PUBLISHING OF THE DATA AND INFORMATION FOR SOCIETE GENERALE BANK A.D. BEOGRAD

PUBLISHING OF THE DATA AND INFORMATION FOR SOCIETE GENERALE BANK A.D. BEOGRAD May 2015 1

TABLE OF CONTENT: 1 BUSINESS NAME AND HEAD OFFICE OF THE BANK... 4 2 BANK S RISK MANAGEMENT STRATEGY AND POLICIES... 4 2.1 Description of the Risk Management Strategies and Policies... 4 2.1.1 Purpose and Goals of efficient Risk Management Strategy and policies... 4 2.1.2 Responsibilities... 4 2.1.3 Risk categories... 5 2.2 Organization of risk management process... 7 2.3 Variety and Types of Reports on Risk... 11 2.4 Risk Mitigation Techniques... 12 2.4.1 Credit Risk Mitigation Techniques... 12 3 CAPITAL OF THE BANK... 12 3.1 Basic elements of the Bank s Capital... 12 4 CAPITAL REQUIREMENTS AND INTERNAL CAPITAL ADEQUACY ASSESSMENT... 13 4.1 Internal Capital Adequacy Assessment Process... 13 4.2 Regulatory capital requirements... 20 5 BANK S EXPOSURE TO RISKS AND APPROACHES FOR RISK MEASUREMENT AND ASSESMENT... 21 5.1 Credit risk... 21 5.1.1 Definitions used by the bank for the concepts of past due receivables and exposures that were subject to value adjustment... 21 5.1.2 Description of approaches and methods used for calculating value adjustment of balance sheet assets and provisions for losses on off balance sheet items... 21 5.1.3 Structure of the Bank s exposure... 22 5.1.4 External credit ratings... 31 Classifications Mapping... 31 5.1.5 Credit protection instruments and risk mitigation techniques... 32 5.2 Settlement / Delivery (Counterparty) risk... 36 5.3 Market risk... 37 5.4 Operational risk... 38 5.5 Interest rate risk... 38 5.6 Equity investments in banking book... 39 6 BANKING GROUP AND RELATION BETWEEN PARENT COMPANY AND SUBORDINATED COMPANIES... 41 7 ANNEX... 42 7.1 Data on capital position of bank form PI-KAP... 42 7.2 Data on capital position of bank on consolidated basis form PI-KAP... 43 7.3 Data on basic characteristics of financial instruments which are included into capital adequacy calculation form PI-FIKAP... 44 7.4 Data on basic characteristics of financial instruments which are included into capital adequacy calculation on consolidated basis form PI-FIKAP... 46 7.5 Data on linking the positions of capital from Bank s balance sheet with positions from form PI KAP form PI-UPK... 48 7.5.1 Differences between balance sheet made for purpose of controlling the Banking group on consolidated level and consolidated financial statements of the Banking group made in line with IAS and IFRS... 48 7.5.2 Details of elements in the balance sheet of the bank... 49 7.5.3 Linking the positions in detailed balance sheet of the bank with positions in form PI KAP 51 7.6 Data on linking the positions of of capital from Bank s balance sheet on consolidated level with positions from form PI KAP form PI-UPK... 51 7.6.1 Differences between balance sheet made for purpose of controlling the Banking group on consolidated level and consolidated financial statements of the Banking group made in line with IAS and IFRS... 51 7.6.2 Details of elements in the balance sheet of the bank... 53 7.6.3 Linking the positions in detailed balance sheet of the bank with positions in form PI KAP 55 2

7.7 Total capital requirements for the Bank PI-AKB... 55 7.8 Total capital requirements for the Bank on consolidated level PI-AKB... 56 3

In line with the Decision on Disclosure of Data and Information by Banks (RS Official Gazette, No. 125/2014 i 4/2015) Societe Generale Banka Srbija a.d. Beograd, publishes following data and information: 1 BUSINESS NAME AND HEAD OFFICE OF THE BANK Business name of the Bank: or SGS) Head Office: Societe Generale Banka Srbija AD Beograd (hereinafter: the Bank Bulevar Zorana Đinđića 50 a/b 11070 Belgrade Republic of Serbia 2 BANK S RISK MANAGEMENT STRATEGY AND POLICIES 2.1 Description of the Risk Management Strategies and Policies 2.1.1 Purpose and Goals of efficient Risk Management Strategy and policies The strategy and policies are aimed at defining global principles of the bank in taking risks on the long run. It also defines concepts and general terms in taking and measuring risks, as well as global review of all concepts and principles used in the bank in the areas involved with risks. Finally, they formalize these concepts and principles periodically and help continual adaptation of the Bank s process in accordance with the regulatory and economic environment. Main objectives of the risk management strategy and policies are: to contribute to the development of the Bank s operations by optimizing their overall riskadjusted profitability, to guarantee the Bank s sustainability as a going concern through the implementation of a high quality infrastructure for risk measurement and monitoring, to serve as a reference and guide to all professionals within the Bank in order to exercise prudence and effectiveness in their risk-taking and management decisions. It is in accordance with the legislative and regulatory rules in force and reflects practices and standards of good conduct and ethics issued by the banking industry. 2.1.2 Responsibilities 1. The implementation of the overall risk policy of the Bank is the joint responsibility of the Risk Division (hereinafter: RISK) and the Functional Divisions on one hand (related to operational risk), and the Business Divisions on the other hand. 2. RISK is in charge of coordinating the implementation of an efficient risk management approach for the whole Bank, developing methodologies and tools for calculation of the exposure associated with each type of risk and ensuring that General Management receives regular, independent information on the magnitude and evolution of these risks. 3. The Business Divisions carry out a large number of risk functions (analysis, scoring, approval, monitoring and management) as well as associated operational functions (collaterals monitoring, checking, documentation). These operations may be subject to a validation by RISK and/or checking by the Functional Divisions. 4. It is the responsibility of RISK, and the Business and Functional Divisions to communicate the risk strategy of the Bank to all interested parties on a timely basis and in the most appropriate manner, whilst making sure that it is understood and accepted. Each of the managers concerned should be clearly informed of the objectives, authority and responsibilities assigned to him and of the structure implemented for their exercise. 4

