Enterprise Risk Management (ERM)
The Enterprise Risk Management (ERM) of Banco de la República (the Central Bank of Colombia, Banrep) is a set of policies, strategies, practices, procedures, methodologies, controls, and/or limits established to identify, measure, control, monitor, and report the organization’s risks in a timely manner, supporting Banrep’s decision-making. The ERM consists of policies, Risk Appetite Framework (RAF), governance structure, and the stages for risk management.
Below are details about the RAF and the governance structure of the ERM:
Risk Appetite Framework (RAF)
The RAF is the set of methodologies, procedures, controls, and alert levels used to establish, communicate, and monitor risk appetite, meaning the exposure that Banrep is willing to accept while performing its functions.
It applies to all the risks of Banrep and includes:
- General RAF policies: These define the guidelines for managing the RAF across the organization.
- Risk Appetite Statement (RAS):
- Qualitative Statement
- Quantitative Statement (internal indicators used for monitoring process risks).
Banco de la República’s Qualitative Risk Appetite Statement (RAS) is:
“Banco de la República is conservative regarding the risks it takes on; therefore, it has low tolerance for both financial and non-financial risks. Regarding fraud, corruption, or criminal activities, Banrep has zero tolerance due to its high standards of transparency and ethics.
Consequently, Banrep incorporates these aspects into its decision-making process, prioritizing the fulfillment of its constitutional duties, and manages its risks through management systems, policies, processes, and control schemes aimed at mitigating the potential impacts arising from their materialization”.
| Risk Type | Acceptable Risk Level | |||
|---|---|---|---|---|
| Zeero | Low | Moderate | High | |
| Financial Risks | - | X | - | - |
| Market Risk | - | X | - | - |
| Liquidity Risk | - | X | - | - |
| Credit Risk | - | X | - | - |
| Non-Financial Risks | - | X | - | - |
| Operational Risk | - | X | - | - |
| Fraud Risk | X | - | - | - |
| Other Risks | - | X | - | - |
| Money Laundering and Terrorist Financing Risk (ML/TF) | X | - | - | - |
| Environmental Risk | - | X | - | - |
| Third-Party Supplier Risk | - | X | - | - |
| Reputational Risk | - | X | - | - |
Governance Structure for Risk Management
Banrep risk management governance is based on the Three Lines Model1 as shown below:
1 This model is proposed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and allows for the integration of Risk Management into Process-Based Management, clearly defining the roles and responsibilities of business units and control units within the process. This model was adopted by the Departamento Administrativo de la Función Pública - DAFP (Public Service Administrative Department) to support the Internal Control Standard Model (MECI in Spanish)
2 Internal Resolution 01 of 2020. The Board of Directors of Banrep established the Risk Committee as an advisory and support body to the Board of Directors and Administrative Council regarding the Integrated Risk Management System.
3 Departments and units performing second-line functions at Banrep (Middle Office).
4 Risk management is one of the five components of the Internal Control System.
