Publicat pe (http://www.bnm.md)

Acasă > The NBM governance, risk management and controls levels

The NBM governance, risk management and controls levels

 

Risk management and internal control


Risk management

The National Bank manages financial and non-financial risks associated with fulfilling its core duties and business processes.

Financial risks are the risks associated with financial instruments used to implement monetary and exchange rate policy and to manage international reserves. These refer to:

  1. Credit risk – the risk of losses resulting from the failure of counterparties to meet their contractual obligations.
  2. Liquidity risk – represents the risk that the National Bank will not be able to meet its payment obligations when they become due. Liquidity risk is characteristic of market trading and consists of the inability to realize a financial asset at its fair value due to specific market conditions.
  3. Market risk – the risk arising from unfavorable fluctuations in market prices of the assets that are part of the National Bank's investment portfolios. Market risk includes interest rate risk and currency risk:
      a) Interest rate risk – the probability of incurring a loss or failing to achieve projected profits due to unfavorable changes in market interest rates;
      b) Currency risk – the probability of incurring a loss or failing to achieve projected profits due to unfavorable changes in exchange rates.


Non-financial risks:

  1. Strategic risk – refers to the risk of potential failures resulting from decisions made by the governing bodies, internal events (governance, incorrect strategy setting, resource insufficiency), or external events (national policies, regulations, technologies, external interference, exceptional situations), which could prevent the bank from achieving its established strategic objectives. Strategic risks are identified within the operational processes related to strategic planning and are assessed according to the Operational Risk Management Framework.
  2. Operational risk – represents a potential financial, operational, and/or reputational impact on the bank, which arises from or is conditioned by inadequate or failed internal governance, business processes, people, systems/infrastructure, or the external environment.
    The National Bank of Moldova identifies legal risk as part of operational risk, assessed according to the Operational Risk Management Framework in business processes. This risk may result from the regulatory framework, non-compliance with or misunderstanding of normative provisions, ambiguity or insufficiency of applicable regulations, the drafting of normative acts, processes of representing the interests of the National Bank in court, procurement processes concerning the enforcement of contractual rights, etc. For the identified risks, the impact on operations, reputational impact, and financial impact on the operational processes of the National Bank are assessed.
  3. Climate Risk – The National Bank of Moldova is in the process of developing a framework for integrated risk management, along with policies, processes, and controls to incorporate climate risks into integrated risk management. The objectives are focused on improving the resilience of the banking sector, promoting sustainable financing, understanding environmental risks, education and research, and managing its own operations.

Risk Appetite is the maximum amount and type of risk that the bank is willing to prevent, accept, or tolerate in fulfilling the core responsibilities and objectives of the National Bank. Risk appetite can be expressed in both quantitative and qualitative terms, depending on the risk category or risk specificity.

Risk Tolerance is the value or level of residual operational risk (“the amount”) that the bank is willing to bear or to which it may be exposed (the acceptable degree of variation) at any given time after treatment the inherent risk, to achieve its objectives.

Based on its mandate, mission and values [1], the National Bank manages risks to ensure the achievement of the basic tasks [2] (as established in art. 5 of the NBM Law [3]), strategic objectives [1] and the objectives of the business processes, in accordance with the risk tolerance and risk appetite [4] approved by the Supervisory Board.

The Risk Appetite of the National Bank for financial and non-financial risks, is low to medium, exept for risks of fraud, for which the National Bank has a "zero" appetite to risk.

Risk Profile, referred to as the "risk heat map", is a table that transposes the prioritized qualitative and quantitative assessment of risks specific to the National Bank's activity. Each risk represented in the risk profile implies a certain level of performance for the respective strategy or the objectives of the National Bank.

Key Risk Indicators (KRIs) are measures and values related to a specific category of risk, serving as indicators of the likelihood of an impact or changes in the probability/impact of the risk.

  • KRIs are defined to measure risk exposure or to provide an early warning of risk to identify potential events that could affect objectives.
  • KRIs are established at the risk and operational process levels. In setting KRIs, the key performance indicators (KPIs) established for the objectives of the National Bank may be used.

The criteria for establishing KRIs are based on the SMART framework (specific, measurable, achievable, relevant, time-bound) and are linked to the strategic objectives of the National Bank, the promoted risk policy, and should be multidimensional, easily comparable, predictable, and informative.

The risk management process [5] is a continuous process defined by the following steps: (1) risk identification, (2) risk assessment, (3) risk response, (4) risk monitoring and review, (5) risk communication and reporting.


Development objectives of the risk management system

Strengthening the integrated risk management system is an essential operational objective outlined in the "BNM 2025" Strategic Plan, related to Strategic Objective 6: To strengthen institutional resilience and agility, aimed at enhancing the organizational capacity to identify, assess, monitor, and mitigate risks. Within this objective, a series of actions are planned that will contribute to the development and optimization of the risk management system, thereby ensuring greater resilience and better adaptation to changes in the external environment, including climate change.

