Risks | Risk management | Key milestones | |
Transversal risks | |||
Business return | Obtaining results below market expectations or Group targets that, ultimately, prevent the company from reaching a level of sustainable returns greater than the cost of capital. | The management of this risk is supported by the financial planning process, which is continually monitored to assess the fulfilment of the strategy and budget. After quantifying the number of deviations and identifying their cause, conclusions are presented to the management and governing bodies to evaluate the benefits of making adjustments to ensure that the internal objectives are fulfilled. | Improvement of profitability and operational efficiency in 2024. The positive trend in core income, highlighting an increase in net interest income due to the repricing of credit indices and the higher contribution of insurance, together with the maintenance of the cost of risk at reduced levels, has allowed ROTE to reach 18.1%. In addition, the efficiency ratio fell to 38.5%, standing at all-time lows. In 2025, a stabilised interest rate environment, slightly lower than at present, is foreseen. The main milestones include liquidity remuneration management and expense management. |
Own funds and capital adequacy | Risk caused by a restriction of the CaixaBank Group's ability to adapt its level of capital to regulatory requirements or to a change in its risk profile. | The target for the CET1 capital adequacy ratio for 2024 is between 11.5% and 12.0%, without considering transitional IFRS9 adjustments, which require a buffer of between 300 and 350 basis points on the SREP regulatory requirement. Under the new 2025-2027 Strategic Plan and in response to the implementation of the new countercyclical capital buffer (CCyB) for credit exposures in Spain, the target for the Common Equity Tier 1 (CET1) capital adequacy ratio has been adjusted to a range of 11.5% to 12.5%, with a transitional target of 11.5%-12.25% for 2025. | As of 31 December 2024, CaixaBank's CET1 ratio stands at 12.2%, providing the bank with a buffer of 348 basis points, or ā¬8,277 million, before reaching the Group's Maximum Distributable Amount (MDA) trigger. The minimum requirements set for December 2024, which will continue into January 2025, are as follows: In accordance with the 2024 Dividend Plan, the Board of Directors approved on 30 October 2024 the distribution of an interim dividend of 40% of the consolidated net profit for the first half of 2024, for an amount of ā¬1,068 million (ā¬0.1488 gross per share). In addition, the Board of Directors on 30 January 2025 agreed to propose at the Annual General Meeting the distribution of a final dividend in cash for ā¬0.2864 gross per share charged to 2024 profits, which will be paid in April 2025. Following this second payment of dividends, the shareholder returns in 2024 will be equivalent to 53.5% of the consolidated net profit. Moreover, under the current Strategic Plan, in 2024 the bank has conducted 3 share buy-back programmes (third, fourth and fifth programme, announced in March, July and October for ā¬500 million each). Furthermore, a new share buyback program (the sixth) was announced in January 2025, amounting to ā¬500 million, which has been prudently accounted for by the end of December 2024. |
Dec. 2024 | |
Pillar 1 regulatory requirement | 4.50% |
Pillar 2R Requirement | 0.98% |
Capital Conservation Buffer | 2.50% |
Systemic O-SII Buffer | 0.50% |
Sectoral Systemic Buffer1 | 0.06% |
Countercyclical Buffer2 | 0.13% |
Minimum CET1 capital requirements | 8.68% |
Model | Potential adverse consequences for the Group arising from decisions based mainly on the results of internal models with errors in the construction, application or use thereof. | Model risk is managed on the basis of these pillars: > Identifying existing models, using the Corporate Inventory of Models as a key element to set the scope of the models, assessing the quality thereof and how they are used by the Group. > Governance of models involving the implementation of a control system using a proportional (based on tiering) and consistent approach. This is achieved through establishing standards and guidelines for the key stages of the model's lifecycle and creating a uniform reporting framework. > Monitoring, based on a control framework with a forward-looking approach to model risk that enables risk to be kept within the parameters defined in the Group's RAF, through the periodic calculation of appetite metrics and other specific model risk indicators. | The main milestones in 2024 were the effective deployment of the new model risk tool, both in the CaixaBank areas and in the main Group companies supporting them. Moreover, the project to broaden the corporate model inventory and refine its taxonomy has been finalised, risk monitoring has been enhanced by using the new KPIs and consolidating the RAF metrics and governance has progressed with tier-based management and the identification of the models' materiality criteria. Additionally, the economic capital for model risk has been assessed, and efforts have started to align model risk management with emerging artificial intelligence regulations. |
