İŞBANK ANNUAL REPORT 2014

İŞBANK

ANNUAL REPORT 2014

INFORMATION ON RISK MANAGEMENT POLICIES APPLIED

PER RISK TYPES

Bank risk policies and procedures constitute the internal rules and principles which are approved and enforced by the Board considering

Risk Management Division suggestions and executed by the senior management.

These policies that have been put into effect in accordance with international standards, stipulate general standards regarding the

organization and scope of risk management function, risk measurement methods, roles and responsibilities of the risk management group,

risk limit setting methodology, rules governing the breach of limits and confirmations that have to be given in various situations.

As a result of the main business of the Bank, credit risk is considered as the most important financial risk factor the Bank is exposed to.

Aside from credit risk, due to the asset and liability mismatch prevalent in the Turkish banking sector, liquidity risk and interest rate risk are

other financial risks that are regarded as prominent.

Apart from the financial risks mentioned above, the most important non-financial risk of the Bank appears to be business environment

risk. It is concluded that geopolitical risks arising from political instability in nearby geography of Turkey, upcoming fierce competition in

local market and new banking regulations are the main drivers of business environment risk. On the other hand, in terms of the Banking

processes, potential risks to which the bank is commonly exposed are related to information technology risks. The above mentioned

assessments are presented in financial statements.

To ensure the conformity of the Bank’s risk appetite with business plan and prevailing market environment, risk limits set by the Board

of Directors are monitored. In this context, breaches in market, liquidity, structural interest rate and credit risk limits are analyzed by Risk

Management Division taking market and industry conditions into consideration, and findings are reported to the Audit Committee.

Capital Adequacy Policy

Capital Adequacy Policy defines the level of capital, on consolidated and unconsolidated basis, that the Bank must hold against potential

losses arising from financial risks associated with on and off-balance sheet items in addition to non-financial risks caused by the Bank’s

operations; and establishes the principles for maintaining and monitoring the minimum capital levels determined in accordance with the

legal regulations and the Internal Capital Adequacy Assessment Process. Risk management policies form an integral part of the Capital

Adequacy Policy.

Credit Risk Policy

Credit risk is defined as any situation where the counterparty obligation will not or cannot be fulfilled partially or fully on maturity

as affirmed in the agreement. Credit risk policy sets the framework for credit risk management, control and monitoring, roles and

responsibilities and credit risk limits.

İşbank maintains identification, measurement and management of credit risk across all products and activities. The Board reviews credit

risk policies and strategies annually at minimum. Senior management is responsible for the execution of credit risk policies.

The findings of independent review of loans and credit risk are reported to the Board and the senior management regularly. Monitoring

credit risk includes parameters such as maturity, industry, collateral, geography, currency, loan type, and credit risk ratings as a whole, in

addition to the assessments on the obligor and the facility.

In managing credit risk, İşbank implements internal risk limits specified by the Board of Directors that restrict the maximum credit risk based

on parameters such as risk groups and sectors in addition to the credit risk limits that are mandated by legal regulations. These internal

limits are determined in a way that does not lead to risk concentrations.

Breaching risk limits until the regulatory limits are treated as “exceptional procedure”. The authorization for exceptional procedure resides

with the Board of Directors. The results of controls and assessments related to risk limit breaches are presented to senior management and

the Board of Directors by Internal Audit and Risk Management Functions.

İşbank employs internal credit risk rating systems that are developed to service the needs for credit management, credit granting decisions,

credit process audits and credit provision calculations. Internal audit functions regularly assess the internal credit risk rating systems

according to their compatibility with the structure, size and complexity of the Bank’s operations. If diverse circumstances required,

necessary adjustments and/or modifications are made to the system. Internal credit risk rating systems are assessed by the Risk Committee

and approved by the Board of Directors.

Asset and Liability Management Risk Policy

Asset and liability management risk is defined as; loss risk caused by Bank’s failure to effectively manage all financial risks arising from the

bank’s assets, liabilities and off-balance sheet transactions. Market risk of trading book, structural interest rate risk of banking book and

liquidity risk are all within the scope of asset and liability management risk.