Risk management is one the most important internal processes in PKO Bank Polski SA including the Bank’s branch in Germany and in other entities of the PKO Bank Polska SA Group. Risk management aims at ensuring profitability of business activity, with ensuring control of risk level and maintaining it within the risk tolerance and limits system applied by the Bank and the Group, in the changing macroeconomic and legal environment. The level of the risks plays an important role in the planning process.
In the of PKO Bank Polski SA Group, the following types of risk have been identified, which are subject to management: credit risk, interest rate risk, currency risk, liquidity risk, commodity price risk, price risk of equity securities, derivative instruments risk, operational risk, compliance risk, macroeconomic changes risk, model risk, business risk (including strategic risk), loss of reputation, capital risk, excessive leverage and insurance
55.1 Elements of risk management process
The process of risk management in Group consists of the following stages:
- risk identification:
the identification of actual and potential sources of risk and estimation of the significance of the potential influence on the financial situation of the Group. Within the risk identification process, types of risk perceived as material in the Bank’s, particular Group companies or the entire Group activity are identified,
- risk measurement and assessment:
risk measurement covering determination of risk assessment measures adequate to the type and significance of the risk, data availability and quantitative risk assessment by means of determined measures, as well as risk assessment aimed at identifying the scale or scope of risk, taking into account the achievement of goals of risk management. Within risk measurement, work related to the valuation of the risks for the purpose of pricing policy and stress-test are being conducted on the basis of assumptions providing a fair risk assessment,
- risk control:
consisting in determination of tools used for measuring or reducing the level of risk in specific areas of the Bank’s activity, This includes determination of control mechanisms adjusted to the scale and complexity of the Bank’s activities especially in the form of strategic tolerance limits for the individual types of risk.
- risk forecasting and monitoring:
preparing risk level forecasts and monitoring deviations from forecasts or adopted reference points (e.g. limits, thresholds, plans, measurements from the previous period, recommendations and suggestions issued by the supervisory and control authority) and also carrying out stress test (specific and complex). Forecasts of the level of risk shall be reviewed. Risk monitoring is performed with the frequency adequate to the materiality and volatility of a specific risk type,
- risk reporting:
periodic informing the authorities of the Bank about the results of risk measurement or risk assessment, taken actions and actions recommendations. Scope, frequency and the form of reporting are adjusted to the managing level of the recipients,
- management actions:
including, particularly, issuing internal regulations affecting the management process of different types of risk, establishing the level of risk tolerance, establishing limits and thresholds, issuing recommendations, making decisions about the use of tools supporting risk management. The objective of taking management actions is to form the risk management and the risk level.
The risk management process is described on the chart below:
55.2 Main principles of risk management
Risk management in the Group is based especially on the following principles:
- the Group manages all of the identified types of risk,
- the risk management process is appropriate to the scale of the operations and to the materiality, scale and complexity of a given risk and tailored to new risk factors and sources on a current basis,
- the risk management methods (in particular the models and their assumptions) and the risk measurement systems are tailored to the scale and complexity of the risk, currently pursued and envisaged Group’s activity and environment in which the Group operates, and are also verified and validated on a periodical basis,
- the area of risk management and debt recovery remains organisationally independent from business activities,
- risk management is integrated with the planning and controlling systems,
- the risk level is monitored on a current basis,
- the risk management process supports the implementation of the Group strategy in compliance with the risk management strategy, in particular with regard to the level of tolerance of the risk.
55.3 The organisation of risk management in the Bank
Risk management in the Bank takes place in all of the organisational units of the Bank.
The organisation of risk management is presented in the chart below:
The organisation of risk management chart
The risk management process is supervised by the Supervisory Board of the Bank, which is informed on a regular basis about the risk profile of the Bank as well as of the PKO Bank Polski SA Group and the most important activities taken in the area of risk management.
In the fourth quarter of 2015 the Bank appointed the Committee for the Risks of the Supervisory Board, which primarily gives opinions on the Bank’s willingness to take risks, expressed particularly by the strategic limits of risk tolerance. In the scope of competence of the Committee for the Risks of the Supervisory Board is to supervise the implementation of the risk management system in the Bank by the Bank’s Management Board and of the adequacy and effectiveness of the risk management system, as well to support the Supervisory Board in overseeing the strategy of risk management strategy.
