How we manage risks

Risk management is an integral part of the Bank’s overall management system. The Bank designs comprehensive rules of risk identification and assessment in response to the requirements of the supervisory review and assessment process. Taking into account regulatory requirements, best practices and use of the existing risk management processes tried and tested by the Bank, the rules are aimed at identification and assessment of all risks to which the Bank is or may be exposed. The Bank takes into account the specific nature, scale and complexity of business activity and related risk, ensuring that all material risks are measured and mitigated.

In the risk identification process carried out in 2019 The Bank distinguished the following types of risks in its business activity, which were assessed as material:

• credit risk (including concentration risk);
• counterparty risk;
• market risk;
• interest rate risk in the banking book;
• liquidity risk;
• operational risk (including compliance risk, business continuity risk and IT risk);

• business risk (break-even risk and strategic risk);
• reputation risk;
• model risk;
• insolvency risk (including leverage risk).

In order to ensure that the aforementioned risks have been identified, defined and are subject to appropriate control and management, the Bank monitors all of the above-mentioned risks and subjects them to periodical reviews.

The Bank has developed detailed procedures for specific risks, defining for measurable risks, i. a. the level of risk appetite. The risk appetite, within the limits set by the risk tolerance, defines the manner in which the Bank uses its risk-taking capacity by specifying the degree of risk exposure that a given business area may take for each type of risk. For non-measurable risks, analysis and monitoring is carried out periodically based on qualitative or hybrid methods.

All methods and procedures are reviewed periodically in terms of their appropriateness and reliability and are subject to validation tests, stress tests as well as back testing, based on both theoretical changes in market parameters, business parameters and customer behaviour, as well as changes that have actually taken place on the market in the past.

The Bank monitors specific types of risks by means of a formal system of limits and reports, implemented on the basis of dedicated risk management policies, accepted at the level of the Bank’s Management Board. The system of limits is set in such a way as to ensure that:

• the Bank satisfies the applicable supervisory requirements at a secure and optimum level;
• the desirable risk profile, as defined in the strategy adopted by the Bank, is maintained;
• they do not exceed the risk level acceptable to the BNP Paribas Group.

If a limit is exceeded, the unit responsible for maintaining the reported values below the limit is obliged to employ measures enabling reduction of the risk value in accordance with the procedures in place at the Bank. The information system used for purposes of risk management ensures collection of data concerning operations and transactions, along with their effect on the Bank’s risk profile.

The risk management policy of the Bank is aimed at ensuring that the employees in charge of risk management process supervision and handling have extensive practical experience and theoretical knowledge about the tasks performed, in addition to high morale. The procedures in place at the Bank enable control over correctness of realisation of their tasks.

The Bank’s policy is based on the principle that the functions of business (direct entry into transactions), operations (transaction booking and clearing) and control functions (risk measurement and monitoring) forming part of the currency, interest rate and liquidity risk management process are fulfilled by separate, organisationally independent units. The scope of their responsibilities is clearly defined to determine their role and accountability in the risk management process. This enabled separation of business, control, risk reporting and operational functions in order to guarantee appropriate quality of risk control and operational processes in addition to ensuring that the results of control indicating that the risk level is too high generate appropriate response of the Bank’s management.

The Bank has adopted risk control and management policies that determine the measures to be employed in crisis situations. The principles of crisis identification, the scope of measures to be employed as well as responsibilities necessary to mitigate the related risk and to implement corrective actions, were also defined.

The risk management system of the Bank comprises mainly the Supervisory Board, the Management Board, dedicated committees (Audit Committee and Risk Committee at the level of the Supervisory Board, ALCO, Risk Management Committee, Retail Banking Risk Committee, Personal Finance Risk Committee, Credit Committee, Problematic Loan Committee, Products Approval, Services, Transaction and Businesses Committee, as well as Internal Control Coordination Committee), Risk Area department, Compliance Division as well as Security and Continuity of Business Management Department.

The key role in the risk management system at the Bank is fulfilled by the Management Board, which defines the risk management strategy, risk appetite, and adopts the risk management policies as well as defines material risk limit policy and risk control procedures. The risk management principles are derived from the document Risk Management Strategy in BNP Paribas Bank Polska S.A. defined by the Management Board and approved by the Supervisory Board.