The Board of Directors approves CTT’s main risk policies and orientations, defining the profile and targets related to risks and creating control systems. Every year the Board evaluates the risk management system’s efficiency to ensure that the risks taken match the targets established.
Risk at CTT
The risks coming from CTT and its subsidiaries’ activity are managed according to the established at the Risk Management System Regulations, approved by the Board of Directors. This document defines rules, principles and procedures that guide risk management. Furthermore, it also established functions, liabilities and a management model, ensuring the implementation of a framework that supports CTT’s decision making process.
Risk at Banco CTT
Banco CTT has an autonomous risk management system. It is based on a set of concepts, principles, rules, and on an organizational model adjusted to its activity and regulatory framework. However, there is an internal communication model among the departments liable for the Banco CTT risk management to ensure the alignment of the main interrelated risks.
The Risk Profile is the main output in the risk assessment process. It communicates the vision on the events that may negatively affect the ability to reach our strategic goals and compromising our sustainability. Therefore, it is crucial to continuously review and update our Risk Profile. This is a dynamic process, made up by four sequential and interrelated stages. Its inputs are:
- supervision and report
Risks are identified and assessed according to the Risk Management System Regulations orientations, following qualitative and quantitative criteria:
- the likelihood of the event
- the effect’s impact and pace
The risk exposure level results from the combination of its likelihood and its impact. When the risk exposure level is not acceptable, we implement actions – corrective or mitigation – to reduce the likelihood or the impact and, consequently, reduce the exposure level.
Key Risk Indicators
The evolution of the main risks to CTT (those with a higher exposure level) is monitored through Key Risk Indicators (KRI). KRI work as a barometer. They alert us to any possible occurrence likelihood changes or to the impact of the risky event.
The main risks are described in the following table. For each risk, we present its rational, its score according to the taxonomy applied and the business segments affected.
For more information, please read the Integrated Report, pages 61 to 67.
We have a CTT Group Code of Conduct and we have an Ethics Committee, that guarantee the follow-up and the respect for the rules established in those codes. This Committee works in an independent and objective way.
Bribery and corruption
We have procedures to identify the people involved with bribery and corruption. We investigate complaints and accusations and we assess any possible corruption related behaviours.
In this sense, we audited:
- 154 CTT Post Offices – i.e., 29 % of our post offices
- 64 Postal Agencies – i.e., 25 % of our postal agencies
- 87 Delivery Centres – i.e., 39 % of our delivery centres
Following the investigations, we terminated 9 employment contracts.
All Banco CTT operations are subject to a risk assessment. Customers and operations are analysed to evaluate any risk for the bank to be used to money laundering or terrorism financing (including corruption).
We did not find any fraud or other infractions. Banco CTT has a Money Laundering and Terrorism Financing Prevention Policy and a set of processes and procedures to ensure all legal compliances and reduce the risks. Every year, a team of external auditors assesses the processes and procedures and performs effectiveness tests.
Compliance with the ethical obligations
We were charged fines worth 50.006,60€ related to laws and regulations on products and services.
In Portugal, we did not have any cases against us related to disloyal competition or antitrust practices.
We were also not applied any significant penalties or non-monetary sanctions related to the non-compliance with the environment or society laws and regulations.
We had 457 events and processes related to the non-compliance with working laws and regulations, of which 61 were solved. We had also 343 cases solved from previous years. There were 9 cases regarding fixed-term contracts, that led to the reintegration of 2 employees.