A- A+
Home »

Corporate Controls

Risk Management

The management of risks within the Financial Conglomerate of Banco do Brasil covers, in a wide reaching manner, credit, market, liquidity and operational risk. Management activities are carried out using specific and specialised structures, in accordance with the objectives, policies, strategies, processes and systems described for each one of these risks. Not with standing the fact that the activities are focused on credit, market, liquidity and operational risks, the Bank adopts mechanisms to guarantee sufficient capital to cover other risks incurred. More information can be found on Banco do Brasil's Risk Management in the Performance Analysis Report and the website of the Investor Relations Unit.

Structure and Processes of Risk Management

The risk governance model adopted by Banco do Brasil involves a structure of committees and subcommittees, with participation from various areas of the Institution, involving the segregation of business functions versus risk, structure and processes defined for risk management, decisions at various hierarchical levels, clear standards, a structure of jurisdiction and all based on the best management practices.

Credit and risk policies are determined by the Board of Directors. In turn, the governance of risk at Banco do Brasil, which covers the Multiple Bank and its Wholly-Owned Subsidiaries, is centralised at the Global Risk Committee (CRG), which consists of the Directive Council, which has the principal aim of establishing strategies for risk management, global limits of exposure to risk and levels of compliance and capital allocation as a function of risk. With a view to imbuing the management process with flexibility, Subcommittees for Credit Risk (SRC), Market and Liquidity Risk (SRML) and Operational Risk (SRO) have been created, which as well as being the instrument of the CRG, also have the delegated power to make to make certain decisions. These Risks Subcommittees are comprised of Statutory Directors, whose decisions are taken in a collegiate manner, and in accordance with the directives and standards of BB.

The decisions are communicated to the areas in the form of resolutions which objectively express the position taken by the management, guaranteeing their application at all levels of the Bank. The Risk Management Directorship (DIRIS), linked to the Vice-Presidency of Credit, Controlling and Risk Management, deals with the management of market, liquidity, operational and credit risk. This integration provides synergy in the various processes, as well as specialization, contributing to a better allocation of capital, while adhering to the directives published by the Basel Committee for Banking Supervision.

Banco do Brasil's risk management process is carried out in four steps:

With the objective of preventing, correcting or inhibiting weaknesses which could generate risks for BB, as well as reducing losses and strengthening risk culture, a tool is used as a management instrument, known as Technical Risk Recommendation (RTR), issued to the areas managing the processes or products when the need is identified for the adoption of loss mitigation action, as well as to ensure the fulfilment of the responsibilities defined in the risk management phases.

Market Risk

As set out in Resolution 3,464, of 06.26.2007, all finance institutions must implement a market risk structure compatible with the nature of their operations, the complexity of their products, and the size of market risk exposure of institution, segregating the trading units and the unit carrying out the internal auditing activities.

The Risk Management Directorship (Diris) is responsible for managing the market and liquidity risk of Banco do Brasil, with a structure compatible with the exposure to risk of its operations, and the the trading units being segregated from the Internal Auditing Unit.

In the process of managing the Bank's market risks, its own positions are segregated into a Trading Portfolio and a Non-trading Portfolio, as defined by resolution issued by the Global Risk Committee (CRG), which also stipulates the policy for the classification of the operations in the Trading Portfolio.

The Trading and Non-trading Portfolios are divided into Groups and Books, always observing the internal norms (technical notes and resolutions), approved by the Subcommittee for Market and Liquidity Risk (SRML) and the Committee for Global Risk (CRG), which established the objectives, composition, financial limits and limits of market and liquidity risk for each group or book. The principal types of limits used for market risk management are:

• Value at Risk – VaR; and
• Stress Testing.

BB uses stress testing measurements resulting from simulations of the behaviour of its exposures subject to market risks under extreme conditions, such as: financial crises and economic shocks. Through the use of Stress Tests the aim is to determine the size of the impact of plausible events, but with a low probability of occurrence, on regulatory and economic capital requirements. Stress tests cover simulations of exposure, both of a retrospective nature, based on historic series of shocks on market risk factors, as well as a forward-looking perspective, based on economic-financial scenario forecasts.

With the objective of providing conditions to be able to assess the capacity to absorb losses and identify possible measures to reduce risks, global and specific limits are defined in percentage form for Reference Equity (PR). In the case of the VaR limits of the Trading Portfolio, and having the aim of clarifying the level of market risk generated by the exposures and the respective impact on capital requirements for their coverage, both VaR and stressed VaR metrics are considered.

