Risk management

Credit risk is defined as the risk of the occurrence of losses due to the Counterparty’s default in payments to the Bank’s Group or as a risk of a decrease in the economic value of amounts due to the Bank’s Group as a result of a deterioration in the Counterparty’s ability to repay amounts due to the Bank.

The objective of credit risk management is to minimize losses on the credit portfolio as well as to minimize the risk of exposure to loans threatened with impairment, while maintaining the expected level of profitability and the value of the credit portfolio.

The credit risk management system, in addition to the basic principles of risk management, includes:

• credit risk management at individual credit transaction level and at portfolio level;
• participation in the creation of an incentive system contributing to compliance with the credit risk management policies and principles adopted by the Bank.

Credit risk identification involves the identification of current and potential sources and factors of credit risk, which result from current and planned lending activities of the Bank’s Group.

As part of credit risk identification, those types of risk which are considered material in the Bank’s and the Group’s activities are taken into consideration and their potential impact on the operations of the Group is estimated.

Credit risk is identified for:

• existing credit products offered to customers of the Bank’s Group, the processes of implementation of these products using IT tools and databases;
• designed credit products for customers, internal regulations, and IT tools and databases.

Credit risk is measured, estimated and assessed at the level of the Customer, a single credit transaction and at the level of the loan portfolios of the Bank’s Group, using scoring or rating methods, which ensure a uniform and objective assessment of the Customer’s credibility in the creditworthiness assessment process.

The Bank’s Group develops credit risk assessment methods taking into account the requirements of the Internal Ratings-Based Approach (IRB).

As part of credit risk measurement or estimation at the level of loan portfolios, stress tests of the risk related to foreign currency and zloty credit exposures are carried out.

Measurement, estimation and assessment of portfolio credit risk includes periodical assessment of this risk taking into account all credit exposures of Customers, as well as various aspects of the portfolio, such as Customer groups, groups of credit products.

In order to assess the level of credit risk and profitability of loan portfolios, the Bank’s Group uses different credit risk measurement and valuation methods, including:

• probability of default (PD);
• loss given default (LGD);
• credit conversion factor (CCF);
• expected loss (EL);
• credit value at risk (CVaR);
• share and structure of impaired loans;
• coverage ratio;
• cost of credit risk;
• stress testing.

The process of assessing the Group’s credit risk takes into account the requirements of the Polish Financial Supervision Authority as specified in the PFSA Recommendations.

The Group performs analyses and stress-tests regarding the influence of potential changes in the macroeconomic environment on the quality of the Group’s loan portfolio and the results are presented in reports to the Bank’s authorities. The above-mentioned information enables identifying and taking measures to limit the adverse influence of unfavourable market changes on the Group’s performance.

Credit risk control involves the definition of the tools used to diagnose or reduce the level of credit risk, use of credit risk controls to mitigate that risk, and compliance with controls, as part of credit risk management in credit processes and at the portfolio level.

In the first instance, the Bank uses the following to manage the Group’s credit risk:

• strategic credit risk tolerance limits;
• internal credit risk limits:
  • portfolio credit risk limits;
  • industry limits;
  • competence limits;
• thresholds for providing financing to individual or institutional Customers;
• minimum transaction requirements or credit risk covenants determined depending on the level of risk associated with financing the Customer in a specific form.

Credit risk forecasting and monitoring involves preparing risk level forecasts and monitoring deviations from the forecasts or the adopted benchmarks (e.g. limits, thresholds, plans, prior period measurements, recommendations and instructions issued by external supervisory and regulatory authorities), and performing (specific and comprehensive) stress tests. Risk level forecasts are subject to back testing…

Credit risk is monitored at the level of individual credit transactions and at portfolio level.

