Notes to the consolidated financial statements
47. The Group’s risk management objectives and policy
The key objective of risk management in the Group is to ensure security of funds deposited by its customers as well as effective accomplishment of the Group’s strategic objectives through decisions focused on maximization of income generated over a longer time horizon, with an acceptable level of accompanying risks.
Risk management in the Group is an integrated process based on supervisory requirements and internal regulations approved by the Supervisory and Management Board of the Bank. Internal regulations in force are reviewed on a periodic basis, taking into account the developments in the Group’s external and internal environment. The Bank is the entity that integrates the risk management approach within the Group.
The Group has adopted a three-level system of organizing internal risk management regulations.
The general risk management framework has been determined in the following documents adopted by the Supervisory Board:
- General Risk Management Policy of Bank Pocztowy S.A.;
- General Capital Management Policy of Bank Pocztowy S.A.;
- Growth Strategy of Bank Pocztowy S.A. for 2015-2018;
- Financial Plan of Bank Pocztowy S.A. for 2015;
- Risk Management Strategy of Bank Pocztowy S.A. for 2015.
Individual risk management policies, approved by the Management Board, provide detailed guidance in this regard. They delegate duties to individual Departments and Offices and provide detailed guidance in this regard. Based thereon, detailed operating procedures with descriptions of individual activities (including controls) to be performed by the Departments, Teams and Positions, have been developed.
The risk management system includes:
- the Supervisory Board;
- the Management Board;
- risk management committees established by the Management Board pursuant to internal regulations in force;
- organizational units managing individual risk types;
- control units (including the internal audit and compliance unit);
- other organizational units;
- selected organizational units of the subsidiaries.
The Supervisory Board oversees the risk management system and individual risk management process control, approving its key objectives and guidelines.
The Management Board is in charge of overall risk management in the Bank and in the Capital Group as well as strategic decisions affecting the risk scale and structure. The Management Board approves risk management approach for each risk type, to include identification, measurement, monitoring and control, reporting, preventive measures, as well as review and verification of selected risk management processes.
Risk management committees in the Bank are established by the Management Board and participate in the risk management process. Their other roles include consulting and making recommendations for the Management Board with regard to risk management strategies, principles and procedures applicable to individual risk management stages as well as making decisions within the scope of authorization delegated by the Management Board. This concerns, in particular, determining limits and monitoring compliance therewith as well as taking credit decisions in accordance with the limit-related decision-making system adopted by the Bank.
Due to a broad scope and interrelations among different risk types, each type has its leading unit in charge of coordination of its management. These units are responsible for identification, measurement, monitoring and coordination of preventive measures regarding each risk type. Their other tasks include development of risk management procedures applicable to individual stages of the process.
The Bank has an internal audit unit in charge of independent and unbiased audit and assessment of adequacy and effectiveness of the internal control system, procedures and controls, as well as consulting the Bank management system to include effectiveness of its operational risk management. Additionally, to ensure compliance with the applicable regulations, laws and standards, the Bank has established a separate compliance unit in charge of compliance risk management.
The target risk structure at the level of the Bank and the Capital Group depends on the defined risk appetite. The risk appetite determines the readiness of the Bank and the Group to assume a specific risk within a determined time horizon and it is subject to acceptance by the Management Board. The risk appetite is a substantial element of the Bank’s Strategy and Financial Plan approved by the Supervisory Board.
Identification and measurement of each risk type result in determining those which are material for the Group, classifying them from the permanent materiality assessment perspective (permanently and temporarily material risks) and for the purpose of capital coverage.
The following risk types are classified as permanently material for the Group:
- credit risk;
- operational risk;
- interest rate risk related to the banking book;
- liquidity risk.
Additionally, the Group identifies the following material risk types:
- strategic risk;
- compliance risk;
- business cycle risk;
- outsourcing risk;
- reputation risk;
- risk of excessive leverage;
- residual risk;
- concentration risk;
- price risk related to debt instruments in the trading book.
In 2015 activities of the Bank and the Group complied with regulatory requirements arising from Regulation of the European Parliament and of the Council (EU) No. 575/2013 of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending the Regulation (EU) No. 648/2012 and Directive of the European Parliament and of the Council No. 2013/36/EU of 26 June 2013 on the access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms and amending Directive 2002/87/EC and cancelling Directives 2006/48/EC and 2006/49/EC.