70. Other risks

Business (strategic) risk is the risk of failing to achieve the adopted financial targets, including incurring losses, due to adverse changes in the business environment, taking bad decisions, incorrectly implementing the decisions made, or not taking appropriate actions in response to changes in the business environment.

Maintaining, on an acceptable level, the potential negative financial consequences resulting from adverse changes in the business environment, making wrong decisions, improperly implementing the adopted decisions or not taking appropriate actions in response to changes in the business environment.

Risk identification consists of recognizing and determining both existing and potential factors arising from the current and planned activities of the Group which may significantly affect the Group’s financial position and creation or change of the level of the Group’s income and expenses. Business risk identification is performed through a qualitative assessment of the business risk and by identifying and analysing the factors which contributed to significant deviations in the actual income and costs from their forecasted values.

The measurement of business risk is aimed at defining the scale of threats related to the existence of business risk using the adopted risk measures. The measurement of business risk includes: calculating internal capital, conducting stress-tests and backtesting.

Control of business risk is aimed at maintaining it at an acceptable level. It involves setting and periodic review of the risk controls in the form of tolerance limits on business risk along with its thresholds and critical values, tailored to the scale and complexity of the Group.

Forecasting of the business risk is intended to determine the anticipated extent of achievement of the planned results by the Group. Forecasts are prepared on a quarterly basis with a 1-year horizon and include a forecast of internal capital. Business risk forecasts are verified on a quarterly basis (backtesting).

Business risk is monitored to identify areas which require management action. Business risk monitoring includes:

• strategic limits of business risk tolerance;
• results of stress tests;
• results of backtesting;
• internal capital level;
• deviations in business risk materialization from the forecast;
• results of a qualitative assessment of the business risk.

Reporting is performed on a quarterly basis. The reports on the business risk level are addressed to the ALCO, the RC, the Management Board, the Risk Committee of the Supervisory Board and the Supervisory Board.

Management actions involve, in particular:

• verifying and updating quarterly financial forecasts, including actions aimed at lowering the business risk level in accordance with the limits;
• monitoring the level of the strategic limit of tolerance to business risk.

Model risk is the risk of incurring losses as a result of making incorrect business decisions based on the existing models. Within the Group, model risk is managed both at the level of a given Group entity (an owner of the model) and at the level of the Bank as the Group’s parent company.

The objective of model risk management is to mitigate the level of risk of incurring losses as a result of making incorrect business decisions on the basis of existing models in the Group through a well-defined and implemented process of models management. One of the elements of the model management process is to regularly perform independent validation of all significant models in the Group.

Identification of the model risk consists of, in particular, collecting information about the existing models and models planned to be implemented as well as periodically determining the materiality of the model.

Model risk evaluation is aimed at determining the scale of the threats associated with the occurrence of the model risk. The evaluation makes it possible to determine the risk profile and identify the models which generate the highest risk, putting the Group at risk of potential losses. The evaluation is made at the level of each model as well as on an aggregate basis at the level of the Group.

Control of the model risk is aimed at maintaining an aggregate evaluation of the model risk at a level which is acceptable to the Group. Control of the model risk consists in determining the mechanisms used to diagnose the model risk level and tools for reducing the level of this risk. The tools used to diagnose the model risk include a strategic limit of tolerance to the model risk and the thresholds for the model risk.

Periodical monitoring of the model risk is aimed at diagnosing areas requiring management actions and includes:

• updating the model risk level;
• evaluating the utilization of the strategic limit of tolerance to the model risk and the thresholds of the model risk;
• verifying the stage of implementation and evaluating the effectiveness of the implementation of actions intended to mitigate the model risk.

The results of monitoring are presented periodically in reports addressed to the RC, the Management Board, the Risk Committee of the Supervisory Board, and the Supervisory Board.

The purpose of management actions is to shape the model risk management process and to affect the level of this risk, in particular by determining acceptable risk levels and making decisions about the use of tools supporting model risk management.

Macroeconomic changes risk is the risk of a deterioration in the Group’s financial position as a result of the adverse impact of changes in macroeconomic conditions.

The objective of macroeconomic changes risk management is to identify macroeconomic factors having a significant impact on the Group’s activities and taking actions to reduce the adverse impact of the potential changes in the macroeconomic situation on the financial position of the Group.

Identification of the risk of macroeconomic changes consists in determining scenarios of the potential macroeconomic changes and determining those risk factors which have the greatest impact on the financial position of the Group. Macroeconomic changes risk arises due to the impact of both factors which depend on the Group’s activities (in particular, the structure of the balance sheet and response plans prepared for the purposes of stress test scenarios) and those which are independent of it (macroeconomic factors). The Bank identifies factors which contribute to the level of macroeconomic changes risk when conducting comprehensive stress tests.

The risk of macroeconomic changes is measured in order to determine the scale of threats associated with the occurrence of macroeconomic changes and includes:

• calculating the financial result and its components, and the risk measures, as part of the comprehensive stress tests;
• backtesting;
• calculating the internal capital level;

The risk of macroeconomic changes is assessed on a yearly basis, based on the results of periodical comprehensive stress tests. The level of macroeconomic changes risk is described as moderate, elevated or high.

Control of the risk of macroeconomic changes is intended to mitigate the adverse effect of the potential changes in the macroeconomic situation on the financial position of the Group.

Macroeconomic changes risk control consists of determining the acceptable level of the risk, tailored to the scale of the Group’s operations, and the impact of the risk of the Group’s operations and financial position. An acceptable level of the risk of macroeconomic changes means a situation where stress test results do not signal a need to take any corrective actions, or the corrective actions which need to be taken will be sufficient to improve the financial position of the Group.

Forecasting the macroeconomic changes risk is intended to determine the anticipated impact of the future materialization of an adverse scenario on the Bank’s results, including its capital. The forecast includes a forecast of the internal capital and is prepared on a quarterly basis with a 1-year horizon based on the results of comprehensive stress tests.

Monitoring the macroeconomic changes risk consists in analysing macroeconomic developments, the macroeconomic factors to which the Group is sensitive, the level of the risk and the results of comprehensive stress tests.

Reports on the macroeconomic changes risk are prepared on a quarterly basis. The reports are addressed to the ALCO, the RC, the Management Board, the Risk Committee of the Supervisory Board and the Supervisory Board.

Management actions involve, in particular:

• determining acceptable levels of risk;
• proposals of actions aimed at reducing the level of risk in the event of an elevated or high risk of macroeconomic changes.