Trust Center

Kundenrisiko-Berichtswesen

Generisches Datenmodell für kundenorientiertes Risikoreporting mit Risikokategorien, Bewertungsdimensionen, Behandlungsstrategien und Berichtsstruktur.

Hinweis: Dieses Datenmodell stellt eine generische Methodik dar und keine vollständige Wiedergabe regulatorischer Vorgaben. Die Inhalte dienen als Orientierungshilfe für den Aufbau institutsspezifischer Risikoreporting-Prozesse. Keine Rechtsberatung — verbindlich sind die aktuellen Fassungen der einschlägigen Verordnungen und Aufsichtsanforderungen.

Model ID: CRR-001 | Version: 1.0.0 | Last Updated: 2026-05-16 | Review: reviewed

Risk Categories

INFRA reviewed

Infrastructure

Hardware, network, data centre, and capacity risks.

PEOPLE reviewed

People

Skill shortages, insider threats, human error, and training gaps.

PROC reviewed

Internal Procedures

Process weaknesses, control gaps, and operational inefficiencies.

EXTERN reviewed

External Influences

Regulatory changes, geopolitical events, and natural disasters.

SUPPLIER reviewed

Supplier / Outsourcing

Third-party, sub-contractor, concentration, and dependency risks.

DPROT reviewed

Data Protection

Personal data handling, breaches, and cross-border transfers.

INFOSEC reviewed

Information Security

CIA risks, cyber attacks, malware, and data leakage.

OPRES reviewed

Operational Resilience

BC/DR disruption, recovery gaps, and systemic impact.

Assessment Dimensions

Dimension	Levels	Beschreibung
Auswirkung Vertraulichkeit reviewed	Low Medium High Severe	Harm from unauthorised information disclosure.
Auswirkung Integrität reviewed	Low Medium High Severe	Harm from unauthorised modification of information.
Auswirkung Verfügbarkeit reviewed	Low Medium High Severe	Harm from loss of access to assets or services.
Schadenspotential reviewed	Low Medium High Severe	Overall severity: financial, regulatory, reputational.
Wahrscheinlichkeit reviewed	Rare Elevated Likely Frequent	Likelihood of risk materialising.
Materiality reviewed	Non-Material Material Critical	Significance for reporting and escalation.

Behandlungsstrategien

○

ACCEPT Accept reviewed

Acknowledge the risk within defined risk appetite.

▼

REDUCE Reduce reviewed

Implement controls to lower likelihood or impact.

→

TRANSFER Transfer reviewed

Shift financial consequences to a third party.

AVOID Avoid reviewed

Eliminate the risk entirely by discontinuing the activity.

Measure Statuses

Not Started not_started

In Progress in_progress

Implemented implemented

Delayed delayed

Blocked blocked

Report Sections

MGMT_SUMMARY reviewed

Management-Zusammenfassung

Executive risk landscape overview, key indicators, and top risks.

RISK_INVENTORY reviewed

Risikoinventar

Complete register with scores, ownership, and treatment status.

CUSTOMER_IMPACT reviewed

Kundenauswirkung

Translation of identified risks into customer-facing consequences.

MEASURES_STATUS reviewed

Massnahmenstatus

Progress tracking, milestones, resources, and effectiveness.

RISK_DEVELOPMENT reviewed

Risikoentwicklung

Trend analysis, score trajectories, and emerging risk identification.

CUSTOMER_RECOMMENDATIONS reviewed

Kundenempfehlungen

Actionable guidance for customers based on assessment findings.

Governance

Report Owner

IKT-Risikomanagementfunktion

Review Cycle

Quarterly

Escalation Threshold

Critical Materiality

Approval Chain

Risk Manager → CISO → Board

Distribution

Intern & Kunde

Retention

7 Years

Diese Informationen dienen der Orientierung und stellen keine rechtsverbindliche Zusicherung dar. Sie ersetzen keine individuelle Prüfung oder Beratung durch qualifizierte Fachstellen.