Credit risk monitoring at the individual loan transaction level is governed, in particular, by the Bank’s internal regulations concerning:

• assessment of the Bank’s credit risk related to customer financing;
• ways and methodologies of Customer assessment;
• identification of groups of related entities;
• evaluation of collateral and inspection of investments;
• recognition of allowances for expected credit losses
• Early Warning System;
• Operating procedures within the lending system.

Credit risk monitoring at the portfolio level consists of:

• supervising the level of the portfolio credit risk based on the tools used for measuring credit risk, taking into consideration the identified sources of credit risk and analyzing the effects and actions taken as part of system management;
• recommending preventive measures in the event of identifying an increased level of credit risk.

The Bank’s Group analyses its portfolio of foreign currency mortgage loans for households in a specific manner. The Bank’s Group monitors the quality of the portfolio on an on-going basis and reviews the risk of deterioration in the quality of the portfolio. Currently, the quality of the portfolio is at an acceptable level. The Bank takes into consideration the risk of foreign currency mortgage loans for households in the capital adequacy and own fund management.

Credit risk reporting includes periodical reporting of the loan portfolio’s risk exposure.

The Group prepares monthly and quarterly credit risk reports. In addition to the information concerning the Bank, the reports also contain information about the credit risk level for Group entities in which significant credit risk levels have been identified: (among others: the KREDOBANK SA Group, the PKO Leasing SA Group, PKO Bank Hipoteczny SA).

The purpose of management actions is to shape and optimize the credit risk management system and credit risk level in the Bank’s Group.

The credit risk management actions include in the first instance:

• issuing internal regulations governing the credit risk management system at the Bank and the Bank’s Group;
• issuing recommendations, guidelines for conduct, explanations and interpretation of the Bank’s and the Bank’s Group’s internal regulations;
• taking decisions regarding the acceptable level of credit risk, including in particular lending decisions;
• developing and improving credit risk control tools and mechanisms which make it possible to maintain the credit risk level within the limits acceptable to the Bank and the Bank’s Group;
• developing and monitoring the operation of credit risk management controls;
• developing and improving credit risk assessment methods and models;
• developing and improving IT tools used in credit risk management;
• planning actions and issuing recommendations.

The collateral management policy as regards credit risk plays a special role in establishing transaction requirements. The collateral management policy pursued by the Bank’s Group is meant to properly secure the credit risk to which the Group is exposed, including first and foremost establishing the most liquid collateral. Collateral may be considered liquid if it is possible to sell it without a material reduction in its price and at a time which does not expose the Bank to a change in the value of the collateral on account of the collateral-specific price fluctuations.

The Bank’s Group strives to diversify collateral in terms of its forms and assets used as collateral. The type of collateral depends on the Customer or transaction risk level.

The Bank’s Group evaluates collateral from the perspective of the actual possibility of using it to satisfy its claims.

Interest rate risk is the risk of incurring losses on the Group’s statement of financial position and off-balance sheet items sensitive to interest rate changes, as a result of changes in interest rates on the market.

To mitigate potential losses arising from market interest rate fluctuations to an acceptable level by appropriately shaping the structure of the statement of financial position and off-balance sheet items.

Identification of the interest rate risk consists of identifying the current and potential sources of the risk and on estimating the materiality of its potential impact on the Bank’s and the Bank’s Group’s operations.

The Bank’s Group utilizes such interest rate risk measures as:

• sensitivity of interest income;
• sensitivity of economic value;
• value at risk (Vary);
• stress testing;
• repricing gap.

Control of the interest rate risk covers determining the interest rate limits and threshold values tailored to the scale and complexity of the Bank’s Group’s operations, in particular the strategic limit of risk tolerance to interest rate risk.

The following are monitored by the Bank’s Group on a regular basis:

• the level of interest risk measures;
• the degree of utilization of the strategic limit of interest rate risk tolerance;
• the degree of utilization of internal limits and threshold values relating to interest rate risk.

The reports on interest rate risk are prepared on a daily, weekly, monthly and quarterly basis.