5. In the specific case of new activities or products that are new or in the process of development, each business line is responsible for submitting them to the New Product Committee of the Bank. The mission of this New Product Committee, which is organised and co-chaired by RISK and STMA (Strategy and Marketing Direction), is to ensure prior to any new offer, that the product can be handled by the Resources division and that all the related risks (credit, market, operational) attached to this activity (or product) are duly understood, can be effectively monitored, and are subject to suitable control procedures. 6. In order to protect the image of the Bank, and by reference to the rules set by SEGL (Bank Compliance function), Front Office staff are responsible for: ascertaining, with the maximum certitude, their identity, worthiness and legal capacity to fulfil their commitments, prior to entering any relationship with a counterparty, identifying any cases of actual or potential conflicts of interest and very quickly putting in place suitable confidentiality procedures, before collecting or communicating any information emanating from the beneficiary of financial advice or credit transaction, undertaking significant financing transactions with a client only if the transaction appears in its financials or is suitably disclosed to its external auditors. 7. As the Bank s organisation allows people with very different backgrounds (in terms of functions, entities, markets, countries) simultaneously to generate identical or interdependent risks, it is the responsibility of RISK and the Business and Functional Divisions to rely on: professionals with an experience that is suited to the nature and complexity of the risks that they handle, who are capable of exercising their judgement with all the necessary relevance and responsiveness and communicating constructively with each other and with specialists in portfolio management and risk reduction techniques, the most advanced measurement methodologies for each of the different categories of risk, appropriate to the nature and volume of the underlying transactions, which permit an understanding of all the risks on a consistent basis and an appreciation of those risks in relation to the capital and results of the Bank, including the effects of strong variations in the simulation hypotheses used (stress scenarios), information systems and management standards that favour data consistency and quality and facilitate the monitoring of risks according to an optimal periodicity, on a consolidated basis and with satisfactory audit trails and levels of security, people responsible for checking or (validating) the application of the Bank s risk strategy, who are wholly independent of the commercial or functional units that they check, a remuneration policy that properly reflects the positive or negative impact of risk decisions taken, taking into account their conformity with the strategy and risk management standards defined by the Bank. 8. Rules for implementation of the risk strategy within the Bank are laid down in writing by RISK in the form of overall policies and procedures, which may be detailed into more operational procedures by each of the Business Divisions. They cover all the modalities of capture, assessment, monitoring and control of these risks, by defining explicitly the responsibilities of each entity and by providing clear audit trails. 9. Audit teams are responsible for checking the risk management approach, its comprehensiveness and its adequacy throughout the Bank, as well as compliance with internal procedures. 2.1.3 Risk categories Given the diversity and changes in the Bank s activities and local market, SGS Risk management focuses on the following main categories of risks: 1. Credit risk (and subsequently concentration, credit-currency, external risk and residual risk); 2. Market risk (and subsequently FX and Pricing risks) 3. Operational risk 4. Liquidity risk 5

