System of internal controls and risk management

We adopt – in accordance with supervisory regulations – a system of internal controls and risk management consisting of three levels of control, complementary to each other, which ensure the effectiveness and efficiency of business processes in accordance with the strategy defined by the Board of Directors.

The internal control system plays a central role in Cherry Bank’s organization. It represents a fundamental element of corporate risk control, and fosters the dissemination of a proper culture of risk, legality and corporate values. As part of the system of internal controls, the risk control function is embedded in Risk Management, which reports hierarchically to the Board of Directors.

Risk Management is organizationally separate from Internal Audit and the Compliance and AML Function.

It is also not involved in risk-taking processes.

It is composed of a team of young talent whose approach to risk is highly flexible and focused on data-driven management, i.e., based on the information that data brings, geared toward providing a value-added service to the business, while respecting the principle of independence that characterizes its mandate. The inspiring maxim of the Risk team’s work is “Without data you are just another person with an opinion” (quoting W. Edward Deming).

Central to risk management and control, is the speed of action and interception of anomalous phenomena, in this regard technology plays a central role in facilitating and accelerating the production of data, which must always be ultimately interpreted by the human being.

Its mission can be summarized in the following main points:

to ensure an independent, holistic and integrated view of the risks and their iterations, to which the Bank is exposed, and to ensure that they are adequately reported to corporate bodies, other Control Functions and risk taker units;
Identify, measure, assess, monitor relevant risks;
preside over risk governance and management processes in accordance with the strategies defined by the Corporate Bodies;
ensure the development and continuous improvement of methodologies, models, metrics and tools for risk measurement and integration;
foster the transposition of regulations and supervisory directives.

The typical risks to which the Bank is exposed are the traditional risks present in a financial institution, among the most relevant are:

Credit risk

Represents the risk of loss arising from the default or deterioration in the creditworthiness of entrusted counterparties; consists of:

Of the counterparty risk dimension.
It concerns the risk of default or deterioration in the creditworthiness of counterparties to which the Bank is exposed;
Of the transaction risk dimension.
It concerns both the losses that the Bank incurs due to the failure to recover its receivables from counterparties in default, and the increase in exposure values to entities that, following a worsening of their economic/financial situation, tend (in all those cases of technical forms of credit facilities with so-called “uncertain value”) to make greater use of the credit line granted to them, thus reducing the residual available margin.

Operational risk

Represents the risk of incurring losses resulting from the inadequacy or dysfunction of processes, human resources, internal systems or exogenous events.
It includes, among other things, losses resulting from fraud, human error, operational disruptions, systems unavailability, contractual defaults, and natural disasters.

Liquidity risk

Represents the Bank’s difficulty or inability to meet its payment commitments on time due to its inability both to raise funds in the market (funding liquidity risk) and to demobilize its assets (market liquidity risk).

Compliance & AML encompasses within it the Regulatory Compliance Function and the Anti-Money Laundering Function and is organizationally separate from Internal Audit and Risk Management.

In addition, it is not involved in risk-taking processes.(market liquidity risk).

It is composed of a motivated team of resources characterized by high technical and professional skills in the management of risks of noncompliance with regulations, AML and terrorist financing, with specific training and constantly updated through inclusion in training programs on an ongoing basis.

Its mission can be summarized in the following main points:

To preside, according to a risk-based approach, over the management of the risk of non-compliance with regulations with regard to all business activity;
Carry out prevention of the risk of non-compliance with standards at all levels of the corporate organization with appropriate empowerment of all personnel;
VAssess the adequacy of internal procedures with respect to the objective of preventing the violation of mandatory rules (laws and regulations) and self-regulatory rules (bylaws, codes of conduct, codes of self-regulation) applicable to the financial intermediary;
Prevent the risk of money laundering and terrorist financing according to a principle of widespread individual responsibility, according to which the performance of activities in accordance with regulatory provisions is the responsibility of each person, regardless of the role or function held;
Collaborate in defining the system of internal controls and procedures aimed at preventing and combating the risk of money laundering and terrorist financing;
Continuously verify the adequacy of the risk management process and the suitability of the system of internal controls and procedures adopted and propose organizational and procedural changes.

The main risks overseen by Compliance & AML are:

Regulatory non-compliance risk

Represents the risk of incurring judicial or administrative sanctions, significant financial losses, or reputational damage as a result of violations of mandatory (laws, regulations) or self-regulatory standards (e.g., codes of conduct, codes of ethics, codes of self-regulation).

Money laundering risk

Consists of each of the following activities:/p>

the conversion or transfer of assets, carried out in the knowledge that they originate from criminal activity or participation in such activity, for the purpose of concealing or disguising the illicit origin of such assets or helping anyone involved in such activity to evade the legal consequences of their actions;
the concealment or dissimulation of the true nature, origin, location, disposition, movement, ownership of assets or rights to them, carried out with the knowledge that such assets originate from criminal activity or participation in such activity;
the acquisition, possession or use of goods being aware, at the time of their receipt, that such goods originate from criminal activity or participation in such activity;
participation in any of the acts referred to in the preceding paragraphs, association to commit such an act, attempt to perpetrate such an act, aiding, abetting, instigating or advising anyone to commit such an act, or facilitating the commission of such an act.

The risk of money laundering is an important factor in the pollution of the economic and financial system, as it alters its mechanisms, fairness and at the same time its very stability.

We respond to the complexity of the phenomenon in a responsible manner, paying the utmost attention to actions and tools to counter it, in the knowledge that the pursuit of profitability and efficiency must be combined with the continuous and effective presidium of corporate integrity with respect to the legal and reputational risk of involvement in activities of this kind.

Terrorist Financing Risk

Terrorist financing is embodied in any activity directed, by any means, to the collection, provision, intermediation, deposit, custody or disbursement of funds or economic resources, intended to be used for the purpose of committing one or more crimes for the purpose of terrorism or in any case directed to facilitate the commission of one or more crimes for the purpose of terrorism, and this regardless of the actual use of the funds and economic resources for the commission of the aforementioned crimes.

Internal Audit constitutes the Level III control function and acts with independence from the organization.

The Internal Audit function performs third-level control, which is responsible for periodically assessing the completeness, adequacy, functionality and reliability of the system of internal controls and risk management.

In the context of the Bank, Internal Audit is of strategic importance, carrying out an independent and objective activity, aimed at improving the effectiveness and efficiency of business processes, through a systematic approach, which generates value as it aims to assess and improve internal control, risk factor management and corporate governance.

Great attention is also paid to reputational risk, as the Bank’s operations are strongly centered on the understanding that the customer must be the focus of every single employee’s attention, because of this the reputational impact is constantly monitored.