ANNUAL REPORT 2010

60

proved, in its meeting of 13 July 2010, the “Guidelines on EIF Restricted Sectors”. These guidelines define key economic sectors, which shall not be supported through EIF transactions due to the inherent reputation risk. The policy excludes arms production and arms trading, to-bacco, distilled alcoholic beverages, gambling, internet casinos and illegal downloading as well as reproductive human cloning from EIF support and postulates enhanced monitoring on the ethical aspects of transactions targeting BioTech, Genetically Modified Organisms and therapeuti-cal human cloning.

Furthermore, the EIF Board of Directors approved the ap-plication of the EIB Group Complaints Mechanism, which opens ways to the public to complain against maladmin-istration practices.

Finally, COR strengthened the awareness of EIF Staff on compliance-related matters through the organisation of an increased number of training sessions.

Operational Risk

Role and Position

At EIF, operational risk is defined as the risk of loss or reputational damage resulting from inadequate or failed internal processes, people and systems or from external events.

While the management of operational risk is the primary responsibility of each function or service leader, the imple-mentation of an integrated operational risk management framework forms part of the remit of COR.

In this context, COR has developed a risk and control assessment methodology which comprises the identifica-tion and the risk assessment of the main EIF processes as well as the definition of risk-mitigation plans. On this basis, COR started the development of the Internal Con-trol Framework 2010, which will allow a process-based assessment of operational risk within EIF.

The remit of EIF Compliance & Operational Risk (COR) includes the assessment of compliance risk and opera-tional risk within EIF; the Head of COR also takes care of data protection issues in EIF. This combination allows a comprehensive analysis of non-financial risks within one service function of EIF.

With these responsibilities, COR forms part of the inte-grated ex-ante risk assessment and ex-post risk monitoring under the responsibility of the Deputy Chief Executive.

Compliance

Role and Position

The reference to compliance risk in EIF follows the defini-tion set out in the paper on “Compliance and the compli-ance function in banks” issued by the Basel Committee on Banking Supervision in April 2005. It comprises con-sequently the assessment of the risk of legal or regulatory sanctions, material financial loss or loss of reputation. In this context, COR addresses issues relating to (i) institution-al compliance, such as corporate governance or public procurement, (ii) transactional compliance, in particular compliance with applicable rules and guidelines for EIF transactions and (iii) conduct compliance, mainly as re-gards the conduct rules incorporated in the EIF codes of conduct.

As regards compliance issues, COR has, upon its initiative, direct access to the EIF Board of Directors.

In addition COR also plays a central advisory role in the context of the structuring and managing of Calls for the Expression of Interest which form the basis of the solicita-tion process for transactions under the EU Structural Funds mandate JEREMIE.

Key Policy Papers

In the context of the overall concept of business ethics and sustainability, the EIF Board of Directors has ap-

Compliance and Operational Risk