Risk Management
The Risk management organization is responsible for the central management of risks that are likely to be encountered through effective coordination across the Bank. The main purpose of Risk Management system is to identify, measure, report, monitor and check risks on a consolidated and unconsolidated basis through policies, implementation procedures and limits set in accordance with the nature and magnitude of the Bank’s activities based on its risk-return profile, as well as the determination of the overall capital requirement relative to the risk profiles.
The Bank aims to achieve the following targets by implementing effective risk management strategies and policies:
- Instilling a common risk culture across the Bank,
- Establishment of risk limits and effective management of implementation procedures,
- Increasing the asset quality of the Bank,
- Ensuring the Bank fulfils its obligations,
- Determination of the Bank’s risk appetite in a manner consistent with its strategies, goals and activities,
- Determination of the Bank’s capital level in accordance with risk appetite.
The Risk Management system is a process within which all units of the Bank are involved. The basic issues regarding effective Risk Management processes are;
- Effectively managing the risks which the Bank is exposed to on the basis of materiality. To possess a centralized risk management structure that includes all important risk aspects,
- Managing the existing and potential risks from the very beginning with the help of directional risk strategies, policies and procedures, models and parameters,
- Ensuring that a risk-focused management approach is adopted in the strategic decision-making processes,
- Fulfilling legal obligations in the field of risk management,
- Being open to change and development in accordance with dynamic market conditions.
As of 31 December, 2017, the Risk Management Center consisted of 14 staff. In order to promote the personal and professional development of the personnel, it is ensured that personnel participate in internal and external training programs, conferences and seminars. As a result, their practical knowledge level in the field of risk management has increased continuously.
Risk management activities carried out during 2017 are classified and summarized below.
Identification and Measurement of Risks
Processes, other related legislation and internationally accepted standards are identified, measured, reported and monitored under the main titles of credit risk, market risk, liquidity risk, operational risk and other risks by considering the best implementations. Within this scope, in accordance with the relevant legal regulations and best banking practices, risk management processes are being established and updated. The Bank’s risk management system is reviewed within the framework of the strategy, policy and implementation procedures, legislative amendments and the Bank’s needs. The Bank’s risk management is updated as and when necessary, and at least once a year. Within this scope, all risk management policies and procedures were reviewed in 2017 and following documents were updated with the approval of the Board of Directors;
Risk Policies,
- ISEDES Policy,
- ISEDES Procedure,
- Credit Risk Management Procedure,
- Stress Test Program Procedure,
- Operational Risk Management Procedure
In addition, risk opinions are formed by carrying out risk and impact evaluations upon monitoring the changes in internal policies, the procedures and work flows of the Bank and new activities, channels or product designs. Within the scope of the “Regulation on the Support Services of Banks”, the Risk Management Program is presented annually through the Audit Committee to the Board of Directors. In addition, within the scope of the regulation, a risk opinion is established in line with the “Risk Analysis” and “Technical Competency Reports” submitted by the related units. The Audit Committee’s view is sought by submitting the risk opinion and reports to the Audit Committee.
In order to comply with the good practice guidelines published by the BRSA, the Bank’s level of compliance with the guidelines based on each risk type was determined. The Bank plans to prepare and implement action plans for non-conforming issues.
Türkiye Finans utilizes statistical risk measurement and rating systems which are developed individually for all customer and credit types to effectively measure and manage risks. These systems are regularly monitored and their validation activities are carried out. Remedial actions are taken if necessary. The Model Validation and Tracking Department was formed in the last quarter of 2017 within the Risk Management Directorate to carry out an independent review to guarantee that the developed models were reliable, fit for purpose and complied with internal and external regulations.
