Annual Report of BANKART d.o.o. for the January December 2015 period

Transcription

1 Annual Report of BANKART d.o.o. for the January December 2015 period The bases for compiling the Annual Report include the Business Development Plan and Realisation, the Financial Plan and Realisation for 2015 and the audited annual financial statements for the 2015 business year. TRANSLATION NOTE: These financial statements and the accompanying audit report have been translated from the Slovenian original. This translation is provided for reference purposes only and is not to be signed. Ljubljana, 05/04/2016

2 TABLE OF CONTENTS I. BUSINESS REPORT... 3 COMPANY PROFILE... 3 GENERAL ORGANISATION... 4 MANAGEMENT BODIES... 6 BUSINESS AREAS OF THE COMPANY... 7 THE COMPANY S ORIENTATIONS...12 REPORT BY THE MANAGEMENT...13 BUSINESS AND FINANCIAL REPORT...19 RISK MANAGEMENT...22 PERSONNEL AND ORGANISATION...23 PERFORMANCE INDICATORS...25 EVENTS AFTER THE END OF THE BUSINESS YEAR...25 II. FINANCIAL STATEMENTS WITH NOTES STATEMENT OF MANAGEMENT'S RESPONSIBILITY...26 AUDITOR'S REPORT...27 FINANCIAL STATEMENTS...29 SIGNIFICANT ACCOUNTING POLICIES...34 NOTES TO FINANCIAL STATEMENTS...38 OTHER DISCLOSURES

3 I. BUSINESS REPORT Company profile Registered office and legal status of the Company In 1997, the majority of Slovenian banks established a company for processing payment instruments Bankart, procesiranje plačilnih instrumentov, d.o.o. Ljubljana. The purpose of establishing Bankart was to reduce operating and development costs as well as to harmonise both self-service and card operations. Name: BANKART procesiranje plačilnih instrumentov d.o.o., Ljubljana Registered office: Celovška 150, 1000 Ljubljana, Slovenia Short company name: Bankart d.o.o., Ljubljana Telephone: Fax: info@bankart.si Website: Core business activity: data processing and the related activities Founding general meeting: 12/12/1997 Entry in the Companies Register: 05/02/1998 Beginning of operations: 01/04/1998 Registration file no.: 1/30179/00, District Court of Ljubljana Tax number: Company reg. number: Equity: EUR 2,000,082 Pursuant to the provisions of Article 55 of the Companies Act, the Company is classified as a medium-sized limited liability company. Founding members Share in % Nova Ljubljanska banka d.d., Ljubljana SKB banka d.d., Ljubljana Abanka d.d., Ljubljana* Nova kreditna banka Maribor d.d., Maribor Banka Koper d.d., Koper 7.25 Gorenjska banka d.d., Kranj 5.56 UniCredit Banka Slovenija d.d., Ljubljana 2.24 Raiffeisen banka d.d., Maribor 1.73 Deželna banka Slovenije d.d., Ljubljana 1.40 Poštna banka Slovenije d.d., Maribor banking group NKBM 1.02 d.d. Probanka d.d., Maribor 0.89 Sberbank banka d.d., Ljubljana 0.39 *A decision on entering the acquisition of Banka Celje d.d. by Abanka d.d. was entered in the Companies Register on 05/10/

4 Data on the Group The Company has the status of an associated company of the NLB Group. The consolidated financial statements are available at the headquarters of NLB d.d. General organisation Bankart has succeeded in establishing and maintaining a balance between continuity and innovativeness by combining basic, classical and strict organisational structures and a creative project system. Its project organisational units encompass all departments. As most employees are included in them, these units can be considered a parallel structure. The basic structure corresponds to the production aspect of Bankart's operations, while the creative project system is suitable for the innovative and creative part of operations. Organisational structure Bankart is managed by the management of the Company. Besides two directors, the management also includes: Director of the Technology Division, Director of the Financial-Accounting and General Division, and Director of the Information Technology Division. In terms of organisation, the Company is divided into four divisions, consisting of a number of departments and management support services. Bankart - Organisation Chart BANKART d.o.o. Aleksander Kurtevski Miran Vičič Management Risk Management Internal Audit Information Security TECHNOLOGY DIVISION TOMAŽ BORŠTNER DIRECTOR DIVISION FOR BUSINESS OPERATIONS FINANCIAL/ACCOUNTING & GENERAL DIVISION MAJA USNIK DIRECTOR INFORMATION TECHNOLOGY GREGOR PIRC DIRECTOR Authorisation Systems Technology Back-Office Technology Department Data Capture and Control Department Controlling System Support and Data Communication Department Technology of Financial Transactions Contact Centre and Complaint Management Department Financial/Accounting Department Card Service Support Administrative Service Promotional Activities Department ATM and POS Systems Support Department Development Management Customer Support and Information System Control Department General Affairs Department Business Solution Development Department Sales Department Project system In Bankart, the management of development was placed in the hands of the Company s management. When founded, the Development Management Department assumed responsibility for establishing and managing an efficient development process in the Company. Besides managing and coordinating work procedures in the field of development, the Development Management Department also took over the Project Office in charge of operational monitoring and control of project work at Bankart. 4

5 Internal Audit (IA) The IA of Bankart has been functioning since its establishment in 2004 as an autonomous and independent consulting function, which takes a systematic and professional approach to the assessment of governance, risk management and control procedures so as to improve them. The IA performs its work in line with the strategic plan and the Annual Internal Audit Plan, which is approved by the management in agreement with the Supervisory Board of Bankart. At the management's request, in case of increased risks in an area of operations or new risks detected, the IA also performs extraordinary audits. In 2015, the IA devoted most attention to verifying the operational risks to which Bankart is exposed the most. It conducted three audits to give assurance and three consulting services. None of these engagements led to a finding that risk was not being controlled appropriately in the audited area. In addition to the planned formal audits, in 2015 the IA carried out several informal consulting sessions, primarily on encryption key management to protect card data and PIN codes and on compliance with the standards published by PCI SSC. The IA regularly monitored implementation of the recommendations made based on audits conducted and reported to the management and the Supervisory Board on the progress of implementation. The first external independent assessment of IA's compliance with the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics of Internal Auditors adopted by the Institute of Internal Auditors (IIA) was completed in January On the basis of the audit, it was assessed that the Internal Audit at Bankart was functioning according to the Standards and the Code of Ethics of Internal Auditors. The Risk Management Department (RMD) The purpose of the RMD is to ensure comprehensive management of the risks, incidents, problems, availability, business continuity and to guarantee compliance of the Company's operations. The Department also provides account management services for the Central Documentation System and a tool for managing incidents and problems. By comprehensively managing all of the above processes and by identifying risks and introducing efficient control mechanisms and controls to reduce these risks, the RMD contributes to the Company s achievement of its business goals. The Information Protection Department (IPD) The mission of the IPD is to protect the Company s information. Its basic task is to ensure the systematic development of the function of managing and ensuring information protection as well as to design a comprehensive information protection system. The latter enables the Company s management to systematically deal with adverse events and adopt measures as well as monitor the implementation of such measures and their effect on the Company s operations. Business areas of Bankart ATM operations processing Card operations processing SEPA credit payments processing SEPA direct debits processing E-Invoice System processing ATM management POS management 5