The Bank’s Management Board is responsible for the risk management, including supervising and monitoring of activities taken by the Bank in the area of risk management. The Bank’s Management Board takes the most important decisions affecting the risk profile of the Bank and adopts internal regulations concerning risk management
The risk management process is carried out in three, mutually independent lines of defence:
- the first line of defence, which is functional internal control that ensures using risk controls mechanisms and compliance of the activities with the generally applicable laws,
- the second line of defence, which is the risk management system, including methods, tools, process and organisation of risk management,
- the third line of defence, which is an internal audit.
The independence of the lines of defence consists of preserving organisational independence in the following areas:
- the function of the second line of defence as regards creating system solutions is independent of the function of the first line of defence,
- the function of the third line of defence is independent of the functions of the first and second lines of defence,
- the function of managing the compliance risk reports directly to the President of the Management Board.
The first line of defence is being performed in particular in the organisational units of the Bank, the organisational units of the Head Office and entities of the Group and concerns the activities of those units, cells and entities which may generate risk. The units, cells and entities of the Group are responsible for identifying risks, designing and implementing appropriate control mechanisms, unless control mechanisms have been implemented as part of the measures taken in the second line of defence. At the same time the Group entities are obliged to have comparable and cohesive systems of risk evaluation and control in the Bank and in the Group entities, taking into account the specific business characteristic of each entity and the market on which it operates.
The second line of defence is being performed, in particular, in the Risk Management Area, Compliance Department, Planning and Controlling Department, relevant committees, as well as the other organisational units of the Head Office responsible for controlling.
The risk management area is formed within the Banking Risk Division, Department of Risk Integration, Department of Restructuring and Debt Collection of Corporate Client and Analysis and Credit Risk Assessment Centre as well as Restructuring and Debt Collection Centre and Planning and Controlling Department, which manage risk within the limits of competence assigned to them.
The Banking Risk Division is responsible in particular for:
- identifying risk factors and sources,
- measuring, assessing, controlling, monitoring and reporting risk levels on a regular basis,
- coordinating implementation activities the Risk Management Strategy in PKO Bank Polski.
- measuring and assessing capital adequacy,
- preparing recommendations for the Management Board or committees regarding the permissible level of risk,
- creating and expressing opinions on internal regulations on managing risk and capital adequacy,
- developing IT systems and software designated to support risk and capital adequacy management.
The Department of Risk Integration is responsible in particular for:
- validation of risk models,
- implementation an effective system of the models risk management in the Group,
- coordinating the implementation of integrated risk management system within the Group,
- initiating and coordinating integration activities related to risk management in the Group.
The Department of Restructuring and Debt Collection of the Corporate Client is responsible in particular for:
- recovering receivables from difficult corporate clients
- acquisition of assets as a result of pursuing receivables,
- performing review and classification of receivables being managed within the Department and off-balance sheet liabilities granted as well as determination of their impairment allowances.
The Restructuring and Debt Collection Centre is responsible in particular for:
- recovering and selling difficult receivables effectively
- monitoring of delays in the collection of receivables,
- effective management of assets taken over and settled as a result of recovering the Bank’s receivables,
- creation and development of models and system solutions used in difficult debts monitoring processes.
Analysis and Credit Risk Assessment Centre is responsible in particular for:
- evaluation, assessment and moderation of the credit risk of individual credit exposures
- risk assessment of financial institutions and monitoring of the limits on the wholesale market related to the credit risk of financial institutions,
- improving and optimizing credit processes and IT tools used within its scope of responsibilities
Risk management is supported by the following committees:
The Risk Committee (‘the RC’)
- monitors the integrity, adequacy and efficiency of the banking risk management system, capital adequacy and implementation of the risk management policies binding in the Bank consistent with the Bank’s Strategy,
- analyses and evaluates the application of strategic risk limits specified in PKO Bank Polski SA’s Bank Risk Management Strategy,
- supports the Management Board in the banking risk management process by formulating recommendations and making decisions concerning capital adequacy and the efficiency of the risk monitoring system.
