The risk management system covers:
- organizational structure, allocation of duties and responsibilities;
- internal regulation system;
- tools, including information databases.
Risks
2022 Annual Report
Principles of risk management
Risk management is one of the key internal processes, both in PKO Bank Polski SA, and in other entities of the PKO Bank Polski SA Group. Risk management is aimed at ensuring the profitability of business activities while ensuring control over the risk level and maintaining it within the system of limits and risk tolerance limits adopted by the Bank and the Group in the changing macroeconomic and legal environment.
The primary objective is to ensure adequate management of all types of risk related to its business. As part of the risk management system, the PKO Bank Polski S.A. Group identifies, measures and assesses, controls, forecasts, monitors and reports risk, and performs management actions.
Risk management at the Bank’s Group is based, in particular, on the following principles:
- the Bank’s Group manages all identified types of risk;
- the risk management process is appropriate from the perspective of the scale of operations and materiality, scale and complexity of a given risk, and adjusted on an on-going basis to take account of the new risks and their sources;
- risk management methods (especially models and their assumptions) and risk management measurement or assessment systems are tailored to the scale and complexity of individual risks, the current and planned operations of the Bank’s Group and its operating environment, and are periodically verified and validated;
- the area of risk management remains organizationally independent from business activities;
- risk management is integrated into the planning and controlling systems;
- the level of risk is monitored and controlled on an on-going basis;
- the risk management process supports the implementation of the Bank’s strategy in compliance with the Risk Management Strategy, in particular with respect to the level of risk tolerance.
The Bank assesses the materiality of all the identified risks on a regular basis, at least annually. Some of them have a material impact on the profitability and capital necessary to cover the exposure. Internal capital is assessed for risks that are regarded as material. All risks classified as material for PKO Bank Polski S.A. are also material for the Bank’s Group
In 2022, the catalogue of risk types regarded as material was not extended.
- CREDIT RISK –the risk of incurring losses due to the Customer’s default in payments to the Bank’s Group or as a risk of a decrease in the economic value of amounts due to the Bank’s Group when the Customer’s ability to repay amounts due to the Bank deteriorates.
- CURRENCY RISK – the risk of incurring losses in connection with exchange rate fluctuations. The risk is generated by maintaining open positions in various foreign currencies.
- INTEREST RATE RISK – – the risk of incurring losses on the Bank’s Group’s statement of financial position and off-balance sheet items sensitive to interest rate changes, in connection with changes in interest rates on the market.
- LIQUIDITY RISK – the risk of the inability to regularly settle liabilities due to a lack of liquid assets; liquidity risk comprises financing risk.
-
OPERATIONAL RISK – the risk of losses being incurred due to the failure or unreliability of the internal processes, people and systems or due to external events. Operational risk excludes reputation and business risks, and includes legal and cyber security risks;
- LEGAL RISK – the risk of losses being incurred due to a lack of knowledge and understanding, failure to comply with legal norms and accounting standards, inability to enforce contractual provisions, unfavourable interpretations or rulings issued by courts or public administration bodies,
- CYBER SECURITY RISK – the degree of exposure to potential negative cyber security risk factors related to telecommunication technologies which may lead to a financial loss for the organization by violating the availability, integrity, confidentiality or accountability of the information processed in the Bank’s IT system resources (SIB).
- RISK OF FOREIGN CURRENCY MORTGAGE LOANS FOR HOUSEHOLDS – the risk of incurring losses due to the customer’s default in payments to the Bank related to a foreign currency mortgage loan.
- BUSINESS (STRATEGIC) RISK – the risk of failing to achieve the assumed financial targets, including incurring losses, which results from adverse changes in the business environment, making bad decisions, incorrectly implementing the decisions made, or not taking appropriate actions in response to changes in the business environment.
- MACROECONOMIC RISK – the risk of deterioration in the Bank’s Group financial situation as a result of an adverse change in macroeconomic conditions.
- MODEL RISK – the risk of incurring losses resulting from incorrect business decisions made based on the models in place.
The Bank pursues the ESG risk integration plan with the risk management system in place at the Bank. The Bank manages ESG risk as part of its management of other risks as – ESG risk is not a separate risk but a cross-cutting risk affecting individual risks, in particular credit risk.
ESG risk was defined by the Bank as the risk of negative financial consequences for the Bank of the current or future impact of ESG risk factors on customers and counterparties or the Bank’s statement of financial position items.
PKO Bank Polski S.A. has been monitoring the situation of its customers on an ongoing basis and adjusting its credit policy with a view to securing a good quality loan portfolio. As part of the measurement of credit exposures, the Bank specifically took into account information on customers’ economic ties with counterparties in Ukraine, Belarus and Russia. The Bank Group recognized an allowance for its portfolio of loans granted in Ukraine.
