In addition to the above risks, the Group identifies and assesses the following risk types:
- compliance risk;
- strategic risk;
- business cycle risk;
- reputational risk;
- outsourcing risk.
Compliance risk is the risk that in the Group and Bank’s subsidiaries, the effects of the non-compliance with the law, internal regulations and codes of conduct will occur. The Group also takes into account compliance risk generated both by the Bank and its subsidiaries, and manages the said risk arising from cooperation between the Bank and Poczta Polska S.A.
The compliance risk management process is based on written principles and procedures, which define the key principles to be followed by the Bank’s employees and explain the key processes that identify the said risk, enabling its management at all organizational levels of the Group.
The scope of compliance risk management includes:
- the Group companies’ compliance with the law and requirements imposed on banks,
- compliance with appropriate market standards, good practices and codes of conduct adopted by the banking sector,
- preventing money laundering and the funding of terrorism,
- preventing fraud detrimental to the Group.
The compliance risk management process includes risk identification, measurement, monitoring, mitigating and reporting.
Compliance risk identification is a continuous process which is carried out:
- when internal regulations are consulted by the compliance unit for their conformity with the law and requirements imposed on banks,
- based on the outcome of compliance tests and internal regulations compliance self-assessment,
- based on ongoing analyses, including operational risk events base, follow-up functional control and internal audit reports, record of court cases, information on customer complaints related to compliance risk, information from organizational unit heads regarding compliance risks, and fraud reports.
Identified compliance risk events are recorded by the compliance unit in the compliance risk events database.
Compliance risk measurement is performed on a quarterly basis by the compliance unit using a risk scoring model that takes into account the anticipated effects of compliance risk on the organization and its clients, including the probability of its occurrence, and other criteria, such as:
- the number of compliance risk events or actual losses arising from such risk,
- the number of negative press publications and accusations regarding compliance risk in the Bank.
As a result of measurement, risk is scored using a 3-level scale (low, medium or high).
As far as compliance risk arising from cooperation between the Bank and Poczta Polska S.A. is concerned, the compliance unit records compliance risk events and monitors measures aimed at explanation and mitigation of the said risk.
Strategic risk is the risk to which the Group, its financial performance and equity are exposed due to unfavorable or incorrect strategic decisions, failure to implement or improper implementation of the strategy and developments in the business environment or incorrect response to such changes.
In April 2015 the Supervisory Board of the Bank approved the Development Strategy of Bank Pocztowy S.A. for 2015-2018, whose assumptions have underlain the new direction and pace of growth of the Bank and its subsidiaries.
Significant changes in Group’s environment, including a new Strategy of the Poczta Polska Group, the projected participation in governmental programs and failure to achieve all former strategic assumptions have underlain the initiative of developing a new Bank’s Strategy, to be prepared by mid-2017 along with a functional strategic management and strategy implementation system.
Business cycle risk
The business cycle risk is the risk of long-term negative effects of an unfavorable stage of the business cycle (e.g. economic slowdown or recession) on the financial performance or equity of the Group.
As the economic standing affects the condition of the banking sector, the Group monitors the macro-economic ratios presenting the situation of the Polish economy on a continuous basis and once a month, prepares detailed macro-economic reports that underlie the decision-making processes in the Bank.
The business cycle risk occurs when the overall economic situation deteriorates. In the case of growing unemployment, taxes, CPI increase (inflation) or its material and prolonged decrease (deflation), or a growth in interest rates or when significant changes in foreign exchange rates occur, the financial standing of customers may deteriorate (including that of the Seniors as target clients), which may translate into a limited capacity to pay their liabilities at their due dates and a reduced demand for the products offered by the Bank (loans, deposits). A slowdown may also result in increased impairment losses on loans and advances or a slower rise in the value of the Bank’s credit portfolio due to a drop in demand for loans and in the number of clients that meet the loan granting criteria. Market volatility, economic slowdown and growing unemployment may also result in a significant decrease in the value of the clients’ assets, such as real property securing payment of loans originated by the Bank.
The reputational risk is related to damage to the reputation of the Bank and its subsidiaries in the eyes of its existing and potential clients and stakeholders. This may result in unfavorable effects on the Group’s equity, i.e. the negative impact on its planned performance, among others through outflow of the existing clients or no inflow of new clients.
Reputational risk management is to protect the Group's image and minimize the probability of damaging that would adversely affect the Group’s capital. Reputational risk management includes:
- ongoing monitoring and analysis of events and media communications that may affect the Group’s image and if necessary, implementation of preventive measures,
- regular reporting on the reputational risk level.
Outsourcing risk is a risk third party’s negative impact on the continuity, integrity or quality of the Group’s operations, its assets or employees.
Outsourcing banking activities and the related banking business processes to third parties necessitates the performance of numerous analyses by the Bank and its subsidiaries, both before establishing a relationship and in the course of cooperation with the insourcer. Outsourcing risk materiality assessment depends on the scope of outsourced activities and the number of entities that perform them for and on behalf of the Group. Outsourcing a broad range of activities to a small number of third parties creates concentration risk and potential problems with timely performance of the activities if the said entities discontinue their services. Due to a large number of insourcers the Group may lose control of the performance of commissioned activities.
Outsourcing risk management in the Bank is based on written policies and procedures defining methods of identification, measurement and monitoring of outsourcing risk. The regulations determine also the scope of competences assigned to each entity in the Group in outsourcing banking and the related banking business processes.
Key information regarding outsourcing risk is regularly presented during Operational Risk Committee meetings.