Risk Monitoring and Reporting
Risk Yönetim Merkezi, ekonomik, siyasi, sosyolojik ve konjonktürel The Risk Management Centre estimates and measures the impact of these developments on the Bank by closely monitoring economic, political, sociological and cyclical developments and intra-bank changes. With the proactive risk management approach, the related parties and the senior management are informed and actions are implemented as required by carrying out necessary analysis and evaluations into any areas which could include the elements of risk in the future. In addition to the legal reports on risk management submitted to the BRSA, periodical and other reporting is carried out for the related departments, committees and the senior management at a detailed level in order to manage risks effectively.
Compliance with the risk appetite structure determined at a Board level or with the limits determined within the scope of internal legislation is reported to the related parties and the senior management by monitoring compliance periodically.
Necessary monitoring activities are conducted for all risk types identified in connection with the Bank. The details are categorized into risk types and provided in the “Information about Risk Management Policies on the Basis of Risk Type” section.
Compliance Department
The Compliance Department monitors compliance risk by effectively managing such risk within the framework of related legislation, regulations and standards while also raising awareness around the Bank.
Within the framework of the “Regulation on the Internal Systems and the Internal Capital Adequacy Assessment Process of Banks”, the Compliance Department performs compliance control activities; implements the Compliance Program for the definition, measurement, reduction and monitoring of risks within the scope of Legislation on the Laundering of Crime Revenues and the preventing the Financing of Terrorist activities; ensures, with a risk focused approach, that necessary precautionary measures are taken to ensure that products and services offered by the Bank are not used for money laundering or in the financing of terror; determines working conditions for countries on which sanctions have been imposed within the framework of policies and applications aimed at decisions regarding sanctions issued by the National and International Organizations, regional powers and countries; ensures that obligations under the FATCA (Foreign Account Tax Compliance Act) and CRS (Common Reporting Standards) are fulfilled; coordinates, monitors and reports compliance work by following up legislative amendments; and the manages feedback received from the Ethics Line and the strengthening of Ethical Culture.
The Compliance Department consists of Products and Services Compliance Control, Tackling Money-Laundering and Foreign Legislation Coordination Services. As of 31 December 2017, department employed a staff of 17 persons. The department’s personnel hold CAMS, CERT (FinCrime), CIA, CCSA and CRMA certificates.
In 2017, a training program on “The Prevention of Money-Laundering and Financing for Terrorism” was provided to all newcomers on a face-to-face basis, and to 72% of all personnel through distance learning programs. In the same period, all newcomers to the Company received “Compliance and Ethical Principles Training” on a face-to-face basis, while 79% of personnel participated in this training program through distance learning.
Credit Risk
The Risk Management Center is responsible for maintaining data of the credit risks that Türkiye Finans is exposed to in connection to its loans, and for quantifying and analysing such risks. Additionally, the center also monitors compliance with credit limits and criteria as prescribed by credit policies and the risk appetite structure, and reports the results of its risk monitoring, measurement, and analysis activities to the senior management. In addition, all limits and concentration ratios for credit products, customers and for each sector and country are periodically checked for their compliance with lending policies as prescribed by applicable laws and regulations.
Credit risk is measured using “the Standardized Approach” set forth in the “Regulation on Measurement and Assessment of Capital Adequacy of Banks”.
The Center employs rating models to quantify credit risk and to grade loans extended to MEs, Commercial and Corporate Customers. These models are both appropriate for the sector and compliant with international standards, and make use of portfolio-specific statistical methods. These rating models not only come up with ratings for individual customers but also provide an estimate of a customer’s probability of default (PD). The generated rating notes and PD values are actively used in credit decisions and the determination of working conditions.
Criteria which are applied in the credit approval process are applied in measuring and grading risks associated with fund allocations. These criteria are determined by considering risk appetite and other performance variables in the sector. In this scope, customer selection is carried out by evaluating data obtained from a customer’s past payment performance and the Credit Bureau and Risk Center systems. Credit limits and guarantee structures are determined within the scope of Risk Acceptance Criteria.
