Risk management is one of the most important internal processes in both PKO Bank Polski SA and other entities of the PKO Bank Polski SA Group. Risk management is aimed at ensuring the profitability of the business activities while monitoring the risk level, keeping the risks within the risk tolerances and limits adopted by the Bank and the Group, in a changing macroeconomic and legal environment. The level of risk is an important part of the planning processes.
The Group identifies risks which are to be managed in its activities and analyses the impact of particular types of risk on the business operations of the Bank and entities in the Group. All the risks are managed; some of them have a material effect on profitability and capital needed to cover them. The materiality of all the identified risks is assessed on a regular basis, at least annually. When assessing the materiality of the risks, the Bank applies the criteria for recognizing a given type of risk as material. All risks classified as material for the Bank are also material for the Group. The following risks are considered material for the Bank: credit risk, currency risk, interest rate risk, liquidity risk (including financing risk), operating risk, business risk, risk of macroeconomic changes and model risk. Group entities may consider types of risks other than those listed above to be material, taking into account the specific nature and scale of their operations and the markets on which they operate. The Bank verifies the materiality of these risks at Group level. Group entities participate in assessing the materiality of the risks initiated by the Parent Company and assessed at Group level.
Type of risk | SECTION |
---|---|
credit risk | 59, 60 |
interest rate risk | 66 |
currency risk | 67 |
liquidity risk, including financing risk | 68 |
operating risk | 69 |
business (strategic) risk) | 70 |
models risk | 70 |
risk of macroeconomic changes | 70 |
A detailed description of the management policies for material risks is presented in the Report on Capital Adequacy and other information subject to publication in the PKO Bank Polski SA Group.
The objective of the risk management is to strive to maintain the level of risk within the accepted tolerances in order to:
The risk management objectives are achieved, in particular, by providing appropriate information on the risk, so that decisions are made in full awareness of the particular risks involved.
The Group’s risk management is based, in particular, on the following principles:
The process of risk management in the Group consists of the following stages:
Risk identification consists of recognizing the existing and potential sources of risk and estimating the significance of its potential impact on the Bank’s and the Group’s operations. As part of risk identification, the risks considered to be material in the Bank’s or the Group’s operations are identified.
Risk measurement covers determining the risk assessment measures adequate to the type and significance of the risk, data availability and quantitative risk assessment by means of determined measures, as well as risk assessment aimed at identifying the scale or scope of risk, taking into account achieving the risk management objectives. As part of risk measurement, valuation of the risks for the purpose of the pricing policy and stress-tests are conducted based on assumptions which ensure a sound assessment of the risk. Stress-test scenarios include, among other things, the requirements stemming from the Recommendations of the Polish Financial Supervision Authority. In addition, the Group conducts comprehensive stress tests (CST) which are an integral element of the risk management and which supplement stress tests specific for individual risks. CST also covers an analysis of the impact of changes in the environment (in particular, the macroeconomic environment) and the Bank’s functioning on the Group’s financial position.j.
Risk forecasting and monitoring involves preparing risk level forecasts and monitoring deviations from forecasts or the adopted benchmarks (e.g. limits, thresholds, plans, prior period measurements, recommendations and instructions issued by supervisory and regulatory authorities), and performing (specific and comprehensive) stress tests. Risk level forecasts are verified. The frequency of risk monitoring frequency is adequate to the significance and variability of specific risks, which are monitored and, if they are exceeded, management actions are taken.
Risk forecasting and monitoring involves preparing risk level forecasts and monitoring deviations from forecasts or the adopted benchmarks (e.g. limits, thresholds, plans, prior period measurements, recommendations and instructions issued by supervisory and regulatory authorities), and performing (specific and comprehensive) stress tests. Risk level forecasts are verified. The frequency of risk monitoring frequency is adequate to the significance and variability of specific risks.