The main tools used in interest rate risk management in the Bank’s Group include:

• procedures for interest rate risk management;
• interest rate risk limits and thresholds.

The Bank’s Group has established limits and thresholds for interest rate risk comprising, inter alia, the following: sensitivity of interest income, sensitivity of the economic value.

Currency risk is the risk of incurring losses due to exchange rate changes. The risk is generated by maintaining open currency positions.

To mitigate the risk of potential losses arising from foreign exchange rate changes to an acceptable level by appropriately shaping the currency structure of the statement of financial position and off-balance sheet items.

Identification of currency risk consists of identifying the current and potential sources of the risk and on estimating the materiality of its potential impact on the Bank’s and the Bank’s Group’s operations.

The Bank’s Group utilizes the following currency risk measures:

• value at risk (Vary);
• stress tests.

Control of currency risk covers determining currency risk limits and thresholds tailored to the scale and complexity of the Group’s operations, in particular the strategic limit of tolerance to currency risk.

The following are monitored by the Bank’s Group on a regular basis:

• the level of currency risk measures;
• the degree of utilization of the strategic limit of currency risk tolerance;
• the degree of utilization of internal limits and threshold values relating to currency risk.

The reports on currency risk are prepared on a daily, weekly, monthly and quarterly basis.

The main tools used in currency risk management in the Bank’s Group include:

• procedures for currency risk management;
• currency risk limits and threshold values;
• defining allowable types of transactions in foreign currencies and the exchange rates used in such transactions.

The Bank’s Group has set limits and thresholds for currency risk for, inter alia, currency positions, Value at Risk calculated for a 10-day time horizon and loss from transactions on the currency market.

Liquidity risk is the lack of possibility to pay debts on time due to the lack of liquid assets. Lack of liquidity may result from an inappropriate structure of the statement of financial position, mismatch of cash flows, payments not received from counterparties, sudden withdrawal of cash by customers or other market events.

The Bank’s Group also manages the financing risk, which takes into account the risk of loss of financing sources and the lack of opportunities to renew matured funding, or loss of access to new financing sources.

To ensure the necessary level of funds to pay present and future debts (also potential) on time, taking into account the nature of the activities performed and requirements which may occur due to changes in the market environment, by appropriately shaping the structure of the statement of financial position and off-balance sheet liabilities.

Identification of liquidity risk consists in identifying the current and potential sources of the risk and on estimating the materiality of its potential impact on the Bank’s and the Bank’s Group’s operations.

The Bank’s Group utilizes the following liquidity risk measures:

• the contractual and adjusted to real terms liquidity gap;
• liquidity reserve;
• liquidity surplus;
• liquidity coverage ratio (LCR);
• net stable funding ratio (NSFR);
• national supervisory ratios M3-M4;
• measures of stability of deposit and loan portfolios;
• stress tests (liquidity stress tests).

Control of liquidity risk covers determining the strategic limits of tolerance to liquidity risk, tailored to the scale and complexity of the Group’s operations, as well as other limits and thresholds which set the acceptable level of exposure of entities in the Bank’s Group to short term, medium term and long term liquidity risk.

The following are monitored by the Group on a regular basis:

• the degree of utilization of the strategic limits of liquidity risk tolerance;
• the degree of utilization of European and national supervisory liquidity standards;
• the degree of utilization of internal limits and thresholds relating to liquidity risk;
• concentration of sources of financing;
• early warning signals – monitoring their level is aimed at the early discovery of unfavorable developments which could have an adverse impact on the Bank Group’s or the financial sector’s liquidity position (which, when exceeded, trigger liquidity contingency plans).

The Group also performs periodical forecasts of liquidity risk levels, in consideration of the current developments in the Group’s operations. Liquidity forecasts account mainly for the level of particular liquidity risk measures in conditions of materialization of the statement of financial position forecasts and materialization of selected stress-test scenarios.