Risk ratings for Personal Financing Support, credit cards and the business segment are carried out through scoring models which are developed by using statistical methods and which are specific to the bank portfolio. Different models are used according to product groups and customer sizes, which allow effective risk measurement and rating for each group. Besides scoring, the values for the probability of default (PD) are also generated, together with the scoring models. Customers are classified according to their risk profiles, by using risk ratings generated by the models and credit decisions and working conditions are determined in line with these profiles.
Decision support systems are used to measure credit disbursement risk in a healthy and effective manner, through which policies and business rules, scoring models for Personal Financing Support, Credit Cards and Business Line are managed systematically. Solvency calculations are also carried out within the scope of these systems, while the calculation of the customer’s risk rating, the amount of funds that can be utilized and credit card limits are determined systematically in line with the prevailing policies. Supported by this infrastructure, credit disbursement policy and business rules can be monitored effectively and developed regularly.
Loans brought under close monitoring as well as non-performing loans are analysed and recommendations are tabled to the Board of Directors, the Audit Committee and to members of senior management, such that risk-mitigating measures may be taken based on the specific market, sector, customer, and product risk exposure as well as being in accordance with the Bank’s own practices and processes.
Risk analysis is carried out by measuring the impact of new products on the Bank’s credit disbursement portfolio and financial structure, and regulations and suggestions for change are generated to mitigate identified risks .
In order to manage credit risk more effectively, the Credit Risks Committee carries out assessments in areas requiring improvement and takes actions to reduce risk, which are to be decided on or recommended within its authority and be followed up. It this vein, it simultaneously monitors the credit portfolio, activities that carry credit risk and the related processes from end-to-end.
In 2017, the rating and behavioural scoring models used for risk measurement and the rating of funds extended were revised by taking into account the changing market conditions and portfolio structure. The Bank managed to improve the quality of its credit portfolio structure and increase productivity through the review of existing Target Audience and Risk Acceptance Criteria, and push through organizational changes and the development projects in credit practices and policies. In addition, the Bank expects to achieve more effective management of the risk-return balance and increase its profitability with the risk-based pricing practice, which started to be implemented in 2016 and which was developed in 2017. Furthermore, activities to develop models to calculate the Probability of Default (PD), Loss Given Default (LGD), and Exposure at Default parameters in line with the IFRS 9 standard were completed in 2017.
Market Risk
Market risk is measured and reported by the “Standard Method” specified in the “Regulation on Measurement and Evaluation of Capital Adequacy of Banks”.
Moreover, as part of its market risk management operations, The Risk Management Center monitors, checks, and reports compliance with limits that are specified by the Board of Directors, on a daily, monthly and yearly basis.
Within the scope of counterparty risk, compliance with the limits allocated to the counterparty financial institutions is monitored and reported on a weekly basis. Moreover, the country, rating, risk group, limit type and concentration on the counterparty are monitored and reported on a monthly basis to the senior management.
The Bank implements a prudent policy of not holding significant quantities of foreign currency. Within the scope of this policy, an open position limit, determined by members of the board, is monitored on a daily basis and reported by the Risk Management Center.
Furthermore, within the scope of stress tests and scenario analyses, stress tests are carried out to monitor the impacts of changes in market risk factors and market volatility on the Bank’s financial situation and to mitigate the potential risks.
In the Bank, a project has been launched to establish a measurement model in order to measure market risk by using methods that are compatible with international standards which are sensitive to volatility in risk factors. With this project, in 2018 the Bank aims to carry out effective calculation of its value exposed to market risk (VMR), perform retrospective tests, undertake scenario analysis and stress tests for market risk and to systematically carry out monitoring of concentrations.
Liquidity Risk
Türkiye Finans follows strategies such as diversifying its resources, obtaining longer-term funding and matching the maturities of its assets and liabilities in order to protect itself against exposure to liquidity risk. All balance sheet items that have an impact on liquidity are separated on a term basis and their liquidity situation is analysed. The early warning indicators for liquidity risk are also determined at the level of the Assets/Liabilities Committee, and the measurements and assessments pertaining to liquidity risk within the scope of risk appetite are presented to the Asset/Liability Committee every month.