The performance of the VaR metrics is assessed monthly through the application of a back-testing process. This assessment is segregated in the process of development and use of VaR metric. The models used for the measurement of market risk are subject to an independent verification process, whose structure is segregated from the areas responsible for the development and use of the models.

In 2010, revision was carried out of the global and specific limits, and of the program for Stress Testing of Capital Requirements for Market Risk, both in compliance with Circular Nº 3,478, Issued by Brazilian Central Bank.

Liquidity Risk

Banco do Brasil maintains levels of liquidity that are in keeping with the commitments of the Institution assumed in Brazil and abroad, the result of its broad and diversified base of depositors and the quality of its assets, the extensive reach of its network of offices outside Brazil, and its access to international capital markets. The rigorous control of liquidity risk is in keeping with the Policy for Market and Liquidity Risk established for the Conglomerate, meeting the requirements of national banking supervision, as well as the requirements of other countries in which the Bank operates.

The management of Banco do Brasil's liquidity risk involves the separation of liquidity in Reais from liquidity in foreign currency. To this end, the following instruments are used:

• Maps of maturity mismatches;
• Estimates of short, medium and long-term liquidity periods;
• Stress testing;
• Limits of liquidity risk;
• Liquidity Contingency Plan; and
• Testing of the potential of the liquidity contingency measures.

The instruments of liquidity risk management are periodically monitored and reported to the Strategic Committees of the Institution.

The Maps of Maturity Mismatches show the expected payments and receipts contracted for, distributed over previously defined time intervals, and presented both from a combined perspective, as well as being detailed by operational index. Analysis of the Maturity Mismatches Maps aims to verify the contractual cash flow of the Institution on a particular date.

Estimates of short, medium and long-term liquidity periods allow the forward assessment of the effect of the mismatches between fundraising activities and financial applications, with the objective of identifying situations which could compromise the liquidity of the Institution, taking into consideration both the planning budget, as well as market conditions.

Periodically, estimates of Short-Term Liquidity are assessed under alternative scenarios and stress. If in one of these scenarios, liquidity forecasts fall below the liquidity level adopted as the limit, the Potential Contingency Measures are verified, previously identified, for the purpose of recovering the Institution's liquidity. Furthermore, Banco do Brasil uses the following metrics:

• Liquidity Reserve (RL); and
• Statement of Free Funds (DRL).

The Liquidity Reserve is the metric used in the management of short-term liquidity risk, setting a minimum level of highly liquid assets to be maintained by the Bank, compatible with the exposure to the risk resulting from the characteristics of its operations and accompanying market conditions. The Liquidity Reserve methodology is used as a parameter for the identification of a liquidity contingency and the triggering of the Liquidity Contingency Plan, this being monitored daily.

The indicator of Free Fund Availability (DRL), used in the planning and execution of the annual budget, aims to ensure equilibrium between fundraising activities and the application of funds, with an emphasis on the Commercial Areas, as well as guaranteeing the financing of the liquidity required.

The limit of the DRL, used in the guidelines for the execution and planning of the budget in accordance with the targets for fundraising and financial applications, is defined annually by the Global Risk Committee (CRG) and monitored on a monthly basis.

The Liquidity Contingency Plan, in turn, establishes a combination of procedures and responsibilities to be adopted in situations of liquidity contingency. In the event of liquidity contingency, one or more contingency measures may be adopted to safeguard the payment capacity of the Institution. The liquidity contingency measures are measured on a monthly basis.

The exposure of Banco do Brasil to this risk is minimal, bearing in mind its substantial active position in public federal securities, that have a high level of liquidity.

Credit Risk

The Management of the Bank's credit risk is carried out based on the strategic directives established by the Board of Directors, which in turn are translated in the form of directives from the Global Risk Committee and Credit Risk Subcommittee, and the areas for the Restructuring of Operational Assets, and Risk Management.

Exposures subject to credit risk are a large part of Banco do Brasil's assets, which is the reason why the risk management of these exposures is fundamental for the Bank in achieving its objectives. Their management is carried out through a credit risk management structure, approved by the Board of Directors, in compliance with CMN Resolution 3,721/09. The structure is composed of the Global Risk Committee (CRG), Credit Risk Subcommittee (SRC), Credit Directorship (DICRE), the Directorship for the Restructuring of Operational Assets (DIRAO) and the Risk Management Directorship (DIRIS), whose principal responsibilities and areas of competence are shown in the table below:

Credit Directorship Directorship for the Restructuring of Operational Assets Risk Management Directorship
To draw up studies and sector overviews.