Reports on liquidity risk are prepared on a daily, weekly, monthly and quarterly basis, and once a year an in-depth long-term liquidity analysis is performed.

The main tools used in liquidity risk management in the Group include:

• procedures for liquidity risk management, in particular liquidity emergency plans;
• limits and thresholds for mitigating liquidity risk;
• deposit, investment, derivative transactions, including structured Forex transactions, and purchase and sales transactions of securities;
• transactions ensuring the long-term financing of lending activities.

The Group’s policy concerning liquidity is based on maintaining an appropriate level of liquidity surplus through increasing its portfolio of liquid securities and stable sources of financing (a stable deposit base, in particular). Money market instruments, including NBP open market operations, are also used in liquidity risk management.

Operational risk is the risk of occurrence of a loss due to the incompatibility or unreliability of internal processes, people and systems or external events. Operational risk includes legal risk, and does not include reputation risk and business risk.

The objective of operational risk management is to enhance the security of the operational activity pursued by the Bank’s Group by improving effective, tailored to the profile and scale of operations, mechanisms of identifying, assessing, measuring, controlling, monitoring, mitigating and reporting operational risk.

In order to manage the operational risk, the Bank gathers internal and external data about operational events and the causes and consequences of their occurrence, data on the factors of the business environment, results of operational risk self-assessment, data on operational risk indicators and data related to the quality of internal functional controls.

The operational risk self-assessment comprises the identification and assessment of operational risk for the Bank’s products, processes and applications as well as organizational changes and it is conducted periodically and before implementing new or changed Bank’s products, processes and applications, using the data gathered on operational events and information obtained during the measurement, monitoring, cooperation with Bank Group’s entities and operational risk reporting, including internal audits and security audits.

The measurement of operational risk comprises:

• calculating operational risk indicators: key risk indicators (KRI) and risk indicators (RI);
• calculating the operational risk requirement relating to own funds in accordance with the AMA approach (the Bank) and the BIA approach (the branches in Germany and the Czech Republic, and the Group companies covered by prudential consolidation);
• stress testing;
• calculating the internal capital for the Bank’s Group.

Control of operational risk includes determining operational risk limits tailored to the scale and complexity of the Bank’s and the Group’s activities, in particular the strategic limits of tolerance of operational risk, loss limits, operational risk indicators with thresholds and critical values.

The following are monitored by the Group on a regular basis:

• the degree of utilization of strategic tolerance limits for the Bank, the Bank’s Group, and operational risk loss limits for the Bank;
• operational events and their consequences;
• results of self-assessment of operational risk;
• the operational risk requirement relating to own funds;
• the results of stress tests, including reverse stress tests;
• operational risk indicator values in relation to thresholds and critical values;
• the level of risk for the Bank and the Bank’s Group, and the areas and tools for managing operational risk in the Bank such as self-assessment, operational risk indicators, loss limits;
• effectiveness and timeliness of management actions taken to reduce or transfer operational risk;
• management actions related to the presence of elevated or high levels of operational risk and their effectiveness in reducing the level of operational risk.

Information relating to operational risk is reported to senior management, the Operational Risk Committee, the Risk Committee, the Management Board and the Supervisory Board on a monthly and quarterly basis. What is prepared on a monthly basis is information on operational risk reported to the Operational Risk Committee, senior management, the Head Office’s organizational units and specialist organizational units responsible for systemic operational risk management. The scope of information is diversified and adapted to the scope of responsibilities of particular recipients.

Management actions are taken on the initiative of the Operational Risk Committee or the Management Board, on the initiative of organizational units and cells of the Bank managing operational risk when operational risk has exceeded the levels described by the Management Board or the Operational Risk Committee.

