IMC ANNUALREPORT 2020 - Flipbook - Page 29
10 RISK
IMC ANNUAL REPORT 2020
IMC’S RISK FRAMEWORK IS ORGANISED
IN 3 LINES OF DEFENCE:
1. Risk Ownership
3. Risk Assurance
The responsibility to manage
risk is the domain of the primary
business. The primary business
consists of trading (making
trading decisions) and IT
(managing trading technology).
Risk Assurance entails the
responsibility to provide independent
assurance on the effectiveness of
governance, risk management, and
internal control systems in relation
to the most significant risks, which
threaten the achievement of the
Group’s objectives. Risk Assurance
is the domain of the Internal Audit
department and the Assurance
Committee.
2. Risk Oversight
Risk Oversight is the domain of the
Risk and Compliance department.
Whereas Compliance focuses on the
regulatory framework in which we
operate, Risk Management ensures
levels of financial and operational
risk are aligned with IMC’s and the
clearing organisation’s risk tolerance,
and are within regulatory limits.
Risk Management sets and controls
limits and processes for the business.
Furthermore, Risk Management and
Compliance assesses all existing
and new business activities for
adherence to risk appetite and
defined tolerance levels and works
closely with the business to line up
any new activities.
IMC’s risk framework is based on
enterprise-wide risk management
and can be divided in five main
building blocks: (A) Business and
Strategic Risk, (B) Market, credit and
liquidity risk, (C) Operational risk,
(D) Compliance, and (E) Information
Security. Risk appetite and tolerance
levels are defined for the main types
of risk. Management of these risks
consists of a continuous cycle of:
IMC’S MAIN REGULATORS
software development and
change management process, a
comprehensive set of pre- and
post-trade system safety limits
to control risks around execution
of trades, surveillance of trading
activity, and an incident database
to identify, file and analyse
incident(s);
• (Intra-day and real time)
monitoring of important
risk issues and reporting to
relevant stakeholders. The risk
and compliance teams have
several (intra-day and real time)
monitoring tools in place to keep
track of relevant risks.
A detailed reporting framework is
developed to create risk reports
to several layers of relevant
stakeholders to make sure
information is shared.
SEC | CFTC | FINRA
SFC
DNB | AFM
ASIC
• Identifying and assessing risks by
using risk assessments; all relevant
risks are defined and assessed
using impact and likelihood
• Determining adequate controls to
mitigate the risks to acceptable
tolerance levels. Examples of
key controls are the global limit
structure to limit exposure to all
relevant market factors, IMC’s
29