Thus, in the first stage, the following are planned: the approval of the updated internal control framework, the approval of the integrated risk management framework, the automation of the operational risk management process, the continuous updating of the continuity assurance plan, and the ongoing training of employees in risk management.

 

Internal control

The National Bank aligns the management of operational risks and internal control system to the international standards COSO, ISO 31000, to the best practices in the field, including those offered by the International Operational Risk Working Group (IORWG), National Bank being a member of it.

With the approval of the Operational Risk Management Framework in the National Bank of Moldova, the Supervisory Board established the risk appetite/tolerance in the National Bank.

Risk management and internal control within the NBM are established according to the three lines of defense.

The first line of defense manages the risks and is represented by the NBM subdivisions, which are also the "owners" of the risks. The heads of the subdivisions (line managers) are responsible for identifying and managing the inherent risks in the business processes and the IT systems they own, properly establishing the control activities in the risk management process. For operational risks, their assessment methodology is applied, according to which each structural subdivision of the National Bank annually performs the operational risks control self-assessment procedure, with the identification and assessment of risks on activity processes, as well as the establishment of control measures to maintain the risks in the tolerance zone, with the reporting of the results to the operational risk management function. The subdivisions apply a set of control procedures on a daily basis to the business processes and systems they manage, ensuring their effectiveness and efficiency.

Second line of defense consists in organizing the process, ensuring the methodological framework, coordinating and independently supervising the process of risk management and internal control . The functions of the second line of defense include specific monitoring mechanisms and processes in order to exercise an adequate financial and operational risk management system and internal control.. The second line of defense is represented by the structures with dedicated functions to the management of financial and operational risks, the Investment Committee and the Risk Committee. At this level, the methodological framework for conducting an effective risk management process in the NBM is developed: the internal framework on how to perform and control foreign exchange operations, operational risk management by business processes, ensuring business continuity and information security, personal data protection, standards, policies and response plans to incidents, which disrupt or threaten the operational functions of the National Bank. An incident management system is in place at the National Bank, where incidents are recorded, including the measures taken and those responsible for their implementation.

The third line of defense provides independent and objective assurance and is represented by internal audit. Internal audit provides management and line managers with independent reasonable assurance about the adequacy and effectiveness of governance, risk management and internal controls, including how the first and second line of defense achieve risk management objectives. The internal legal framework regarding the operation of the internal audit is approved at the level of the Supervisory Board and aligned with the mandatory elements of the International Professional Practices Framework (IPPF), developed by the Institute of Internal Auditors (IIA).

Internal control within the NBM also operates through a series of regulations approved by the governing bodies and ensures the effective management of resources to fulfill the mission, core responsibilities, strategic objectives, and business processes of the NBM.

Regulation on Internal Audit Department of the National Bank of Moldova [6]

 

External control


External audit

Annual financial reports, accounts and records of the National Bank are subject to annual external audit, in accordance with International Standards on Auditing, conducted by an external audit organization with reputation and recognized experience in the auditing of central banks and international financial institutions selected by the Supervisory Board of the NBM, based on a tender.  The report of the external auditor is published along with the annual financial statements of the National Bank. The same external audit organization cannot be appointed consecutively for a period that exceeds 5 years.


Safeguards Assessment of the NBM by the IMF

Periodically, the credibility and safety of central banks is evaluated by IMF experts in order to receive assurance in the implementation and operation by the NBM of the control, accounting, reporting and audit systems related to the management of resources, appropriate to the integrity of the operations carried out. The assessment covers six key areas relevant to control and governance within central banks according to the acronym GELRIC:

  • G - Governance arrangements;
  • E - External audit mechanism;
  • L - Legal structure and autonomy;
  • R - Financial Reporting;
  • I - Internal audit mechanism;
  • C - Internal Controls.


Audit of the Court of Accounts of the R.M.

The external public audit regarding the legality and regularity of expenditure budgets and investment allocations is carried out by the Court of Accounts, limited, according to Law no. 548/1995 regarding the National Bank of Moldova, to the examination of the operational efficiency of the decisions taken by the management of the National Bank, with the exception of those related to the implementation of the monetary and foreign exchange policy of the National Bank and the management of the state's foreign reserves.

 

  • Business process management within the National Bank of Moldova (Extract framework [7])
  • Operational Risk Management Framework (Extract [8])

 

Sursa URL:http://www.bnm.md/ro/node/49896

Legături conexe:
[1] http://www.bnm.md/en/content/strategic-plan-national-bank-moldova-bnm-2025 [2] http://www.bnm.md/en/content/information-regarding-nbm [3] http://www.bnm.md/files/Law on the National Bank of Moldova no_ 548-XIII of July 21 1995_02_08_2024_2.pdf#page=7 [4] http://www.bnm.md/files/extras_Cadru.pdf#page=2 [5] http://www.bnm.md/files/extras_Cadru.pdf [6] http://www.bnm.md/en/content/regulation-internal-audit-department-national-bank-moldova [7] http://www.bnm.md/files/General framework on the business process management system (Excerpt_framework)_fin.pdf [8] http://www.bnm.md/files/extras_Cadru_ ENG_web.pdf