Relevant policies and risks

[GRI 102-15], [GRI 103-1], [GRI 103-2], [GRI 103-3]

In performing its activities the Group pursues the objective of combining profitability and competitiveness with scrupulous business ethics, based on principles of honesty, professionalism, transparency and fairness towards its clients.

Contractual arrangements and communications are based on principles of fairness, professionalism and transparency. Clients are furnished with clear and exhaustive disclosure on the products and services being offered to them, and on the terms and conditions being applied, to facilitate comprehension and enable them to make informed choices. Any complaints are handled sensitively and treated as an opportunity to improve, resolve conflict and increase customer trust and satisfaction.

The approach to conduct risk is intended to identify the principles necessary to ensure correct conduct in the performance of the Group’s business, thereby minimizing the risk of the behaviour of its employees, while complying with the letter of the regulations, and so causing damage, whether actual or potential, to its clients.

Despite the lack of specific obligations in this area, the Mediobanca Group has adopted a business conduct policy, applying the principles defined at international level to the Group’s own specific areas of operation, in particular those introduced by the FCA (Financial Conduct Authority), the UK supervisory authority which since 2013 has been developing an approach based on compliance with conduct principles and the related concept of conduct risk, defined as the risk of the conduct and actions of a financial institution’s employees being contrary to the principles of diligence, fairness and professionalism versus clients.

Material issues Risks identified by Mediobanca Mitigation activity
Innovation, multi-channel
approach and digitalization
Compliance with laws and
regulations and operational risk
  • Continuous coverage by the IT Regulation, IT Compliance & Business Continuity and IT Risk and Cyber Security units
  • Application of consolidated procedures to ascertain compliance, and regular revision of these procedures
  • Ongoing investment in updating the procedures applied and the applications used
  • Staff training and communication activities
Data protection and
security
Protection of clients’ privacy and
personal data and IT risk
  • Continuous coverage by the IT Risk and Cyber Security unit
  • Use of applications with workflow checked centrally
  • Ex-ante and ex-post controls performed centrally
  • First level controls by private bankers and assistant bankers
  • Executive summary report on state of progress in IT risk management presented regularly to BoDs of Mediobanca, CheBanca! and Compass
Stability, regulation and
resilience of financial
system
Repayment of credit
  • Application of credit granting processes developed specifically to mitigate credit risk
  • Use of credit guarantee systems: credit counter-guaranteed by pledge over assets deposited with the Bank
  • Procedures with different levels for credit applications, and ongoing monitoring of repayment capability
Stability, regulation and
resilience of financial
system
Loss of competitiveness (offering
not aligned with the best market
practices)
  • Monitoring, fine-tuning and innovation of product offering at central level
  • Ongoing communication and dialogue between central offices, private bankers and clients to pick up market needs and suggestions
Transparency of information
on products and services
Payment fraud risk
  • Compass, CheBanca! and Mediobanca Private Banking adopt anti-fraud systems and client authentication systems as part of their Home Banking offer and arrangements for payments via the internet which allow suspicious transactions to be intercepted and blocked; the websites also provide information to raise customers’ awareness of the issue