6 Management bodies General Meeting The members exercise their rights regarding the Company's affairs at the General Meeting of the Company. The General Meeting s resolutions are passed with a simple majority of votes cast, except in cases of amendments to the Memorandum of Association, appointment and discharge of Supervisory Board members, and decisions about a change in the Company s status or its termination, for which a three-quarters majority of the votes of all members is required. As a rule, the management convenes the General Meeting once a year. Supervisory Board Chair: Deputy Chair: Members: Jure Peljhan Vlasta Brečko Marija Kordiš Jean Luc-Wattel Mojca Osolnik-Videmšek Boštjan Kovač The Company s management The management body of the Company is the directors who organise and manage the Company s operations, are responsible for lawfulness, and represent and act as agents of the Company. The Company's management is appointed and discharged by the Supervisory Board. Management: Aleksander Kurtevski Miran Vičič Director of the Technology Division: Director of the Financial-Accounting and General Division: Director of the Information Technology Division: Tomaž Borštner Maja Usnik Gregor Pirc 6

7 Business areas of the Company ATM operations Bankart supervises and manages the ATM network for commercial banks and savings banks dealing in retail operations in Slovenia, holding a 94% market share. Bankart has been continuously developing technological and technical solutions for the ATM network for its members and other users, while it also provides, in technological terms, both ATMs and software solutions related to their functioning. Over the past period, it has expanded the ATM operation processing to the markets of SE Europe. In Bosnia and Herzegovina, it performs processing services for NLB Banka d.d., Sarajevo, in Kosovo for NLB Prishtina and BpB, in Macedonia for NLB Tutunska banka AD Skopje and in Serbia for NLB banka a.d. Belgrade. Services provided to ATM users quick cash withdrawal, selected amount withdrawal, information on personal account balances, change of personal identification numbers, purchase of GSM prepaid cards, automatic cash deposit, electronic execution of universal payment orders, printing of personal account statement, transfer of funds between accounts, cash deposit order, order to execute payment orders, and information on credit card balances. Additional activities ensuring undisturbed operation of the ATM network Other services Bankart provides to ensure a comprehensive range of services in the area of payment instrument processing include: authorisation of domestic and international payment instruments, consulting on ATM operations, generation and distribution of personal identification numbers (PINs), compilation of various instructions for ATMs and their administration, training and education of bank employees in the field of ATM operations, forwarding of data for effecting payments, input of keys and parameters required for ATM operations (installation), solving complaints etc. Number of ATMs in Bankart s ATM network Since 2000, the number of ATMs in Bankart s ATM network has more than doubled. ATM types and types of cards that can be used in the ATMs within Bankart's ATM network Bankart's ATM network comprises the Diebold, NCR and Wincor Nixdorf types of ATMs. These accept BA Maestro and Activa Maestro cards, the major international cards MasterCard, Visa and Diners and the local card products Casys, DinaCard. Commercial banks and savings banks included in Bankart's ATM network: Abanka, d.d., Banka Sparkasse, d.d., Delavska hranilnica, d.d., Deželna banka Slovenije, d.d., Gorenjska banka, d.d., Hranilnica LON, Hypo Alpe-Adria-Bank, d.d., Nova KBM, d.d., Nova Ljubljanska banka, d.d., Poštna banka Slovenije, d.d. banking group NKBM d.d., Raiffeisen banka, d.d., Sberbank banka, d.d., SKB, d.d., UniCredit Banka Slovenija, d.d., NLB Banka, d.d., Sarajevo, NLB Prishtina, BpB (Kosovo), NLB Tutunska banka AD Skopje and NLB banka a.d. Belgrade. Note: A decision on entering the acquisition of Banka Celje d.d. by Abanka d.d. was entered in the Companies Register on 05/10/

8 'ATM Settlement' payment system In cooperation with banks in Slovenia and the Bank of Slovenia, Bankart has formally set up the ATM Settlement payment system. Based on the approved rules of operation of the ATM Settlement payment system, it provides services related to the calculation of the mutual receivables and liabilities of the banks participating in this payment system and services related to its management. Card service processing In the area of card processing in Slovenia, Bankart provides processing services for Abanka, d.d., Banka Sparkasse, d.d., Delavska hranilnica, d.d., Hypo Alpe-Adria-bank, d.d., Nova Ljubljanska banka, d.d., Nova Kreditna banka Maribor, d.d. (Karanta, MasterCard and Visa), SKB banka, d. d. and UniCredit Banka Slovenije, d.d. Bankart processes debit cards for all of the above-mentioned banks, and other card products (MasterCard, Visa, Karanta, Zegin, Dina Card) for most of them. According to data published in the Bulletin of the Bank of Slovenia, there were 2,173,972 credit and 2,395,639 debit cards in Slovenia as at 31/12/2015, i.e. 4,569,611 cards in total. Bankart processes 523,992 credit and 2,009,359 debit cards, representing a 24% market share in the area of credit card processing and an 84% market share in the area of debit cards in Slovenia. Card operation processing in SE European markets Bankart also successfully provides card processing services in SE European markets. It processes Maestro, MasterCard and VISA card products for NLB Banka d.d., Sarajevo (BiH) in terms of both card and ATM operations, as well as provides processing services for POS terminals accepting Visa and MasterCard card products. For NLB Prishtina (Kosovo) it performs the processing of Maestro, MasterCard and Visa card products, in terms of both card and ATM operations. For BpB (Kosovo) it performs the processing of Visa card products, in terms of both card and ATM operations. For NLB Tutunska banka AD Skopje (Macedonia) Bankart performs, within card operations, the processing of Maestro, MasterCard, Visa and a local card product (Zegin), within ATM operations, the processing of Maestro, MasterCard, Visa, Diners, Amex and a local card product (Casys) as well as, within POS-terminal operations, the processing of Maestro, MasterCard, Visa, Diners, Amex and a local card product (Zegin). For NLB banka a.d. Belgrade (Serbia) it performs the processing of MasterCard, Visa and the local card product DinaCard, in terms of both card and ATM operations. Card Settlement payment system In cooperation with banks in Slovenia and the Bank of Slovenia, Bankart has formally set up the Card Settlement payment system. Based on the approved rules of operation of the Card Settlement payment system, it provides services related to the calculation of mutual receivables and liabilities of the banks participating in this payment system and services related to its management. SEPA Small-Value Payment Infrastructure (SIMP) For processing SEPA payment instruments (credit transfers and direct debits) used between banks in Slovenia, Bankart has established the payment system SIMP-PS (SEPA infrastructure for small-value payments payment system) which is used to provide the services SIMP-PS IKP (Internal Credit Transfers), SIMP-PS IDD-C (Internal Direct Debit under the CORE SEPA scheme) and SIMP-PS IDD-B (Internal Direct Debit under the business-tobusiness (B2B) SEPA scheme). The SIMP-PS payment system and SEPA systems within the SIMP The SIMP-PS payment system: the SIMP-PS IKP service (SIMP-PS Internal Credit Transfers) intended for processing domestic credit transfers according to the SEPA standard; the SIMP-PS IDD-C service (SIMP-PS Internal Direct Debit CORE) intended for processing domestic SEPA direct debits according to the CORE scheme; the SIMP-PS IDD-B service (SIMP-PS Internal Direct Debit B2B) intended for processing domestic SEPA direct debits according to the B2B scheme. 8

