Navigation and service of the Landwirtschaftlichen Rentenbank

jump directly to:

Logo der Rentenbank

open the mobile menu

Non-financial risks

Definition

Non-financial risks are sub-divided into operational risks and strategic risks.

Operational risks arise as a result of non-functioning or defective systems and processes, misconduct on the part of humans, or external events. Operational risks include legal risks, compliance risks, outsourcing risks, IT risks, information security risks, personnel risks, model risks, project risks, and event or environmental risks.

Strategic risks are sub-divided into business/strategic risks, reputation risks, and pension risks.

Business/strategic risk refers to the risk that business strategy objectives would not be attained due to business strategy positioning or detrimental changes in the framework conditions for Rentenbank and that this non-attainment of business strategy objectives would have an adverse effect on the Bank’s financial position and financial performance.

Reputation risk refers to the risk of losses as a result of a worsening of the perception of Rentenbank in the minds of relevant internal and external stakeholders, which would have adverse economic effects or lessen the trust placed in Rentenbank.

Pension risk refers to the risk of an inadequate measurement of pension provisions.

Risk assessment and management

From an economic perspective, non-financial risks are quantified by means of a simulation model (Value at Risk). The data basis comprises the risk estimates from the self-assessments of the process owners, the risk analyses of other organisational units, and historical losses from operational risks. The risk model allows for a detailed analysis of individual risks and risk drivers, as well as the simulation of scenarios.

All the Bank’s loss events and near losses are decentrally recorded in a loss event database by the Operational Risk Officer. Risk Controlling analyses and aggregates the loss events and refines the methodological instruments.

In the self-assessments, material operational risk scenarios of specific business processes are analysed and assessed with a view to inherent risks and risk-reducing measures are adopted.

Risk Controlling aggregates and analyses all non-financial risks on a centralised basis. This department is responsible for the use of instruments and the refinement of risk identification, assessment, management, and communication methods. Non-financial risks are managed by the respective organisational units.

The Legal & Committees Department manages and monitors legal risk. It informs the Management Board about current or potential legal disputes on an ad-hoc basis and also periodically in the form of semi-annual reports. The Bank minimises legal risks from contracts by largely employing standardised contracts. The Legal Department is involved in the corresponding decisions at an early stage and important projects are coordinated with the Legal & Committees Department. Legal disputes are immediately entered into the loss event database. A specified risk indicator is monitored to ensure the early identification of risks.

Regulatory risks as a sub-category of compliance risks are managed by the Compliance function and the regulatory working group ART, by means of active participation in regulatory initiatives and other legislative initiatives affecting Rentenbank, and the identification of potential consequences for the Bank.

On the basis of a materiality and risk assessment, compliance-related risks are identified and analysed to assess whether the general and institution-specific requirements for an effective organisation are met. The same procedure is applied with respect to risks related to money laundering, terrorist financing, and criminal acts, which could endanger the Bank’s assets. Organisational measures to optimise risk prevention are defined on the basis of the risks identified in this procedure.

The fulfilment of duties of care and the identification of contractual partners (know-your-customer principle) are particularly important elements of money laundering prevention. The necessary procedures and processes for this purpose have been implemented and any suspected cases are referred immediately by the Anti-Money Laundering Officer to the Central Financial Intelligence Unit (FIU). The Bank is not aware of any suspicious cases involving money laundering, terrorist financing, or other criminal acts in 2024.

The risks associated with the outsourcing and other purchases of IT services are identified as a sub-category of operational risks. Rentenbank has instituted the position of a Central Outsourcing Officer who is supported by the Central Outsourcing Management Department. Outsourced activities are monitored decentrally. The Central Outsourcing Management Department also performs risk management and monitoring with respect to the portfolio of outsourced activities. Outsourced activities are classified as material or immaterial on the basis of a standardised risk analysis. Material outsourced activities are subject to special requirements, particularly with regard to contracts, management, monitoring, and reporting.

Rentenbank has implemented an Information Security Management System (ISMS) to protect data, systems, networks, and the business premises. The Information Security Department monitors compliance with all standards and requirements for the confidentiality, availability, and integrity of information specified in the ISMS. Employees are regularly trained in matters of information security and sensitised to risks by means of different channels. Information security risks are integrated into operational risk management and are transparently reported. This also includes risks arising from threats related to cyber-attacks. To this end, Rentenbank arranges for external service providers to conduct penetration tests on a regular basis.

The Bank’s Emergency Management Department has defined preventive and reactive measures to protect time-critical business processes in case of emergency or crisis. The manner of dealing with business interruptions is detailed in the Emergency Handbook, business continuation plans, and recovery plans. Rentenbank reviews and monitors the efficacy of these plans on the basis of test and drill plans.

A code of conduct and professional corporate communication help to minimise reputation risks.

To measure the risks inherent in pension provisions, an actuarial opinion is prepared by an outside expert on the basis of parameters such as interest rates, inflation, and life expectancies. The corresponding interest rate risks are taken into account in the monitoring of Interest Rate Risk in the Banking Book (IRRBB).

Non-financial risks are limited separately by operational and strategic risks in the economic risk-bearing capacity calculation.

The loss events identified in the reporting period, the insights gained from the self-assessments, the risk assessment of the organisational units, and the monitoring of early warning indicators do not show any risks that would endanger the Bank’s continuation as a going concern.

Previous Chapter Risk report - Liquidity risks
Next Chapter Risk report - ESG risks