5. Interest rate risk 6. Reputation risk 7. Strategic risk The main identification and criteria by which risks will be authorized and followed is that of quantification, where we must be able to evaluate an amount in currency that we are exposed, or that we are willing to be exposed to (setting of limits). The Bank is reported regularly in line with National Bank of Serbia s regulations, standards of Societe Generale Group and requests of creditors and investors. Reports are regularly audited by internal and external auditors. Credit risk is defined as risk of loss arising from a borrower s failure to meet its financial obligations to SGS. In addition to credit risk, other related risks are defined as: 1. Concentration risk - the risk of an imperfect diversification due to a strong concentration in a single counterparty, a group of related counterparties or specific sector concentration (industrial, geographical etc.); 2. Currency induced credit risk - the risk of realizing a credit loss due to an unsustainable increase of instalments which arise from a local currency depreciation against the value of the convertible currency in the currency clause; 3. Credit risk Interest rate risk induced - the risk of credit loss caused by changes in reference market interest rates, presenting the reference to instalment with direct impact to client s ability to repay such commitment. 4. Risk of sustaining losses on the basis of external factors influences, and among them especially changes in the business and macroeconomic environment changes in the country having as the consequence potential negative impact to increase of the Bank's NPL. 5. Residual risk - the risk of loss due to overestimated impact of credit risk mitigation techniques. Credit risk management is defined by a set of documents - policies that define the management of risk in the business segments with legal entities, individuals and small business entities and entrepreneurs. This document defines the basic principles of credit risk management including: Appetite for risk-taking Principles of risk management Establishing a business relationship with clients Establishing exposure limits The methods and instruments securing loans Control and monitoring of risk An analysis of country risk Special access to specific projects that expose the bank to credit risk Market risk is defined as a risk of loss on market underlying parameters (foreign exchange rates, equity/debt financial instruments prices or commodity prices). It pertains to all trading book transactions as well as some banking book portfolios valued through the market-to-market approach. The process of managing market risk is defined in the Market Risk Policy. The Bank is, in its business, mainly exposed to foreign exchange risk (hereinafter: FX risk) among all types of market risks. The Bank carries out very conservative trading policy concerning financial instruments and commodities traded for its own account in order to make a gain in a short-term arising from actual or expected difference between buy and sell price. The Bank conducts transactions on the market either to fulfil clients orders (along with that the Bank is trying to close such opened positions as soon as possible, i.e. in a short term) or to close its structural open positions, or to maintain its own liquidity position. Therefore, Trading Book Policy is a very restrictive and the Bank does not have exposure within trading book. Operational risk shall be the risk of possible adverse effects on financial result and capital of the bank caused by omissions (unintentional and intentional) of employees, inadequate internal procedures and processes, inadequate management of information and other systems, as well as 6

by unforeseeable external events, including low probability events with risk of high losses. Operational risk includes legal risk. Management of operational risk is defined by the Operational Risk Management Policy. The basic elements of this policy include: Monitoring, reporting and analysis of events realized as a result of operational risk Creating, monitoring and reporting on key indicators of operational risk Implementation of permanent supervision process in the bank Conducting own assessment of control risk in the bank Liquidity risk arises from maturity mismatch in cash inflows and cash outflows and represents banks inability to meet matured commitments either by the conversion of assets or acquiring fresh sources of refinancing. It also includes market liquidity risk. SGS monitors and manages its liquidity position and funding strategies on an ongoing basis, but also recognizes that unexpected events caused by internal and external factors (which are beyond the Bank s control), market conditions etc. might cause a deterioration of the Bank s liquidity position. Key document defining the area of liquidity risk is Liquidity Risk Policy. The Bank has developed a comprehensive system of measuring liquidity risk by using various scenario analyzes under stress. In addition, this risk is monitored and managed through regulatory indicators / limits defined by the NBS, as well as through internal methodologies and internal limits. Namely the Bank evaluates the structure of the balance sheet, the quality / stability of sources, projected cash flows and future liquidity, taking into account risks arising from off-balance sheet items (financial derivatives, unused lines of credit and loans on current account, the obligations under guarantees). In addition, the Bank performs stress tests for liquidity and has in place liquidity contingency plan to ensure adequate coverage of liquidity risk. The overall interest rate risk of SGS represents the risk of decrease of the result and in economic value induced by a variation in interest rates, aggregated across all balance sheet and off-balance sheet positions, but excluding any positions subject to market risk. The key document that defines the interest rate risk management policy is Policy on management of interest rate risk in the banking book. In order to secure the proper management of interest rate risk, the Bank has established a system of identification, assessment, monitoring and reporting on the interest rate risk of the banking book. In this regard, the Bank analyzes and controls the impact of the economic value of equity (EVE) and the impact on net interest income (NIM) to adequately control the risk. Reputation risk is defined as the risk arising from the negative perception of a performance with the clients, partners, shareholders, investors or regulators that could adversely affect the Bank's ability to maintain existing, or establish new business relationships and secure continued access to sources of funding. Strategic risk is the possibility of negative effects on the financial results or equity of the Bank due to the lack of appropriate policies and strategies and their inadequate implementation, as well as changes in the environment in which the Bank operates, or lack of an appropriate response to these changes within the Bank. 2.2 Organization of risk management process Risk Division consists of three departments: Counterparty Risk, Collection, Special Affairs Department and Credit Portfolio Department. - Counterparty Risk Department is in charge of credit risk evaluation and approval in lending process for corporate and retail clients as far as performing loan portfolio is concerned. In this department is determined an independent function of the Market Risk Controller, whose role is to provide detailed and permanent follow up of all market activities of the Bank that are performed in the treasury and Financial Markets department (as a part of the Financial division) and followed and executed by Market Back Office (as part of the Resources division). - Collection Department handles the non-performing loan portfolio of corporate clients and retail clients, as well as collection process of overdue corporate and retail loans. 7

