C.5.2 Operational risk assessment
Aegons approach to evaluating operational risks is based on the quantitative and qualitative rating of those risks with regard to their potential impact and
likelihood after consideration of the effectiveness of controls. Risk impact is assessed along the following three impact dimensions: financial loss, customer & reputation impact, and financial misstatement. The resulting ratings reflect
the (residual) risk the business area is running. The senior management of each strategic business unit reports their forward-looking risk profile on a quarterly basis, together with details of action plans that address key risks and, where
appropriate, the CROs opinion on the effectiveness of those plans. Please see section B.4.2 ORM framework for a detailed description.
Aegon has identified
eight risk categories that serve as a common language for the Group and support the preparation of operational risk reporting and analysis. The eight categories are detailed below:
Business risk
The risk of losses due to failed
or inadequate strategy execution, marketing and sales practices, distribution channels, pricing, investment returns, and handling of customer complaints or late reaction to changes in the business environment.
Legal, regulatory, conduct & compliance risk
The risk that losses occur resulting from non-voluntary legal liabilities, inadequate legal documentation; or products,
services, people and actions failing to deliver the reasonable expectations of its customers and other stakeholders; or failure to comply with laws, regulations and internal company rules and policies, as well as late identification of significant
and potential legal and regulatory developments.
Tax risk
Tax risk is the risk associated with changes in tax laws, or the interpretation of tax laws, later jurisprudence or case law, or the introduction of new taxes or tax
laws. This tax risk includes for example the risk of changes in tax rates, changes in loss carry-over rules and new rules restricting the tax deductibility of interest expenses.
Tax risk also includes the risk of consequences arising from failure to comply with procedures required by tax authorities. Failure to manage tax risks may lead to
increased tax charges, including financial or operating penalties. This tax risk may have a direct materially adverse effect on Aegons profits, capital and financial condition. Any changes in tax laws, interpretation of tax laws, later
jurisprudence or case law, or the introduction of new taxes or tax laws in all countries in which Aegon operates or invests, which affects Aegons products, may have a materially adverse effect on Aegons businesses, results of operations,
capital and financial condition.
Financial crime risk
A wrongful act (including money laundering), omission, breach of duty or trust, intentionally performed by an Aegon employee, intermediary or external party, which
potentially could or results in disadvantage to Aegon or another.
Processing risk
The risk of losses due to inadequate or failing administrative processes and related internal controls, inadequate capturing of source data, reporting errors, modeling
errors and failing outsourcing and supplier arrangements.
Information technology & business disruption risk
The risk of losses due to a failure, misuse of IT and associated assets or inefficiency utilization of assets. This comprises of poor IT service delivery, IT
performance and capacity issues, insufficient implementation or execution of information security controls, poor incident management practices, inadequate or failed business continuity and disaster recovery planning and execution.
People risk
The risk of losses due to acts
inconsistent with employment, health or safety laws or agreements, from payment of personal injury claims or from diversity/discrimination incidents or losses resulting from an insufficient number of, or appropriately trained, personnel.
Facility risk
The risk of losses due to
inadequate or failing physical asset management (including physical security incidents and inefficient procurement) and events causing damage to physical assets (vandalism, water damage, fire, explosions etc.).