Organisation and technologies
The control over the development of the Group's organisation, with reference to organisational structures, size and processes, is guaranteed by the Organisation and Information Systems Area.
In 2014, Banca IFIS continued in its growth and renewal efforts that have characterised the last few years, also by planning, launching and implementing several initiatives.
The projects launched in 2014 were driven by both the goal of aligning the Bank's governance and organisation to the new regulatory framework and the need to implement the strategy outlined in the Group's business plan.
In this sense, the Bank continued to enhance its organisational structure as far as both the business areas and the strengthening of risk control and management units are concerned.
In 2014, Banca IFIS's initiatives focused on the following areas:
- for the Bank's traditional business, concerning lending to SMEs:
- the verticalisation of products, allowing to acquire specific customer segments, customising specific operating processes where necessary;
- the development of the Internet channel, maintaining a continued presence to acquire new customers;
- the development of specific litigation support software to better monitor impaired positions;
- the development of an electronic invoicing service to help customers in dealing with Italy's Public Administration in light of new regulations;
- the reorganisation of the credit monitoring function to improve the quality of the portfolio, both in terms of preventing – based on a series of warning indicators – and managing risks concerning customer/debtor/guarantor positions that show signs of impairment;
- for the Area specialising in the acquisition of non-performing loan portfolios:
- the implementation of measures targeted at optimising production and control processes;
- the introduction of diversified collection approaches aimed at turning debtors into “customers”;
- the introduction of improved procedures and new capabilities enhancing existing software solutions, also in terms of equipment provided to debt collection agents and companies (tablets with specific applications directly accessing the Bank's database);
- the consolidation of the debt collection network;
- the development of a segregated environment for accessing information about distressed portfolios held by potential sellers, in order to optimise risk analysis processes concerning non-performing portfolios being considered for an acquisition;
- the development of software updates to support portfolio sales operations (accounting, warning, etc.);
- for the retail funding Area, the Bank took actions aimed at consolidating the rendimax and contomax products;
- concerning Risk & Compliance:
- the definition of the rules for the Risk Management Function;
- the definition of the rules for the Compliance and Anti-Money Laundering Function;
- the definition of the Group's Policy for assessing capital adequacy;
- the definition of the Risk Appetite Framework pursuant to new Bank of Italy's regulations;
- the definition of management processes for the major risks assumed by the Bank, especially credit risk, banking book interest rate risk, concentration risk, and operational risk. Furthermore, the Bank outlined the development and validation process it will adopt for the internal rating system. For this purpose, the Organisation and Information Systems Area, with operational assistance from the Risk Management Function, defined the Group's relevant policies;
- the progress on the implementation of the SAS system for the purpose of risk management;
- the establishment of criteria for identifying significant transactions;
- as for ICT governance, compliance and risk management, the main initiatives concerned:
- the preparation of the Group's Policy for defining the ICT and technology strategic plan. This document outlines the process (and assigns roles and responsibilities to the organisational units involved) the Bank uses to plan its own ICT strategy, with initiatives ranging from the assessment of business goals (promoting a feedback loop with the general strategic planning process) to the definition of prospective architectural and infrastructural design as well as the planning and monitoring of the relevant enabling projects;
- the preparation of the Group's Policy for information security risk assessment and management. This documents outlines the information security risk governance and management process as well as how the Bank intends to assess it pursuant to regulatory provisions;
- the preparation of the Group's Policy for IT Security management;
- the outlining of procedures concerning change management as well as IT security accidents;
- the definition of the data governance system;
- as for infrastructural issues and cross-functional applications:
- the compliance with Business Continuity requirements (through off-site data centres);
- the updating of operational and IT procedures to comply with the EBA's disclosure requirements (FinRep and Corep);
- the development of a privacy assessment process to obtain awareness of potential privacy breach risks and then implement adequate organisational and IT measures to prevent them;
- the deployment of ERP software solutions required to comply with the “Provisions Concerning Data Sharing and Tracking of Transactions in the Banking Sector”;
- the development of the Group's Intranet (IFIS 4 YOU), providing all employees with a single workstation displaying key information on the Bank's operations in a way similar to social networks;
- the development of a dedicated tool for monitoring transactions with customers to identify any anomalies suggesting money laundering or terrorist financing activities are being or have been carried out or attempted;
- the development of new claims management software, completely integrated with the Bank's technological platform, to increase the awareness of the staff responsible for managing customers' claims in order to constantly improve the relationship with the customer.
The Bank revised the main internal regulations and procedures in light of the above changes.
As every year, outsourcing agreements were revised and updated in order to bring them in line with changes in operations; where necessary, also the key performance indicators (KPIs) for the services supplied were improved.
The Bank also updated its Security Policy Document.
During the year, the organisational structure of the ICT division was strengthened even further, in order to bring it into line with business developments.
Finally, Business Continuity and Disaster Recovery of the Bank’s ERP systems underwent the standard architectural and applicative tests during 2014. The tests were carried out in the presence of the Internal Audit function.