Basic HTML Version
Annual Report 2011
40
Finally, EIF COR systematically organises training and
awareness sessions for EIF staff.
Operational risk
Role and position
At EIF, operational risk is defined, on the basis of the EIF
Operational Risk Management Charter, as the risk of reputa-
tional damage or loss resulting from inadequate or failed in-
ternal processes, people and systems or from external events.
While the management of operational risk is the primary
responsibility of each function or service leader, the imple-
mentation of an integrated operational risk management
framework forms part of the remit of EIF COR.
In this context, EIF COR has developed a risk and control
assessment methodology which comprises the identification
and the rating of the main operational risks for each process
as well as the definition of risk-mitigation plans.
The risk and control assessment is completed by the periodi-
cal collection and analysis of operational risk events.
Data protection
Role and position
In line with the provisions of Regulation (EC) 45/2001 of the
European Parliament and of the Council on the protection
of individuals relating to the processing of personal data by
Community institutions and bodies and on the free move-
ment of such data (“Regulation 45/2001”), the Head of EIF
COR was appointed EIF data protection officer in 2007
for a period of three years; this appointment was extended
in 2010 for another period of three years. According to the
terms and conditions of an inter-institutional agreement, the
EIF data protection officer and the EIB data protection of-
ficer mutually replace each other.
Regulation 45/2001 contains the key obligations of EU in-
stitutions and bodies in relation to the protection of personal
data and sets out the procedure for the notification of data
processing to the European Data Protection Supervisor.
The remit of EIF Compliance and Operational Risk (EIF
COR) includes the assessment of compliance risk and
operational risk within EIF; the Head of EIF COR also
takes care of data protection issues in EIF. This combina-
tion allows a comprehensive analysis of non-financial risks
within one service function.
With these responsibilities, EIF COR forms part of the inte-
grated ex-ante risk assessment and ex-post risk monitoring
under the responsibility of the Deputy Chief Executive.
Compliance
Role and position
The reference to compliance risk in EIF follows the definition
set out in the paper on “Compliance and the compliance
function in banks” issued by the Basel Committee on Bank-
ing Supervision in April 2005. Consequently it comprises
the assessment of the risk of legal or regulatory sanctions,
material financial loss or loss of reputation. In this context,
EIF COR addresses issues relating to (i) institutional compli-
ance, such as corporate governance or public procure-
ment, (ii) transactional compliance, in particular compliance
with applicable rules and guidelines for EIF transactions
and (iii) conduct compliance, mainly as regards the conduct
rules incorporated in the EIF codes of conduct.
As regards compliance issues, EIF COR has, upon its initia-
tive, direct access to EIF’s Board of Directors.
EIF COR issues a position on each transaction proposed to
EIF’s Board of Directors which relates to the assessment of
the regulatory status of EIF counterparts, individual integrity
issues and the compliance of a transaction with the under
lying transactional guidelines.
Key compliance policies
Key compliance policies in EIF relate to the assessment of
counterparty structures to ensure regulatory cover on anti-
money laundering and “know your customer” issues as
well as full tax transparency avoiding non-transparent off-
shore and cross-border structures. Furthermore, the compli-
ance function in EIF is responsible for the core business
ethics followed by the institution, especially concerning
ethical restrictions on targeted economic sectors.
EIF COR also controls compliance with procurement and
related rules as well as the conduct rules applicable to
EIF bodies and staff.
Compliance and operational risk