To analyse clients and establish limits.
To manage the portfolio of non-performing loans.

To develop models and strategies for the dealing with problem loans and their collection and recovery.
To control the limits of risk for aggregated exposure.

To verify the regulatory capital levels for credit risk.
To analyse the credit risk of operations.

To create and monitor credit risk methodology.
To manage collection and recovery channels.

To propose strategies for rulings on debts at higher echelons.
To verify the economic capital levels for credit risk.

To manage the loan portfolio.

The verification and assessment of the processes and procedures of credit risk management are carried out by two internal areas, at different times, a fact which guarantees the adequate separation of functions and the independency of work carried out. The Internal Controls Directorship – DICOI, deals with the validation of the risk verification and measurement models of the Financial Conglomerate and the validation of the Bank's internal risk control system. The Internal Auditing Department – AUDIT, carries out periodic assessments of the credit risk management processes, with the aim of verifying that they are in agreement with strategic guidelines, credit policy and internal norms.

In addition to the areas above, the Independent Auditors analyze some of the processes and procedures used in the management of credit risk, contributing to the verification process to ensure that they are in compliance with external regulatory requirements, and in accordance with internal rulings.

The management of credit risk involves the areas of: Policy and Strategies for Credit Risk Management, Processes, Operational Procedures and Management Systems, and is carried out based on the best market practices, following the supervisory and regulatory norms of the banking industry. The objective is to identify, measure, control and mitigate exposure risk, contributing to maintaining the solidity and solvency of the Bank and guaranteeing alignment with the interests of the shareholders, as expressed in the schematised diagram shown below.

Banco do Brasil's credit policy contains guidelines of a strategic nature, which orientate credit risk management actions within the Financial Conglomerate. The credit policy is approved by the Board of Directors and revised annually, and is available to all employees.

Structured in four blocks (General Aspects, Assumption of Credit Risk, Loan Collection and Recovery and Credit Risk Management), the policy is applied to all businesses which involve credit risk and, among other topics, contains the following:

• Concept of credit risk;
• Segregation of functions;
• Collegiate decisions;
• Appetite for risk;
• Limits of risk;
• Classification of clients;
• Conditions for assuming risk;
• Guidelines for loan collection and recovery;
• Loss expected, economic and regulatory capital;
• Levels of provision and capital;
• Stress testing and sensitivity analysis; and
• Capital planning.

The disclosure of credit risk information is a permanent and continuous process. The assumptions taken into account in the selection and disclosure of information are: the best practices, banking legislation, users' needs, the interests of the Bank, confidentiality, and relevance of information.

The operational areas of the credits risk management structure constantly communicate the risk exposure situation to the higher echelons of the bank to enable the actions of the management to be monitored, and facilitate decision-making by Top Management.

The operational areas of the credit risk management structure produce the information destined for external public audiences, and send it to the Investor Relations (IR). The IR, in keeping with the practice of transparent governance, releases this information to the market, allowing investors and interested parties to accompany risk management actions and the evolution of credit risk, and confirm that the Bank has sufficient capital to cover all the risks it assumes.

The measurement of credit risk is carried out using various measures: non-performing loan rate, past-due period, portfolio quality, loan loss provisions, concentration, expected loss and regulatory and economic capital requirements, among others.

The use of instruments to mitigate credit risk is declared in the Bank's Credit Policy, present in strategic decisions made and the formalisation of credit norms, reaching all levels of the organization and covering all the stages of credit risk management.

In 2010, the Bank improved and consolidated its process for accompanying and monitoring its capital, with the creation of a specific forum in which the potential impacts of alterations in the market and regulatory environment are assessed with respect to existing forecasts, strategic decisions and consequent developments, with a focus on the optimization of the management and adjustment of risk exposure.

In addition to this, BB continued to consolidate the standardized simplified approach of Basel II, as well as the preparation process for the adopting of advanced models. With respect to "Pillar" III of the Basel II agreement, referring to transparency in the disclosure of information to the market, actions were implemented during 2010 so as to enable BB to adhere to the requirements of the New Agreement, as well as Central Bank Circular Nº 3,477/09, which deals with the same theme. To learn more about Banco do Brasil's risk policy management, the reader should access the website link

Operational Risk

To manage its operational risk, Banco do Brasil monitors operational losses using a systemised internal database, exposure limits and risk key indicators, as well as risk patterns for the evaluation of significant outsourced services.