“Liquidity Coverage Ratio” and “Net Stable Funding Ratio” reports are prepared In line with Basel III principles. The Liquidity Coverage Ratio report is reported to the BRSA (Banking Regulation and Supervision Agency) pursuant to the relevant regulation. The Net Stable Funding Ratio will be reported to the BRSA in 2018 pursuant to relevant regulation.
Türkiye Finans has formulated and published a “Liquidity Risk Management & Contingency Plan” which sets out the actions and measures to be taken in the event of a shortage of liquidity, whether in the markets or in the Bank itself. The plan also defines those who are responsible for taking such actions and the measures to be taken, along with those who would be held accountable for their actions.
Operational Risk
Operational risk is measured and reported by using the “Basic Indicator Method” specified in the “Regulation on Measurement and Assessment of Capital Adequacy of Banks”.
In order to employ an international approach in operational risk management, the Bank adopted a risk language (terminology) which was in line with Basel standards. This common risk language provides a consistent view and communication across the Bank regarding operational risk. In order to increase its effectiveness in operational risk management, software is used to simulate operational risk and a loss database and to classify, analyse, evaluate and report such data. By analysing the loss data within the operational loss database through the aforementioned software, we can ensure that actions are taken to minimize operational losses.
At the same time, the Bank ensures that any findings and problems marked as being important or of high risk, which are brought to the agenda by the “Operational Risk Committee” together with the audit and other departments, the External Audit and Regulatory Audit Bodies, are effectively assessed, discussed and put into the action plan and resolution calendar. This also applies to any issues that could pose an operational risk for the Bank.
Other Risks
In addition to the risks detailed above, the profit share rate risk arising from banking accounts, country and transfer risk, concentration risk, reputation risk, compliance risk and residual risk are monitored and managed in accordance with the established policy and implementation procedures.
Internal Capital Adequacy Assessment Process, Stress Test and Scenario Analysis
The Head of the Risk Management Center prepares the ICAAP (İSEDES) report at least once a year, and the report is submitted to the BRSA. The report is prepared for the purpose of internally calculating the level of capital which is sufficient to meet current risks or future risks that the Bank may be exposed to by analysing the Bank’s current and future capital requirements, together with strategic objectives and macroeconomic variables, and to maintain the Bank’s activities with adequate levels of capital.
Within the scope of the report, potential losses that the Bank may suffer and the level of capital adequacy to cover these losses are estimated through stress tests and scenario analysis, which identify potential events that may negatively affect the Bank or potential changes in market conditions. Actions deemed necessary to maintain adequate capital levels are then determined following assessments carried out by taking into account the current situation, risk appetite, strategic planning, scenario analysis and the stress test. Assessments are undertaken with regard to the Bank’s liquidity adequacy and planning under stress conditions through the stress test and scenario analysis. The level of liquidity that the Bank may need in order to fulfil its obligations is determined through these assessments.
Monthly, quarterly, annual and ad-hoc stress tests are carried out in addition to the scenario analysis and stress tests conducted within the scope of the ISEDES in order to measure significant risks and vulnerabilities that may arise from adverse developments specific to the Bank or in an economic and financial environment under stress.
Within the framework of the “Regulation on Banks Internal Systems and Internal Capital Adequacy Assessment Process”, stress tests pertaining to market and counterparty credit risk and the Bank’s total liquidity risk are carried out on a monthly basis. Stress tests in which the significant risks faced by the Bank are evaluated are carried out on a quarterly basis. Furthermore, the application of liquidity buffer calculations have been carried out to ensure adequate liquidity supply, even in economic conditions where there is a liquidity shortage. The liquidity buffer calculations are presented to the Asset Liability Management Committee on a monthly basis. Action plans are prepared for potential scenarios by taking the results of the stress tests into consideration.