Risk management is one the most important internal processes both in PKO Bank Polski SA and other entities of the PKO Bank Polski SA Group. Risk management aims at ensuring an appropriate level of security and profitability of business activity in the changing legal and economic environment and the level of the risks plays an important role in the planning process.
At the PKO Bank Polski SA Group the following types of risk have been identified, which are subject to management: credit risk, interest rate risk, currency risk, liquidity risk, price risk of equity instruments, operational risk, compliance risk, business risk (including strategic risk) and reputation risk. Derivatives risk is a subject to a special control due to the specific characteristics of these instruments.
The process of banking risk management in the Group consists of the following stages:
- risk identification – the identification of actual and potential sources of risk and estimation of the significance of the potential influence of a given type of risk on the financial situation in the Group. Within the risk identification process, types of risk perceived as material in the banking activity, the entities of the Group and the whole Group’s activity are identified,
- risk measurement and assessment – defining risk assessment tools adequate to the type and significance of the risk, data availability and quantitative risk assessment by means of defined tools, as well as risk assessment aimed at identifying the scale or scope of risk, taking into account the achievement of goals of risk management. Within risk measurement, stress-test are being conducted on the basis of assumption providing a fair risk assessment,
- risk forecasting and monitoring – preparing risk level forecasts and monitoring deviances from forecasts and adopted reference points (e.g. limits, thresholds, plans, measurements from the previous period. issued recommendations and suggestions). Risk monitoring is performed with the frequency adequate to the materiality and volatility of a specific risk type,
- risk reporting – periodic informing the Management of the Bank about the results of risk assessment, taken actions and recommendations. Scope, frequency and the form of reporting is adjusted to the managing level of the recipients,
- management actions – including, among others, issuing internal regulations, establishing the level of risk tolerance, establishing limits and thresholds, issuing recommendations, making decisions about the use of tools supporting risk management. The objective of taking management actions is to form the risk management and credit risk level.
The risk management process is described on the chart below: