Risk management and control

The risk management strategy aims to achieve a complete and consistent overview of risks, given both the macroeconomic scenario and the Group’s risk profile, by fostering a culture of risk-awareness and enhancing the transparent and accurate representation of the risk level of the Group’s activities.

The need for Companies to detect, together with the typical risks, an ever more complex set of risks tied to the failure to safeguard the environment, human rights, and the fairness and transparency of operating practices also along the procurement chain was also consolidated.

For a bank as Intesa Sanpaolo such management also includes measurement of the social and environmental variables in lending activities, particularly when our customers' business projects are implemented in developing countries, for which local regulations do not offer suitable safeguarding clauses, and in "sensitive" sectors, i.e. those for which the external output generated has a greater probability of negative social and environmental impact on the community.

Click for details on the operational risks managed by the Bank.

A fundamental element in the management of the Bank's ESG risks is the adherence to the Equator Principles, which dates back to 2006, even before Banca Intesa and Sanpaolo IMI joined together to give rise to Intesa Sanpaolo. The adhesion was subsequently reconfirmed in 2007 by the new Group. The implementation process is declined and regulated by the Equator Principles Rules, valid for the whole Group. The internal regulations dedicated to EPs are integrated into the Group's credit policies and are referred to by the relevant credit granting procedures in order to intercept, from the moment the request arises, all the loans that fall within the scope of the Equator Principles.

Since its inception Intesa Sanpaolo has adopted its own Code of Ethics - regulatory reference for integrating social and environmental considerations in processes, practices and business decisions - has laid down a framework of voluntary commitments towards all stakeholders, which has resulted in the signature of international standards and the issue of policies for the most sensitive areas. The control process of the Code of Ethics is integrated with the management processes underlying the Consolidated Non-financial Statement: stakeholder engagement and listening, definition of improvement objectives, monitoring implementation via KPIs and, lastly, reporting).

Tools have been set up, aimed at monitoring the implementation of the commitments and improvement objectives declared. In line with the chosen model, which is aimed at consolidating relations with a view to identifying opportunities and preventing reputation crises, the outcomes of the listening process, which embraces the adherence to international standards of excellence (AA1000), guide the selection of the areas where the monitoring action should be concentrated. On the most risky aspects, defined according to the process of stakeholder engagement and other indicators, an assessment is carried out following the ISO 26000 Guidelines, which represent the international methodological reference expressly dedicated to social responsibility issues.