With the new, prudential supervisory provisions for banks, as per Circular no. 263 of 27 December 2006 and subsequent amendments, prudential regulations include a renewed system of rules and incentives, allowing both more accurate measurement of potential risks connected to banking and financial activities, as well as maintenance of internal capital levels more suited to the effective level of risk exposure of each intermediary. The second pillar of the provisions includes the ICAAP process (Internal Capital Adequacy Assessment Process), which states that banks autonomously assess their own current and expected capital adequacy in relation to the risks assumed. With the application of these provisions, control instruments and procedures have been examined and adjusted both as regards traditional first pillar risks (credit risk, counterparty risk, market risk and operational risk) and as regards other risks (liquidity risk, banking book interest rate risk, concentration risk etc). This process informed the drafting and transmission to the Supervisory Body of the Annual ICAAP Report to 31 December 2009. In May 2010, again in reference to 31 December 2009, in compliance with the obligations envisaged by the relevant law, Banca IFIS published its Public Disclosure Document on capital adequacy, exposure to risks and the general features of the systems in place to identify, measure and manage such risks. This document has been published on Banca IFIS’s website www.bancaifis.it in the ‘Investor relations’ section.

With reference to the above and as per Circular no. 229 of 21 April 1999 - Supervisory Instructions for banks - the Banca IFIS Group has set up an Internal Auditing System that aims to guarantee a reliable and maintainable generation of value in a context of controlled risk, knowingly assumed, so as to protect the group’s financial solidity. Controls involve all personnel, to different extents, and constitute an integral part of daily activities. The controls put in place can be classified according to the organisational structures in which they exist. Here follow some types:

  • Line controls which aim to ensure that operations are carried out correctly. These controls are carried out by the operational structures themselves or are incorporated in procedures or in back office activities.

  • Risk management controls which aim to define methods for measuring risks, verify if risk limits assigned to the various operational areas are being respected and check if operations within all areas are consistent with the objectives of risk / reward. These controls are entrusted to various different operational structures.

  • Internal auditing controls which aim to identify anomalous trends and violation of procedures and regulations, as well as appraise the overall efficiency and effectiveness of the Internal Auditing System. These controls are carried out on a continual basis, both periodically and spot, by various different structures that are independent from operational structures.

The role of the different players involved in the Internal Auditing System (the Board of Directors, the Internal Auditing Committee, the Executive director empowered with control over the Internal Auditing System, the Supervisory body as per Legislative Decree no. 231/2001, the Internal Auditing Function, the Manager responsible for financial reporting, the Risk Management Office and the Compliance Office) are described in detail in the ‘Report on Corporate Governance and Shareholding Structure’, prepared as required by the third paragraph of article 123 bis of Legislative Decree no. 58 of 24 February 1998 (the Consolidated Law on Finance), approved by the Board of Directors on 7 March 2011 and published on the Bank’s Internet website in the “Investor Relations” section: www.bancaifis.it/bancaifis/index.php/en/main/Investor-Relations/Corporate-Governance/Corporate-Governance-Reports