P.

15

2018 Pillar 3 Disclosures

Risk Management

Specifically, the Risk Department is responsible for the identification, measurement and control

of credit risk, market risk and structural balance sheet risks (ALM). It is also responsible for

reviewing that the exposure to each of the risks lies within the tolerance limits established by

the Board and the Assets and Liabilities Committee, both at an individual level and overall.

It is also the department responsible for the development of measurement methodologies

for all risks, and it is involved in their implementation in the control tools in order to ensure

that they are permanently updated, aligned with good market practice, and are appropriate

for the complexity and levels of the risk incurred. Proposals for methodological improvement

or modification are approved by the Assets and Liabilities Committee at the proposal of the

Financial Risk Committee.

The Department is structured as follows:

•

Market, Balance Sheet and Liquidity Risk Division

This division is responsible for the management and control of market risk and structural

balance sheet risk, and also for the monitoring of the management results of the Trading

Room.

•

Risk Control and Analysis Division

The Risk Control and Analysis Division is responsible for the analysis and control of credit

risk associated with the activities of the various business units. This analysis is the basis

for the adoption of decisions at the Financial Risk Committee and the Assets and Liabilities

Committee.

•

Pricing and Methodological Control Division

This is the division responsible for the valuations and prices used in risk management,

accounting and depositary activities, among others, and the extension of the

standardisation thereof.

Operational Risk Unit

Its key function is to plan, organise and implement throughout the bank the operational risk

management system in the various phases (identification, assessment, monitoring and control/

mitigation of the risk), in accordance with approved policies and procedures, along with the

design and application of the corresponding information system. Its key objective is to align the

“operational risk profile” of the bank with the guidelines established by Senior Management.

In order to guarantee its functional independence, the Operational Risk Unit is part of the

Associate Services, Control and Resources Department and, within this, in the Control and

Compliance Division, which is responsible for the bank’s secondary control structure.

Its manager directly participates in the Compliance and Operational Risk Committee, the

Financial Risk Committee and the New Financial Products Committee.

The diagram below indicates the position of the Operational Risk Unit within the organisation.

2.2.4.2

2 | 2.2