STRATEGY FOR RISK MANAGEMENT OF KOMERCIJALNA BANKA AD SKOPJE Only for internal use Skopje, July 2013
CONTENTS Page 1. Introduction 3 2. Subject and definitions 3 3. Risk management system 5 4. Scope of the Strategy for risk management 5 4.1 General approach to the risk management 5 4.2 General approach in the internal determining and assessment of the required capital adequacy of the bank 4.3 General framework for acceptable risk level the bank can be exposed to during its operating 8 8 5. Closing provisions 9 2
Pursuant to Article 69 of the Statute of Komercijalna Banka AD Skopje, the Supervisory Board of the Bank on 30.07.2013 approved Strategy for risk management of Komercijalna Banka AD Skopje 1. Introduction The modern concept of banking in conditions of market economy would not be possible without an adequate approach towards the risk as universal category. The successful risk management is one of the main preconditions for the successful operation of each bank. The Strategy for risk management of Komercijalna Banka AD Skopje (hereinafter referred to as: Strategy) is based on Banking law, sub law regulations and Bank s Business policy and Development Plan of Komercijalna Banka AD Skopje. 2. Subject and definitions Subject of this Strategy is to define general approach to risk management of the Bank, including the capacity of their managing and undertaking, general approach to determining the internal capital of the Bank and the general framework for acceptable level of risk on which the Bank can be exposed to during its operations. Risk represents the probability of certain activity or event to have direct negative influence on the profit and/or on the own funds, or to impede the fulfilment of the bank's objectives. The material risks are those risks having significant influence on the bank's operations, i.e. they can considerably influence on the profit and the bank's own funds. Significant influence represents the influence which results with materially significant effect from exposure to certain risk. According to the nature, size and the complexness of the financial activities, the risk management system is included at least following types of risks: - Credit risk, including also the country risk and the counterparty risk; - Liquidity risk; - Currency risk; - Market risk; - Risk of change in the interest rates in the banking book; - Concentration risk; - Operational risk, including legal risk; - Reputation risk and - Strategic risk. 3
Besides the above mentioned risks, the Bank encompasses other risks it is exposed to in its operating, if it is defined that these risks have significant influence on Banks operating. Credit risk is a loss-bearing risk for the bank, due to its client impossibility to service its liabilities toward the bank in the agreed amount and/or within the agreed timeframe. Country risk is the risk of loss due to the bank exposure to certain country, which may be a result of the economic, social and political environment in the debtor country. A special form of country risk is the transfer risk originating from the possible restrictions in the transfer of funds from one country to another. Liquidity risk is risk when the bank can not provide enough funds intended for settlement of its shortterm liabilities at their maturity, or it provides the necessary funds at very higher costs. Currency risk is risk of loss due to change in the cross-currency exchange rates and/or change in the value of the denar against other foreign currencies. Market risk is a risk of loss arising from the change in the price of financial instruments intended for trade. Risk of change in the interest rates in the banking book is risk of loss arising from the unfavourable changes in the interest rates, and which influence on the items in the bank's banking book. Concentration risk denotes every direct or indirect exposure, or total exposures that can result in a loss that can jeopardize the continuous bank operations. Operational risk is a risk of loss as a result of: - inappropriate or weak internal procedures; - inappropriate personnel and improper or weak systems in the bank; - external events. The operational risk shall also include the legal risk, as well as the risk of money laundering and financing of terrorism, IT risk and other operational risks. The utilization of outsourcing services encompasses the use of services enabling the banks to perform its financial activities, including also the supporting bank activities. The utilization of these services can expose the bank to operational risk. Outsourcing services which expose the bank to operational risk are not considered the standardized services, such as the utilization of services of the interbank communication systems and interbank communication and trade, utilization of the telecommunication network and infrastructure, marketing services, maintenance and cleaning services and other public utilities, market research services, procurement of goods and construction works, lease of real estate etc.; Legal risk is current or prospective risk to the bank's profit and own funds, caused by violation or non-adherence to the legal framework, agreements, prescribed practices, ethics standards, or as a result of misinterpretation of the regulations, rules, agreements and other legal documents. Reputation risk is current, or prospective risk to bank's profit, or own funds, arising from the adverse perception of the customers, creditors, shareholders, investors and regulators of the bank operations. 4