The PKO Bank Polski S.A. Group (Polish entities) has introduced guidelines for the financing of and providing banking services to:
- customers conducting business whose business model is based on the benefits of active operation in the markets of Russia and Belarus or through significant links (e.g. economic, personal),
- customers on whom sanctions have been or can be imposed in connection with Russia’s war in Ukraine.
In 2022, in terms of interest rate risk, the banking sector was challenged by larger than expected increases in interest rates. In a series of 11 interest rate increases commenced in the fourth quarter of 2021, the reference rate was increased to 6.75% as at the end of 2022, resulting in persistent negative valuation of the portfolio of debt instruments and derivative instruments hedging interest income. At the same time, customers’ interest in mortgage loans based on a periodically fixed interest rate continues, which affects both measures of interest income sensitivity and the Bank’s economic value sensitivity.
The Bank’s Group has maintained a safe level of liquidity, allowing for a quick and effective response to potential threats. In 2022, PKO Bank Polski S.A.:
- structured its sources of funding accordingly by adjusting its deposit offering (in particular deposit interest rates) to meet current needs and by repaying maturing funds raised from the financial market through issuance,
- monitored the cash volumes in the Bank’s branches and ATMs on an ongoing basis due to a temporarily increased interest in cash withdrawals (in response to the outbreak of the war in Ukraine) and used its best efforts to allow customers to withdraw cash.
KREDOBANK S.A.’s liquidity position, despite the ongoing conflict in Ukraine, remained stable and secure; the company did not experience a decline in liquidity measures or significant deposit outflows; moreover, KREDOBANK S.A. was classified by the National Bank of Ukraine as a systemic bank of Ukraine.
At the same time, in connection with the war in Ukraine, in 2022 PKO Bank Polski S.A. appointed a Support Group led by the Head of the Crisis Staff, whose tasks include preventing disruption to the critical processes of the PKO Bank Polski S.A. Group, exchange of information within the Group and coordination of the aid provided. The Bank takes actions to mitigate the threats associated with the war in Ukraine on an ongoing basis, in particular with respect to ensuring access to the Bank’s systems and cyber security.
A detailed description of material risks management principles, including risk mitigation techniques, protection measures taken and hedge accounting policies is provided in the Bank Group’s financial statements for 2022 (in the part describing risk management and in Note 33 relating to hedge accounting), and in the Capital Adequacy Report and other information reportable by the PKO Bank Polski S.A. Group as at 31 December 2022.
Characteristics of the lending policy of PKO Bank Polski S.A.
The credit policy of the Bank and the Bank’s Group consists of a set of principles and guidelines contained in credit regulations and procedures, which together form the credit risk management process.
The Bank’s credit risk management takes into account external factors, including compliance with external regulations and recommendations of the supervision and inspection authority, as well as internal factors, including in particular the level of strategic limits and credit risk parameters.
The priority of the risk management activities is the balanced relation of risk and the assumed profitability level, within the specified risk appetite limits. Comprehensive risk measurement is ensured by using a wide range of qualitative and quantitative methods, which are supported by appropriate IT systems and analytical tools.
The credit risk management model is adjusted to the current business activity and market conditions in the individual customer segments.
Credit risk assessment of exposures is separated from the sales function thanks to an appropriate organizational structure, independence in developing and validating tools supporting an assessment of credit risk and independence of decisions approving departures from the recommendations of these tools.
The financing terms offered to the customer depend on the assessment of credit risk level of the customer. The risk assessment takes into account the sector policies described in Chapter 13.7.6B.
In order to mitigate the level of credit risk resulting from interest rate increases and inflation, PKO Bank Polski S.A. and PKO Bank Hipoteczny S.A. introduced changes to the parameters used in the assessment of the creditworthiness of individual borrowers applying for housing loans (in accordance with Recommendation S and the position of the Office of the PFSA of 7 March 2022 communicated to banks). As part of these changes, the minimum value of the interest rate buffer was increased to 5 p.p., the minimum subsistence costs were increased (taking into account the inflation rate), and the maximum acceptable DStI (debt service to income) values were changed.
According to the rating of corporate customers, companies and enterprises, the Bank each time assesses and classifies the impact of environmental, social and corporate governance factors (ESG) on the customer’s creditworthiness and identifies leveraged credit transactions.
The Bank’s subsidiaries with a material level of credit risk manage credit risk individually. Their credit risk assessment and measurement methods are adapted to those applied at PKO Bank Polski S.A. They take into account the specific nature of the entity’s activities.