- Special Affairs Department with full responsibility follows sensitive portfolio under the guidance from Risk Division and undertakes all measures necessary to protect the interests of the Bank. The goal of the department is finding the solution for collection of the receivables from corporate clients (large, medium and small clients of the Bank, as well as clients of SoGeLease Srbija in case they are clients of the bank as well) in optimal deadlines and with lowest possible expenses for the Bank. - Credit Portfolio Department is responsible for quantitative and qualitative assessment of credit portfolio and identification of key risk drivers on portfolio level. Considering the scope of the policy described above, we can easily see that such scope is not under the single responsibility of one individual or one group, but rather encompasses many individuals and groups working in the bank. Following presentation is made according to the organizational structure of the bank. 1. Responsibilities of the Front Offices Here no distinction is made between the different client markets covered by the bank, as the same basic responsibilities apply whether the front officers work with Individual, Professional, Corporate clients or Financial Institutions. Information responsibility: One of the main responsibility of Front Officers, and not only linked to credit risks is the Know Your Client (KYC) policy. In respect to counterparty risks, it means that the Front Officers should provide all known information on the client to the authority deciding on the credit, so that the proper decision can be made taking into consideration all aspects that may influence the risk profile of the client. As being the contact between the bank and the client, Front Officers have access to more information than other staff of the bank. They not only have access to the official information on the client: official documentation, financials, etc. but they are also able to gather other information from the community around themselves and their clients as well as they are witnesses of the behaviour or the clients which may indicate something on the financial motivation of the client to use our services. All of these 3 main categories of information should be formalized and passed on to the proper authorities. If the Front Officers do not prepare themselves the credit documentation, they must ensure that the information that they have is presented in such documentation. If they prepare themselves the documentation in a file or a score, they must ensure that the information presented is complete and reliable. Front Officers must also ensure that the maximum information is presented in the credit file so that any possible source of risk can properly be detected and evaluated by the Risk Division and assumed by the respective authorities when making decisions on credit requests. Failure to provide all complete information can result for the bank in taking unforeseen risks such as country risks. At any time during the life of a credit, and even right after a file is approved and not yet disbursed, should an Officer be aware of some new information that may change the risk profile of the client, they should again inform their hierarchies as soon as possible so that the next step in the life of the file can be implemented with due knowledge of the situation of the client. Voluntary omission of any information on the client, and which could impact the decision on the credit, is considered as a breach of professional and ethical codes and will be sanctioned accordingly. Also duty to update information on our clients and pass on this information to the competent authority, is not limited to the time during which the credit is being assessed, but must also be done after the credit is granted, in order to see if the financial situation of the client is modified, and in case of deterioration, what actions should be taken by the bank in order to preserve its interests. Finally, we must stress that the timely transfer of information is also very important as the efficiency of policies or actions depend greatly on the timing when they are made. 8

For the preparation of the documentation and KYC forms as far as Financial Institutions are concerned Treasury Middle Office which operates within Treasury and Financial Markets department is in charge. Professionalism responsibility: In terms of risk analysis, even if Front Officers are not the risk specialists in the bank, they must have and continue to develop good risk analysis skills in order to: Develop a good relation with the client by providing good advices and as such providing a positive image for the bank. By good advice is meant to indicate to the client what is a reasonable amount of debt or other obligations to take, taking into consideration the financial capacities of the client, as well as by finding the proper type of commitments, maturities and repayment methods etc. Organize best their working time and efficiency by not spending too much time on credit files which are not proper. In doing so additionally they will provide false hope to the clients which will in turn affect negatively the image of the bank. 2. Responsibilities of the Back and Middle Offices As with the Front Office, the remarks below are valid for individual, Corporate Back officers and Market Back Office officers. Documentation control: One of the first responsibilities of a Back Officer is to control that the documentation provided in a credit file is in accordance with our policies and our procedures. In addition to this control, Back Officers should also consider if the documentation provided is correct or if it contradicts information provided in the file or score. Finally Back Officers should also evaluate if possibly the documentation provided is forged, and if they have reasonable doubts, they should inform their respective hierarchies. Special responsibility of the Market Back Office officer is before execution of the transaction to follow and check the counterparty risk limits, special separate limits per dealers as well as global limits of the Bank (limit of the open FX position, total exposure per securities etc.) Awareness: While Back Officers are usually not in a position to collect as much information on clients as Front Officers, they may in some circumstance also be aware of facts regarding our clients, either through external information our internal information coming from our processed and reports. In case that they found any information that could materially have an impact on the decision making process regarding credits, they should report this information to their respective hierarchies, and these hierarchies should forward the information to the Front Officers and decision makers for them to act accordingly. Follow up and consistency of data: proper follow up of the files and portfolio must be done in order to take adequate measures to preserve the bank s interest. This follow up can only be done if the proper information is managed in our systems and reports. As Back Officers are the main users entering information in the systems and also preparing reports, they must ensure that all data and that proper data is used, so that proper decision based on the information managed and received are made. Follow up of collaterals: is being performed by Corporate Loan Contracts and Collateral Department. Management of collaterals is process which understands following steps: a) Creation of collateral in system; b) Periodic and Exceptional revaluation of collateral value c) Renewal of collateral d) Release of collateral and e) Execution of collateral (cash cover or bills of exchange). 3. Responsibilities of the Risk Division (RISK) Coverage of information and timeliness of decisions: In order to make proper decisions based on the most objective indicators, RISK must take into consideration all information provided and available when assessing credit files or when making other recommendations on credit risk issues. 9