Risk reporting consists of regularly providing information to the Bank’s governing bodies on the results of the risk measurement or assessment, actions taken and follow-up recommendations. The scope, frequency and form of the reporting are adjusted to the managerial level of the recipients. If potential liquidity problems arise, the Supervisory Board is immediately informed about the level of the Bank’s liquidity, threats and remedial actions taken, and in the event of significant operational events or security incidents.
Management actions consist particularly in issuing internal regulations affecting the management processes relating to different types of risk, establishing the level of risk tolerance, establishing limits and thresholds, issuing recommendations, and making decisions, including decisions to use tools supporting risk management. The objective of management actions is to shape the risk management process and risk levels.
The Bank supervises the functioning of individual entities in the PKO Bank Polski SA Group. As part of its supervisory role, the Bank monitors their risk management systems and supports their development. In addition, the Bank takes into account the level of risk in particular Group companies for the purposes of the risk monitoring and reporting system at Group level.
Risk management in the Bank takes place in all the Bank’s organizational units.
The organization of risk management in PKO Bank Polski SA is presented in the diagram below:
The risk management system is supervised by the Supervisory Board of the Bank which controls and evaluates the adequacy and effectiveness of the system. The Supervisory Board evaluates whether or not individual elements of the risk management system support proper execution of the process for setting and achieving specific objectives of the Bank. In particular, the Supervisory Board verifies whether the system applies formal rules to establish the size of the risk taken and risk management principles, as well as formal procedures to identify, measure or estimate and monitor the risks associated with the Bank’s operations, taking into account the anticipated level of risk in the future. The Supervisory Board verifies if formal limits restricting the risk and the rules of conduct in the case when limits are exceeded are applied, and if the adopted management reporting system enables monitoring the risk levels. The Supervisory Board evaluates whether the risk management system is updated on an on-going basis to take into account new risk factors and sources. The Supervisory Board is supported by the following committees: the Supervisory Board Appointments and Remuneration Committee, the Supervisory Board Risk Committee and the Supervisory Board Audit Committee.
In respect of risk management, the Management Board of PKO Bank Polski SA is responsible for strategic risk management, including supervising and monitoring actions taken by the Bank in respect of risk management. The Management Board makes major decisions affecting the risk profile of the Bank and adopts internal regulations concerning risk management. In its risk management activities, the Management Board is supported by the following committees:
The risk management process is carried out in three independent but complementary lines of defence:
is formed of organizational structures responsible for product management, executing sales of products and customer servicing, and of other structures which perform risk-generating operating tasks based on the internal regulations. The function is realized in all of the Bank’s organizational units and in all organizational units of the Head Office, as well as in the Group entities. The organizational units of the Head Office implement appropriate risk controls, including in particular limits, designed by the second-level organizational units of the Head Office, and ensure that they are met by means of appropriate controls.
At the same time, the Group and the Bank are obliged to have comparable and consistent systems for risk assessment and control, taking into account the specific characteristics of each entity and its market.
covers compliance units and involves the identification, measurement, evaluation or control, monitoring and reporting of significant types of risks, and of the threats and irregularities identified; the tasks are executed by dedicated organizational structures acting on the basis of the applicable internal regulations of the Bank; the objective of these structures is to ensure that the tasks performed as part of the first line of defence are properly governed in the internal regulations of the Bank and that they effectively limit the risk, support risk measurement, assessment and analysis and contribute to operational efficiency. The second line of defence supports actions undertaken in order to eliminate unfavourable deviations from the financial plan, to the extent applicable to figures which affect the quantitative strategic risk tolerance limits adopted in the financial plan. These tasks are performed in particular in the organizational units of the Head Office responsible for controlling.
consists of the internal audit function which performs independent audits of individual components of the Bank’s management system, including the risk management system, and of the internal control system; the internal audit operates independently of the first and second lines of defence and may support their actions by way of consultations, but without participating in their decision-making. The function is performed in accordance with the Bank’s internal regulations concerning the operation of the internal control system.
