Annual Report 2013

Corporate GovernanceRisk Management and Corporate Controls

THE RISKS TO WHICH THE BANK IS EXPOSED ARE CONTINUALLY MONITORED AND MITIGATED
GRIG4-14

Risk and capital management is strategic to the decision-making process within the Banco do Brasil, as it enhances stability, the efficient allocation of resources and the optimization of the risk-return ratio. BB is investing in enhancing governance and the attendant practices, in compliance with international market benchmarks and the Basel III Framework.

The governance of this process rests with the Global Risk Committee (CRG), which consists of members of the Board of Officers and has responsibility for establishing the general strategies, global exposure limits, compliance levels and capital allocations. The bank can also count on the Credit Risk (SRC), Market and Liquidity Risk (SRML) and Operating Risk (SRO) Sub-Committees, which speed up the management and provide the CRG with risk scenario information and analysis.

A department specializing in risk management is in charge of monitoring market, liquidity, operating and credit risks. Strategy and reputation risks are jointly managed, in turn, with the bank team that focuses on the theme of strategy. Socioenvironmental risks are jointly monitored with department dedicated to matters of sustainability. This interdisciplinary structure for managing risks enables a more detailed evaluation of the risk factors and the means of mitigation.

To prevent, correct or discourage fragilities, in addition to reducing losses and strengthening the risk culture, BB employs the Technical Risk Recommendation (RTR) tool. This tool, made available to all process or product management areas, contributes to the adoption of action plans for mitigating losses and ensuring discharge of the responsibilities defined in the risk management phases.

Business Continuity Management (GCN)

To ensure that the services essential to the business function, even in crises or emergency situations, Banco do Brasil relies on a GCN process that is the market benchmark. The practices put in place contribute to strengthening its corporate image and the sustainability of the business, as well as to compliance with regulatory demands at domestic and international level.

As part of its permanent investment in employee training and the dissemination of the GCN culture, the bank took part in external training sessions on this theme in 2013, in addition to putting on internal training courses and specific events about this matter in different cities, with the participation of speakers from the market.

Principal Risks

Market risk: involves the possibility of incurring losses arising from fluctuations in market prices of the positions held by a financial institution, including risks on operations subject to variances in currency rates, interest rates and share and commodity prices. BB’s own positions are segregated into Trading and Non-Trading Books defined by the CRG. The main types of limits in place are Value at Risk (VaR) and stress testing. In 2013, the bank enhanced the advisory process and risk management of the overseas units. This process included revising the main Corporate Methodology Manuals and the control procedures, while monitoring and accompanying the global limits of the Trading and Non-Trading Books. It also improved risk management at its associate entities.

Credit risk: refers to the possibility of the occurrence of losses associated with non-compliance by the borrower or by the counterparty of their respective financial obligations within agreed terms; impairment of a loan agreement arising from the deterioration in the borrower’s risk rating; the reduction in earnings or remuneration; the advantages granted in the renegotiation; and the recovery costs. It includes, among others, commitment, concentration, counterparty, intermediary and Country risks. Credit risk is managed based on the guidelines established in the specific policy and strategies for that risk, but also takes into account in-house methodologies for rating customer risk, in line with best market practices and the concepts of the Basel Agreement. Information about credit risk is permanently and constantly disclosed, where the assumptions are best practices, banking legislation, users’ requirements, the bank’s interests and the confidentiality and relevance of the information.

CHALLENGE 20

Better socioenvironmental risk management in financing (except for climate change-related risks). See how BB is facing up to this challenge clicking here.

Operating risk: arises from the possibility of losses resulting from legal risks or from the failure, deficiency or inadequacy of internal processes, personnel and systems, or from external events. The current risk management structure in this area was defined in order to optimize management and comply with the regulatory requirements for BB’s candidacy for using internal models, which primarily includes integrated risk management and segregation of the second level of control. In 2013, Banco do Brasil set up teams dedicated to enhancing the process for identifying and assessing risks, implemented improvements in the reports for managers and developed an action plan for mitigating operating losses, among other initiatives.

