System of control and risk management in the process of preparing financial statements

The Bank has adopted the Policy on internal control, approved by the Bank’s Management Board and Supervisory Board – with respect to the assessment of adequacy and effectiveness of the internal control system and categorisation of irregularities detected by the internal control system.

The objective of internal control is the effective control of risk, including the prevention or early detection of risks in order to ensure:

• effectiveness and efficiency of the Bank’s operations,
• the reliability of financial reporting,
• compliance with the Bank’s risk management principles,
• compliance of the Bank’s operations with legal regulations, internal regulations and market standards.

The internal control system is an element of the management system at the Bank, consisting of three lines of defence, which includes: control mechanisms and risk control mechanisms, verification of compliance of the Bank’s operations with the law and internal regulations as well as internal audit.

The internal control system supports risk management in the processes carried out in the Bank. The scope of responsibility for risk management by specific organizational units/departments of the Bank is defined within three mutually independent lines of responsibility, called „lines of defence”, namely:

The control function consists of

Risk control mechanisms implemented within the first and second line of defence are adjusted to the Bank’s specificity and include in particular principles, limits and procedures related to the Bank’s activity.

Horizontal and vertical testing are conducted in accordance with the internal regulations in force in the Bank, approved by the Management Board and Supervisory Board.

The Bank has an Internal Control Coordination Committee as an advisory unit supporting the Bank’s Management Board. The main task of the Internal Control Coordination Committee is to supervise the integrity, completeness and effectiveness of the internal control system and the Bank’s operational risk management processes, as well as to manage the main risks related to the internal control system of the Bank and its subsidiaries, including the system supporting the operational risk management process, compliance risk and fraud prevention.

In addition, the Supervisory Board is supported by the Audit Committee, inter alia, in monitoring the effectiveness of the internal control system and the Risk Committee in the area of risk management.

In addition to the above mentioned committees, the Bank has a Risk Management Committee whose primary task is to monitor and supervise the main risks resulting from the Bank’s activities, including strategic aspects of credit risk, cross-sectoral aspects of market and liquidity risk, counterparty risk and operational risk.

The purpose of the risk management system is to identify, measure or estimate, monitor and manage risks occurring in the Bank’s activities. The main role in the Bank’s risk management system is performed by the Management Board, which defines the risk policy and adopts rules of risk management, as well as sets the policy of setting limits for significant risks and risk control procedures. The risk management rules have their source in the Risk Management Strategy defined by the Management Board and approved by the Supervisory Board.

The Internal Audit Line is supervised by the Audit Committee and within the Bank’s organizational structure it is located in the Bank Management Area. The Managing Director of the Internal Audit Line is organisationally subordinated to the President of the Bank’s Management Board. The Internal Audit Line regularly submits to the Audit Committee and the Supervisory Board conclusions resulting from the performed internal audits, in particular information on the irregularities found as well as information on the recommendations issued.

The Bank adopted an Accounting Policy consistent with the International Financial Reporting Standards. The Financial Accounting Line and the Management Accounting and Investor Relations Line, supervised by the Vice-President of the Management Board responsible for Finance are responsible for the preparation of financial statements, periodic financial reporting and providing management information. The financial statements are adopted by resolution and approved for publication by the Bank’s Management Board.

A key role in the process of assessment of the Bank’s financial statements is performed by the Audit Committee, which monitors the financial reporting process and independence of the statutory auditor and the entity authorized to audit financial statements, and recommends that the Supervisory Board approve or reject the annual financial statements.

The annual financial statements, upon a positive recommendation of the Audit Committee and the Supervisory Board, are presented to the General Meeting for approval.