Strategic risk is the current or perspective risk to the bank's profit, or own funds, arising from the changes in the business environment, adverse business decisions, improper implementation of the decisions or lack of bank responsiveness to the changes in the business environment. Bank's risk profile is review of all risks on which the Bank is exposed and it gives the current capacity for taking and managing risks. 3. Risk management system The Bank consistently shall fulfil all the requirements regarding to Banking Law and sub law regulations, at the time of managing and undertaking with the risks. According to the nature, size and the complexness of the financial activities the Bank performs, the Bank shall introduce adequate risks management system, which includes: - internal acts for managing risks - adequate organizational layout of the risk management; - process of determining the internal capital of the bank. 4. Scope of the Strategy for risk management The Strategy is prepared in accordance with Bank s Business policy and Development Plan and is in function of realizing the key strategic objectives, also as realizing the priority aims and objectives. This Strategy contains: 4.1 General approach to the risk management Main objective of the Strategy is to define general approach in the risk management, including also the capacity for their undertaking and managing. Komercijalna Banka AD Skopje (hereinafter referred to as: the Bank), continually shall manage the risks through identification, measurement, assessment, control and monitoring, in order to eliminate and minimize their influence on Bank s operations. The Bank manages risks based on established separate policies for managing individual risks, which include general rules for appropriate organizational structure for risk management, which consists of a clear organizational structure, effective process for risk management and effective system of internal control and audit. The Bank shall continually improve the system for undertaking and managing risks according to law regulations changes and all the news in international theory and practices. The approach of the Bank for managing risks will be conducted by providing an effective system of integrated risk management and providing an acceptable level of risks that will enable continuous operation of the Bank, in accordance with established business strategy, that will provide an appropriate balance between risk and yield by minimizing the potential negative effects on the financial performance of the Bank. The Bank will realize this through: - Clear organizational structure in managing risks; - Defined rules of internal control; - Clearly defined processes to manage risks, through established rules of identification, measurement and assessment, control and monitoring. 5
The main objective of the Bank in the process of credit risk management is to achieve an acceptable level of risk based on the principle of prudence and efficiency. The access of the Bank to achieve the primary objective in credit risk management within the system for integrated management with the risks is established through clearly defined processes and rules for identifying, measuring, monitoring and control of the credit risk. The Bank manages with the exposure to loans and advances to customers, loans and advances to banks and financial institutions, investments in securities available for sale investments in debt instruments, off-balance sheet instruments and others assets. Within the framework of the credit risk management, as most important and most represented component are loans and advances to customers. The strategy of the Bank in managing these exposures to credit risk is defined by: Maintaining the quality of loan portfolio within the current acceptable structure of risk categories, with domination of A risk category by: - Efficient assessment of the creditworthiness of customers through credit analysis from one side and establishing criteria for assessing the client through the scoring system on the other side, - Continuous monitoring of payments and borrowing customers. Determining the appropriate and prudent level of impairment of exposures to credit risk in order to protect the bank from losses due to impairment and reduced exposure in the categories of non-performing loans in future periods; Protection of the Bank of credit risk by covering exposures with acceptable collateral and maintaining the prescribed legal and internal limits; Diversification of credit risk through approval of exposures in various industries, products and clients. For determining the capital requirement for credit risk, Bank calculates credit risk weighted assets using the standardized approach. The approach of the Bank for managing with liquidity risk and acceptable level of this risk will be in direction of maintaining an adequate level of liquidity. Liquidity risk management will involve managing with the assets and liabilities in a manner that allows timely and regular payment of liabilities, in normal or extraordinary operating conditions of the Bank The approach of the Bank for managing with currency risk will be in direction of continuous and successful realization of activities in foreign currency and in denars with FX clause, by establishing clear and precise limits on Bank exposure to currency risk in order to reduce or eliminate the consequences of currency risk to which the Bank is exposed during its operation. The level of exposure to currency risk and the capacity of the Bank for exposure to currency risk will be determined depending on market trends, the structure of the risk exposure of the Bank (according to other types of risks) and the level of required capital to cover risks. The goal in managing currency risk is to maximize the stability and profitability by applying the optimal currency structure of assets and liabilities. The approach of the Bank for managing with market risk and acceptable level of this risk will be in direction of maximizing the stability, liquidity and profitability by applying the optimal structure and level of trading portfolio. The approach of the Bank for managing with risk of changing interest rates in portfolio of the banking activities and the acceptable level of this risk will be in direction to ensure stability and profitability by 6