Liquidity risk: arises from possible imbalances between tradable assets and enforceable liabilities that might affect the bank’s payment capacity and the possibility of losses arising from failure to settle a position at market prices, because of its huge size in relation to the volume normally transacted or on account of market conditions. The bank maintains liquidity levels considered sufficient to cover its commitments in Brazil and offshore, thanks to its extensive and diversified depositor base, the quality of its assets, the capillarity of its offshore branch network and the access it enjoys to the international capital market.

In 2013, regular reviews were carried out of the policies, models, methodologies, parameters and criteria used in managing this risk. Worthy of note are the enhancement in segregating the functions and responsibilities among the business areas, as well as those of liquidity management, governance mechanisms and oversight in the case of the bank’s associate entities.

CHALLENGE 21

Better socioenvironmental risk management in the bank’s own investments and those of third parties (except for climate change-related risks). See how the bank is facing up to this challenge clicking here.

Strategy risk: involves the possibility of losses arising from adverse changes in the business environment or from the use of inappropriate assumptions when taking decisions. BB relies on processes that keep potential losses to a minimum, as well as activities for identifying, evaluating, controlling, mitigating and monitoring the risk.

Reputation risk: can be understood as the risk arising from a negative perception of the bank on the part of external stakeholders, which might adversely affect the sustainability of the business. To mitigate this, activities are put in place to monitor and deal with news appearing in the media, customer satisfaction surveys and the process for detecting and evaluating the risk from products, services and self-service channels.

Socio-environmental risk: involves the possibility of losses arising directly or indirectly from adverse social and environmental impacts resulting from BB’s administrative or business practices or those of the players within it operating environment, as well as those arising from situational aspects involving the social and environmental non-sustainability of current means of production and consumption patterns. The highlights of the socioenvironmental risk mitigation processes are the Agenda 21, the Stakeholders Panel, the Sustainability Forum for Executive Officers, the adoption of the Equator Principles for financing classified as Project Finance and the sustainability directives for loans (forests and biodiversity, water, climate change, agribusiness, electrical energy, civil construction and mining).

In addition, a socioenvironmental risk management system is currently under development and implementation. In November 2012, the Board of Officers of BB approved the institutional responsibility and the definition of the concept and categories of socioenvironmental risk, in addition to the risk management structure, with segmentation of the responsibilities as the reference model for attributions. The socioenvironmental risk management model will encompass the systems and processes to be applied to the following risk categories: financial support, administrative practices, participations and socioenvironmental scenarios.

Further information about the governance process and risk management is available in the Risk Management Report on the IR site of Banco do Brasil.

THE INTERNAL CONTROLS SYSTEM WAS IMPROVED IN 2013 TO ENHANCE ITS ALIGNMENT WITH THE STRATEGY

Internal Controls

Internal control mechanisms are necessary if the Banco do Brasil is to achieve its strategic objectives and meet the expectation of the regulatory bodies, customers, employees, investors and society. In 2013, there was an alignment of the areas responsible in order to arrive at a new format for the risk management and controls process of BB through greater integration and alignment of the strategic objectives.

The risk model validation process evaluates whether the models used are sufficient and whether they reflect the bank’s risk profile, based on critical analysis of the systems, data, technological infrastructure and models used in risk management. The results of this validation are periodically discussed with managers in technical forums and subsequently submitted to the risk sub-committees of Banco do Brasil for the purpose of making any adjustments so that they can be effectively used in the management process.

BB has developed and approved a methodology for electronic monitoring of compliance in processes, products and services, so as to detect and foresee situations that indicate possible induction of results or non-compliance with rules, so that the bank can adopt mitigation measures or adjustments to processes.

Relevant processes are given priority when evaluating the effectiveness of their controls, so as to ensure the quality of the information comprising the financial statements. All processes with close links to compliance with the Basel agreement are also analyzed. Regional Internal Controls Management verifies compliance by the important processes being employed in the service network.