It is the RISK`s responsibility to detect and evaluate all risks taken, even if not properly stated initially in the requests (counterparty, sectorial, country, etc.). RISK s responsibility is also to provide timely opinions and recommendations once all information possible is provided. By all information possible is meant all information that may significantly have an impact on the decision. There are 2 main reasons support the need for timeliness: Preservation of the professional image of the bank, where clients should not have to wait unduly after they have provided all necessary information. Proper decision making: by delaying too much the making of recommendations or decisions, RISK may not consider the most recent information, and as such may not make the best recommendation. Rather a decision should be made in a timely manner, and if the visibility on a client or on a risk issue is not very long, then RISK should give a shorter validity on the decision and review the file, or case more frequently. Information update: Besides the information provided in the files, RISK should also make a best effort to constantly update their information on clients, economic issues and their environment, so as to be able to make the best decisions. By having the most updated information, RISK will be better able to test the information provided and by confirming or factually denying the information provided, will be able to make the best decision possible. Training and sharing of information: Given the responsibilities described previously for Front and Back Officers, as well as given the responsibilities of the Credit Committee, RISK must ensure that all parties in the bank are properly informed and trained on risk issues. The whole risks taken by the bank cannot be controlled and prevented only by a few individuals in RISK. Therefore it is also the responsibility of RISK that all employees are well aware of risk issues. As a consequence RISK must also ensure that it is available to all employees to answer their questions. Monitoring and follow up: regarding the proper follow up of the risks taken by the bank, and while this follow up is a common responsibility of all people of the bank involved in such issues, it is RISK`s main responsibility that such follow up is made timely so that the interests of the bank are protected. After the timely follow up is made, RISK must also ensure that adequate recommendations are made and that actions following these recommendations and decisions are implemented as soon as possible. Validation of products generating risks: RISK must give its opinion on all new products where risks can be generated for the bank and on all modification of such products. Validation and update of Scores: RISK must periodically evaluate the quality of the credit portfolios approved by scores or procedures and if needed adjust the scores and procedures to continue improving the quality of the approval decisions made. 4. Responsibilities of the Credit Committee (CC) Credit Committee s responsibilities consist in deciding on the main credit files above those authorised within the limits of the Executive Directors in charge of the different commercial markets. The main distinction between the CC and RISK regarding the decision process on credit files is that RISK makes recommendations while the CC makes decisions. 5. Responsibilities of the Assets and Liabilities Committee (ALCO) Responsibility of the ALCO is to manage of the assets and liabilities of the bank, in the part of the risk management when concerned liquidity risk (including the measurement system, evaluation and follow up of the liquidity, GAP s, stress testing, etc) and interest rate risk. 6. Responsibilities of the Market Risk Committee (MARCO) 10

Responsibility of the MARCO is to identify, measure and follow the market risk and limits as well as to propose their approval, change or cancellation 7. Responsibilities of the Operational Risk Committee (ORCO) Responsibility of the ORCO is to manage operational risk, with taking the corrective measures for the mitigation of the same. 8. Responsibilities of the Executive Board (EB) The primary responsibility of the EB within this frame is set up of risk management policy and conducting of risk management strategy. Likewise, the EB will decide on the procedures to identify measure, evaluate and follow up of risks taken by the bank in its operations. In case that some activities or risks are not in accordance with the policy and principles set, it will be the EB`s responsibility to inform the Board of Directors on these cases. 9. Responsibilities of the Compliance Committee Responsibility of the Compliance Committee is to perform control of the business operations and its compliance with positive regulations as well as to point out of the eventual anomalies and to prescribe corrective measures 10. Responsibilities of the Internal Audit Committee Internal Audit Committee is responsible for the control performance of the banks operations and efficiency f the internal audit system controls. 11. Responsibilities of the Board of Directors (BoD) The primary responsibility of the BoD in terms of risks is to set the risk management strategy of the Bank and supervise the risks taken by the bank from its operations. It also decides on so called large exposures (client or client group), based on recommendations from RISK, defines that the Executive board will have to make decisions regarding the risk amounts and conditions to take on client s requests. Finally, BoD chooses members of the Credit Committee. 2.3 Variety and Types of Reports on Risk The Bank regularly reports on following risk types: Credit risk (including counterparty risk) Market risk Operational risk Concentration risk Liquidity risk Interest rate risk Currency risk Country risk Compliance risk Investment risk As well as on other risk types to which it is exposed in its operations. Reporting is conducted in line with regulations of the National Bank of Serbia, reporting standards of Societe Generale Group and requirements of creditors and investors. Reports are subject to regular audit on behalf of Internal Audit Department in line with annual audit plan and external audit. 11

