Notes to the consolidated financial statements
46.4 Operational risk
The Group defines operational risk as the risk of a loss arising from inadequacy or unreliability of internal processes, people and systems or from external events. The definition does not include strategic and reputational risks, which are managed separately, but it does include legal risk.
Based on assumptions adopted by the Bank and by the Group, the operational risk management structure includes all organizational units, branches, outlets, microbranches and subsidiaries. All directors manage operational risk in their reporting areas on an ongoing basis.
Ongoing management includes employment of measures aimed at evaluating the risk scale, mitigating the effects of risk events and reducing the probability that the risk will be assumed in the future. The Management Board of the Bank supervises the overall operational risk management process. The Operational Risk Committee is a body consulting the measures employed to change the operational risk level. Coordination of the operational risk management process is the responsibility of the Risk Function.
Each employee is to identify operational risk events pertaining to his/her position that are then collected in a dedicated database. The events are verified by operational risk coordinators on an ongoing basis and monitored by a coordinating unit for the number of events and loss value. Risk monitoring enables employment of measures that reduce the effects of events and implementation of instruments mitigating future risk.
Within the process of risk identification and assessment, the Group has monitored the use of operational risk appetite, key operational risk indicators (KRI) and has regularly performed self-assessment of its operational risk. The self-assessment process includes all organizational units of the Bank and its subsidiaries.
The Group prepares cyclical reports on operational risk exposure, i.e. a quarterly report for the Operational Risk Committee, for the Management Board and Supervisory Board of the Bank.
With the view to limit operational risk, the Group has been improving its processes in the Bank structures and in cooperation with other Group companies, including Poczta Polska S.A., on an ongoing basis.
Additionally, operational risk in the Group is mitigated based on procedures related to implementation of the “General Security Policy of Bank Pocztowy S.A.” governing such issues as anti-money laundering, fraud prevention, protection of the Bank’s resources, continuity of business, protection of personal data, confidential information and business secret as well as security of information in IT systems.
In order to ensure high standards of operational risk management, compliant with best banking practices, once a year the Group reviews the applicable policies and procedures.