9 SEPA systems: the SEPA EKP system (SEPA External Credit Payments) designed for processing cross-border credit transfers according to the SEPA standard; the SEPA EDD CORE system (SEPA External Direct Debit under the CORE SEPA scheme for SEPA direct debits) designed for processing cross-border direct debits according to the SEPA standard; the SEPA EDD B2B system (SEPA External Direct Debit under the business-to-business (B2B) scheme for SEPA direct debits) designed for processing cross-border direct debits according to the SEPA standard where the payer can only be a legal entity. Benefits of establishing the SIMP-PS payment system and SEPA systems SEPA credit transfers (SIMP-PS IKP service/sepa EKP system) By establishing the SIMP-PS IKP service and the SEPA EKP system, Bankart made it possible for payment service providers in Slovenia and EU member states: o o o o to offer their clients a single standard of payments with credit transfer orders according to the SEPA standards, regardless of whether the payee is in Slovenia or any other euro area country; to make credit transfers 5 times a day, with the funds being transferred to the creditor's account on the day the payment is effected; to ensure accessibility to cross-border credit transfers according to the SEPA standard; and to establish a connection with the STEP2 SCT trans-european payment system in cooperation with the agent bank (Bank of Slovenia) and accessibility to accounts with more than 4,700 banks and savings banks in the euro area. SEPA direct debits (SIMP-PS IDD-C and SIMP-PS IDD-B service/sepa EDD CORE and SEPA EDD B2B systems) By establishing the SIMP-PS IDD-C and SIMP-PS IDD-B service and the SEPA EDD CORE and SEPA EDD B2B systems, Bankart made it possible for payment service providers in Slovenia: o o o o o to offer their clients a uniform standard for making and receiving direct debit payments, regardless of whether the payer or the payee is located in Slovenia or in any other euro area country; to effect direct debiting every banking working day without restriction on the purpose of direct debiting; to have more favourable deadlines for the submission of data to the provider of payment services for direct debits by the payee; to ensure accessibility to cross-border direct debits according to the SEPA standard under the CORE and B2B schemes; and to establish a connection with the STEP2 M-PEDD CORE or STEP2 M-PEDD B2B trans-european payment system in cooperation with the agent bank (Bank of Slovenia) and accessibility to accounts with more than 4,000 (CORE) and 3,300 (B2B) banks and savings banks in the euro area. Joining other European clearing companies By unifying the standard for paying with SEPA credit payment orders and the standard for SEPA direct debiting within the euro area, any clearing company in Europe can provide the processing of payments between banks and/or providers of payment services in a competitive environment. By establishing the SIMP-PS payment system and the SEPA systems, Bankart joined other European clearing companies which provide the processing of SEPA credit payments and the processing of SEPA direct debits according to a single standard. Participants of the SIMP-PS IKP service: Abanka d.d., Banka Koper d.d., Banka Slovenije, Banka Sparkasse d.d., BKS Bank AG, Delavska hranilnica d.d., Deželna banka Slovenije d.d., Gorenjska banka d.d., Hranilnica Lon d.d., Hranilnica Vipava d.d., Hypo Alpe-Adria bank d.d., Nova kreditna banka Maribor d.d., Nova Ljubljanska banka d.d., Poštna banka Slovenije d.d., Raiffeisen banka d.d., Sberbank banka d.d., SKB banka d.d., UniCredit Banka Slovenija d.d. and the Bank Association. Participants of the SIMP-PS IDD-C service: Abanka, d.d., Banka Koper, d.d., Banka Slovenije, Banka Sparkasse, d.d., BKS Bank AG, Delavska hranilnica, d.d., Deželna banka Slovenije, d.d., Gorenjska banka, d.d., Hranilnica Lon, d.d., Hranilnica Vipava, d.d., Hypo Alpe- Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Poštna banka Slovenije, d.d., Sberbank banka, d.d., SKB banka, d.d., UniCredit banka Slovenija, d.d. 9

