In addition to the above risks described in detail, the Group identifies and assesses the following risk types:
business cycle risk,
risk of excessive leverage.
Compliance risk is the risk that the effects of the Group’s non-compliance with the law, internal regulations and codes of conduct will occur. The Group also takes into account compliance risk generated both by the Bank and its subsidiaries, and manages the said risk arising from cooperation between the Bank and Poczta Polska S.A.
The compliance risk management process is based on written principles and procedures. which define the key principles to be followed by the Bank’s employees and explain the key processes that identify the said risk, enabling its management at all organizational levels of the Group.
The scope of compliance risk management includes:
the Group’s compliance with the law and requirements imposed on banks,
compliance with appropriate market standards, good practices and codes of conduct adopted by the banking sector,
preventing money laundering and the funding of terrorism,
preventing fraud detrimental to the Group.
The compliance risk management process includes risk identification, measurement, monitoring, mitigating and reporting.
Compliance risk identification is a continuous process which is carried out:
when internal regulations are consulted by the compliance unit for their conformity with the law and requirements imposed on banks,
based on the outcome of compliance tests and internal regulations compliance self-assessment,
based on ongoing analyses, including operational risk events base, follow-up functional control and internal audit reports, record of court cases, information on customer complaints related to compliance risk, information from organizational unit heads regarding compliance risks, and fraud reports.
Identified compliance risk events are recorded by the compliance unit in the compliance risk events database.
Compliance risk measurement is performed on a quarterly basis by the compliance unit using a risk scoring model that takes into account the anticipated effects of compliance risk on the organization and its clients, including the probability of its occurrence, and other criteria, such as:
the number of compliance risk events or actual losses arising from such risk,
the number of negative press publications and accusations regarding compliance risk in the Bank.
As a result of measurement, risk is scored using a 3-level scale (low, medium or high).
As far as compliance risk arising from cooperation between the Bank and Poczta Polska S.A. is concerned, the compliance unit records compliance risk events and monitors measures aimed at explanation and mitigation of the said risk.
Strategic risk is the risk to which the Group, its financial performance and equity are exposed due to unfavorable or incorrect strategic decisions, failure to implement or improper implementation of the strategy and developments in the business environment or incorrect response to such changes.
In April 2015 the Supervisory Board of the Bank approved the Development Strategy of Bank Pocztowy S.A. for 2015-2018, whose assumptions have underlain the new direction and pace of the Bank's growth.
Strategy implementation monitoring, taking into account the (direct or potential) effect of external factors, is aimed at examining the effectiveness of initiatives undertaken with a view to accomplishing the Bank’s objectives defined in the Strategy.
Business cycle risk
The business cycle risk is the risk of long-term negative effects of an unfavorable stage of the business cycle (e.g. economic slowdown or recession) on the financial performance or equity of the Group.
As the economic situation affects the banking sector, an analysis of the macro-economic conditions should be part of the decision-making process at banks. The Bank monitors the macro-economic ratios presenting the situation of the Polish economy on a continuous basis and once a month, prepares detailed macro-economic reports that underlie the process of decision making by the Management Board.
The business cycle risk occurs when the overall economic situation deteriorates. In the case of growing unemployment, taxes, inflation or interest rates or when significant changes in foreign exchange rates occur, the financial standing of customers may deteriorate, which may translate into a limited capacity to pay their liabilities at their due dates and a reduced demand for the products offered by the Bank (loans, deposits). A slowdown may also result in increased impairment losses on loans and advances or a slower rise in the value of the Bank’s credit portfolio due to a drop in demand for loans and in the number of clients that meet the loan granting criteria. Market volatility, economic slowdown and growing unemployment may also result in a significant decrease in the value of the clients’ assets, such as real property securing payment of loans originated by the Bank.
In 2015, due to certain economic and political instability affecting national business activity level, the economic risk in the Bank was assessed as material. The Polish GDP growth exceeded 3.0%, the situation in the Polish labor market was improving, the government was able to control the public finance although deflation proved deeper and longer than expected. Nevertheless global events including the Russian-Ukrainian conflict, financial problems of Greece, the threat of Greek withdrawal from Eurozone, a slump in crude oil prices and the risk of bankruptcy of Russia or Brazil posed the risk of further easement of the monetary policy, which usually adversely affects the banking sector.
The reputational risk is related to damage to the Group’s reputation in the eyes of its existing and potential clients and stakeholders. This may result in unfavorable effects on the Group’s equity, i.e. the negative impact on its planned performance, among others through outflow of the existing clients or no inflow of new clients.
Reputation risk management is to protect the Group's image and minimize the probability of damaging that would adversely affect the Group’s capital. Reputation risk management includes:
ongoing monitoring and analysis of events and media communications that may affect the Group’s image and if necessary, implementation of preventive measures,
regular reporting on the reputation risk level.
Outsourcing risk is a risk third party’s negative impact on the continuity, integrity or quality of the Bank's operations, its assets or employees.
Outsourcing banking activities and the related banking business processes to third parties necessitates the Bank’s performance of numerous analyses, both before establishing a relationship and in the course of cooperation with the insourcer. Outsourcing risk materiality assessment depends on the scope of outsourced activities and the number of entities that perform them for and on behalf of the Bank. Outsourcing a broad range of activities to a small number of third parties creates concentration risk and potential problems with timely performance of the activities if the said entities discontinue their services. On the other hand, too large a number of insourcers gives rise to a risk that the Bank may lose control over the performance of the outsourced activities.
Outsourcing risk management in the Bank is based on written policies and procedures defining methods of identification, measurement and monitoring of outsourcing risk. The regulations determine also the scope of competencies assigned to each unit of the Bank in outsourcing banking and the related banking business processes.
Key information regarding outsourcing risk is regularly presented during Operational Risk Committee meetings.
Risk of excessive leverage
The risk of excessive leverage means the risk resulting from an institution's vulnerability related to the leverage or contingent leverage that may require unintended corrective measures to its business plan, including distressed selling of assets which might result in losses or in valuation adjustments to its remaining assets.
The Bank assesses the risk of excessive leverage using the leverage ratio, which is calculated as an institution's capital measure divided by that institution's total exposure measure.
The leverage ratio is determined quarterly and reported in the Bank’s Capital Adequacy Report.