Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
ITAÚ UNIBANCO HOLDING S.A. CNPJ 60.872.504/0001-23 Companhia Aberta NIRE 35300010230 PUBLIC ACCESS REPORT – OPERATIONAL RISK Purpose To establish guidelines and responsibilities associated with Itaú Unibanco Holding (Itaú Unibanco) management structure for Operational Risk, in compliance with the applicable normative standards and regulations and best market practices. Guidelines The Operational Risk Management structure must: Ensure that the Board of Directors sets guidelines and monitors operational risk strategies and policies, so that at all levels of the conglomerates have clear understanding of their roles and responsibilities. Identify operational risk events that may affect the conglomerate’s ability to reach the strategic and operational objectives it has set. Evaluate operational risk events identified and the conglomerate’s exposure to them. Control and / or mitigate the operational risk events identified. Monitor exposures to operational risk events in order to keep the corresponding capital requirement updated. Report to the Board of Directors the operational risk events associated with each institution individually and to the conglomerate, on an annual basis or more frequently. Ensure that identification, evaluation, measurement, control, monitoring and reporting cover operational risk events inherent to the conglomerate’s activities and those of outsourcers under its coordination Retain stored documentation and information for any operational risk related losses incurred by the conglomerate or other institutions. Responsibilities Itaú Unibanco has established a structure of collective bodies for managing and controlling risk. Additionally, the departments that have responsibilities described below are related to the operational risk control structure: Support or Business Units Identify, measure and evaluate the operational risk events; Informing the ACR about every newly identified potential risks that had not been considered in the development of the control activities, or whenever changes in the current rules and regulations; Maintain an effective control environment related to activities developed by the conglomerate; to its systems of financial, operational and managerial information; to the compliance with applicable internal and external rules; and consistent with the nature, complexity and risk of operations; Managing operational risk events and controls of processes attributed to it and those of significant outsourced activities under its coordination; Retain stored documentation and information for any operational risks; Ensure the implementation of decisions, policies and strategies approved by the Holding Risk Control Area Disseminate and ensure the implementation of decisions, policies and strategies for operational risk management to Business and Support areas and to the Chief Risk Officers (CROs) of International units; Managing the process of drafting, reviewing and approving institutional policies for operational risk in light of regulatory guidelines and reviewing them at least once a year; Monitoring the adequacy of Reference Equity related to the operational risk assumed by the conglomerate; Disseminate the risk and control structure and disclose the best practices and policies related to the management of operational risk; Developing and providing methodologies, tools, systems, infrastructure and governance needed to support Operational Risk Management and Compliance for the conglomerate’s activities and those of outsourcers under its coordination; Coordinating crisis management and developing and applying business continuity plans; Monitor the regulatory environment changes to ensure that products and processes comply with internal and external rules in each country; Ensuring governance of Operational Risk Management themes; Assess the operational risk involved in altering and creating new products; Report to the board of directors enabling identification and correction of significant control deficiencies; Store and maintain any information related to losses caused by operational risk events incurred by the group. Modeling Area Develop models to calculate operational risk capital. Internal Audit Verify in a periodic an independent manner, the effectiveness of the process of management and control of operational risk. _____________________________ Este relatório foi revisado e aprovado pelo Conselho de Administração do Itaú Unibanco na data xx.xx.xx.