The Assets & Liabilities Management Committee (the ‘ALCO’)
- makes decisions within the scope of limits and thresholds on particular types of risks, issues related to transfer pricing, models and portfolio parameters used to determine impairment allowances and provisions as well as other significant financial and business risk models and their parameters,
- gives recommendations to the Management Board i.a. with regard to determining the structure of the Bank’s assets and liabilities, managing different types of risks, equity and price policy.
The Bank’s Credit Committee (the ‘BCC’)
- makes loan decisions with regard to significant individual credit exposures and credit risk models,
- issues recommendations in respect mentioned above to the Management Board of the Bank,
- makes decisions regarding the approval of credit risk models and the results of the validation of these models in the composition including the representatives of the Finance and Accounting Area.
The Operating Risk Committee (the ‘ORC’)
- takes decisions, issues recommendations and opinions regarding i.a. strategic tolerance limits and loss limit for operational risk, key risk indicators (KRI), assumptions of stress-tests, results of validation of operational risk measurement models, extensions and changes in AMA approach and taking actions to reduce the level of operational risk in all areas of the Group activities.
- prepares operating risk management recommendations for the PKO Bank Polski SA Group entities, which are submitted to the PKO Bank Polski SA Group entities as a part of the Bank’s corporate governance over those entities.
ALCO, RC, ORC, BCC, the Management Board and the Supervisory Board are recipients of cyclic reports concerning the individual risk types.
The third line of defence Is being performed as part of internal audit, including the audit of the effectiveness of the system of managing the risk.
55.4 Activities in the area of risk management in the Group
The Bank supervises activities of the individual subsidiaries of the PKO Bank Polski SA Group. As part of this supervision, the Bank supervises the entities’ risk management systems and provides support in the development of these systems. Additionally, it reflects business risk level of the particular entities in the risk reporting and monitoring system of the entire Group.
The internal regulations concerning management of certain types of risk in the entities of the Group are defined by internal regulations implemented by those entities, after consulting the Bank’s opinion and having taken into account the recommendations issued to the entities by the Bank. The internal regulations of the entities concerning risk management allow for consistent and comparable assessment of particular types of risk within the Bank and entities of the Group, as well as reflect the extent and nature of the relationship of entities included in the Group, the nature and scale of the entity’s activity and the market on which it operates.
The risk management in the Group entities is carried out in particular by
- involving the units in the Bank’s Risk Management Area or the Bank’s relevant committees in evaluating large transactions of the Group entities;
- giving opinions and reviewing internal regulations concerning risk management in the individual Group entities, carried out by the units in the Bank’s Risk Management Area;
- reporting on the Group entities’ risks to the Bank’s relevant committees or the Management Board,
- monitoring of strategic risk tolerance limits for the Group.
PKO Bank Polski SA’s top priority is to maintain its strong capital position and to further increase in its stable sources of financing underlying the stable development of business activity, while maintaining the priorities of efficiency and effective cost control and appropriate risk assessment.
In this respect, the Bank took i.a. the following actions in 2015:
- in February, May and November 2015, turned the maturing own short-term bonds, on bonds with a maturity from three to six months in the amounts from PLN 800 million to PLN 1 billion,
- in November 2015, acquired financing due to issuance of short-term bonds with a maturity of six months on domestic market in the amount of EUR 200 million,
- reduced level of risk-weighted assets. The most important source of optimization carried out to improve the quality of data (eg. Inclusion in the category of retail exposures all SME customers meeting the criteria of segmentation), and a review of off balance-sheet liabilities, including verification of assigned risk weights of the product,
- Counted to own funds the profit of the Bank for 2015 in the amount PLN 3,079 million and the retained earnings from previous years in the amount of PLN 132 million and allocating it for spare and reserve capital according to the recommendation of the Management leaving the undivided amount of PLN 1 250 million, without committing any sums for the dividend.
