Operational risk refers to the risk of loss arising from inadequate or failed processes, systems or personnel, or from external events. The definition also includes legal risk that refers to the risk of loss due to disputes not related to insurance claims, breach of contract or entry into illegal contracts or breach of intellectual property rights.
Compliance risk refers to risk of legal or regulatory sanctions, material financial losses or loss to reputation as a result of not complying with applicable rules.
Risk management and control
Operational risks are identified and assessed through the risk and control self-assessment process. Line organizations identify, measure, manage, monitor and report operational risks periodically. Identified operational risks are assessed from a likelihood and impact perspective.
Systems have been implemented for incident reporting procedures and follow-up. Incident data is used to analyse operational risks and severe incidents are tracked to ensure that proper actions are taken.
The compliance functions are responsible for ensuring that there are effective processes for identifying, assessing, mitigating, monitoring and reporting compIiance risk exposure. Compliance risks identified by the line organizations and support functions are reported to the compliance functions.
More information regarding the most relevant operational risks in Sampo Group companies can be found in the respective Annual Reports.