2.4 Risk Mitigation Techniques 2.4.1 Credit Risk Mitigation Techniques In order to reduce the risks to which it is exposed to similar instruments The Bank uses credit risk mitigation instruments. The adequacy of instruments is analyzed from the perspective of fulfilling the applicable legislation provided for the NBS, as well as the internal rules of SGS. For optimal monitoring of credit mitigation instruments, the Bank has established a separate organizational unit Corporate Loan Contracts and Collateral Department. Employees in this department are in charge of drawing up contracts and other documents based on which is based the lien of the collateral as well as the registration and monitoring of the security instruments in the Bank's central information system. In order to preserve the structure of the portfolio by instruments securing bank lending policies and other internal regulations prescribed by the acceptable collateral and the required level of coverage of exposure to these security instruments at amounts, categories of debtors and exposure categories. Measurement of the security instruments the Bank performs setting deadlines that need re-assess their value, arranging timely delivery of external assessment and control of received valuation, and insurance policies pledged movable and immovable assets. 3 CAPITAL OF THE BANK 3.1 Basic elements of the Bank s Capital Total capital is sum of core capital and supplementary capital, decreased for deductible items. Core capital is made form: share capital for ordinary shares, premium of the issue of ordinary shares, reserves from profit, intangible assets as deductible items and unrealized losses from available for sales securities as deductible items. Supplementary capital is made of revaluation reserves from available for sales securities and subordinated capital. Deductible items from capital are: needed reserves from earnings for estimated losses on balance sheet assets and off balance sheet items and investments in entities from financial sector which exceeds 10% of the capital of these entities Below is table which presents capital structure as at December 31, 2014 In thousands of dinars POSITION AMOUNT IN 000 RSD CORE CAPITAL 15,888,451 Nominal value of the paid ordinary shares 23,723,021 Premium of the issue of ordinary shares 1,253 Reserves from profit 9,524,825 Current year loss 0 Intangible assets (468,640) Unrealized losses on AFS securities (43) Needed reserves from earnings for estimated losses on balance sheet assets and off balance items (16,891,965) SUPPLEMENTARY CAPITAL 7,558,133 Part of the revaluation reserves 300,635 Subordinated liabilities 7,257,498 CAPITAL DEDUCTIBLES (463,747) 12

Direct or indirect investment in banks and other financial sector entities that exceed 10% of the capital of such banks and/or other financial sector entities (463,747) Needed reserves from earnings for estimated losses on balance sheet assets and off balance items 0 Core capital deductibles (231,874) Supplementary capital deductibles (231,874) TOTAL CORE CAPITAL 15,656,577 TOTAL SUPPLEMENTARY CAPITAL 7,326,259 TOTAL CAPITAL 22,982,836 Data and information about connecting the bank's capital position from the balance sheet with the capital position of the bank reports on capital drawn up in accordance with the decision governing the reporting of capital adequacy, as well as data and information about the differences between the positions of the balance sheet drawn up for the purpose of controlling bank group on a consolidated basis and the position of the consolidated balance sheet of the banking group drawn up in accordance with International Accounting Standards and International financial Reporting Standards, are given in Annex of this document. 4 CAPITAL REQUIREMENTS AND INTERNAL CAPITAL ADEQUACY ASSESSMENT 4.1 Internal Capital Adequacy Assessment Process The aim of the Internal capital adequacy assessment process is to strengthen the relationship between the risk profile of the Bank, risk management and own funds, i.e. to ensure that the Bank has sufficient capital to support current and future activities and to cover all significant material risks to which it is exposed. Material risks are those that have a significant impact on the operations of the Bank, i.e. may significantly affect the profit and own assets of the Bank. The Bank establishes and at least once a year practices an Internal capital adequacy assessment process in accordance with the established process and in accordance with the size and complexity of operations and risk profile. The Bank monitors the level of capitalisation and the rate of capital adequacy on a quarter bases. The Internal capital adequacy assessment process of the Bank: Represents an integral part of the process of decision making and management; Is regularly reviewed; Represents a comprehensive process based on risks identification, measurement and assessment and it is integral part of the risk management system; Is oriented towards the future; Based on appropriate assessment and measurement; Produces reasonable outputs- level of internal capital. The effective capital planning process includes risks assessment to which the Bank is exposed and the risks management process; capital adequacy assessment related to risks and the potential impact of changes on profit and capital, hence it should include stress testing. The assessment of needed capital results from the assessment of future, unexpected losses associated with risks and incorporates business factors such as loan growth expectations, future sources and use of funding. The process of assessing the needed capital is adequate if based on assessment, measurement and monitoring of significant risks undertaken by the Bank, establishing a collective assessment of risks and if it provides a sufficient scale between the size of the capital, the risk profile and future activities defined with the strategic objectives and the business plan. The risk profile is a set of quantitative and/or qualitative assessments of the level of measurable and immeasurable risks 13