Reputational | Potential financial loss or lower income for the Group as a result of events that negatively affect the perception that interest groups have of the CaixaBank Group. | The management of this risk is geared towards achieving and sustaining a favorable perception among stakeholders, while also anticipating, preventing, minimizing, and mitigating potential negative reputational effects. In addition, it promotes a positive perception of the Group by all its stakeholders through ongoing and fluid dialogue and communication with all of them; it quantifies this risk; analyses possible controversies from a reputational perspective in different corporate and business environments; and developing communication initiatives that strengthen the visibility and recognition of corporate values among stakeholders. | In 2024, CaixaBank enhanced its internal coordination protocols and revised its Crisis Management Plan to address cyber, technological, and operational incidents. The bank also adjusted its first line of defense strategies against reputational risk to comply with the DORA Regulation. For risk prevention, CaixaBank introduced a reputational risk score related to ESG controversies, developed predictive models for managing reputational risk, and strengthened its bi-annual self- assessment process for step-in risk. These initiatives demonstrate CaixaBank's commitment to a holistic and synchronized strategy in handling and reducing reputational risks. This approach ensures seamless coordination across all management sectors and a swift response to any events that might affect the bank's reputation. |
Financial risks | |||
Credit | Loss of value of the assets of Caixa Bank Group through a customer due to the impairment of the capacity of this customer to meet their commitments to the Group. Includes the risk generated by operations in the financial markets (counterparty risk). | This is the most significant risk for the Group's balance sheet. It is derived from its banking and insurance activity, cash flow operations, and its investee portfolio, encompassing the entire management cycle of the operations. The principles and policies that underpin credit risk management are: > A prudent approvals policy based on: (i) an appropriate relationship between income and the expenses borne by consumers; (ii) documentary proof of the information provided by the borrower and the borrowerās solvency; (iii) pre-contractual information and information protocols that are appropriate to the personal circumstances and characteristics of each customer and operation. > Monitoring the quality of assets throughout their life cycle based on preventive management and early recognition of impairment. > Up-to-date and accurate assessments of the impairment at any given time and diligent management of non-performingloans and recoveries. | By the close of 2024, the Non-Performing Loan (NPL) ratio was reduced to 2.6% from 2.7% at the end of 2023, with a decrease of ā¬-280 million in non-performing loans over the year, thanks to proactive NPL management and natural portfolio development. The NPL coverage ratio remains robust, standing at 69% in December 2024, down slightly from 73% in December 2023. The cost of the risk (12 months) stands at 27 basis points thanks to a prudent management. In November, CaixaBank introduced various initiatives to support customers impacted by the DANA, including the 'Advance on Aid' loan at 0% interest and automatic extension of working capital credit line maturities for self-employed individuals and SMEs. The bank also facilitated applications for government assistance, including moratoriums and ICO credit lines, as required by Royal Decree 6/2024 dated 5 November. By the end of December, CaixaBank had received 5,641 applications for moratoriums, successfully processing payment suspensions for 3,839 loans amounting to ā¬160.8 million. Additionally, 457 applications were processed for ICO-guaranteed contracts totalling ā¬104.5 million. |
Actuarial | Risk of a loss or adverse change to the value of the commitments assumed through insurance or pension contracts with customers or employees due to the differences between the estimate for the actuarial variables used in the tariffmodel and reserves and the actual performance of these. | This risk is managed in order to ensure the Group has the capacity to meet commitments to its insured parties, to optimise the technical margin and to keep balances within the limits established in the risk appetite framework. | In 2024, progress was made in modelling some of the assumptions on biometric risks based on the Group's own experience, which were more in line with the Group's actuarial risk profile. Furthermore, the actuarial department has incorporated the validation of IFRS 17 provisions and continues to strengthen actuarial risk management. |