10 Participants of the SIMP-PS IDD-B service: Abanka, d.d., Banka Koper, d.d., Banka Slovenije, Gorenjska banka, d.d., Hypo Alpe-Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Sberbank banka, d.d., UniCredit banka Slovenija, d.d. Participants of the SEPA EKP system: Abanka, d.d., Banka Slovenije, Banka Sparkasse, d.d., BKS Bank AG, Delavska hranilnica, d.d., Deželna banka Slovenije, d.d., Gorenjska banka, d.d., Hranilnica Lon, d.d., Hranilnica Vipava, d.d., Hypo Alpe-Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Poštna banka Slovenije, d.d., Raiffeisen banka, d.d., Sberbank banka, d.d., Sberbank Češka (indirect participant), Sberbank Hungary (indirect participant), Sberbank Croatia (indirect participant), the Bank Association. Participants of the SEPA EDD CORE system: Abanka, d.d., Banka Slovenije, Banka Sparkasse, d.d., BKS Bank AG, Delavska hranilnica, d.d., Deželna banka Slovenije, d.d., Gorenjska banka, d.d., Hranilnica Lon, d.d., Hranilnica Vipava, d.d., Hypo Alpe-Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Poštna banka Slovenije, d.d., Sberbank banka, d.d., SKB banka, d.d. Participants of the SEPA EDD B2B system: Abanka, d.d., Banka Slovenije, Gorenjska banka, d.d., Hypo Alpe-Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Sberbank banka d.d. Note: A decision on entering the acquisition of Banka Celje d.d. by Abanka d.d. was entered in the Companies Register on 05/10/2015. E-Invoice System processing Bankart established the E-Invoice System which enables exchanges between the senders and recipients of electronic invoices. The establishment of a single E-Invoice System in Bankart enables the clients of banks and the Public Payments Administration of the Republic of Slovenia (UJP) to efficiently exchange electronic documents. The E-Invoice System is designed so that the electronic documents received are processed by the central processor, i.e. Bankart, every day in five daily clearing cycles and features the option of subsequent upgrading of functionalities, such as the exchange of other electronic documents related to the issuing and receiving of e- invoices. The establishment of the E-Invoice System brings considerable savings in handling and postal costs, simplifies the existing invoice exchange processes in companies and receipt by consumers, while also facilitating environmentally friendly operations. Bankart generates a Register of E-Invoice Issuers for the banks and the UJP, listing all companies that enable their clients to receive electronic invoices. By establishing the E-Invoice System, Bankart expanded its processing services to the area of electronic invoice exchange. The participants in the E-Invoice System include all banks operating in Slovenia (except for the Bank Association) and the Public Payments Administration of the Republic of Slovenia (UJP). Banks using the E-Invoice System: Abanka, d.d., Banka Koper, d.d., Banka Sparkasse, d.d., BKS Bank AG, Delavska hranilnica, d.d., Deželna banka Slovenije, d.d., Gorenjska banka, d.d., Hranilnica Vipava, d.d., Hranilnica LON, d.d., Hypo Alpe-Adria bank, d.d., Nova kreditna banka Maribor, d.d., Nova Ljubljanska banka, d.d., Poštna banka Slovenije, d.d., Raiffeisen banka, d.d., Sberbank banka, d.d., SKB banka, d.d., UniCredit banka Slovenije, d.d. and the Public Payments Administration of the Republic of Slovenia (UJP). Note: A decision on entering the acquisition of Banka Celje d.d. by Abanka d.d. was entered in the Companies Register on 05/10/

11 ATM and POS terminals management Bankart's service of ATM and POS equipment management enables a bank the option to reduce some internal workload in terms of managing and maintaining the ATM and/or POS network, namely daily operation as well as the provision of compliance with the mandates of MasterCard and Visa. The service also comprises the purchase of all ATMs and POS equipment. The bank is thus able to focus on the profitability of its ATM and/or POS network and at the same time optimise ATM and/or POS equipment operations in its back office applications. With the introduction of this business relationship, Bankart expanded its range of services also with the option of leasing and managing the ATM network, leasing and managing the POS network, similarly to certain other competitive processing centres. Additional areas of Bankart s operations support functions With the aim of providing a complete range of products and services, Bankart also implements a series of support functions such as: the POS service tasked with preparing, installing, servicing and maintaining POS terminals, the 24-hour Contact Centre for holders and vendors, resolving financial complaints and drafting reports for external organisations, the 24-hour Contact Centre for detecting and preventing card abuse. Bankart supervises and manages the POS terminal network round the clock, 365 days a year! POS terminals in the POS network of Bankart accept international card products (Maestro, MasterCard, Visa, American Express, Diners) and various local card products (BA, Karanta, Activa, DinaCard, Zegin). Processing of transactions on POS equipment is possible using modern wireless technology, while at the same time Bankart keeps up with the development of new technologies that will in the future be used for capturing data on POS equipment. According to the Bank of Slovenia, there were 38,006 POS terminals in Slovenia as at 31/12/2015. Bankart provides processing services for 21,960 POS terminals (of which, Bankart carries out only parametrisation in the authorisation environment for 1,533 POS terminals), representing a 58% market share in Slovenia. It has also expanded its operations to SE European markets. Bankart provides all support functions to the banks in Slovenia, whereas to the banks in SE European markets it renders all services except the installation, servicing and maintenance of POS terminals. As at 31/12/2015, the POS network of Bankart included 31,702 POS terminals, of which 21,960 were in Slovenia and 9,742 in SE Europe. 11

12 The Company s orientations Mission Bankart's fundamental mission is to provide reliable, safe and cost-efficient processing of transactions involving various bank payment instruments. Moreover, its mission is to enable all clients through careful development, building and maintenance of an appropriate information environment to use Bankart services in an on-going and high-quality manner. Vision Bankart s vision is aimed at searching for new opportunities and challenges in the SE European region. We wish to organise and empower our Company so that it can cope with all challenges arising from market laws and the contemporary competitive environment. Objectives The Company s objective is to strengthen its position as the top Slovenian processing centre by providing highquality and state-of-the-art technological services, and to thus become one of the leading international processing centres in the region. Business policies The Company s business orientations are based on constant development and technical perfection, compliance with the wishes and needs of banks and other financial institutions, implementation of development trends in the field of contemporary payment transactions and implementation of the requirements of international card organisations. The basic objective is further constant growth and independence, which Bankart achieves through the following long-term goals: to develop new activities and provide a comprehensive service range, to constantly streamline operations and boost operating efficiency; to further develop the integral information system and in-house communication infrastructure; to promptly adjust the personnel and organisational structure to the market conditions and new technologies, to increase the Company's visibility in the broader social environment, to continuously expand the volume of operations. 12

