The Group has prepared a comprehensive guideline document for the risk management policy/strategy: “Risk Strategy for 2021-2023”. The document takes a 3-year perspective and is reviewed and updated annually. It is approved by the Bank’s Management Board and Supervisory Board. The risk strategy is inextricably linked to other strategic documents. such as: Budget, Liquidity Plan, Capital Plan.
The Risk Strategy bases on the two concepts defined by the Group:
- Risk profile – current risk profile in amount or type of risk the Group is currently exposed. The Group should also has a forward looking view how their risk profile may change under both expected and stress economic scenarios in accordance with risk appetite.
- Risk appetite – the maximum amount or type of risk the Group is prepared to accept/tolerate to achieve its financial and strategic objective. Three zones are defined in accordance with warning / action required level.
Risk strategy is one of the crucial features that determines the risk profile of the Bank/Group.
Risk appetite has to ensure that business structure and growth will respect the forward risk profile. Risk appetite was reflected through defined indicators in several key areas, such as:
- Liquidity and funding
- Earnings volatility and business mix
- Franchise and reputation.
The Group has a clear risk strategy, covering retail credit, corporate credit, markets activity and liquidity, operational (including legal risk and court cases) and capital management. For each risk type and overall the Group clearly defines the risk appetite.
Risk management is defined mainly through the principles and targets defined in Risk Strategy and complemented in more detail by the principles and qualitative guidelines defined in the following documents:
- Capital Management and Planning Framework
- Credit Principles and Guidelines
- Rules on Concentration Risk Management
- Principles and Rules of Liquidity Risk Management
- Principles and Guidelines on Market Risk Management on Financial Markets
- Principles and Guidelines for Market Risk Management in Banking Book
- Investment Policy
- Principles and Guidelines for Management of Operational Risk
- Policy, Rules and Principles of the Model Risk Management
- Stress tests policy.
Within Risk appetite, the Bank and Group have defined tolerance zones for its measures (build up based on the “traffic lights” principle). As for all tolerance zones for risk appetite, it have been set:
- Risk appetite status – green zone means a measure within risk appetite, yellow zone means an increased risk of risk appetite breach, red zone means risk appetite breach;
- Escalation process of actions/decisions taken – management bodies / organizational entities responsible for decisions and actions in a particular zones;
- Actions taken – defining a typical actions and decisions aiming at getting back / maintaining a metric within Risk appetite monitoring process;
- Mitigation plan formulation – defining a responsible organizational entities;
- Mitigation plan approval – defining a responsible management bodies;
- Risk appetite breach notification (entry into yellow or red zone) regarding breach description, high-level mitigation plan and timeline for breach resolution – defining a management bodies to which information is provided;
- Mitigation plan monitoring – defining a responsible management bodies.
Changes in any defined metric that will be higher than 10% should be consider an alert level and should be monitor by Management Board and reported to Committee for Risk Matters whenever there is material risk of financial stability or achievement of the planned results of the Bank.
Zone thresholds and metrics are defined and revised on a yearly basis.
Monitoring of Risk appetite is a part of Supervisory Board (Committee for risk matters of Supervisory Board), Management Board and Risk Committee. Risk appetite dashboard review is a constant topic of these bodies meetings, including information on breaches and mitigation plan reporting/review (if applicable).