applying the optimal structure and optimal interest rates on the portfolio of the banking activities. Managing with the changing interest rate risk in portfolio of the banking activities means on time identification, measurement or assessment, control or reduction and monitoring function of control of exposure to this risk in order to limit its impact on the financial positions. The access of the Bank in managing the risk of concentration of credit risk exposure is within the established system to ensure smooth and profitable operation and simultaneously minimizing and eliminating risks of concentration of exposure to the Bank. Starting from the definition of the risk of concentration of exposure individual direct or indirect and group exposure to the Bank that can cause losses and could jeopardize the further operation of the Bank, the main strategy of the Bank is: Maintenance of exposures within the legal and internally established limits of exposure to client, group of clients and to the sectoral concentration; Reduction of the risk of concentration risk to exposures by continuously monitoring the creditworthiness of the clients for servicing commitments in order to reduce the probability of default by a client or group of related clients that would result in significant negative impact on the Bank s operating. The approach of the Bank for managing with operation risk will be in direction of establishing an adequate system, which corresponding with the nature, size and complexity of financial activities that the Bank are performed, which system will cover all material events that constitute exposure to operational risk regardless if it comes to events whose impact may or may not be easily measured. Acceptable level of exposure to operational risk can be defined qualitatively as a necessary risk that must be undertaken for successful completion of processes or assignments in the organizational units to achieve the goals of the Bank. Acceptable level of exposure to operational risk is part of the identified risk, which remains despite the measures and controls, which are taken and applied. Further efforts for its reduction will bring in to questions the successful completion of activities, assignments and achieving the goals of the Bank. For determining the capital requirement for operational risk, Bank uses standardized approach, which is one of prescribed approaches with the regulation of NBRM (National Bank of the Republic of Macedonia). The approach of the Bank in managing of the reputational risk and acceptable level of this risk shall be in direction of establishing and maintaining of favorable image (good reputation) of the Bank business activities within the frames of the market surrounding. This will result with confidence of the clients, shareholders, creditors and employees, and the bank can accomplish its goals as précised in business plans as follows: maintaining of the capital value and its expansion, maximization of the profitability of business actives by undertaking of acceptable risks and increasing of the Ban s participation in the Bank market of Republic of Macedonia. The Bank s approach in strategic risk management and the acceptable level of Bank s exposure to this risk will be in direction of appropriate preparation of strategic and annual business plan, adequate determining of goals, undertaking prompt activities in accordance with the expected influence of all the external and internal environment factors, compliance with the exposure levels towards other risks deriving from its operation that were determined with separate policies, as well as prompt and accurate reporting in regards to the realization of set goals and quantifications. The Bank s capacity of taking and managing risks, represents the maximum level of risk that the Bank may bear which is presented with the statutory (regulatory) limit of capital adequacy. 7
4.2 General approach in the determining of internal capital of the Bank With adopted regulation that encloses the first pillar of the Second Capital Accord (BASEL II) new prescribed methods for calculating of capital requirements were introduced. In order to provide additional stability, the second pillar of BASEL II draws the focus on risk management, establishing the process whereby the Bank will provide a sustainable level of capital in long term, taking into account the impact of all material risks within its risk profile. This process is the process of determining the internal capital of the Bank (PIC). According to regulation PIC is integral part of the risk management system and should enable its improvement and strengthening. Results from implementation of PIC shall be included in the development plan and business policy of the Bank. The objectives of the PIC are defined in the Policy for the process of determining the internal capital, while the phases of establishing are determined in the Procedures for implementation of the process of determining the internal capital, The Bank implements the PIC at least once a year and in every significant change on the risk profile. When measuring the risks covered by the methodology for determining capital adequacy (credit risk, market risk, currency risk and operative risk), the Bank shall apply the regulatory approach. Regulatory approach means use of the prescribed methodology for determining the capital adequacy. When measuring all other risks, the Bank shall apply internal approach. Internal approach means development of own quantitative or qualitative methodologies for measuring the risks. These methodologies are explained in details in the Procedures for implementation of PIC. 4.3. General framework for acceptable risk level the Bank can be exposed to during its operation Acceptable risk level on which the Bank may be exposed to for achieving its the long-term goals, means maintaining the capital adequacy ratio above 12%. In risk s undertaking, the Bank consistently shall fulfil all the requirements regarding: - Risk exposure s limits regarding law regulations; - Internal limits for risk exposure. Internal limits for risk exposure for certain types of risks and acceptable level for certain risks are defined in internal acts of the Bank. 8
5. Closing provisions The changes and supplements of this Strategy shall be made according to changes in law regulations and Bank s Business policy and Development Plan. For all that is not defined in this Strategy, the law and sub law regulations and Bank s acts will be applied. For implementation of this Strategy, the Bank shall introduce policies and procedures for risk management. With the implementation of this Strategy, the Strategy for undertaking and managing risks of Komercijalna Banka AD Skopje, No. 02-1610-96 from 31.05.2011, the Decision for amendments of the Strategy for undertaking and managing risks of Komercijalna Banka AD Skopje, No. 02-1610- 196 from 27.12.2011 and Decision for amendments of the Strategy for undertaking and managing risks of Komercijalna Banka AD Skopje, No 02-1610-35/1 from 06.03.2012 shall become void. The Strategy shall come into effect after approving by the Bank s Supervisory Board. SUPERVISORY BOARD OF THE BANK PRESIDENT Sava Dimitrova 9