|Risk Management Principles [text block]
|
a
- Core risk management responsibilities are embedded in the Management Board and delegated to senior risk managers and senior risk management committees responsible for execution and oversight.
- We operate a Three Lines of Defense (“3LoD”) risk management model, in which risk, control and reporting responsibilities are defined.
- The 1st Line of Defense (“1st LoD”) refers to those roles in the Bank whose activities generate risks, whether financial or non-financial, and who own the risks that are generated in their respective organizations. The 1st LoD manages these risks within the defined risk appetite and ensures that organization, governance and structures are in place to identify, monitor, assess and accept or mitigate the risks they generate or are exposed to.
- The 2nd Line of Defense (“2nd LoD”) refers to the risk type controller roles in the Bank who facilitate the implementation of a sound risk management framework throughout the organization. The 2nd LoD defines the risk appetite and risk management and control standards for their risk type, and independently oversees and challenges the risk taking and risk management activities of the 1st LoD.
- The 3rd Line of Defense (“3rd LoD”) is Group Audit, which is accountable for providing independent and objective assurance on the adequacy of the design and effectiveness of the systems of internal control and risk management.
- The risk strategy is approved by the Management Board on an annual basis and is defined based on the Group Risk Appetite and the Strategic and Capital Plan in order to align risk, capital and performance targets.
- Cross-risk analysis reviews are conducted across the Group to validate that sound risk management practices and a holistic awareness of risk exist.
- All material risk types, including credit risk, market risk, operational risk, liquidity risk, business risk and reputational risk, are managed via risk management processes. Modeling and measurement approaches for quantifying risk and capital demand are implemented across the material risk types. For more details, refer to section “Risk and Capital Management” for the management processes of our material risks.
- Monitoring, stress testing tools and escalation processes are in place for key capital and liquidity thresholds and metrics.
- Systems, processes and policies are critical components of our risk management capability.
- Recovery and contingency planning provides the escalation path for crisis management and supplies senior management with a set of actions designed to improve the capital and liquidity positions in a stress event.
- Resolution planning is the responsibility of our resolution authority, the Single Resolution Board. It provides a strategy to manage Deutsche Bank in case of default. It is designed to prevent major disruptions to the financial system or the wider economy through maintaining critical services.
- We apply an integrated risk management approach that aims at Group-wide consistency in risk management standards, while allowing for adaptation to local or legal entity specific requirements.
|Risk Governance paragraph 2 [text block]
|
Several layers of management provide cohesive risk governance:
- The Supervisory Board is informed regularly on our risk situation, risk management and risk controlling, as well as on our reputation and material litigation cases. It has formed various committees to handle specific tasks (for a detailed description of these committees, please see the “Corporate Governance Report” under “Management Board and Supervisory Board”, “Standing Committees”).
- At the meetings of the Risk Committee, the Management Board reports on key risk portfolios, on risk strategy and on matters of special importance due to the risks they entail. It also reports on loans requiring a Supervisory Board resolution pursuant to law or the Articles of Association. The Risk Committee deliberates with the Management Board on issues of the overall risk appetite, aggregate risk position and the risk strategy and supports the Supervisory Board in monitoring the implementation of this strategy.
- The Integrity Committee, among other responsibilities, monitors the Management Board’s measures that promote the company’s compliance with legal requirements, authorities’ regulations and the company’s own in-house policies. It also reviews the Bank’s Code of Business Conduct and Ethics, and, upon request, supports the Risk Committee in monitoring and analyzing the Bank’s legal and reputational risks.
- The Audit Committee, among other matters, monitors the effectiveness of the risk management system, particularly the internal control system and the internal audit system.
- The Management Board is responsible for managing Deutsche Bank Group in accordance with the law, the Articles of Association and its Terms of Reference with the objective of creating sustainable value in the interest of the company, thus taking into consideration the interests of the shareholders, employees and other stakeholders. The Management Board is responsible for establishing a proper business organization, encompassing appropriate and effective risk management. The Management Board established the Group Risk Committee (“GRC”) as the central forum for review and decision on material risk and capital-related topics. The GRC generally meets once a week. It has delegated some of its duties to individuals and sub-committees. The GRC and its sub-committees are described in more detail below.
Risk management governance structure of the Deutsche Bank Group
The following functional committees are central to the management of risk at Deutsche Bank:
- The Group Risk Committee (GRC) has various duties and dedicated authority, including approval of new or materially changed risk and capital models, review of high-level risk portfolios, risk exposure developments, and internal and regulatory Group-wide stress testing results, and monitoring of risk culture across the Group. The GRC sets risk appetite targets, for example in the form of limits or thresholds. In addition, the GRC reviews and recommends items for Management Board approval, such as key risk management principles, the Group Recovery Plan and the Contingency Funding Plan, over-arching risk appetite parameters, and recovery and escalation indicators. The GRC also supports the Management Board during Group-wide risk and capital planning processes.
- The Non-Financial Risk Committee (NFRC) oversees, governs and coordinates the management of non-financial risks in Deutsche Bank Group and establishes a cross-risk and holistic perspective of the key non-financial risks of the Group, including conduct and financial crime risk. It is tasked to define the non-financial risk appetite tolerance framework, to monitor and control the effectiveness of the non-financial risk operating model (including interdependencies between business divisions and control functions), and to monitor the development of emerging non-financial risks relevant for the Group.
