23 2018 ANNUAL REPORT 3.5 Risk Management Trend in European Regulatory Landscape Since the introduction of the European Single Supervisory Mechanism and the European Supervisory Methodology (Supervisory Manual) adopted by the ECB, we have noticed that the DNB is shifting its focus to the small and medium-sized banks and that data driven supervision is becoming a more prominent method for how banks are supervised. New, complex and comprehensive data requests and templates are introduced, challenging the bank’s system and operational framework. In light of this, and keeping in mind the multiple regulations being introduced with highly granular and complex data requirements, we are in the process of strengthening our local data governance and IT development capabilities. The IT department has been enhanced to a IT & Data Management department in order to reflect this strategic decision and the department will develop and maintain the capacity to meet future regulatory challenges. As a follow-up to the DNB’s Risk Assessment System (RAS) control framework, which assesses risk management at MBE, the DNB will continue to assess the bank’s risk management in 2019. During this process in the past years, we have been able to demonstrate sound governance, risk management framework and processes, and we expect to continue to do so in 2019. MBE’s Risk Appetite Framework We are committed to maintaining a low risk profile and therefore set the risk appetite as low for all risk categories. From a top down perspective, MBE’s low risk appetite is ensured by the Supervisory Board and Management Board, as they designate that MBE has to keep sufficient capital and liquidity buffers above the regulatory minimum requirements by setting up internal limits; maintaining comfortable capital and liquidity buffers by establishing target levels under business as usual situation; building up stringent risk management and control framework to monitor, escalate and take preventative and remedial actions immediately when deviating from the comfortable levels set in light of the risk appetite. From a bottom up perspective, MBE’s low risk appetite is ensured by the fact that business units understand the risks taken and business units only take risks which fit our risk appetite. Our risk management function monitors MBE’s risk profile meticulously and coordinates immediate actions in case there is concern that the comfortable level is to be infringed. We establish our competitive advantage by focusing on our customers’ needs and providing solutions and taking appropriate risks that are commensurate with MBE’s low risk profile. With this focus, we aim to achieve improved corporate value through continued and stable profitability, as well as by fulfilling our social responsibility. In order to promote appropriate risk-taking, we have established robust governance and financial foundation, which are essential to our business activities. We also promote and embed a risk culture whereby management and employees understand the risks underlying our own business and take appropriate measures when necessary. As a means to highlight the importance of MBE’s risk appetite and to ensure that every employee is mindful and acts in accordance with our risk appetite, we hold sessions and updates on our risk appetite for department managers. In addition, we provide risk appetite training for new employees during their on-boarding session, regardless of their position and/or function in the company. The Risk Appetite Framework continues to form the foundation for our Risk Management Framework (RMF) consisting of the Risk Management Statement, Risk Appetite Framework and Statement, Internal Capital Adequacy Assessment Process (ICAAP), Internal Liquidity Adequacy Assessment Process (ILAAP) and Recovery Plan (RCP).