The independence of the lines of defence consists of preserving organizational independence in the following areas:
The policies concerning the management of specific risk types in the Bank’s Group entities are set out in their internal regulations, implemented after having consulted the Bank and taking into account the Bank’s recommendations. The risk management policies of these entities are implemented in accordance with the principles of consistency and comparability of the assessments of individual types of risks in the Bank and in the Bank’s Group entities, taking into account the extent and type of relations between the Group entities, the specific characteristics and scale of their operations and the markets on which they operate.
The risk management function in the Group entities is executed, in particular, by:
The Group’s top priority is to maintain a strong capital position, including effective management of capital adequacy, to retain stable sources of financing which form the basis for business development, to support Polish entrepreneurship, ensuring customer satisfaction, engagement in developing new market standards, preventing cyberthreats, without compromising priorities in terms of operational efficiency, effective cost control and an appropriate assessment of the risk level. To this end, in 2018, the Group increased its portfolio of short-term bonds amounting (mainly 3-6 months) from PLN 3.3 billion at the end of 2017 to PLN 4.1 billion at the end of 2018.
On 8 February 2018, the Bank made a full early repayment of a credit line granted by Nordea Bank AB (publ) based on an agreement dated 1 April 2014. The Bank disclosed the execution of the agreement and its terms and conditions in its current report no 26/2014. Initially, the credit line was granted for a period of seven years, which means that the Bank repaid it three years before its original maturity;
On 8 March 2018, the Polish Financial Supervision Authority approved the allocation of proceeds from the issue of subordinated bonds made on 5 March 2018 with a total par value of PLN 1 000 000 000 to increase the Bank’s Tier 2 capital under Article 127(2)(2) of the Banking Act in conjunction with Article 63 of the Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.
On 21 December 2017, having obtained the necessary corporate consents, the Bank concluded a guarantee agreement with a counterparty ensuring unfunded credit protection with regard to the portfolio for selected corporate loan receivables of the Bank, in accordance with the CRR Regulation. The total value of the Bank’s portfolio covered by the Guarantee is PLN 5 495 million, and the portfolio comprises the bond portfolio amounting to PLN 1 097 million and a portfolio of other receivables of PLN 4 398 million.
Within the Group, the portfolios of mortgage loans originally granted by PKO Bank Polski SA are successively transferred to PKO Bank Hipoteczny SA. The value of the portfolio transferred in 2018 amounted to approx. PLN 2.5 billion.
In 2018, PKO Bank Hipoteczny SA conducted five issues of mortgage bonds denominated in PLN addressed to institutional investors with a total nominal value of PLN 1 590 million and redemption period of 4 to approx. 10 years from the date of issue. Both domestic and international institutional investors acquired these mortgage bonds. PKO Bank Hipoteczny SA’s mortgage bonds are among the safest debt instruments on the Polish financial market. This is reflected in the highest possible rating which can be obtained by Polish securities of Aa3 assigned by Moody’s.
In 2018, PKO Bank Hipoteczny SA conducted one issue of mortgage bonds denominated in EUR addressed to institutional investors, with a nominal value of EUR 500 million and redemption period of approx. 6 years from the date of issue. Both domestic and international institutional investors acquired these mortgage bonds.
On 23 October 2018, the Bank obtained about PLN 646 million of financing from the European Investment Bank (EBI), maturing in October 2023. Furthermore in 2018, PKO Leasing obtained EUR 40 million of financing from the EBI and EUR 50 million of financing from the CEB maturing in March 2023 and November 2023 respectively.
As a result of the legal merger between PKO Leasing SA and Raiffeisen-Leasing Polska SA (on 28 April 2017), conceptual and implementation work was performed to integrate risk management in the combined PKO Leasing SA Group. In 2017, the works performed included, among other things, harmonizing parts of the internal risk management regulations governing the assumption of the material types of risk (in particular credit risk, market risk and operating risk), and the implementation of new tools for risk measurement and assessment, represented by IT systems also made available to the subsidiaries of PKO Leasing SA.