Operational risk is the risk of financial loss or damage resulting from inadequate or failed internal processes, people and systems or from external events.
Management of risk associated with carrying out the Group's operations is through internal procedures and monitoring and control mechanisms, while management of legal risk is through effective consultation with internal and external legal counsel. Other kinds of operational risk are managed by ensuring that trained and competent people - and appropriate infrastructure, controls and systems - are in place to ensure the identification, assessment and management of all substantial risks.
The Group is also exposed to risks relating to its fiduciary responsibilities towards fund providers. Fiduciary risk arises from the failure to perform in accordance with explicit and implicit standards applicable to an Islamic bank's fiduciary responsibilities, leading to losses in investments or failure to safeguard the interests of the investment account holders. Group subsidiaries have in place appropriate mechanisms to safeguard the interests of all fund providers. Where investment account holders' funds are commingled with an ABG subsidiary's own funds, the respective subsidiary ensures that the basis for asset, revenue, expense and profit allocations are established, applied and reported in a manner consistent with the Group's fiduciary responsibilities.
As mentioned above, Group policy dictates that the operational functions of booking, recording and monitoring transactions are carried out by staff independent of the staff initiating the transactions. Group subsidiaries have primary responsibility for identifying and managing their own operational risks. Each subsidiary is guided by policies, procedures and controls that are relevant for each function. Internal control policies and procedures dictate the segregation of duties, delegation of authorities, exceptions reporting, exposures management and reporting, and reconciliations, and are based on the submission of timely and reliable management reporting.
Separate and independent Internal Control units carry out ongoing monitoring of day-to-day procedures and ensure adherence to key control functions.