Asset and Liability Management Risk Policy
Asset and liability management risk is defined as; loss risk caused by Bank’s failure to effectively manage all financial risks arising
from the bank’s assets, liabilities and off-balance sheet transactions. Market risk of trading book, structural interest rate risk of
banking book and liquidity risk are all within the scope of asset and liability management risk.
All principles and procedures related to constitution and management of Bank’s asset-liability structure and Bank’s risk appetite
is established by the Board of Directors. Ensuring asset and liability management risk being within the levels imposed by legal
legislation and internal risk limits is the primary priority. Internal risk limits are determined by Board of Directors taking into
consideration liquidity, target income level, general expectations about the changes in risk factors and risk appetite of the Bank.
Board of Directors and Audit Committee are obliged to track that Bank’s capital is used optimally. For this purpose these bodies are
obligated to keep risk limits under control and ensure necessary actions being taken.
Asset-Liability Committee is responsible for governance of asset and liability management risk in accordance with the risk appetite
and risk limits determined by Board of Directors and within the principles and procedures expressed in this policy.
Measuring asset and liability management risk, reporting the results and monitoring the compliance with the risk limits are the
responsibilities of Risk Management Division. The course of the risk taken is reviewed under different scenarios. Measurement
results are tested in terms of reliability and integrity. Asset and liability management risk is reported to Risk Committee and reported
to the Board of Directors through Audit Committee.
Compliance with risk limits is closely and continuously monitored by Risk Management Division, Asset-Liability Committee and
related business units. In the event of a breach in the risk limits, the breach and its reasons are instantly reported to Board of
Directors through Audit Committee. Course of action needed to be taken in order to eliminate the breach is determined by the Board.
Asset and liability management processes and compliance with the policy rules are audited by internal audit system. The principles
regarding the audit process, audit reports and fulfillment of action plans to eliminate the errors and gaps determined by internal
audit are established by the Board of Directors.
Operational Risk Policy
Operational risk is defined as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from
external events”. Risk Management Division is responsible for the risk management activity on this particular risk. Operational risk
management activities comprise defining, measuring, analyzing, monitoring and reporting of operational risks, following up the
new techniques on management of operational risks besides regulatory and internal reporting. The fundamental principles and
procedures of risk management are determined in Operational Risk Policy.
Categorization of inherited operational risks within the activities and processes is monitored via the Enterprise Risk Framework.
It serves as the basic document to define and classify the risks and is subject to alteration as conditions change. Enterprise Risk
Framework is modified in line with the improving risk management practices and changing regulations
The methodology employed to identify operational risks is “self-assessment”. This methodology requires staff with roles and
responsibilities in a particular activity to get involved in the risk and control assessment process of that activity. Operational risk
management process combines both qualitative and quantitative approaches in measurement and assessment. The measurement
process uses data obtained from “impact - likelihood analysis”, “loss database” and “key risk indicators”.
All operational risks inherited in the banking processes and information systems, risk levels of new products and processes,
operational losses incurred by the Bank are monitored continuously, risk assessments are updated regularly and reported to the Risk
Committee and the Board in a timely manner.
Employees have the understanding of the Bank’s objective to attain a working environment aiming to reduce the probability of
loss, considering that the entire internal rules and procedures, led by operational risk policy, and act sensitively to the inherited
operational risks and controls.
Consolidated Risk Policies
Compliance with risk management principles related to the Bank’s subsidiaries are monitored through Bank’s “Consolidated Risk
Policies” by Subsidiary Risk Unit. Subsidiaries identify their specific risk management policies that cannot divert from or conflict
with consolidated risk policies. Subsidiary boards approve company risk policies that form the framework of their risk management
systems and processes.
Information Systems Management Policy
The purpose of Information Systems Management Policy is to determine the principles which will constitute a basis for the
management of information systems that the Bank uses to fulfill its activities and the procedures in order to define, measure,
control, monitor, report and manage the risks derived from using information technologies. With the Policy, the information
technologies which is an important element for sustaining Bank activities is intended to be managed effectively as information
systems management, being handled as a part of corporate governance practices. On the management of Bank’s information
systems and all the elements relating to those systems articles of this Policy are applied.
Risks derived from information technologies are basically assessed within the scope of Bank’s operational risk management. It is
essential that those risks which could be seen as multipliers of the other risks derived from activities of the Bank are measured,
closely monitored and controlled within the framework of Bank’s integrated risk management.
Financial Information and Risk
Management
95
İşbank
Annual Report 2013
