81
Corporate Governance
Information on Risk Management Policies Applied
Per Risk Types
Bank risk policies and procedures constitute the internal rules and principles which are approved and enforced by the Board considering
Risk Management Division suggestions and executed by the senior management.
These policies that have been put into effect in accordance with international standards, stipulate general standards regarding the
organization and scope of risk management function, risk measurement methods, roles and responsibilities of the risk management group,
risk limit setting methodology, rules governing the breach of limits and confirmations that have to be given in various situations.
As a result of the main business of the Bank, credit risk is considered as the most important financial risk factor the Bank is exposed to.
Aside from credit risk, liquidity risk which can be triggered by the Fed interest rate hike process that has already started by the end of 2015
and interest rate risk caused by the asset and liability mismatch prevalent in the Turkish banking sector, are other financial risks that are
regarded as prominent.
Apart from the financial risks mentioned above, the most important non-financial risk of the Bank appears to be business environment risk.
It is concluded that geopolitical risks arising from political instability in nearby geography of Turkey, upcoming fierce competition in local
market and the new capital adequacy rules (effective fromMarch 2016) which are revised in accordance with Basel Committee’s regulatory
consistency assessment program (R-CAP) are the main drivers of business environment risk. On the other hand, in terms of the Banking
processes, potential risks which can be exposed commonly are related to information technology risks. The above mentioned assessments
are presented in financial statements.
To ensure the conformity of the Bank’s risk appetite with business plan and prevailing market environment, risk limits set by the Board
of Directors are monitored. In this context, breaches in market, liquidity, structural interest rate and credit risk limits are analyzed by Risk
Management Division taking market and industry conditions into consideration, and findings are reported to the Audit Committee.
Capital Adequacy Policy
Capital Adequacy Policy defines the level of capital, on consolidated and unconsolidated basis, that the Bank must hold against potential
losses arising from financial risks associated with on and off-balance sheet items in addition to non-financial risks caused by the Bank’s
operations; and establishes the principles for maintaining and monitoring the minimum capital levels determined in accordance with the
legal regulations and the Internal Capital Adequacy Assessment Process. Risk management policies form an integral part of the Capital
Adequacy Policy.
Credit Risk Policy
Credit risk is defined as any situation where the counterparty obligation will not or can not be fulfilled partially or fully on maturity
as affirmed in the agreement. Credit risk policy sets the framework for credit risk management, control and monitoring, roles and
responsibilities and credit risk limits.
İşbank maintains identification, measurement and management of credit risk across all products and activities. The Board reviews credit
risk policies and strategies annually at minimum. Senior management is responsible for the execution of credit risk policies.
The findings of independent review of loans and credit risk are reported to the Board and the senior management regularly. Monitoring
credit risk includes parameters such as maturity, industry, collateral, geography, currency, loan type, and credit risk ratings as a whole, in
addition to the assessments on the obligor and the facility.
In managing credit risk, İşbank implements internal risk limits specified by the Board of Directors that restrict the maximum credit risk based
on parameters such as risk groups and sectors in addition to the credit risk limits that are mandated by legal regulations. These internal
limits are determined in a way that does not lead to risk concentrations.
Breaching risk limits until the regulatory limits are treated as “exceptional procedure”. The authorization for exceptional procedure resides
with the Board of Directors. The results of controls and assessments related to risk limit breaches are presented to senior management and
the Board of Directors by Internal Audit and Risk Management Functions.
