Risk management objectives and strategy
The Group has prepared a comprehensive guideline document for the risk management policy/strategy: “Risk Strategy for 2017-2019” (2016-2018 version was in force previously). The document takes a 3-year perspective and is reviewed and updated annually. It is approved by the Bank’s Management Board and Supervisory Board. The risk strategy is inextricably linked to other strategic documents, such as: Budget, Liquidity Plan, Capital Plan.
The Risk Strategy bases on the three concepts defined by the Bank and the Group +
- Risk profile – current risk profile in amount or type of risk Bank and Group are currently exposed. Bank and Group should also have a forward looking view how their risk profile may change under both expected and stress economic scenarios in accordance with risk appetite and risk tolerance,
- Risk appetite – how much and what type of risks Bank and Group are generally prepared to accept to achieve its financial and strategic objectives,
- Risk tolerance – the maximum amount or type of risk Bank and Group are prepared to tolerate above its risk appetite.
Goal of Risk Strategy is to define a risk profile and to maintain a risk profile for all risk types within the limits set in the risk appetite and tolerance.
Risk appetite and risk tolerance measures consider both the current and forecasted target risk profile. They have been defined in the key areas, listed below +
- Solvency (including assets quality
- Liquidity and funding
- Earnings volatility and business mix
- Franchise and reputation.
Bank and Group have a clear risk strategy, covering retail credit, corporate credit, markets activity and liquidity, operational and capital management. For each risk type and overall Bank and Group clearly define the risk appetite.
The Risk Appetite of Bank and Group is mainly defined through the principles and targets defined in Risk Strategy and complemented in more detail by the principles and qualitative guidelines defined in the following documents +
- Capital Management and Planning Framework
- Credit Principles and Guidelines
- Rules on Concentration Risk Management
- Principles and Rules of Liquidity Risk Management
- Principles and Guidelines on Market Risk Management on Financial Markets
- Principles and Guidelines for Market Risk Management in Banking Book
- Investment Policy
- Principles and Guidelines for Management of Operational Risk
- Stress tests policy.
Within risk tolerance, Bank and Group have defined tolerance zones (build up based on the “traffic lights” principle). As for all tolerance zones, Bank and Group have been set +
- Escalation process of taken decisions/actions (bodies/organizational entities responsible for decisions and actions)
- Catalogue of decisions/actions on risk controls and mitigation
- Risk appetite monitoring procedures.
In respect to individual disclosures made pursuant to Article 435.1 of CRR, the following +
- the structure and organization of the relevant risk management function including information on its authority and statute, or other appropriate arrangements;
- the scope and nature of risk reporting and measurement systems;
- the strategy for hedging and mitigating risk, and the strategies and processes for monitoring the continuing effectiveness of hedges and mitigants, have been discussed in risk management chapters in the Yearly Financial Report and the Management Board Report.
The declarations on the adequacy of risk management arrangements providing assurance that the risk management systems put in place are adequate with regard to the profile and strategy are presented at the end of this document. (CRR 435.1.e)
Discussion of the overall risk profile, with key indicators and figures, have been included in the Yearly Financial Reports and the Management Board Reports, in the chapters on risk management. (CRR 435.1.f)
Every Board Member holds 1 directorship. (CRR 435.2.a)
The Bank has established a separate risk committee: Bank Millennium SA Risk Committee. In 2016, the Committee held 16 meetings. (CRR 435.2.d)
Bank and Group have in place an integrated management information system that enables them to generate reports on identification, measurement and control measures relating to the management of individual risk types.
Bank and Group have defined the risk exposure reporting policy for management purposes, which sets forth the general rules for preparing and distributing information used to manage different risks. The unit responsible for preparing reports on exposure to different risks is mainly the Risk Department. The frequency and information content of the reports is adjusted to the level of powers and responsibilities of their recipients and also to the changes in the Bank’s and the Group’s risk profile.
Information contained in internal reports enable reliable evaluation of the risk exposure and support the decision-making process in the bank’s risk management area.
The reports also include information on exposure to risks in the business activity of the subsidiaries.
Risk exposure reports for management purposes are addressed to +
- Supervisory Board (reports approved by the Bank’s Management Board)
- Bank’s Management Board
- Committees dedicated to risk management – Risk Committee, Capital, Assets and Liabilities Committee, Credit Committee, Liabilities at Risk Committee, Processes and Operational Risk Committee
- Members of the Bank’s Management Board
- Risk Department (internal reports)
The risk exposure reporting policy defines the following for each addressee +
- Information content (e.g. synthetic information about the credit portfolio, including key risk parameters, change in revaluation charges in the profit and loss account. etc.).
- Information format
- Information frequency (CRR 435.2.e).