13 Report by the Management The profit created in 2015 amounts to EUR 1,417,191 as a result of the successful expansion of operations, facilitating the Company s adequate growth and development and its capital structure in compliance with the requirements of the Bank of Slovenia, which functions as the regulator of Bankart as a payment transaction administrator. Operations In 2015 Bankart invested EUR 2,452,000 (the Company regularly monitors the realisation of the invested funds based on concluded agreements), which accounts for 10% of the Company s total revenues. Projects account for the bulk of investments. In compliance with the strategic orientations, work on the following projects was successfully completed in 2015: Introduction of the PRM Real Time (RT) functionality The goal of the project is the introduction of the so-called real time (RT) mode of early abuse detection PRM. By using predefined rules and parameters in PRM RT, a bank has the option of preventing suspicious transactions with the cards of their merchants and suspicious transactions by their holders since PRM RT participates in the authorisation process and approves/rejects the transaction on the basis of defined rules. By using this solution, a bank has a possibility of reducing costs resulting from abuse. Setting up a solution for targeted sales of banking services at ATMs As part of this project, Bankart developed a solution for active sales of relevant services to the banks' users. The solution enables each individual ATM user to be offered a service on the ATM according to the bank's choice with respect to this particular user. The advantage of the solution is the simple, user-friendly use of the wide existing ATM network for selling and, in specific cases, activating banking services. The bank is thus able to offer its services in a targeted manner and use ATMs as a channel for marketing its services. The solution also enables connections to the CRM systems of banks. In 2015, a solution was developed for ordering and/or activating the SMS Safety Alert service through ATMs. Implementation of MasterCard and Visa mandates The required mandatory changes of MasterCard and Visa were successfully implemented in 2015 on the authorisation system and card management. Upgrading and optimisation of the SEPA systems in the framework of the SIMP and E-Invoice system SEPA: Consolidation of the SEPA payment systems On the initiative of the Bank of Slovenia, Bankart explored the possibilities and introduced one payment system within which it consolidated the existing systems. The consolidation of payment systems caused a reduced fee for the settlement of net cash receivables and liabilities of the participants in the payment systems in the TARGET2 payment system and a smaller number of SEPA payment systems (down from three to one). The consolidation presented merely a merger and optimisation of the legal framework while the technical and technological solution remained unchanged. E-invoice: Optimisation of the business model and the technical solution Bankart analysed the existing business model and proposed changes to the business model that will support the use of this solution to a larger extent. E-invoice: Introduction of new documents The upgrade of the E-Invoice System involved the implementation of support for the exchange of other document types (reminder, order form, delivery note), allowing for an increase in the volume of transactions in the E-Invoice System. Introduction of strong authentication for Internet purchasing SMS OTP The needs to increase safety in online purchasing supported by ECB recommendations and EBA requirements were the main guidelines for changes in the authentication of online users. These were the basic points of the launch and successful completion of the project aimed at introducing the SMS OTP dynamic authentication with the goal of offering banks a solution with a higher level of operational security, meeting the EBA requirements as much as possible. 13

14 Development of new functionalities in the management of debit cards and the functionalities for managing risks in card operations Support was developed in the framework of this task to restrict the use of cards without holder verification (without using a PIN) and to limit the cumulative transactions by card at the level of one calendar month (monthly limit for cards with immediate payment on the authorisation system). Regulation on interchange fees for card-based payment transactions This project witnessed the implementation of requirements arising from the so-called VISA Commitments (VISA MIF Plus Plus) and part of requirements projected by the Regulation on interchange fees for card-based payment transactions, and other requirements provided for in the Regulation on interchange fees (additional division of acquiring products, implementation of the new method of accounting for the trade fee). In line with the agreement with banks, all changes were successfully put into production by the projected deadlines. Monitoring and analysing the making of SQL inquiries on ORACLE infrastructure A tool for monitoring and analysing the functioning of SQL inquiries needed to be introduced in the area of credit card management system (CMS) and card personalisation (Cardis). The implementation of this task ensured that the tool analyses the behaviour of the SQL inquiries and proposes improvements. Communication networks of the Company So as to ensure a sufficient number of network connections and adequate bandwidth for connecting servers to the Company's network, the central network of the Company was upgraded. The upgrade of the firewalls and SSL concentrators to access Internet services provided for sufficient capacity of firewalls and SSL concentrators for access to Internet services (POS terminals). The upgrade of the production communication hub supporting POS terminals allowed us to gain appropriate capacities for the support of POS terminals on the latest equipment of the manufacturer (upon cessation of support for the currently used equipment). The upgrade of the central BNet network routers provided sufficient capacities and bandwidth for implementation of the Company's services (the BNet network is only used to connect all remote networks through which users (banks, processing centres, embossing partners and others) access the Company's services). The replacement of the communication cabinets and distribution systems at the Company's primary location provided room for the installation and connection of devices and the stability of the Company's network operation. The upgrade of the capacities of the DWDM transmission system for connecting the primary and secondary location of the Company's information system to the transmission capacity of 40GBps ensured sufficient bandwidth for network connections and the transmission of data between the systems at the two locations. Server platform, disk systems and personal computers The increase of disk capacities in production, testing and archiving environments ensured sufficient capacities for the provision of services. A virtualisation platform was established in the area of Microsoft Windows servers with the MS SQL databases and the existing virtual servers were upgraded to ensure sufficient server capacities for the provision of services. The upgrade of server infrastructure of the E-Invoice System ensured sufficient server capacities for the provision of services. The upgrade of the memory and processors of the authorisation system ensured sufficient capacities for upgrading the B24 Classic application to the new version B24 EPS. The purchase and upgrade of software licences and databases ensured continuous implementation of the existing processes and the development of tools for testing and tools for the verification of software code. An increase in the disk capacity of archive environments ensured sufficient capacities for archiving the data and databases of the Company's business systems. Renewal of the licensing contract for Microsoft software provided a suitable licence for the software used, while the extension of the maintenance and repairs contract for the Microsoft platform allowed for the uninterrupted functioning of Web services, Back Office processing and abuse detection (PRM). Renewal of the certificate of compliance of the Company's operations with the PCI DSS standard To ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS), Bankart was awarded the certificate of compliance with PCI DSS Standard, for the first time in 2011 in the framework of the external PCI DSS verification. The introduction of this standard increases the level of security, maintains confidence, protects against loss events (abuses) and, consequently, prevents financial losses and a loss of reputation. Thus, the Company fulfilled the condition to continue with the processing of transactions performed with MasterCard and Visa cards. Compliance with the standard is requested in all areas; it is verified and renewed every year through own assessments and those by certified assessors. Since 2011, Bankart has successfully 14

