Risk management and control

Proper risk management and control are essential conditions to ensure reliable and sustainable creation of value and protect the Group's financial soundness and reputation.

The risk management strategy aims to achieve a complete and consistent overview of risks, given both the macroeconomic scenario and the Group’s risk profile, by fostering a culture of risk-awareness and enhancing the transparent and accurate representation of the risk level of the Group’s activities.

The need for Companies to detect, together with the typical risks, an ever more complex set of risks tied to the failure to safeguard the environment, human rights, and the fairness and transparency of operating practices also along the procurement chain was also consolidated.
For a bank as Intesa Sanpaolo such management also includes measurement of the social and environmental variables in lending activities, particularly when our customers' business projects are implemented in developing countries, for which local regulations do not offer suitable safeguarding clauses, and in "sensitive" sectors, i.e. those for which the external output generated has a greater probability of negative social and environmental impact on the community.

Since its inception Intesa Sanpaolo has adopted its own Code of Ethics (PDF - 889 KB) - regulatory reference for integrating social and environmental considerations in processes, practices and business decisions - has laid down a framework of voluntary commitments towards all stakeholders, which has resulted in the signature of international standards and the issue of policies for the most sensitive areas. The control process of the Code of Ethics is integrated with the management processes underlying the Consolidated Non-financial Statement: stakeholder engagement and listening, definition of improvement objectives, monitoring implementation via KPIs and, lastly, reporting).

Tools have been set up, aimed at monitoring the implementation of the commitments and improvement objectives declared. In line with the chosen model, which is aimed at consolidating relations with a view to identifying opportunities and preventing reputation crises, the outcomes of the listening process, which embraces the adherence to international standards of excellence (AA1000), guide the selection of the areas where the monitoring action should be concentrated. On the most risky aspects, defined according to the process of stakeholder engagement and other indicators, an assessment is carried out following the ISO 26000 Guidelines, which represent the international methodological reference expressly dedicated to social responsibility issues.