Especially when the operational risk level is elevated or high, the Bank uses the following approaches and instruments to manage operational risk:

• risk reduction – mitigating the impact of risk factors or the consequences of their materialization by introducing or strengthening various types of instruments for managing operational risk such as: control instruments, human resources management instruments, determination or verification of thresholds and critical operational risk indicators, determination or verification of operational risk levels, contingency plans;
• risk transfer – transfer of responsibility for covering potential losses to a third-party: insurance, outsourcing;
• risk avoidance – discontinuation of an activity which generates risk or elimination of the probability of the occurrence of a risk factor.

The compliance risk is the risk of legal sanctions, financial losses, or loss of reputation or credibility, if the Bank’s Group, the Group’s staff or entities acting on the Group’s behalf fail to comply with the law, internal regulations, or market standards adopted by the Group.

Conduct risk is a risk of loss arising on the part of:

• the Customer;
• the Bank’s Group, including its reliability;
• financial markets, with regard to their credibility,

as a result of inappropriate action (also unintentional) or any omission by the Bank’s Group, its staff or related entities, with regard to the offering of purchase and provision of financial services.

• to reinforce, among shareholders, Customers, the Group’s staff, business partners, and other market participants, an image of the Group as an institution which abides by the law and market standards, which is trustworthy, reliable and honest;
• to counter financial losses or legal sanctions, or loss of reputation, reliability in particular, which can result from the violation of the law, internal regulations of the Bank’s Group, and market standards adopted by the Bank’s Group;
• to counter losses on the part of the Bank’s Group’s customers, which may result from inappropriate conduct (also unintentional) or omission by the Bank’s Group, its staff or related entities, with regard to the offering of purchase and provision of financial services.

Compliance and conduct risk is identified and assessed through the use of information on cases of non-compliance and the reasons for their occurrence, including information being the result of an internal audit, an internal or external inspection.

The identification and assessment of compliance and conduct risk is based primarily on:

• estimation of the severity of potential cases of non-compliance;
• results of operational risk self-assessment;
• results of the review and evaluation of the adequacy and effectiveness of controls;
• details of irregularities identified as part of the internal control system;
• assessment of additional risk factors of non-compliance with legal regulations.

When making the assessment, the Bank determines the nature, potential scale of losses and probability of their occurrence, and indicates how the compliance risk can be reduced or eliminated. The assessment is carried out in the form of workshops.

Forecasting and monitoring involves:

• analysis of cases of non-compliance and conduct risk events in the Bank’s Group and in the banking sector, the causes and effects thereof;
• evaluation of key provisions of the law affecting the operations of the Bank’s Group;
• evaluation of activities undertaken by the Bank and members of the Bank’s Group as part of the management of the compliance risk;
• evaluation of the effectiveness and adequacy of the controls related to mitigation of the compliance risk;
• analysis of information about the status of the major adaptation work performed by the Group to adapt to the provisions of law, market standards adopted by the Bank’s Group and notices of external supervisory and control authorities;
• analysis of information about operating events, security incidents, disputes, including litigation, against the Bank’s Group, complaints and irregularities related to the conduct risk.

The Bank’s Group reports compliance risk in the form of quarterly and annual management reports to the Risk Committee, the Management Board,  the Risk Committee of the Supervisory Board, the Audit Committee of the Supervisory Board, and the Supervisory Board, including, in the first instance, information on:

• the most significant factors which contribute to the level of compliance risk;
• results of identification and assessment of compliance risk;
• the cases of non-compliance observed;
• the most important developments in the Bank’s regulatory environment;
• compliance test results.

The management of this risk comprises in particular:

• preventing the Bank’s Group from engaging in illegal activities;
• promoting ethical standards and monitoring their functioning;
• managing conflicts of interest;
• preventing situations in which the conduct of the Group’s employees in official matters could give the impression of pursuing a private interest;
• professional, fair, and transparent wording of the product offer, as well as advertising and marketing messages;
• ensuring protection of information;
• immediate, fair and professional handling of customer complaints, requests and grievances;
• preventing situations in which a product incompatible with the customer’s needs may be offered;
• determination of an adequate manner and form of the offer of purchase in relation to the nature of the product offered;
• monitoring sales and reliable performance of agreements executed with Customers.