Other policies
The Bank’s Group has adopted policies for the most important social and employee-related issues, the natural environment, respect for human rights and prevention of corruption and has the following regulations:
- Code of Ethics,
- Information policy and communication with investors
- Dividend policy
- Security policy (incl. cybersecurity)
- Policy on the assessment of suitability of the Supervisory Board members
- Diversity policy in respect of the Management and Supervisory Board,
- Sponsorship and charity policy,
- Policy for appointing an audit company,
- Policy for counteracting money laundering and financing of terrorism,
- Principles for ensuring compliance and managing non-compliance risk,
- Employment regulations of the Bank and recruitment principles,
- Remuneration policy,
- Principles for employee development,
- Principles for counteracting bullying and discrimination,
- Procurement policy,
- Tax strategy.
Full policy descriptions are available at: Policies and principles.
Tax strategy
Since 2021, the Bank, as an entity operating in a responsible and transparent manner, has had the Tax Strategy of PKO Bank Polski S.A. adopted by the Management Board in the form of a resolution and approved by the Supervisory Board.
In 2022, the Bank reviewed it in terms of its validity and will present recommendations for approval to the Management Board and the Supervisory Board.
In accordance with the statutory obligation, the Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna Tax Group (hereinafter: TG), which consists of: the Bank, PKO Bank Hipoteczny S.A. and PKO Leasing S.A. has prepared another annual Information on the pursued tax strategy for 2021. The Bank’s Tax Strategy and the informations prepared by the TG on the pursued tax strategy for 2020 and 2021 are available on the Bank’s website.
Non-financial risks
In accordance with the Risk Management Strategy at the Bank and in the Bank’s Group, the Bank oversees the risk management systems at the Bank and other entities of the Bank’s Group and supports the development of these systems, as well as takes into account the risk profile of the operations of the individual entities in the monitoring and reporting of risk at the Bank’s Group level. The principles and method of assessment of the individual types of risk in the Bank’s subsidiaries are specified in the internal regulations developed taking into account the opinions and recommendations formulated by the Bank, as well as the provisions of the Risk Management Strategy at the Bank and in the Bank’s Group.
Risk management system
The risk management system is adapted to the nature, scale and complexity of the operations of the Bank’s Group, as well as the regulatory, social and natural environment. The Bank’s Management Board is responsible for the functioning of an effective risk management system. The Management Board regularly monitors whether the methods of identifying, measuring and/or estimating risk, controlling, monitoring and reporting risk are adjusted to the size and profile of the risk at the Bank and in the Bank’s Group as well as the external environment. The Management Board guarantees the operation of the risk management system, monitors and evaluates its functioning and informs the Supervisory Board thereof.
By managing risk appropriately, the Bank ensures the stability of its financial result and strengthening of the Bank’s market position.
The Bank’s Group has identified the risks which are to be managed and found some of these risks to be material. The Bank assesses the materiality of the risks at least once a year. The following risks are considered material in the Bank: credit risk, the risk of mortgage loans in foreign currencies for households, foreign exchange risk, interest rate risk, liquidity risk (including financing risk), operational risk, business (strategic) risk, the risk of macroeconomic changes and model risk. Due to the cross-cutting dimension of ESG risks, which are not separate risks but which form part of the classic risk categories, the Bank’s Group did not set them apart as a separate category. Other entities of the Bank’s Group may consider other types of risk to be material. The Bank then verifies the materiality of such risks at the Bank’s Group level.
In 2021, the Bank has conducted an analysis of its risk management process and has incorporated ESG risks in the risk management strategy of the Bank and the Bank’s Group. The ESG risk is understood as the risk of negative financial implications which are the result of the impact of ESG factors on customers and counterparties or balance sheet items. The purpose of ESG risk management is to support sustainable development and building the long-term value of the Bank through integrated management of the impact of ESG factors. The ESG risk management takes into account the perspective of double materiality: the impact of ESG factors on the activities, financial result and development of the Bank as well as the impact of the Bank’s activities on society and the environment. The Bank manages the ESG risk as part of managing other types of risk. The ESG risk is not a separate type of risk but a crosscutting one which affects the individual risk types. The ESG risk management is supported by all committees that function at the Bank within the scope of their activities and competences related to the ESG risk.
As the first step in preparing the Statement, the Bank reviewed the ESG risks in the Bank’s Group, which were identified in 2021.
- breach of security of customers and their funds,
- unethical business conduct,
- product compliance risk,
- corruption,
- incorrect communication,
- negative impact on the natural environment,
- climate,
- sustainable development,
- employment,
- negative impact on the social environment,
- violation of human rights,
- supply chain,
- occupational health and safety (OHS).
[3-3] The individual chapters show how material topics are managed taking into account the ESG risks.
[2-23] [2-24] For each topic, the existing policies or other internal regulations, the way they are implemented and their results were presented. [2-25] The existing processes to remediate negative impacts have been presented.