Other risks

In addition to the above risks described in detail, the Group identifies and assesses the following risk types:

• compliance risk;
• strategic risk;
• business cycle risk;
• reputation risk;
• outsourcing risk.

Compliance risk

Compliance risk is the risk that the effects of the Group’s non-compliance with the law, internal regulations and codes of conduct will occur. The Group considers compliance risk generated both by the Bank and its subsidiaries and manages the compliance risk arising from cooperation between the Bank and Poczta Polska S.A.

The compliance risk management process is based on written policies and procedures that define the key principles to be followed by the Bank’s employees and explain the key processes that identify the said risk, enabling its management at all organizational levels of the Group.

The scope of compliance risk management includes:

• the Group’s compliance with the law and requirements imposed on banks;
• compliance with appropriate market standards, good practices and codes of conduct adopted by the banking sector;
• preventing money laundering and the funding of terrorism;
• preventing fraud detrimental to the Group.

The compliance risk management process includes risk identification, measurement, monitoring, mitigating and reporting.

Compliance risk identification is a continuous process which is carried out:

• when internal regulations are consulted by the compliance unit for their conformity with the law and requirements imposed on banks;
• based on the outcome of compliance tests and internal regulations compliance self-assessment;
• based on ongoing analyses, including operational risk events base, follow-up functional control and internal audit reports, record of court cases, information on customer complaints related to compliance risk, information from organizational unit heads regarding compliance risks, and fraud reports.

Identified compliance risk events are recorded by the compliance unit in the compliance risk events database.

Compliance risk measurement is performed on a quarterly basis by the compliance unit using a risk scoring model that takes into account the anticipated effects of compliance risk on the organization and its clients, including the probability of its occurrence, and other criteria, such as:

• the number of compliance risk events or actual losses arising from such risk;
• the number of negative press publications and accusations regarding compliance risk in the Bank;

As a result of measurement, the risk is scored using a 3-level scale (low, medium or high).

As far as compliance risk arising from cooperation between the Bank and Poczta Polska S.A. is concerned, the compliance unit records compliance risk events and monitors measures aimed at explanation and mitigation of the said risk.

Strategic risk

Strategic risk is the risk to which the Group is directly, and its financial performance and equity indirectly, exposed due to unfavorable or incorrect strategic decisions, failure to implement or improper implementation of the strategy and developments in the business environment or incorrect response to such changes.

In November 2012, the Supervisory Board of the Bank approved the Strategy of Bank Pocztowy S.A. for 2012-2015, which modified the previous direction and pace of development and defined five strategic objectives for the Bank. The key strategic assumption is to concentrate on acquisition of products which are considered the most profitable from the perspective of capital employed, while maintaining the cost discipline with regard to operating and personnel expenses.

Strategy implementation monitoring, taking into account the (direct or potential) effect of external factors, is aimed at examining the effectiveness of initiatives undertaken with a view to accomplishing the Bank’s objectives defined in the Strategy.

Business cycle risk

The business cycle risk is the risk of long-term negative effects of an unfavorable stage of the business cycle (e.g. economic slowdown or recession) on the financial performance or equity of the Group.

As the economic situation affects the banking sector, an analysis of the macro-economic conditions should be part of the decision-making process at banks. The Bank monitors the macro-economic ratios presenting the situation of the Polish economy on a continuous basis and once a month prepares detailed macro-economic reports that underlie the decision-making process in the Group.

The business cycle risk occurs when the overall economic situation deteriorates. In the case of growing unemployment, taxes, inflation, or interest rates or when significant changes in foreign exchange rates occur, the financial standing of customers may deteriorate (including that of the Seniors as target clients), which may translate into a limited capacity to pay their liabilities at their due dates and a reduced demand for the products offered by the Bank (loans, deposits). A slowdown may also result in increased impairment losses on loans and advances or a slower rise in the value of the Bank’s credit portfolio due to a drop in demand for loans and in the number of clients that meet the loan granting criteria. Market volatility, economic slowdown and growing unemployment may also result in a significant decrease in the value of the clients’ assets, such as real property securing payment of loans originated by the Bank.

Considering the moderate level of economic activity in Poland and adverse conditions in the labor market in 2013, the business cycle risk at the Bank continues to be material. Although activity ratios improved gradually in the second half of the year, the economic recovery is only on the way and the effects of deterioration in the labor market and adverse conditions in the enterprise sector may be felt by the banking sector at a later time.

Reputational risk

The reputational risk is related to damage to the Bank’s reputation in the eyes of its existing and potential clients and stakeholders.This may result in unfavorable effects on the Bank’s equity, i.e. the negative impact on its planned performance, among others through outflow of the existing clients or no inflow of new clients.

Outsourcing risk

Outsourcing risk is a risk third party’s negative impact on the continuity, integrity or quality of the Bank's operations, its assets or employees.

Outsourcing banking activities and the related banking business processes to third parties necessitates the Bank’s performance of numerous analyses, both before establishing a relationship and in the course of cooperation with the insourcer. Outsourcing risk materiality assessment depends on the scope of outsourced activities and the number of entities that perform them for and on behalf of the Bank. Outsourcing a broad range of activities to a small number of third parties creates concentration risk and potential problems with timely performance of the activities if the said entities discontinue their services. On the other hand, too large a number of insourcers gives rise to a risk that the Bank may lose control over the performance of the outsourced activities.

Since the Bank has concluded an agency agreement with Poczta Polska S.A. and a series of outsourcing agreements with its own subsidiaries, i.e. Centrum Operacyjne Sp. z o.o. and Spółka Dystrybucyjna Banku Pocztowego Sp. z o.o., at present it has to face the risk of concentrating the entrusted activities, to include the risk that the above entities discontinue the performance of the outsourced tasks.

Outsourcing risk management in the Bank is based on written policies and procedures defining methods of identification, measurement and monitoring of outsourcing risk. The regulations determine also the scope of competencies assigned to each unit of the Bank in outsourcing banking activities and the related banking business processes.