Strategic Security Management

Driven by the commitment to protecting corporate information, BB adopts best management practices in information security, thereby complying with the requirements of the regulatory bodies, as well as those of the internal and external auditors. Information security directives and policies are formalized in normative instructions that are frequently reviewed and updated. Within the scope of disseminating an information security culture, employees participated in training courses, including events involving the executive, managerial and technical levels of the bank, as well as other companies of the Conglomerate.

Indicators of Security Management Training Courses by Functional Level in 2013
Functional Level Number of Employees Number of Employees Trained Number
of Training Sessions
Hours of Training Percentage of those Trained Number of Training Sessions per Employee Hours of Training per Employee
Managerial 36,292 4,509 4,988 53,376 12.42 0.14 1.47
Technical 5,155 707 749 8,316 13.71 0.15 1.61
Advisory 7,195 1,106 1,164 12,432 15.37 0.16 1.73
Operational 20,648 2,763 3,145 31,764 13.38 0.15 1.73
Others 42,926 8,429 9,435 96,348 19.64 0.22 2.24

In 2013, the bank adapted its structure by redefining scopes and responsibilities and by segregating the definitions of execution in information technology (IT) security. This enhanced the synergy among the areas, providing greater speed of response in IT processes while improving security control mechanisms. In order to detect, analyze and notify indications of money laundering, all Brazilian branches use a specially designed automated monitoring system. Measures were also implemented to comply with the requirements of Bacen Circular No. 3.654 and to adapt to PLD/CFT Normative on the banking Self-Regulation System of the Brazilian Banks Federation (FEBRABAN).
GRIG4-SO3

ANTI-CORRUPTION TRAINING INVOLVED MORE THAN 41,000 EMPLOYEES IN 2013

During the year over 41,000 employees were trained via the intranet, resulting in 284,000 class hours of training in anti-money laundering and financing of terrorism. Around 850 employees took part in live training lasting 3 days, giving a total of 20,000 class hours. Eight exclusive workshops were developed for strategic entities and representatives of the entities of BB Conglomerate, and 1,915 employees were approved in certification examinations bearing the seal of the National Anti-Corruption and Anti-Money Laundering Strategy (ENCCLA) conferred by the Ministry of Justice.

In cases of corruption, confidentiality applies. In 2013, four administrative proceedings were concluded, establishing the responsibility of those involved in incidents of this nature.GRIG4-SO5

GRIG4-SO4
Number of Participations in Live Anti-Money Laundering Training 2011 2012 2013
Internal Certification in Internal Controls and Compliance 3,650 1,359 921
Anti-Money Laundering Synapse (1) 37,408 47,628 12,956
Course about Controls 8,793 5,219 2,622
Workshop on Analyzing Indications of Money Laundering 2,104 1,569 1,293
Internal Anti-Money Laundering Certification 2,695 2,626 2,214
Total 61,478 58,401 20,006

(1) The decline in the number of participations in this course in 2013 was expected, as 93% of the employees have already taken it. Since the second semester of 2011, completing this course has become a prerequisite for enrollment in in-house opportunities, which led to an increase in participations in 2011 and 2012.

Banco do Brasil is continually seeking to enhance its security systems and rules, focusing on preventing and combating electronic fraud. Internal processes are constantly reviewed, especially the identification and authentication of customers that use the service channels, in addition to the need to protect the confidentiality of the information and the transactions that take place, so as to avoid incidents of identity theft. To further enhance the level of security in the service channels, the bank has engaged in new projects that use state-of-the-art technology, such as installing biometric identification systems on ATMs and new security devices for internet banking, with the use of two-dimensional matrix bar codes known as QR Code.

In this sense the process of customer file validation has helped to detect discrepancies in information provided at the time checking accounts are opened. The files of around 7.7 million customers were submitted to automated analysis and sent for validation in cases of more relevant discrepancies.

The corporate and business environments are also the focus of security solutions for customers, employees and the property of BB. In 2013, expansion continued of the Banco do Brasil Security Complex (CSABB), which manages integrated image monitoring on the premises. The operations of the 15 Regional Monitoring Centrals, which cover 3,600 self-service spaces, enabled the prevention of potential crimes in these environments. Furthermore, measures focused on physical cash handling sought to reduce the amount of cash available in areas identified as offering greater risk.