15 passed all annual checks and renewed the certificate of compliance with the PCI DSS standard. This means that, from the time of obtaining the certificate in 2011 until today, Bankart has been operating in accordance with the requirements of the PCI safety standard, which has become a standard operation mode. Renewal of the ISO/IEC 20000:2011 certificate Bankart also renewed the ISO/IEC 20000:2011 certificate which stands for professionalism and a focus on the quality of performing the Company's activity. Ensuring compliance with the ISO/IEC 20000:2011 standard enables efficient management and implementation of the information technology processes and ensures the controlled and coordinated provision of services to the internal users and final buyers (banks). Inclusion of Hranilnica Vipava in the E-Invoice System In cooperation with banks, in 2011 Bankart established a single E-Invoice System enabling the participating banks to send and receive electronic invoices to and from their clients using their own solutions (e.g. electronic banking services). When the E-Invoice System was established, most banks operating in Slovenia joined it and at the end of 2014 so did BKS bank AG and at the start of 2015 also Hranilnica Vipava. The E-Invoice System thus includes all banks and the Public Payments Administration of the Republic of Slovenia (UJP), except for the Bank Association. The project of card and ATM operation migration In 2015, Bankart successfully completed the project for migrating card and ATM operations (issuing and/or acquiring) for two large domestic banks and one foreign bank. Continued operations in SE European markets In 2015 we successfully continued with our work in the SE European markets where we cooperate with NLB Banka d.d., Sarajevo (BiH), BpB and NLB Prishtina (Kosovo) as well as NLB Tutunska banka AD Skopje (Macedonia) and NLB banka a.d. Belgrade, Serbia. Bankart processes Maestro, MasterCard and VISA card products for NLB Banka d.d., Sarajevo (BiH), in terms of both card and ATM operations, as well as provides processing services for POS terminals accepting Visa and MasterCard card products. For NLB Prishtina (Kosovo) it performs the processing of Maestro, MasterCard and Visa card products, in terms of both card and ATM operations. For BpB (Kosovo) it performs the processing of Visa card products, in terms of both card and ATM operations. For NLB Tutunska banka AD Skopje (Macedonia) Bankart performs, in terms of card operations, the processing of Maestro, MasterCard, Visa and a local card product (Zegin) and, in terms of ATM operations, the processing of Maestro, MasterCard, Visa, Diners, Amex and a local card product (Casys) as well as, in terms of POS-terminal operations, the processing of Maestro, MasterCard, Visa, Diners, Amex and a local card product (Zegin). For NLB banka a.d. Belgrade (Serbia) it performs the processing of MasterCard, Visa and the local card product DinaCard, in terms of both card and ATM operations. Forecasts Besides those projects which were not completed in 2015, Bankart will carry out the following in line with its 2016 Business Development Plan: Upgrades of SIMP-PS (IKP, IDD-C, IDD-B) and SEPA EKP and SEPA EDD CORE/B2B based on mandates, automation and modernisation Based on the proposals published for certain amendments to the SEPA rules and the implementation guidelines these changes are planned to be published in 2016 and will serve as the mandates for developing or upgrading the SEPA systems within the framework of the SIMP infrastructure in The said changes will dictate development in the framework of solutions for the SEPA systems in the SIMP framework as well as development on the part of the agent bank and the settlement agent (Bank of Slovenia). The implementation of the upgrades of the SEPA (payment) systems arising from the mandates (on the part of Bankart and the agent bank Bank of Slovenia) shall guarantee the compliance of operations with the SEPA regulations and consideration of the implementation guidelines. With the aim of ensuring the faster transport of data also for transactions of greater scope, increased security and reliability of exchange and modernisation of the tools used, in 2016 Bankart will modernise the transport mechanism for data exchange between the participants and Bankart. 15

16 Establishment of a solution for financing suppliers For the purpose of increasing the scope of exchanged e-documents in the E-invoice system and more efficiently utilising the existing infrastructure, and with the aim of improving the solvency of companies, Bankart will upgrade the current payment-related infrastructure in such a way that the newly created solution will enable creditors to receive financing based on issued e-invoices and the providers of funds to buy accounts receivable arising from e-invoices and to thus finance creditors. The proposed solution represents value added for the purchase and sales chain. Implementation of a tender for selecting a new supplier for holder authentication in online shopping 3D Secure issuing With regard to the negative experience and problems in the development of services of providing dynamic holder authentication in Internet purchasing in accordance with the requests of MasterCard and Visa (3D Secure technology) with the existing supplier, before the beginning of the new development projects (connection to the authentication systems of banks used for mobile banking), we will prepare a tender to obtain bids and select a new supplier or a new solution for the area of secure Internet purchasing or "3D Secure issuing". In this way, we will ensure development of better quality with fewer delays and more efficient use of Bankart's resources, shorter periods for the introduction of novelties and the supply of solutions of better quality and with reduced errors. Development of the online portal (B2B) to support the optimisation of the business processes of banks and Bankart The business processes between a bank and Bankart, such as the submission of various parameters, reporting of errors (incidents), filing of complaints, submitting of development requests etc. are based on the exchange of data via or telephone calls, which enables errors in the treatment of individual requests and prevents the introduction of efficient control procedures. For the more efficient implementation of processes, a reduction of the possibility of errors in satisfying the requests of banks, and to enable the possibility to monitor the meeting of the requests made by banks, Bankart will establish an online portal which will include different functionalities and enable banks a better quality and efficient exchange of data with Bankart. Development of online data management application for acquiring (POS acquiring) To improve and, in particular, shorten the processes of managing requests in the POS acquiring area, Bankart plans to develop an online application for the management of data in the area of acquiring, which will enable banks to access information on the implementation of the requests and access data related to POS acquiring (merchant agreements, points of sale, POS equipment etc.). The online portal will replace certain manual procedures in Bankart, and the introduction of electronic requests will make it possible to unify inputs, establish a gradual connection with the final systems and provide feedback to banks. In the area of POS acquiring, this will improve the support to banks' processes and the internal processes of Bankart. Implementation of a tender for selecting a new supplier for holder authentication in Internet purchasing 3D Secure issuing With regard to the negative experience and problems in the development of the services of providing dynamic holder authentication in Internet purchasing in accordance with the requests of MasterCard and Visa (3D Secure technology) with the existing supplier, before the beginning of the new development projects (connection to the authentication systems of banks used for mobile banking), we will prepare a tender to obtain bids and select a new supplier or a new solution for the area of secure Internet purchasing or "3D Secure issuing". In this way, we will ensure better quality development with fewer delays and more efficient use of Bankart's resources, shorter periods for the introduction of novelties and the supply of solutions of better quality and with reduced errors. Development of the online portal (B2B) to support the optimisation of business processes of banks and Bankart The business processes between a bank and Bankart, such as the submission of various parameters, reporting of errors (incidents), filing of complaints, submitting of development requests etc., are based on the exchange of data through or telephone calls, which enables errors in the treatment of individual requests and prevents the introduction of efficient control procedures. For the more efficient implementation of processes, to reduce the possibility of errors in satisfying the requests of banks, and to enable the possibility to monitor 16