Rate risk in the banking book | Negative impact on the economic value of balance sheet items or on the net interest margin due to changes in the structure of interest rates over time and the impact thereof on asset and liability instruments and off-balance sheet items not held in the trading portfolio. | This risk is managed by optimising the net interest margin and keeping the carrying amount of assets within the limits established in the risk appetite framework. | Throughout 2024, there was a notable shift in global monetary policy trends, significantly affecting interest rates. In the European Union, this change started in June with four subsequent rate reductions, lowering the deposit facility rate from 4% to 3%. Market forecasts suggest further declines, expecting the rates to settle between 1.75% and 2.00% by mid-2025. In response, CaixaBank has actively managed its balance sheet during the year to cushion the potential negative effects of this descending interest rate cycle on its net interest income and economic value. These strategic management actions, combined with increased lending activity, help reduce the impact of interest rate fluctuations on the net interest income. In September 2024, the supervisory outlier tests (SOT) for net interest income were implemented, aiming to cap the maximum impact on net interest income over 12 months at 5% of Tier 1 capital in the event of an adverse interest rate shock. Additionally, CaixaBank conducted a self-assessment of its adherence to the IRRBB (interest rate risk in the banking book) and CSRBB (credit spread risk in the banking book) guidelines, achieving fully satisfactory outcomes. |
Liquidity and funding | Risk of insufficient liquid assets or limited access to market financing to meet the contractual maturities of liabilities, regulatory requirements, or the investment needs of the Group. | The management approach is based on a decentralised system with the segregation of functions aiming to maintain an efficient level of liquid assets; the active management of liquidity and the sustainability and stability of funding sources in both normal and stress scenarios. | Total liquid assets amounted to ā¬ 170,723 million at 31 December 2024, up ā¬ 10,520 million in the year, mainly due to the favourable evolution of the loan-deposit gap, generation and the provision of collateral in the facility with the ECB. The Group's LCR stands at 207% and the NSFR stands at 146% at 31 December 2024. Institutional financing amounted to ā¬57,246 million, performing very well in 2024 due to the Groupās success in accessing markets with different debt instruments. There is no balance drawn down on ECB policy in 2024 following repayment of TLTRO II in December 2023. |
Market | Loss of value, with impact on results and solvency, of a portfolio (set of assets and liabilities), due to adverse movements in prices or market rates. | Risk management is based on maintaining risk low, stable, and within the established risk appetite limits. The market risk of the trading book is measured daily using an internal model subject to regulatory supervision. | - |
Operational risk | |||
Conduct and Compliance | The application of criteria that run contrary to the interests of its customers and stakeholders, or acts or omissions by the Group that are not compliant with the legal or regulatory framework, or with internal policies, regulations or procedures, or with codes of conduct, ethical standards and good practice. | Conduct and compliance risk management is not just the responsibility of a single department, but of the entire CaixaBank Group. All employees must strive to ensure compliance with current legislation and to implement procedures to translate this legislation to their day-to-day work. | Likewise, in 2024, the Group has continued to reinforce a culture and awareness of compliance within the organisation aimed at all employees through training programmes, conduct indicators in corporate challenges and awareness sessions. The compliance target set for the year in this respect was met. The compliance target set for the year in this respect was met. In addition, ongoing processes have been established to monitor the correct marketing of products and services based on the follow-up of indicators, establishing ad hoc reviews if necessary. During the 2024 financial year, CaixaBank successfully passed the audits for the following certifications: > UNE/ISO 37301 Compliance Management Systems > UNE 19601 Criminal Compliance Systems > UNE/ISO 37001 on Anti-Bribery Management Systems > UNE 19602 on Tax Compliance In addition, throughout this year, the Group's supervision model continued to be strengthened through themonitoring of adherence to the defined framework for coordination of subsidiaries and the implementation ofimprovements to reinforce the effectiveness of the implementation of the compliance programme at Group level. |