undertaken by the Bank in its work. Measurable risks are those which impact on profit and own funds can be measured, while immeasurable risks are considered risks which impact is determined on the basis of assessment (ex, strategic and reputation risk). The Internal capital adequacy assessment process of the Bank consists of: Analyzes and projection of financial position and capital planning; Assessment of risks and identification of significant risks; Assessment of the risk management system: Measurement and assessment of needed level of internal capital for covering all significant risks; Determining of total needed internal capital; Internal control and integration of ICAAP in management process. Risk is probability of loss or the probability that a given activity or event has a direct negative impact on profit or own funds of the Bank or could cause difficulties in achieving the objectives of the Bank. Risks management means identification, measurement or evaluation, monitoring, control and risks reduction. The effective risk management system is a critical component of management and the basis for safe and stable operation, which ensures the achievement of objectives of shareholders. The Bank is obligated to establish a system for managing all material risks to which the Bank is exposed, adequate to the nature, size and complexity of financial activities which are carried out and will be carried out. The ICAAP process implemented in SGS complies with the specific NBS regulation, pursuant to the valid Decision on Risk Management by Banks with the following relevant articles related to: Internal capital adequacy assessment process (ICAAP) and The valid decision on Capital Adequacy for Banks with the following relevant articles: Capital of the bank Capital requirements and capital adequacy ratio SGS defines ICAAP as: a sound risk management process that adequately identifies, measures, aggregates and monitors risks; an adequate assessment process that encompasses all key elements of capital requirement evaluation, capital planning and management, which assure an adequate amount of capital to cover defined risks. Within SGS the ICAAP must be based on the following principles, according to NBS regulation and meeting the following conditions: based on risk identification and measurement or assessment process; provides comprehensive risk assessment, as well as monitoring of major risks the bank is or may be exposed to in its operation; ensures adequate internal capital in accordance with the bank s risk profile; is adequately incorporated into the system of bank management and decision-making; be subject to regular analyses, monitoring and checking: The ICAAP must become an integrated part of SGS internal governance framework and complying with the regulatory requirements: The internal capital requirement will generally be based on the Pillar 1+ methodology where internal capital consumption is calculated as a combination of standardized methods and internally developed ones; The stress testing of relevant risks must be based on the Global economic scenarios concept and its impact must be supported and/or mitigated by the future earnings and potential capital enhancements; Global stress tests are performed at the level of SG Group and integrated in the Group Budget; General limit for the capital adequacy ratio is defined by the regulator at the level of 12%; The stress testing horizon is 1 year. The stress testing must be based on Global scenarios with appropriate severity of macroeconomic development; The ICAAP framework and the stress test results must be reviewed and approved by the Management Board at least once a year; 14

The capital budgeting and capital planning horizon is 3 years; The ICAAP is subject to ongoing improvement taking into account the new risks (incl. new products) which SGS takes or could take, development of methodologies and external environment. SGS is required to ensure that the internal capital adequacy assessment process encompasses the following phases: Identification of materially significant risks; Calculation of the amount of necessary internal capital for individual risks; Determination of the total internal capital; Comparison of the amount of capital calculated in accordance with the decision on capital adequacy of banks and the amount of necessary internal capital. Through ICAAP process SGS regularly reviews and deeply analyzes all relevant risks which could affect its risk profile. Consequently a set of risks (detailed list see below) is identified, described and related risk measurement methodologies and management procedures concentrated into dedicated documents. Those risks are managed in accordance with SG Group Risk Policy. For each significant risk there must exist: Adequate risk management policy and procedure that cover the definition, risk measurement methodology and operational steps to be taken in regular time intervals in order to monitor and report key parameters; Global scenario that define the macroeconomic development which is the basis for the stress testing of the significant risk; The ICAAP recognized risks are described in the risk matrix below: Risk Short Definition Pillar I Pillar II - Base Pillar II - Stress testing Credit risk Credit risk - Currency induced credit risk (CICR) Credit risk Interest rate risk induced The risk of loss arising from a borrower s failure to meet its financial obligations to SGS. The risk of realizing a credit loss due to an unsustainable increase of installments which arise from a local currency depreciation against the value of the convertible currency in the currency clause loans. The risk of credit loss caused by changes in reference market interest rates, presenting the reference to installment with direct impact to clients ability to repay such commitment. Quantified using standardized approach: risk weighted assets calculation. Not quantified. Integrated within the credit risk management through regular monitoring and detection of currency induced credit risk sensitive clients and sectors. Not quantified. Integrated in credit risk management, through different analysis, advanced assessment, monitoring and reporting. Quantified over Pillar I with additional capital request for exposures towards state and central bank Quantified with assessment of loss rates originating from movements of the exchange rate for the currency clause loans. Not quantified as the bank identified low to medium correlation and low predictability capability for this risk. Included in internal capital requests through different risks that are covered within 5% from total capital requirement Quantified by stressing losses due to negative macroeconomic developments including decrease of GDP and unemployment rate. Quantified by stressing the assessment of loss rates originating from movements of the exchange rate for the currency clause loans. No stress testing 15

