The CBCG’s operational risk management policy encourages effectiveness, efficiency and transparency principles. It relies on confidentiality, responsibility, awareness and risk culture as integral elements of the risk management process.
- Effectiveness: providing a systematic and structured approach following best practices; using operational risk tolerance policy as a common reference point while ensuring sufficient flexibility when implemented in a diverse and changing environment.
- Efficiency: risk management process optimisation in practice; synergy and avoiding effort duplication; encouraging the implementation of cost-benefit analysis following the operational risks tolerance policy; rational use of resources proportional to the risks to be treated.
- Transparency: exchanging information between relevant stakeholders on incidents and timely warning of possible risk events.
- Confidentiality: without questioning the transparency principle, the information owner must harmonise all collected information with the appropriate classification of confidentiality that all recipients must respect.
- Accountability: clearly assigning roles and responsibilities in the risk management process, including risk acceptance, which are appropriately communicated to employees.
- Risk awareness and culture: informing all interested parties about their responsibilities in the risk management process, promoting integrity and ethical business behaviour, and raising awareness of the operational risk importance.