Legal and regulatory1 | Potential losses or decreases in the CaixaBank Group's profitability as a result of legislative changes, the incorrect implementation of said legislation in the CaixaBank Groupās processes, the misinterpretation of legislation applied to operations, incorrect handling of court or administrative rulings or of claims or complaints received. | Legal and regulatory risks are managed so as to safeguard the Groupās legal integrity and to anticipate and mitigate future economic harm by monitoring regulatory changes, participating in public consultation processes, helping to build a predictable, efficient and sound legal framework, and interpreting and implementing regulatory changes. Likewise, its objective is the correct implementation, in due time and form, of these regulatory changes, understood as the creation or adaptation of contracts, processes and systems, through control, centralised coordination and the promotion of the implementation of the regulations at the CaixaBank Group level, thus enabling adequate management of the control of this legal and regulatory risk. | During 2024, key legislative proposals with an impact on the entity have been monitored. With regard to those published in 2024, legal and impact analysis has been carried out for the implementation of the regulations. Key considerations: (i) securities market reform (MiFID II/MiFIR); (ii) The Regulation on Instant Transfers in euros; (iii) The Implementing Regulations of the DORA (Digital Operational Resilience Act); (iv) The Artificial Intelligence Regulation; (v) Regulation of the European digital identity framework (eIDAS); (vi) The Implementing Regulations of the Regulation on Cryptoassets (MiCA - Markets in Crypto-Assets); (vii) The Banking Package, encompassing: The Capital Requirements Directive (CRD VI); The Capital Requirements Regulation (CRR III); (viii) The amendment to the Framework for setting the Bank of Spain's (BdE) countercyclical capital buffer; (ix) The Corporate Sustainability Due Diligence Directive (CSDDD); (x) The regulatory package addressing Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT); (xi) The Parity Law; and (xii) Regulations stemming from the DANA, which have broad, cross-sectoral implications. Additionally, several ongoing initiatives are under surveillance, including: (i) this new tax is designed to succeed the temporary levy previously imposed on credit and financial credit institutions; (ii) the bill regulating customer service and creating the Independent Administrative Authority for the Defence of Financial Customers for the out-of-court resolution of disputes between financial institutions and their customers; (iii) The Law on Loan Administrators and Buyers, aimed at enhancing the protection of consumers who are financially vulnerable; (iv) Retail Investment Strategy, which proposes amendments to the primary rules governing the marketing of financial instruments and insurance; (v) revision of the Crisis Management and Deposit Insurance framework; (vi) establishment of a European Digital Identity Wallet; (vii) harmonised rules regarding artificial intelligence; (viii) Guidance for outsourcing cloud services; and (ix) new ECB Guide on risk governance and risk culture. |
Technology | Risks of losses due to hardware or software inadequacies or failures in technical infrastructure, due to cyberattacks or other circumstances that could compromise the availability, integrity, accessibility and security of the infrastructures and data. | Managing this risk involved identifying, measuring, assessing, mitigating, monitoring and reporting the risk levels involved in the governance and management of Information Technology. Furthermore, the risk control and management frameworks developed have been designed according to internationally renowned standards and evolve as potential emerging risks are captured and managed. | During 2024, CaixaBank Group maintained a robust risk control and management framework on the technology risks, especially in the light of external threats linked to cybersecurity. Likewise, the risk control framework has been updated to support the increasing adoption of cloud computing services and to comply with the mandates of the DORA regulation regarding digital operational resilience. |
Other operational risks | Risk of loss or damage caused by errors or shortcomings in processes, due to external events or due to the accidental or intentional actions of third parties outside the Group. This includes risk factors related to outsourcing, business continuity and external fraud. | Managing this risk involved identifying, measuring, assessing, mitigating, monitoring and reporting the risk levels involved in the governance and management of outsourcing, external fraud, business continuity, etc. seeking to avoid or mitigate negative impacts on the Group, either directly or indirectly due to the impact on relevant stakeholders (e.g. customers), arising from inadequate internal processes or from the actions of third parties. | During 2024, these risks have been studied in further depth through the specialised function of second line of defence for "other operational risks", with a focus on preventing external fraud, business continuity and minimising risks in outsourcing services. In all these areas, the control environment has been strengthened, meeting the expectations of regulators and supervisors and achieving greater alignment with international best practices and the new DORA regulation and a balance with more agile and efficient processes. |
90% | + | 10% | = | Group GRI metrics |
WEIGHT | WEIGHT | |||
GRI CaixaBank - ESP | GRI BPI - PT |
39% |
Other enquiries |
6% |
Controversial sectors with framework for action |
15% |
Persons investigated/sanctioned |
6% |
Protocol in tax havens |
6% |
Transparency Committee |
28% |
ESG sectors (defence and ESG policies) |