Credit risk - Concentratio n risk Credit risk - Residual risk Market risk Counterparty risk - Replacement risk Counterparty risk - Settlement risk Counterparty risk Debtor risk Liquidity risk The risk of an imperfect diversification due to a strong concentration in a single counterparty, a group of related counterparties or specific sector concentration (industrial, geographical etc.) Residual risk is the risk of loss due to overestimated credit risk mitigation techniques. Market risk is defined as a risk of loss due to adverse effect of market underlying parameter movements on the value of trading book instruments and FX open position. The risk related to the replacement cost of a derivative transaction in the event of default by the original counterparty The risk of adverse effects on the bank s financial result and capital arising from unsettled transactions or counterparty s failure to deliver in free delivery transactions on the due delivery date. The risk of adverse effects on the bank s financial result and capital arising from counterparty s failure to fulfill his part of the deal in a transaction before final settlement of cash flows of the transaction or settlement of monetary liabilities under that transaction. Liquidity risk represents banks inability to meet matured Quantified through Large bank s exposure report to NBS. Integrated within the credit risk management through various analyses of advanced assessment, setting of appropriate limits, monitoring and reporting, evaluation of excessive concentrations and estimation of additional capital requirement (if needed). Not quantified. Credit risk mitigation techniques are regularly reviewed. NBS imposed preconditions which need to be fulfilled in order to use risk mitigation techniques. Quantified using standardized approach. Quantified using standardized approach current exposure method. Not quantified. Risk is managed using internally developed application that enables online limits monitoring and reporting. Not quantified. Risk is managed using internally developed application that enables online limits monitoring and reporting. Not quantified. Quantified through calculation of impact of top 50 exposures to losses as well as for exposure to different business activities of clients. Quantified by analyzing the expected losses in case of decrease in value of collateral. Quantified using VaR based historical simulation method in accordance with NBS requirements for FX open position. Quantified using standardized approach (current exposure method) and reported to Head Office using Group developed applications named CVI file and MRP. Not quantified. Risk is managed using internally developed application that enables online limits monitoring and reporting. Not quantified. Risk is managed using internally developed application that enables online limits monitoring and reporting. Liquidity risk is assessed using liquidity gaps, daily Quantified by stress testing the calculation of impact of top 50 exposures to losses as well as for exposure to different business activities of clients. Quantified by analyzing the stressed assumptions expected losses in case of decrease in value of collateral. Quantified using predefined stress scenarios in terms of appreciation/dep reciation of specific currencies against local currency and using stressed VaR figures. No stress testing applied. No stress testing applied. No stress testing applied. Stress testing is based on various scenarios 16

commitments due to incapability either to obtain new sources of funding or to transform certain types of assets into cash. liquidity indicator. prescribed in the Methodology for stress testing. Interest rate risk (IRR) of the banking book Operational risk Reputation risk Strategic risk Business risk Loss of key staff risk IRR is the risk of negative impact of the interest rates movements on Bank s NIM and EVE. The risk of loss resulting from omissions of employees inadequate or failed, processes, systems or external events. It includes legal risk. The risk to earnings and capital arising from adverse perception of the image of the financial institution on the part of customers, counterparties, shareholders, investors or regulators. Strategic risk is a possibilitz of adverse impact to financial result or the capital of the Bank is a pconsequence of unadequate or unexisting policies and strategies, as well as from their inadequate implementation. It also includes risk of inadequate response to changes in business environment. Business risk is the risk of potential negative impact to financial result and / or equity of the Bank due to inadequate or incomplete business operations that may have impact to return on investments Loss of key staff represents the potential negative impact to Bank's operations due to staff members with critical knowledge and know how leaving and not Not quantified. Quantified using basic indicators approach. Not quantified. Risk is managed through regular monitoring and evaluation of possible external or internal risk sources. Not quantified. Risk is managed through regular monitoring and reporting of external risk factors. Assessment available through expert judgment. Assessment available through expert judgment. Quantified using the impact of a parallel shift of 200bp of the yield curves in all currencies (IR shock) on EVE. Quantified special approach developed on SG Group level. Not individually quantified. Risk is managed through regular monitoring and evaluation of possible external or internal risk sources. This risk is included into quantification for other risks. Reputation risk is managed by the respect of SG Group internal policy Not invividually quantified. Risk is managed through regular monitoring and reporting of external risk factors. This risk is included into quantification for other risks, Not individually quantified. Included into capital requirements for other risks covered with 5% of the total amount of internal capital requirements. Not individually quantified. Included into capital requirements for other risks covered with 5% of the total amount of internal capital requirements. Quantified using the impact of a parallel shift of the yield curves in all currencies (IR shock) on EVE, in accordance with Methodology for stress testing. Scenario analysis applied Stress testing for this type of risk is captured and incorporated in scenarios for liquidity and interest rate risk stress testing. Stress testing for this type of risk is captured and built-in scenarios for market risk stress testing. No stress test. No stress test. 17