​​The Montepaschi Group's Risk Management Process

The Montepaschi Group attaches the utmost importance to the process of identifying, monitoring, measuring and controlling risk. The risk management process within the Group has been further strengthened over the last few years. This was primarily made possible by the gradual extension of the advanced management and reporting models to the various entities of the Montepaschi Group. 
The fundamental principles of the Montepaschi Group’s risk management process are based on a clear-cut distinction of the roles and responsibilities of the different functions at first, second and third-levels of control. 

The Board of Directors of the Parent company is responsible for:

  • defining and approving strategic guidelines and risk management policies;
  • at least once a year, quantitatively expressing the Group's overall risk appetite in terms of Economic capital.

The Board of Statutory Auditors and the Risk Committee are responsible for:

  • evaluating the level of efficiency and adequacy of the Internal Control Systems with particular regard to risk control.


The CEO/General Management is responsible for ensuring compliance with risk policies and procedures. The Director in charge of the internal control and risk management system, appointed in compliance with the Corporate Governance Code for listed companies, is responsible for creating and maintaining an effective system of internal control and risk management.

Specific management committees responsible for risk issues are also in place in order to promote efficiency and flexibility in the decision-making process and facilitate interactions between the various corporate departments involved.

The Risk Management Committee of the Parent Company:

  • establishes risk management policies;
  • ensures overall compliance with the limits defined for the various operating levels;
  • defines capital allocation proposals to be submitted to the Board of Directors;
  • assesses risk profile and, therefore, capital consumption (Regulatory and Economic) at both Group level and individual Group company level and analyses the risk-return performance indicators.

The Finance and Liquidity Committee of the Parent company has the task of:

  • setting the principles and providing strategic guidance for Proprietary Finance;
  • deliberating and submitting proposals concerning the interest rate and liquidity risk exposure of the banking book and defines capital management actions required.

The Credit, and Credit Policies Committee of the Parent Company:

  • formulates credit process guidelines and expresses an opinion, at least once a year, on credit policies by verifying their commercial sustainability and consistency with risk appetite levels;
  • at least once a year, approves company policies pertaining to credit assessment, including for the purpose of subsequent reporting in the financial statements;
  • is responsible, on the basis of the power assigned to it, for taking decisions concerning the issue of credit and the management of problem loans and assets;

Within the Internal Control System, third-level controls are carried out by the Chief Audit Executive Division (Internal Audit), second-level controls by the Chief Risk Officer Division and the Compliance Area, and first-level controls by the Business Control Units. 

In accordance with the principles contained in the New Accord on Capital Adequacy (Basel 2) in relation to First Pillar risks, in the first half of 2008, the Montepaschi Group completed its work on the internal models for credit and operational risks. Pursuant to circular letter 263/2006 of the bank of Italy, on 12 June 2008 the Montepaschi Group was officially authorised under regulation no. 647555 to use the advanced models for the measurement and management of credit risk (AIRB -Advanced Internal Rating Based) and operational risk (AMA – Advanced Measurement Approach) as of the first consolidated report at 30-06-2008. 
These models were subsequently developed and their scope of application extended to Group entities not originally included in the initial scope of validation.