Business (strategic) risk is the risk of not achieving the assumed financial goals, including incurring losses, due to adverse changes in the business environment, taking bad decisions, incorrect implementation of the decisions taken, or not taking appropriate actions in response to changes in the business environment.

Maintaining, at an acceptable level, potential adverse financial consequences resulting from adverse changes in the business environment, making adverse decisions, improper implementation of adopted decisions or lack of appropriate actions which would be a response to changes in the business environment.

Identification consists in recognizing and determining factors, both current and potential, resulting from current and planned activities of the Bank’s Group, which may significantly affect the financial position of the Group, generating or changing the amount of the Group’s revenues and expenses. Business risk is identified through a qualitative assessment of business risk and identification and analysis of factors that contributed to significant deviations in the generation of revenues and expenses from their forecast values.

Measurement of business risk is aimed at defining the scale of threats related to the existence of business risks, using predetermined risk measures. Business risk measurement covers: calculation of internal capital, conducting stress tests and reverse stress tests.

The purpose of the control of business risk is to strive to maintain an acceptable level of the risk. It involves determining and periodically reviewing the risk controls in the form of business risk tolerance limits and its thresholds and critical values, adequate to the scale and complexity of the Bank’s Group’s operations.

Forecasting business risk is aimed at determining an anticipated scenario of the degree of achievement of planned results by the Group.

Business risk is monitored to diagnose areas which require management action. Business risk monitoring includes:

• strategic limits of business risk tolerance;
• stress test results;
• reverse stress test results;
• levels of internal capital;
• deviations of actual business risks from forecasts;
• results of qualitative assessment of the business risk.

Reporting is performed on a quarterly basis. The reports on the business risk level are addressed to the Asset and Liability Management Committee, the Risk Committee, the Management Board, the Risk Committee of the Supervisory Board, and the Supervisory Board.

Management actions consist mainly of:

• verifying and updating quarterly financial forecasts, including actions aimed at mitigating the business risk level in accordance with the limits;
• monitoring the level of the strategic limit of tolerance to business risk.

Reputation risk is the risk of damage to reputation with Customers, counterparties, investors, regulators, inspectors, and the public, as a result of business decisions, operating events, instances of non-compliance, or other events.

To protect the Group’s reputation by preventing reputation losses and limiting the impact of adverse publicity events on the Group’s reputation.

Reputation risk identification concerns developments in the Group’s internal processes and in its external environment, in the first instance adverse publicity events and business environment factors, i.e. quantitative and qualitative information, including in the first instance any data on the Group and the Group’s external environment, which provides reputation risk information.

Reputation risk assessment involves assessing the impact of adverse publicity events on the Group’s reputation, in the first instance by assessing the severity of reputation losses caused by such events. Reputation risk assessment takes account of the tone, credibility or opinion-making potential and reach of revealing of adverse publicity events to the public.

Reputation risk control and monitoring involves defining and regularly assessing the level of reputation risk measures in relation to the limits adopted. The level of reputation risk is determined based on the level of such reputation risk measures.

Reputation risk reporting takes in the first instance the form of semi-annual management reports intended for the Risk Committee, the Management Board, the Risk Committee of the Supervisory Board, and the Supervisory Board. These reports contain overall information on the scale and profile of the risk incurred by the Bank (as well as by the entities of the Bank’s Group where reputation risk has been identified), the most severe reputation losses and protective measures taken, use of reputation risk limits and effectiveness of management actions taken, as well as the most important sources and factors of reputation risk, which will most likely contribute to its level. Moreover, semi-annual management reports for the second half of the calendar year include, in addition to the information referred to above, an annual review of the adequacy and effectiveness of reputation risk management.