In 2015, the area of operational risk management, the Bank carried out preparatory works for the launch of the new Bank’s branch in the Federal Republic of Germany, which the opening took place in December 2015. As the part of the works in July 2015, the Bank obtained the permit of the Polish Financial Supervision Authority’s on the combined use of the Advanced Measurement Approach (AMA) and the Basic Indicator Approach (BIA) for calculating the own funds requirement in respect of operating risk. The BIA approach will be used to calculate the requirement for operational risk with regard to the activities of the branch in Germany.
With the beginning of 1 April 2015, the PKO Bank Hipoteczny SA started its operational activity. The Bank is a 100% subsidiary of PKO Bank Polski SA. It specializes in providing mortgage loans for individual clients. Extension of the Group of PKO Bank Hipoteczny SA had no effect in 2015 on change of the nature of the risks identified within the framework of its activities.
Within the Group, the portfolios of mortgage loans granted by PKO Bank Polski SA will be moved to the PKO Bank Hipoteczny SA. The value of portfolio transferred in 2015 (transfer took place in December) amounted to PLN 429.5 million.
In 2015, PKO Bank Hipoteczny SA belonging to the of PKO Bank Polski SA Group made the first issue of mortgage bonds – in the amount of PLN 30 million for a period of 5 years.
The acquisition in the second half of 2015 of Spółdzielcza Kasa Oszczędnościowo Kredytowa “Wesoła” in Mysłowice, has not changed the nature of the risks identified in the Bank’s activities.
In the second half of 2015 PKO Leasing Group continued to integrate risk management approach of PKO Bank Polski SA in regards to adapting its internal regulations. In addition, measures have been taken to standardize the processes and management of PKO Leasing SA with BP PKO Faktoring SA. The PKO Leasing SA Group uses the results of the creditworthiness analysis of customers from the Bank’s rating model for clients assessment in full procedures, implements antifraud model and improves impairment model.
In 2015 KREDOBANK SA made changes in order to optimize and increase the efficiency of the credit process.
55.5 The Bank's policy in the area of the CHF
As the result of the abandonment of EUR/CHF peg by the Swiss National Bank in January 2015 there was a significant appreciation of the Swiss franc against foreign currencies, including the Polish zloty. The bank constantly analyses the impact of these events on the financial results including the risk of deterioration in the quality of the portfolio of mortgage loans denominated in CHF. The risk is partly mitigated by a decline in reference interest rates, CHF LIBOR.
Due to the fact that the significant appreciation of the CHF against Polish zloty is a risk arising of an excessive burden for household which took mortgage loans indexed to CHF, thus timely debt service, from the beginning of the year the public debate continues on how to reduce the risk of insolvency of these borrowers. Emerging proposals for system solutions, submitted in form of civil or parliamentary bills, as well as presented by the public and supervisory authorities, may result in incurring losses by the Bank on the portfolio in the future periods.
The Group has taken a number of actions designed to help the clients and at the same time to reduce the growth of the credit risk associated with the appreciation of the CHF– among other, lowering transaction exchange rates CHF/PLN at which amount payable in CHF is converted (ie. currency spread) and taking into account the negative LIBOR for all customers.
In the Group’s opinion these measures allow to retain ability of the Clients to service the mortgage loans denominated in CHF at a level no lower than of December 2014. The Group constantly monitors the volatility of the CHF, the value of the portfolio of housing loans denominated in CHF and the impact of changes in exchange rate on the level of capital adequacy measures.
