Risk management framework

The mission of risk management in the Bank Millennium Group is to ensure that all types of risks are managed, monitored and controlled as required for the risk profile (risk appetite), nature and scale of the Group’s operations. Risk management is centralized for the Group and takes into account the need to obtain the assumed profitability and to maintain proper risk-capital relationship, in the context of having proper level of capital to cover the risk.

The Risk management process of the Group is presented in the below diagram:

In terms of internal organization, the Supervisory Board and Management Board of Bank Millennium are responsible at a strategic level for defining general risk policy, including approving of the risk management strategy and policy, as well as guaranteeing the necessary resources for their implementation. Within the Supervisory Board acts the recently created Committee for Risk Matters, which supports it in realization of those tasks, among others, issuing opinion on the Group’s Risk Strategy, including the Group’s Risk Appetite and verifying the assets and liabilities prices offered to customers.

At operational level, due to the complexity and diversification of the operations of the Group, the risk management function is supported by specialized committees with their competences specified by the Bank’s Management Board. This is reflected  in the works of the Risk Committee and additionally five specialized risk committees:

Specialized Committees are chaired by Management Board members and incorporate responsibilities for the main areas related to origination, monitoring and management of the specific risks.

The Risk Committee has global responsibility for risk control at the  Group. In order to assure such control the Risk Committee monitors the evolution of various types of risks in the Group’s operations and decides on the general risk policy accordingly to the goals defined on the Risk Strategy (approved by the Supervisory Board). All the Bank’s Management Board members are members of the Risk Committee.

The on-going risk management is centrally conducted  by the Bank’s dedicated unit – Risk Department and its subunits –  specialized in particular types of risk or process stages. The goal of the Risk Department is proposing and implementing  policy regarding the management of credit, market, liquidity and operational risks and monitoring the Group  exposures to those risks, including for the purpose of calculation of capital requirements.

The Management Board of the Bank attaches particular attention to continuous improvement of the risk management process. One measurable effect of this is a success of the received authorization to the further use of the IRB approach in the process of calculating capital requirements.

Use of Internal Rating Based (IRB) methods

The Group received at the end of 2012 authorization from Supervisory Authorities (Banco de Portugal – BdP  and the Polish Financial Supervisory Authority – KNF) for the use of the advanced IRB method regarding two loan portfolios: retail exposures to individual person secured by residential real estate collateral (RRE) and qualifying revolving retail exposures (QRRE). That decision regarding IRB contained a constraint (so-called “Regulatory floor”), whereby minimum own funds requirements for portfolios covered by the decision must be maintained at no less than 80% of the respective capital requirements calculated using the Standardized method. In December 2014 the Group received authorization to ease the previously imposed regulatory IRB floor from 80% to 70% and at the same time it received further conditions to portfolios under IRB and under rollout process.

In the Bank’s view, this authorization from regulators represents an external acknowledgement of the significant and continuous improvement of the Group’s risk management process.

During 2016, the Group was continuing IRB rollout implementation in cooperation with Supervisory Authorities. In fact, since 2010 the Group has been deeply involved in the process of having the authorization for the use of the IRB methods. The Group considered this project as crucial for two main reasons: first, it ensures that the Group will permanently have the best standards on credit risk management; and second, it is an effective way to optimize the capital management.

Following the IRB approach in a natural way enforces the application of highest standards in credit risk management and this in turn materially affects quality of the credit process, thus the level of credit risk itself. As to assess credit risk of customers and transactions in fully concise manner, IRB method requires utilization of rating systems. Group’s rating systems (rating models) are matched to a portfolios/products risk characteristics and were tailored separately to private individuals (retail mortgage loans, cash loans, overdrafts, credit cards), small business, SME and corporates.

Applied risk models enable proper and reliable risk measurement, by employing well developed statistically risk parameters, like:

• probability of default of a customer (PD),
• loss given default for a transaction (LGD),
• exposure at default for a transaction (EaD)

As a rule,  a customer applying for a loan, should  have assigned internal rating  (PD equivalent), what enforce automated assessment of customer default risk. Rating models are automated and fully supported by IT systems. Every risk model (including rating models) have to be regularly monitored and validated in terms of quality, what stems also from IRB rules.

Regular monitoring, using uniformed risk parameters in the portfolio, reinforces the credit risk management process and helps to take a more accurate decision regarding credit risk controls.