17 the meeting of the requests made by banks, Bankart will establish an online portal which will include different functionalities and enable banks a better quality and efficient exchange of data with Bankart. Development of an online data management application for acquiring (POS acquiring) To improve and, in particular, shorten the processes of managing requests in the POS acquiring area, Bankart plans to develop an online application for managing data in the area of acquiring, which will enable banks to access information on the implementation of requests and access data related to POS acquiring (merchant agreements, points of sale, POS equipment etc.). The online portal will replace certain manual procedures in Bankart, and the introduction of electronic requests will make it possible to unify inputs, establish a gradual connection with the final systems and provide feedback to banks. In the area of POS acquiring, this will improve the support to banks' processes and the internal processes of Bankart. The implementation of the tender for selecting a mobile payment service/solution provider, preparing offers for project implementation for banks and adopting a decision to launch the project Considering the series of possibilities and various technologies, Bankart plans to introduce NFC-based solutions since (as opposed to other solutions) it does not require upgrading on both the side of merchants and holders, with the payment scheme mandates also being published (MC and VISA). A large part of the POS network processed by Bankart is already prepared for NFC mobile payments. In addition to the NFC technology, it is reasonable to use HCE (Host Card Emulation), which allows the issuer to offer their holders mobile payments independently of other parties involved. The goal of the development task is to prepare tender documentation and select a potential provider of services or solutions supporting HCE. After completion of the selection process, which may also include banks, a business model will be designed and used as the basis to prepare offers for banks and deciding on the launch of the project to implement mobile payments in banks. The advantages of the development task are related to introducing new services in modern payment technologies. We thus wish to support our banks in introducing new payment methods which are not necessarily only the result of mandates and regulations, but which will undoubtedly contribute to the perception of the banking system as being advanced. Statutory reporting of banks to the Bank of Slovenia Based on the legal provisions of the Slovenian and European regulations, banks are responsible for the preparation of various financial and statistical reports for the Bank of Slovenia, which shows that the process of capturing and preparing data is integrated into the operation of any bank. Because of the extensive and uniform reporting (and also based on the successful projects carried out in the neighbouring countries), we assess that it is reasonable to examine the possibility to centralise data and consolidate the preparation of reports to the Bank of Slovenia. The strengths of establishing a solution for providing centralised statutory reporting of banks to the Bank of Slovenia can be assessed after completion of an analysis of the existing costs incurred due to reporting on the side of the banks. It is already possible to conclude today that the centralisation of the processes and the technical and technological structure might have positive financial effects on the banks performance in both terms of investments, maintenance and operational costs and in cutting labour costs resulting from the preparation of the reports. Server platform, disk systems and personal computers In the area of server and disk systems and personal computers, we plan to increase the disk capacities of the production, test and archive environments, upgrade the data archiving system by introducing the VTL (Virtual Tape Library) system and de-duplication of data, and the system for archiving virtual server systems, upgrade the existing host servers of the virtual environment, extend the licences for the anti-virus software and security TLS certificates, upgrade the licences for the software used for the management and supervision of information system, and replace older workstations and laptops, extend the agreement for the licensing of the Microsoft software, extend the agreement on the maintenance and elimination of errors of the Microsoft platform, replace the IBM AIX servers of the SEPA IKP/EKP system, set up a development applicative environment of the SIMP and E-invoice system, replace the test HP NonStop server, and extend the agreement for the maintenance of the CSP software for the supervision and management of the HP NonStop system. This will ensure sufficient disk capacities of individual environments, sufficient server capacities for undisturbed functioning of the virtual and test environments and appropriate licences for the software used, speed up the 17

18 archiving and restoration of data and databases, and ensure a smooth work process and the undisturbed provision of the Company's services. Communication networks of the Company In the area of the Company's communication networks, we plan to upgrade the network components for the connection of server and communication devices to the network, and to increase the number of licences for additional instances of TLS concentrators for the closing of secure communication sessions, with the aim to provide an adequate number of network connections for connecting devices to the Company's network and to ensure secure connection of external users with the Company's services. The renovation and modernisation of physical connections as well as server and communication cabinets ensures appropriate copper wiring and optical connections for high-throughput connections within the data centre as well as modern cabinets for installing server and communication equipment, which will enable uninterrupted connection and functioning of the Company's information systems. Introduction of the system for protection against DDOS (Distributed Denial of Service) attacks at a public Internet access point means introduction of a mechanism of protection against attacks from the public network in the scope of the VPN connection service and POS terminal authorisations, and thus ensuring the provision of the Company s services. Datapower upgrade The access point for the connection of users with online services and into our systems is an IBM Datapower gateway. At present, the system in the production environment is in the active-passive mode and in the simulation environment there is primary one server. All physical communication interfaces are already occupied by different services and environments. The latest requests from the SLA web services for banks demand better responsiveness than we are currently able to achieve with the active-passive mode; therefore, we plan to upgrade/extend the existing Datapower point of entry for the production and simulation environment. The upgrade will ensure active-active operation and thus meeting of the demanding SLA criteria for switching and performance, enable additional physical communication interfaces for new services, and set up a simulation environment that will also be equivalent to the production environment in terms of its functionality. 18

19 Business and financial report The assets, liabilities, financial position and business result of the Company are presented according to the principle of a true and fair presentation. The basic principles pursued by the Company in financing are chiefly the principle of matching the maturity of assets with that of liabilities, along with the principles of profitability and liquidity. The Company s objective is to generate profit which, in the long run, ensures growth and development and the appropriate structure in compliance with both the Financial Operations of Companies Act and the requirements and regulations of the Bank of Slovenia. The risks relating to the financial operations of companies in general (liquidity, interest rate, currency, credit and other market risks) at Bankart are not significant. An ever more important risk is the impact of the measures taken by the banks on Bankart s revenues. By changing their operations as regards card, ATM and POS transactions, for example by terminating the possibility of an account balance inquiry for clients of other banks or by charging a commission for ATM cash withdrawals made by clients of other banking groups, they can have a considerable impact on the revenues earned by Bankart. Realised investment activity of the Company Table 1: Overview of investments in 2015 (in EUR) Realised in 2015 Intangible assets - software 118,000 - licences 312,000 Property, plant and equipment - hardware 1,981,000 - other equipment 41,000 TOTAL 2,452,000 In 2015, the following projects in the area of technology and information technology from the past years were completed: Introduction of the PRM Real Time (RT) functionality by using predefined rules and parameters in PRM RT, a bank has the option of preventing suspicious transactions with the cards of their users and suspicious transactions by their holders since PRM RT participates in the process of authorisation and approves/rejects transactions on the basis of applicable rules. Upgrading and optimisation of the SEPA systems in the framework of the SIMP and E-Invoice system completion of the change separation of the technical solution for the SEPA IDD/EDD CORE and SEPA IDD/EDD B2B systems and introduction of a single payment system. The consolidation of payment systems reduced the fee for the settlement of net cash receivables and liabilities of the participants in the payment systems in the TARGET2 payment system. In 2015 the migration of the SEPA EKP system from the environment of the Bank of Slovenia to Bankart was also completed. It enabled uniform processing, easier management of upgrades and more optimal supervision over costs. In the area of the E-invoice system, based on the completed analysis of the existing business model, Bankart prepared and presented to banks a proposal for its change in a way that will efficiently support larger use of the established solution. With the aim to increase the volume of transactions in the E-invoice system, support for the exchange of other types of documents (reminder, order form, delivery form) was also implemented. 19