Depending on the current level of reputation risk, management actions are taken and they may include:

• analysis of the causes of a specific risk level;
• assessment of the impact of such a level;
• development of proposed management actions aimed at reducing reputation risk or providing a rationale for not taking action, e.g. in case of incidental, extraordinary events.

Model risk is the risk of losses resulting from taking incorrect business decisions based on the models in place. Model risk is managed within the Bank’s Group both at the level of the given member of the Group (the model owner) and at the level of the Bank as the Group’s parent company.

To mitigate the risk of losses resulting from taking incorrect business decisions on the basis of the models in place at the Bank’s Group, using a well-defined and implemented model management process. Regular, independent validation of all the models significant to the Bank’s Group is one of the elements of the model management process.

Model risk identification in the first instance involves collecting information about the models which are in place or which are intended to be implemented, and periodically determining their significance.

Model risk assessment is intended to gauge the scale of threats posed by model risk. The assessment makes it possible to determine the risk profile and identify the models which generate the highest risk and expose the Bank’s Group to potential losses. Model risk is assessed at the level of each model and in aggregate, at the level of each member of the Bank’s Group.

Model risk control is intended to maintain an aggregated model risk assessment at a level which is acceptable to the Bank’s Group. Model risk control involves establishing the mechanisms used to diagnose the level of model risk and tools for reducing the level of such risk. The tools used to diagnose model risk in the first instance include a strategic limit of tolerance to model risk, and model risk thresholds.

Periodical model risk monitoring is aimed at diagnosing the areas which require management actions and in the first instance includes:

• model risk level updates;
• assessing the utilization of the strategic limit of tolerance to model risk and the model risk thresholds;
• verifying the status of implementation and evaluating the effectiveness of model risk mitigation activities.

Model risk monitoring results are periodically presented in reports intended for the Risk Committee, the Management Board, the Risk Committee of the Supervisory Board, and the Supervisory Board.

The purpose of management actions is to influence the model risk management process and the level of such risk, by setting acceptable risk levels and taking decisions to use risk management support tools.

Macroeconomic risk is the risk of deterioration in the Group’s financial situation as a result of an adverse impact of changes in macroeconomic conditions.

The objective of macroeconomic risk management is to identify macroeconomic factors which have a significant impact on the Group’s activities and take action to reduce the adverse impact of potential changes in the macroeconomic situation on the financial situation of the Bank’s Group.

Macroeconomic risk identification involves determining scenarios of potential macroeconomic changes and risk factors having the greatest impact on the financial situation of the Bank’s Group. Macroeconomic risk arises from the interaction of factors dependent on the Group’s activities (in the first instance, the statement of financial position structure and response plans developed for stress scenario purposes) and independent thereof (macroeconomic factors).

Macroeconomic risk measurement is intended to gauge the scale of threats posed by macroeconomic risk. The level of macroeconomic risk is assessed on an annual basis using the results of periodical comprehensive stress tests. Macroeconomic risk level may be moderate, increased or high.

The objective of macroeconomic risk control is to attempt to reduce the adverse impact of potential changes in the macroeconomic situation on the financial situation of the Bank’s Group.

Macroeconomic risk control involves determining an acceptable risk level commensurate with the scale of the Group’s operations and its impact on the operation and financial situation of the Bank’s Group.

The objective of macroeconomic risk forecasting is to determine the anticipated impact of materialization of an adverse scenario on the Bank’s results of operations, including its capital level.

Macroeconomic risk monitoring involves analyzing the macroeconomic situation, the macroeconomic factors to which the Bank’s Group is sensitive, the level of macroeconomic risk, and the results of comprehensive stress tests.

Macroeconomic risk is reported on a quarterly basis. Reports on the level of macroeconomic risk are intended for the ALCO, the RC, the Management Board, the Risk Committee of the Supervisory Board, and the Supervisory Board.

Management actions in the first instance involve setting acceptable risk levels and taking steps to reduce the level of risk in the event of increased or high macroeconomic risk.