The following tables presents qualitative analysis of the loans denominated in CHF
| Loans and advances to customers in impairment valuation method in CHF (in nominal currency) | 31.12.2015 | |||
| Financial institutions | Entities | Households | Total | |
| Valuated on an individual basis, of which: | - | 170 986 | 223 586 | 394 572 |
| impaired | - | 134 743 | 208 089 | 342 832 |
| Valuated with portfolio method, impaired | - | 32 034 | 1 126 529 | 1 158 563 |
| Valuated with group method (IBNR) | 6 098 | 372 332 | 30 309 065 | 30 687 495 |
| Loans and advances to customers - gross | 6 098 | 575 352 | 31 659 180 | 32 240 630 |
| Allowances on exposures valuated on an individual basis, of which: | - | (45 601) | (95 867) | (141 468) |
| impaired | - | (45 185) | (93 751) | (138 936) |
| Allowances on exposures valuated with portfolio method | - | (18 199) | (699 206) | (717 405) |
| Allowances on exposures valuated with group method (IBNR) | (171) | (2 711) | (100 384) | (103 266) |
| Allowances - total | (171) | (66 511) | (895 457) | (962 139) |
| Loans and advances to customers - net | 5 927 | 508 841 | 30 763 723 | 31 278 491 |
CHF exchange rate as at 31 December 2015 was equal to 3.9394 PLN
| Loans and advances to customers in impairment valuation method in CHF (in nominal currency) | 31.12.2014 | |||
| Financial institutions | Entities | Households | Total | |
| Valuated on an individual basis, of which: | 2 912 | 169 951 | 188 969 | 361 832 |
| impaired | 2 912 | 169 951 | 188 969 | 361 832 |
| Valuated with portfolio method, impaired | - | 29 737 | 1 042 503 | 1 072 240 |
| Valuated with group method (IBNR) | 3 837 | 309 293 | 29 252 287 | 29 565 417 |
| Loans and advances to customers - gross | 6 749 | 508 981 | 30 483 759 | 30 999 489 |
| Allowances on exposures valuated on an individual basis, of which: | (15) | (43 789) | (75 402) | (119 206) |
| impaired | (15) | (43 789) | (75 402) | (119 206) |
| Allowances on exposures valuated with portfolio method | - | (14 034) | (601 131) | (615 165) |
| Allowances on exposures valuated with group method (IBNR) | (23) | (4 401) | (96 252) | (100 676) |
| Allowances - total | (38) | (62 224) | (772 785) | (835 047) |
| Loans and advances to customers - net | 6 711 | 446 757 | 29 710 974 | 30 164 442 |
CHF exchange rate as at 31 December 2014 was equal to 3.5447 PLN
| Loans and advances to customers valuated in the group method (IBNR) | 31.12.2015 | ||
| PLN | CHF | Other currencies | |
| Gross loans and advances to customers | 137 032 884 | 30 687 496 | 14 360 233 |
| expired | 1 856 370 | 719 752 | 74 127 |
| not expired | 135 176 514 | 29 967 744 | 14 286 106 |
| Impairment on exposures valuated using the group method(IBNR) | (403 833) | (103 266) | (39 614) |
| expired | (146 169) | (49 835) | (4 822) |
| not expired | (257 664) | (53 431) | (34 792) |
| Net loans and advances to customers | 136 629 051 | 30 584 230 | 14 320 619 |
| Loans and advances to customers valuated in the group method (IBNR) covered by forbearance by currencies | 31.12.2015 | ||
| PLN | CHF | Other currencies | |
| Gross loans and advances to customers forbearance | 1 709 390 | 776 522 | 65 185 |
| Impairment on exposures valuated using the group method(IBNR) forbearance | (51 304) | (35 930) | (2 088) |
| Net loans and advances to customers forbearance | 1 658 086 | 740 592 | 63 097 |
As at 31 December 2015, the average LTV for loans portfolio in CHF amounted to 88.5% - compared to the average LTV for the whole portfolio amounting to 74.2%
55.6 Identification of significant types of risk
The significance of the individual types of risk is established at the Bank’s and the Group entities level. When determining criteria of classifying a given type of risk as significant, an influence of a given type of risk on the Bank’s, the Group entities and the whole Group’s activities is taken into account, whereas three types of risk are recognised:
- considered as significant a priori – being managed actively
- potentially significant – for which significance monitoring is performed periodically,
- other non-defined or non-occurring in the Bank or in the Group types of risk (insignificant and non-monitored).
Based on quantitative and qualitative information, an assessment of significance of potentially significant types of risk is performed in the Bank periodically. As a result of assessment, a given type of risk is being classified as significant/insignificant. Similar assessment is concluded periodically in the Group entities. Monitoring is conducted if significant change in activities took place or the profile of the Bank or the other Group entities have changed.