In compliance with Article 4 of CMN Resolution 3,380/06, it has been defined that the structure of Banco do Brasil's operational risk management consists of the Risk Management Directorship (DIRIS), Internal Controls Directorship (DICOI) and the Security Management Directorship (DIGES), with the Board of Directorship being responsible for the information reported. The Director of Risk Management, through nomination by the Board of Directors, is responsible before Brazilian Central Bank (BACEN), for the management of Banco do Brasil's operational risk.

The table below shows the main responsibilities of the areas which make up the Bank's operational risk management structure.

Risk Management Directorship Internal Controls Directorship Security Management Directorship
Operational Risk norms and policies.

The establishment of Operational
Risk control limits.
Compliance, processes and businesses failures.

Support for areas that manage products and services.
Governance of corporate security.

Establishment and control of ICR. Backtesting. Policies, methodologies, and standardisation plans related to security, fraud, money laundering and business continuity.
Models and methodologies for capital allocation for operational risk. Compliance policy.
Measurement of operational risk.

The Internal Audit Unit is responsible for the verification of operational risk management and the functioning of its structure. It should be noted that the operational risk analysis process is assessed by external auditors, with the results being submitted to the Directive Council, the Board of Auditors and the Board of Directors.

To guarantee the effectiveness of BB's operational risk management, as well as ensure that the various functions by the responsible areas are carried out, five phases of management have been defined. The main activities at each phase are summarised in the table below:

Management Phase Summary of Activities
Identification Determination of weaknesses in the Bank's processes and in significant services carried out by third parties, as well as the identification of loss events associated with them.
Assessment and measurement Proposal of exposure limits and risk key indicators, the capture of loss events and the calculation of the capital to the allocated to operational risk.
Mitigation Development of the mechanisms and action plans for the mitigation of the operational risks identified and the drawing up of business continuity plans.
Control Monitoring of mitigation activities, proposal, implementation and monitoring of control actions; verification of level of compliance of processes; carrying out of back testing.
Monitoring Monitoring of operational loss events, of the behaviour of risk key indicators, exposure limits, as well as the existence of internal controls and business continuity plans.

The activities linked to each phase have predefined responsibilities either individually or in combination, involving the managers of products and services and the Risk Management, Internal Control and Security Management divisions.

The Operational Risk Policy approved and revised annually by the Board of Directors contains guidelines for the areas of the Bank, which aim to guarantee the effectiveness of the operational risk management model, in line with the terms of Basel II and the requirements of CMN Resolution 3,380/06.

Banco do Brasil has the objective of carrying out its operational risk management in a conservative manner, segregating the functions of risk management and business management. To this end, the Bank adopts the best risk management practices respecting the standards and supervision directives of the banking system's regulations.

The management areas of the processes, products and services, based on the causes indicated in the operational risk identification stage, and the decisions issued by the Operational Risk Subcommittee and/or Global Risk Committee, must draw up action plans and identify instruments for the mitigation of Operational Risk.

Information on operational losses, key risk indicators, qualitative and quantitative evaluations, as well as global and specific limits, are all reported monthly to the members of the Global Risk Committee and the Operational Risk Subcommittee.

The current Strategic Planning of the Bank, consisting of the Long-Term Plan 2010-2014 and the Directive Plan 2010-2011, approved by the Board of Directors, inserts the operational risk issue into the internal processes, having the objective of reducing losses, measured by means of a a Global Operational Loss Limit.

CMN Resolution 3,490/07 determines the inclusion of the Tranche of Operational Risk (POPR) in the calculation of Required Reference Equity (PRE). Through Circular 3,383/08 and Letter-Circulars 3,315/08 and 3,316/08, Brazilian Central Bank has defined the procedures for the calculation of the POPR tranche and the composition of the Operational Risk Exposure Index (IE).

With respect to measurement approaches, Brazilian Central Bank, through Circular 3,383/08, allows financial institutions to base the calculation of the POPR on one of the following approaches: Basic Indicator, Standardized Alternative or Simplified Standardized Alternative. BB has decided to allocate capital for operational risk under the Alternative Standardized Approach, the most sophisticated of these three approaches.

Currently, with the objective of qualifying its use of the advanced model for the measurement of operational risk, Banco do Brasil has concentrated its efforts in the management of its operational risks, supported by the use of four essential elements to achieve the standard of solidity required: internal database, external database, analysis of scenarios and factors which reflects the business environment and the internal controls of the Bank (BEICF – Business Environment and Internal Control Factors).