- The Group Reputational Risk Committee (GRRC) is responsible for the oversight, governance and coordination of reputational risk management and provides for a look-back and a lessons learnt process. It reviews and decides all reputational risk issues escalated by the Regional Reputational Risk Committees (“RRRCs”) and RRRC decisions which have been appealed by the business divisions, infrastructure functions or regional management. It provides guidance on Group-wide reputational risk matters, including communication of sensitive topics, to the appropriate levels of Deutsche Bank Group. The RRRCs which are sub-committees of the GRRC, are responsible for the oversight, governance and coordination of the management of reputational risk in the respective regions on behalf of the Management Board.
- The Enterprise Risk Committee (ERC) has been established with a mandate to focus on enterprise-wide risk trends, events and cross-risk portfolios, bringing together risk experts from various risk disciplines. As part of its mandate, the ERC approves the enterprise risk inventory, certain country and industry threshold increases, and scenario design outlines for more severe group-wide stress tests as well as reverse stress tests. It reviews group-wide stress test results in accordance with risk appetite, reviews the risk outlook, emerging risks and topics with enterprise-wide risk implications like risk culture.
- The Financial Resource Management Council (FRMC) is an ad-hoc governance body, chaired by the Chief Financial Officer and Chief Risk Officer with delegated authority from the Management Board, to oversee financial crisis management at the bank. The FRMC provides a single forum to oversee execution of both the Contingency Funding Plan and the Group Recovery Plan. The council recommends upon mitigating actions to be taken in a time of anticipated or actual capital or liquidity stress. Specifically, the FRMC is tasked with analyzing the bank’s capital and liquidity position, in anticipation of a stress scenario recommending proposals for capital and liquidity related matters, and ensure execution of decisions.
- The Group Asset & Liability Committee has been established by the Management Board in 2018. Its mandate is to optimize the sourcing and deployment of the bank’s balance sheet and financial resources within the overarching risk appetite set by the Management Board.
Our Chief Risk Officer (CRO), who is a member of the Management Board, has Group-wide, supra-divisional responsibility for the management of all credit, market, liquidity and operational risks as well as for the continuing development and enhancement of methods for risk measurement. In addition, the CRO is responsible for monitoring, analyzing and reporting risk on a comprehensive basis.
The CRO has direct management responsibility for the Risk function. Risk management & control duties in the Risk function are generally assigned to specialized risk management units focusing on the management of
- Specific risk types
- Risks within a specific business
- Risks in a specific region.
These specialized risk management units generally handle the following core tasks:
- Foster consistency with the risk appetite set by the GRC within a framework established by the Management Board and applied to Business Divisions;
- Determine and implement risk and capital management policies, procedures and methodologies that are appropriate to the businesses within each division;
- Establish and approve risk limits;
- Conduct periodic portfolio reviews to keep the portfolio of risks within acceptable parameters; and
- Develop and implement risk and capital management infrastructures and systems that are appropriate for each division.
Additionally, Business Aligned Risk Management (BRM) represents the Risk function vis-à-vis specific business areas. The CROs for each business division manage their respective risk portfolio, taking a holistic view of each division to challenge and influence the division’s strategy and risk ownership and implement risk appetite.
The specialized risk management functions are complemented by our Enterprise Risk Management (ERM) function, which sets a bank-wide risk management framework seeking to ensure that all risks at the Group and Divisional level are identified, owned and assessed for materiality. Material risks are owned and controlled by functional (usually 1st LoD) risk teams within the agreed risk appetite and risk management principles. ERM is responsible for aggregating and analyzing enterprise-wide risk information, including review of the risk/return profiles of portfolios to support informed strategic decision-making regarding the effective application of the Bank’s resources. ERM has the mandate to:
- Manage enterprise risk appetite at Group level, including the framework and methodology as to how appetite is applied across risk types, divisions, businesses and legal entities;
- Integrate and aggregate risks to provide greater enterprise risk transparency to support decision making;
- Commission forward-looking stress tests and manage Group recovery and resolution plans; and
- Govern and improve the effectiveness of the risk management framework.
The specialized risk management functions and ERM have a reporting line to the CRO.
While operating independently from each other and the business divisions, our Finance and Risk functions have the joint responsibility to quantify and verify the risk that we assume.
In May 2018, we fully merged our subsidiary Deutsche Postbank AG into the subsidiary DB PGK AG, to form “DB Privat- und Firmenkundenbank AG” (DB PFK AG). As a result, the existing joint risk management for the previously individual subsidiaries has been adjusted to reflect the new setup and size of the entity. The joint risk management of our enlarged subsidiary DB PFK AG is promoted through harmonized processes for identifying, assessing, managing, monitoring, and communicating risk, the strategies and procedures for determining and safeguarding risk-bearing capacity, and corresponding internal control procedures as well as joint governance.
Key features of the adjusted setup are:
- Established DB PFK AG Risk Management structure which continues to have additional functional reporting lines into Deutsche Bank AG Risk
- Involvement of the central DB PFK AG Risk Committee in the Group Risk Committee through mutual memberships
- Extension of selected risk committees of DB PFK AG to include voting members of relevant risk functions of Deutsche Bank AG, and vice versa
- Alignment to key Group risk policies
- Joint DB PFK AG reporting across the merged portfolios for all risk types and inclusion of DB PFK AG in the Group Risk and Capital Profile
- Independent DB PFK AG business and risk strategy aligned with and embedded in the Group Risk Appetite Framework, Strategy and Policies