20 Setting up of solution for targeted sales of banking services at ATMs within the scope of the established technical solution enabling banks to make targeted sales of individual services to bank users and connecting with the banks' CRM systems, in 2015 Bankart, in cooperation with one of the banks, developed a service enabling the users of that bank to activate the SMS Alert via an ATM. Card and ATM operation migration in 2015 Bankart successfully completed the projects of migrating card and ATM operations (issuing and/or acquiring) for two large domestic banks and one foreign bank. Server platform, disk systems and personal computers the disk capacities for the production, test and archive environments were increased, the licences for software and databases were purchased and upgraded, the upgrade of the serves infrastructure of the E-invoice system and the upgrade of the memory and processors of the authorisation system were successfully carried out. Communication networks of the Company the Company successfully completed the upgrade of the central network of the Company, the firewalls and SSL concentrators for accessing services through the Internet and the communication hub supporting the POS terminals. Last year, the following activities from the Company's Business Development Plan for 2015 were implemented: Upgrading SEPA IKP/EKP and SEPA IDD/EDD under mandates proposals for certain amendments to the SEPA rules and the implementation guidelines were published in November The amendments were later also officially published, serving as the mandates for the development or upgrading of the SEPA systems in the framework of the SIMP infrastructure in These amendments required development in the scope of the solutions for the SEPA systems within SIMP, as well as development on the side of the agent bank and settlement agent (Bank of Slovenia), and were also completed successfully. Implementation of MasterCard and Visa Mandates in 2015 the required mandatory changes of MasterCard and Visa were successfully implemented in the authorisation system and in card management. Introduction of strong authentication for Internet purchasing SMS OTP the project of introducing strong authentication for Internet purchasing SMS OTP was completed successfully, enabling banks a higher level of ensuring security in the area of Internet purchasing; its realisation also implements the ECB recommendations and the EBA requirements. Development of new functionalities in the management of debit cards and functionalities for managing risks in card operations the Company developed services topical and acceptable for banks business-wise. Those were the development of the limit for the needs of limiting the use of contactless cards in online mode without verification from the holder (without the use of a PIN number) and the development of support for limiting the cumulative of transactions by card at the level of one calendar month according to the principle of daily limits on the card. Regulation on interchange fees for card-based payment transactions the implementation of the requirements of the Regulation on interchange fees for card-based payment transactions included requirements arising from the so-called VISA Commitments (VISA MIF Plus Plus) and part of the requirements envisaged by the Regulation on interchange fees for card-based payment transactions. In agreement with the banks, all changes were successfully put into in production within the deadlines set. Software for supervising the central authorisation system based on the need to use an automated system for controlling performances and bottlenecks in the XPNET environment, the only product on the market, XPNET Manager, was supplied and tested. Testing showed that the current version of the product is not adequate; therefore, the Company is waiting for a new version of the product (announced for the third quarter of 2016) to test it. Monitoring and analysing the functioning of SQL enquiries in the ORACLE infrastructure the Company introduced a tool for monitoring and analysing the functioning of the SQL enquiries in the area of credit card management (CMS) and in the area of card personalisation (Cardis), which ensured analysing of the behaviour of SQL enquiries. The tool also proposes improvements. 20

21 Communication networks of the Company The Company purchased the equipment for upgrading the central routers of the BNet network, the equipment for upgrading the production communication hub supporting POS terminals, and the equipment for upgrading the capacities of the DWDM transmission system for connecting the primary and the secondary locations of the Company's information system. The communication cabinets and switchboard systems at the primary location of the Company were replaced. Server platform, disk systems and personal computers The capacities of the disk systems of the archive environments were increased, and the agreement on the licensing of the Microsoft software and the agreement on the maintenance and elimination of the Microsoft platform errors were extended. 21

22 Risk management Currency and interest rate risk Given the volume of capital and low indebtedness level, the exposure of the Company to interest rate risk is minimal. The interest rate risk exists owing to the scope of loans; however, the Company is granted loans under favourable lending conditions due to its good credit rating. Loans raised are in the domestic currency linked to EURIBOR. The Company is exposed to currency risk and the risk of loss arising from unfavourable changes in the exchange rate. This risk arises from payments of obligations abroad. The Company does not have any classical hedges for currency risk management, i.e. receivables denominated in a foreign currency. Forward transactions are not conducted on account of opportunity losses. Credit risk There are no transactions which might entail credit risk for the Company and thus financial loss, which represents the risk of a business partner failing to discharge their obligations under an agreement on financial instrument. Liquidity risk The Company manages liquidity risk and solvency risk by harmonising the maturity of receivables and liabilities, and by monitoring cash flows. The Company regularly pays its obligations and has no liquidity problems. Risk management refers to minimising risks. The management of the Company estimates that financial risks are present, however, due to the structure of its assets and liabilities, the exposure is low. Operational risk Operational risk is the risk of generating loss, including the information and legal risk that might arise because of the following circumstances: inadequacy or inaccurate implementation of internal processes; other irregular actions of people that are part of the internal sphere of a legal entity; inappropriateness or incorrect functioning of the systems that are part of the internal sphere of a legal entity; or external events or actions. Operational risks include those arising from: the functioning of infrastructure (hardware, software and communications equipment); actions of the employees (know-how, skills, motivation, substitutability of staff etc.); functioning of processes (adequacy of processes and controls, setting of goals, composition and clarity of processes); functioning of systems (safety, availability, adequacy of information technology and premises); environmental impact (unwanted or unexpected changes, crime, accidents, extraordinary events); legal risks (violation of or non-compliance with the laws, implementing regulations, instructions, recommendations and concluded contracts). The management of operational risks is a significant element of the Company s performance and is included in all its business processes, thus being a permanent task of all the employees in Bankart. For this purpose, an appropriate policy was set up to identify, measure, keep and manage operational risks as were the instructions for monitoring operational risks and reporting on incidents and losses. The review of the results of the risk analysis that was conducted in 2014 in the business processes of Bankart showed that, although most business processes have a high or medium inherent risk, Bankart with its systematic approach to the establishment, maintenance and supervision over the appropriateness and efficiency of the control environment manages the risks in the manner that operational risks have become low, which is also confirmed by the analyses of recorded incidents and loss events. By all means we will also carefully monitor the operational risks in the future and continue to improve efficiency, effectiveness and cost optimisation of the control system to ensure lower exposure of Bankart to operational risks. 22

23 Personnel and organisation As at the end of 2015, Bankart had 199 staff, 197 of whom were permanently employed and 2 under fixedterm contracts. There were 197 employees on average in Fluctuation The number of employees rose by 4 or 2.01% compared to the preceding year. The fluctuation rate was 3.86%. Chart 1: Number of employees by year Change in the number of employees Educational structure of employees Chart 2: Educational structure of employees 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Educational structure of employees above VII. VII. VI. V. IV. Level of education II IV V VI VII VIII Number of employees