In 2010, BB implemented specific limits for operational losses related to "Labour Related Problems", "Business Failures", " Process Failures", "External Fraud and Theft" and "Internal Fraud", with the objective of achieving more flexibility in the proposal of mitigation actions. Of particular note was the work carried out to adjust to the guidelines published by Brazilian Central Bank in resolution 19,217, of 12.24.2009, which involves the use of four essential elements in the internal operational risk measurement model.

With regard to the External Database, in 2010 the Bank affiliated itself to the "Operational Riskdata Exchange Association – ORX", a consortium for the interchange of external data on operational losses. This information is useful in measuring processes, acting as a complement to the internal database, or for the estimation of severe unexpected losses, thus comprising the calculation of capital allocation using the advanced approach, for the management to make comparisons with other institutions, and analyse the need to adopt mitigation actions.

Image Risk

Banco do Brasil has developed its own methodology for the management of a mixed risk, which is in the process of being implemented. The methodology translates into the identification and definition of risk indicators, in the evaluation of financial exposure to risk, and all the effects that potentially arise from this measure (Dow Jones, Advanced Basel, etc).

Socio-environmental Risk


For the monitoring of socio-environmental risk associated with its businesses and operations, Banco do Brasil has attributed responsibility to the Credit Directorship, with advice provided by the Sustainable Development Unit. This in turn, has an Executive Management responsible for the strategic management of matters related to BB's socio-environmental responsibility starts, reporting to the Vice-Presidency of Personnel Management and Sustainable Development. In its analyses, BB considers socio-environmental aspects related to legal, operational, image, credits and combined risks. This is essentially based on that established by the applicable legislation, in the commitments assumed by the Green Protocol, Ecuador Principles, and the Pact for the Eradication of Slave Labour.

In addition to the Ecuador Principles, from 2005 the adoption of socio-environmental criteria have been implemented in the evaluation of the study of the credit limit for companies and investment projects. Currently, these procedures are applied to companies with a current or forecast Net Operating Revenue equal to or greater than R$50 million, and investment projects with an amount financed by BB, equal to or more than R$2.5 million.

In 2008, the Bank started to adopt the requirements contained in CMN Resolution 3,545, which establishes conditions, for the purposes of providing finance for animal breeding in the Amazon Bioma. Questionnaires are also applied, which contain socio-environmental aspects to those requesting credits. These questionnaires are filled in by the analysts of the investment projects.

Banco do Brasil also prohibits operations for the financing of activities that do not have the formal authorization of the competent authority. Included in this situation are: deforestation, animal breeding destocking or defrayal, with the purpose of incorporating new areas into the production process; the sale of extracted products of vegetable origin, and fish in natura; investment operations in activities that require environmental resources or undertakings capable of causing environmental degradation; investment operations in activities that require a Prior Study of Environmental Impact (EIA) and a Report on the Impact on the Environment (RIMA); investment operations in activities which use water resources, including agricultural irrigation - water concessions.

Banco do Brasil adopts a procedure that requires auditing in socio-environmental compliance for undertakings categorizedas Project Finance, and whose analysis of socio-environmental risk carried out by the area responsible at the Bank, indicates potential risk, depending on the project. The audit covers the requirements applicable to the management of operational health and safety, and medicine, based on the existing legislation from the Ministry of Labour and Employment, conditional on environmental licences and the implementation of the Basic Environmental Plan, for compensation for, and mitigation of, social and environmental impacts, as well as the criteria of the Ecuador Principles, if these are more demanding than the law. Based on the socio-environmental audit reports, BB either does or does not approve the liberation of funding to the entrepreneur.

Legal Risk

To reduce the occurrence of legal risk, Banco do Brasil has a Legal Directorship which provides consultative, preventative and contentious legal advice, in the context of corporate strategy, and with a specific focus on each area of the business. The regular supply of internal information to the managers of products and services which enables the analysis of trends and alignment with strategies, is also important in the mitigation of legal risks.

PR4 | SO8 | PR9

Banco do Brasil paid a total of R$9,9 million in fines resulting from non-compliance to laws and regulations in 2010. Also in the year, 17 cases of non-compliance with regulations and related voluntary codes were cited, in addition to the amount of R$58,800 referring to non-compliance to laws and regulations related to the provision and use of products and services.