210 İşbank
Annual Report 2015
Türkiye İş Bankası A.Ş.
Notes to the Consolidated Financial Statements
for the Year Ended 31 December 2015
XI. Explanations on Risk Management Objectives and Policies
In addition to banking activities, activities of the entire the group as a whole is exposed to financial and non-financial risks which are required to be analyzed, monitored and reported
within specific risk management principles of the Bank and with the perspective of Group risk management. The risk management process is organized within the framework of risk
management and serves the creation of a common risk culture in corporate level; which brings “good corporate governance” to forefront, business units that undertaken risks and the
independence between the internal audit and surveillance units are established, risk is defined in accordance with international regulations and in this context measurement, analysis,
monitoring, reporting and control functions are carried.
Risk management process and the functions involved in the process is one of the primary responsibilities of the Board of Directors. The Risk Management Department, which
operates under the Board of Directors has been organized as Asset-Liability Management Risk Unit, Credit Risk and Economic Capital Unit, Operational Risk and Model Verification and
Subsidiary Risk Unit.
The Bank’s risk management process is carried out within the framework of risk policies which are set by recommendations of Risk Management Department and issued by the Board
of the Directors and written standards which contains risk policies and implemented by executive units.
These policies which are entered into force in line with the international practices are general standards which contains; organization and scope of the risk management function,
risk measurement policies, duties and responsibilities of the risk management group, procedures for determining risk limits, ways to eliminate limit violations and approval and
confirmation to be given in a variety of events and situations. The scope and content of the Parent Bank’s risk management system is given by the main risk types.
Credit risk
Credit risk is defined as the risk of the failure to comply with the requirements or failing to fulfill its obligations partially or totally of the counter side of the transaction contract with
the Parent Bank. The methodology and responsibilities of the credit risk management, controlling and monitoring and the framework of credit risk limitations specified with the credit
risk policy.
The Bank defines measures and manages credit risk of the all products and activities. Board of Directors review the Parent Bank’s credit risk policies and credit risk strategy on an
annual basis as a minimum. Key Management is responsible for the implementation of credit risk policies which are approved by Board of Directors.
As a result of loans and credit risks analysis all findings are reported to Board of Directors and Key Management on a regular basis. In addition to transaction and company based credit
risk assessment process, monitoring of credit risk also refers to an approach with monitoring and managing the credit as a whole maturity, sector, security, geography, currency, credit
type and credit rating.
In the Parent Bank’s credit risk management, along the limits as required by legal regulations, the Parent Bank utilizes the risk limits to undertake the maximum credit risk within risk
groups or sectors that the Board of Directors determines. These limits are determined such a way that prevents risk concentration on particular sectors.
Excess risk limits up to legal requirements and boundaries limits are considered as an exception. The Board of Directors has the authority in exception process. The results of the
control of risk limits and the evaluations of these limits are presented by Internal Audit and Risk Management Group to Key Management and Board of Directors.
The Bank uses credit decision support systems which are created for the purpose of credit risk management, lending decisions, controlling the credit process and credit provisioning.
The consistency of the credit decision support systems with the structure of the Parent Bank’s activities, size and complexity is examined continuously by internal systems. Credit
decision support systems contain the Risk Committee assessment and approval of Board of Directors.
Asset and Liability Management Risk
Asset-liability management risk defined as the risk of Bank’s incurring loss due to managing all financial risks that are inflicted from the Bank’s assets, liabilities and off-balance sheet
transactions, ineffectively. Trading book portfolio’s market risk, structural interest rate risk and liquidity risk of the banking portfolio; are considered within the scope of the asset
liability management.
All principles and procedures related to the generating and management of asset and liability structure and “Risk Appetite” related to the capital to be allocated, are determined by the
Board of Director. Complying the established risk limits and being at the limits that stipulated by the legislation are the primary priority of Asset-liability management risk. Risk limits
are determined by the Board of Directors by taking into consideration of the Parent Bank’s liquidity, target income level and general expectations about changes in risk factors and risk
appetite.
Board of Directors and the Audit Committee are responsible for following the Parent Bank’s capital is used optimally; for this purpose, checking the status against risk limits and
providing the necessary actions are taken.
Asset and Liability Management Committee is responsible for managing the Asset and Liability risk within the framework of operating principles that are involved in the risk appetite
and risk limits are set by the Board of Directors in accordance with the policy statement.
Measurement of the Asset and Liability Management’s risk, reporting of the measurement results and monitoring the compliance with risk limits are the responsibility of the
Risk Management Department. The course of the risk taken is examined through different scenarios and the measurement results are tested in terms of reliability and integrity.
Information related to asset-liability management risk is reported to the Board of Directors by the Department of Risk Management through the Risk Committee and the Audit
Committee.
Asset and liability management processes and compliance with the provisions of the policy are controlled and audited by the internal audit system. The execution of the audit,
reporting the audit results, action plans for the elimination of errors and gaps identified as a result of inspections regarding the fulfillment of the principles, are determined by the
Board of Directors.
Operational Risk
Operational risk is defined as “the probability of loss due to the inadequate or failed internal processes, people, systems, external factors or legal risks”. All risks except financial
risks are considered within the scope of operational risk. Studies consisted and are formed of occur by execution of identification, definition, measurement, analysis, monitoring
of operational risk, providing and reporting the necessary control related to monitoring the progress of our country and the world, the development of techniques and methods,
necessary legal reporting, notification and conduct of follow-up transactions. Studies on the subject are conducted by the Department of Risk Management.
Operational risks that arise due to the activities are defined in “Bank Risk Catalogue” and classified in respect of species. Bank Risk Catalogue is kind of the fundamental document that
used for identification and classification of all at the risk that may be encountered. It is updated in line with the changes in the nature of the processes and activities.
Qualitative and quantitative methods are used in a combination for measurement and evaluation of the operational risks. In this process, information use that obtained from “Impact-
Probability Analysis”, “Missing Event Data Analysis”, “Risk Indicators” methods. Methods prescribed by legal regulations are applied as minimum in determining the capital requirement
level for the operating risk.
All risks are assessed in the context of operational risk, loss events and the risk indicators same as operational risks that occurred in the Parent Bank, are monitored on a regular basis
by the Department of Risk Management and reported periodically to the Risk Committee and the Board of Directors.
