change) may significantly impact the risk categories usually managed by financial institutions, such as credit, operating, market, liquidity and reputational risks.

The Bank is therefore integrating the evaluation of the ESG factors into its risk management framework and has launched several projects aimed at understanding the exposure of its business lines and operations to key sustainability risks.

It carries out audit work and draws up audit reports.