Risk Management

S.D. Indeval recognizes the importance of risk management in its processes and services. Therefore, through an Integral Risk Management Model following corporate governance and best practices, Indeval continuously monitors and follows up on its risks and controls.

Toca la imagen para ampliarla

Risk Management at Indeval, as part of Grupo BMV, considers in its Integral Risk Management Model, reference of international models such as COSO-II-ERM, COBIT 5 and best practices such as PFMIs (Principles Applicable to Financial Market Infrastructures). With this, it implements the guidelines, conceptual framework, techniques and tools, and manages strategically and in advance the possible adverse events that affect the fulfillment of the Group's objectives.

The Model's strategy is mainly based on the following stages:

  • End-to-end process documentation
  • Identification of risks and controls, including risks due to interdependencies.
  • Analysis and Evaluation of Risk and Event Management Strategies
  • Design and implementation of controls
  • Controls monitoring and compliance
 

It also considers the following elements in risk management.

  • Types of risks to be identified
  • Techniques for risk identification
  • Risk assessment
  • Strategy (risk appetite, tolerance, and capacity).
  • Internal control components

The Model's management is based on best practices and is carried out through the three lines of defense model. All the areas that makeup Indeval and BMV Group intervene to optimally mitigate risks, providing the market with greater security and operational stability.

The Risk Model is continuously managed by all levels and areas that make up S.D. Indeval, adopting and applying the guidelines established in Indeval's Risk Framework.
The result of the management, known as the operational risk profile (event statistics, heat map, indicators, and action plans), is reported to Senior Management and the Board of Directors, which issue their feedback and action plans for critical events and risks. The rest of the events and risks are dealt with by the Directors and personnel of the first and second defense lines.
First line of defense: Business and Technology areas

Responsible for managing (identifying, mitigating, and reporting) risks identified by staff or external users.

Second line of defense: Internal Control, Operational Risk, Regulatory Compliance and Information Security.

Responsible for ensuring and supervising that the risk profile is aligned with the established policies and verifying that Indeval has an effective system of controls and oversight.

Third line of defense: Internal and External Auditing

Responsible for evaluating and making recommendations to improve internal controls, established rules and procedures.

Business Continuity Management

S.D. Indeval's Business Continuity Management is the company's strategic and tactical ability to plan and respond to incidents and business interruptions to continue critical operations at a pre-defined acceptable level.

This management is based on the international standard ISO 22301 (Society Security - Business Continuity Management Systems - Requirements). This standard provides a widely accepted reference framework, taking into account the best practices of the Disaster Recovery International Institute (DRII). These organizations are leaders in the definition of standards and rules for Business Continuity Management, which supports compliance with regulatory and normative requirements issued by the authority while preserving partners' and customers' trust.

S.D. Indeval's Business Continuity Management consists of the following elements:

S.D. Indeval's Business Continuity Plan (BCP) is a tool that allows mitigating the consequences of the unavailability of the necessary resources for the normal development of operations. This plan defines each strategy's procedures to resume or recover critical business services within the established time frames (Recovery Time Objective, RTO; Recovery Point Objective, RPO), allowing you to respond immediately and in an orderly manner to contingency events.

The activities within the plan are integrated in three phases:

Toca la imagen para ampliarla

To have an effective BCP, S.D. Indeval periodically exercises its strategies through different types of tests, including clients' participation. Likewise, it trains and makes all its collaborators aware, so they recognize their roles and responsibilities if the plan is activated and reflect on Business Continuity's importance within the company.

Disaster Recovery (DRP)

S.D Indeval has a Disaster Recovery Plan for those cases where the contingency is related to technological infrastructure issues (hardware, software, or telecommunications failures). For this purpose, S.D Indeval has implemented its Alternative Data Center where, in case of this type of scenario, the change of the productive operation to this alternative center is made and thus continue with the critical operation maintaining a minimum affectation of service.



Links of interest
S.D. Indeval,
Institución para el Depósito de Valores S.A. de C.V. © 2025
Paseo de la Reforma # 255, Piso 3, Colonia Cuauhtémoc, Delegación Cuauhtémoc, C.P. 06500, CDMX.

Transparency Mailbox

Enter your search term

Search