Operational risk

The Group defines operational risk as the risk of a loss arising from inadequacy or unreliability of internal processes, people and systems or from external events. The definition does not include strategic and reputational risks, which are managed separately, but it does include legal risk.

Based on assumptions adopted by the Bank and by the Group, the operational risk management structure includes all organizational units, branches, outlets, microbranches and subsidiaries. All directors manage operational risk in organizational units and locations reporting to them on an ongoing basis.

Ongoing management includes employment of measures aimed at evaluating the risk scale, mitigating the effects of risk events and reducing the probability that the risk will be assumed in the future. The Management Board of the Bank supervises the overall operational risk management process. The Operational Risk Committee is a body consulting the measures employed to change the operational risk level. Coordination of the operational risk management process is the responsibility of the Risk Function.

Each employee is to identify operating risk events pertaining to his/her position that are then collected in a dedicated database. The events are verified by operational risk coordinators on an ongoing basis and monitored by a coordinating unit for the number of events and loss value. Risk monitoring enables employment of measures that reduce the effects of events and implementation of instruments mitigating future risk. The Group improves its operational risk management processes in the Bank structures and in cooperation with other Group companies, including Poczta Polska, on an ongoing basis.

The Supervisory Board, Management Board and Operational Risk Committee receive cyclical reports on operational risk.

Additionally, operational risk in the Bank is mitigated based on procedures related to implementation of the “General Security Policy of Bank Pocztowy S.A.” governing such issues as anti-money laundering, fraud prevention, protection of the Bank’s resources, continuity of business, protection of personal data, confidential information and business secret as well as security of information in IT systems.