Risk Management

Risk & Compliance Charter

Purpose

R&C supports CM.com in being a trustworthy, relevant and successful partner for all its stakeholders conducting business with integrity. 

Scope

CM.com including all subsidiaries worldwide

Role in organization

• Identify and assess risks and control effectiveness via CMRICS (framework).
• Set policies in the field of compliance, fraud, ESG, credit risk and assurance and provide up to date guidelines/information to business to comply
• Create awareness and provide training to comply and keep knowledge up to date
• Review compliance with policies, laws and regulations.
• Coordinate (IT-) audit, assurance, and other certification activities (e.g. in order to guaranty business continuity)
• Define improvement plans and help business implementing change. The Business is accountable for the actual business processes including complying with law, regulations and policies and managing the risks (1st line activities).
• Update Management Board and Audit Committee on quarterly basis about top risk and compliance topics that require management attention and decision making.
• Update applicable oversight with information (including applicable incidents) how CM.com complies.

Business Partner

Jorg Voeten - Head of Risk & Compliance: I believe that risk management empowers the entire CM.com organization to realize the objective of sustainable profitable growth by being a business partner in the area of risk management and compliance.



Main risks at a glance

• Organizational growth and HR resourcing. The risk of not be able to attract and retain high qualified people globally.
• Competition, product portfolio and innovation. The risk of not able to identify and respond timely to our competition.
• Corporate financing. Risk of insufficient access to capital markets or not having an accurate view of our funding needs. 
• Finance and control. Risk of inadequately respond to our financial metrics or having financial metrics that are not reliable.
• (Information) security. Risk of losing data, unauthorized access, disruption and/or malfunctioning of our platform. 
• Business Continuity Management. Risk of inadequately respond to major disruptions.
• Leadership and Governance. Risk of not be able to maintain and improve our governance model for optimal decision making. 
• Customers and opportunities. Risk of not be able to understand our clients’ needs and inability to recognize and seize opportunities.
• Regulatory and compliance. Risk of not be able to comply to external rules and regulations.

Fraud Prevention

In addition, we pay extra attention to fraud, which we see as an inherent part of our risk management methodology. This concerns both internal and external fraud, of which both will not be tolerated. The term fraud is used to describe offenses such as, but not limited to, deception, bribery, forgery, extortion, corruption, theft, conspiracy, embezzlement, misappropriation, false representation, concealment of material facts, and collusion. For external fraud, which includes fraud with the use of our products, you can think of smishing or money laundering. CM.com has multiple teams and automated tools working to prevent, detect and respond to these types of fraud.