VKF_FRAE_2017

PART III: FINANCIAL HIGHLIGHTS AND RISK MANAGEMENT 126 VakıfBank Annual Report 2017 »» OPERATIONAL RISK Operational risk means the potential loss that includes the Legal Risk and that arises from insufficient or unsuccessful processes, people and systems or external events. The management of operational risks is performed in accordance with the “Operational Risk Framework,” which was created for the determination and definition of all the significant risks faced by the Bank in comprehensive categories and which is a common dictionary containing examples of these risks, and the Bank’s Operational Risk Management Policy Document. The auditing of the operational risks is carried out by Audit Board and the Head of Internal Audit. In the management of operational risk, the Bank collects operational risk loss and potential risk data, which also enable the implementation of the standard approaches. The operational loss data is analyzed in order to identify the risk factors and the findings were presented to the Bank’s executive management. The process of evaluating the operational risk data on consolidated basis continues, and within this scope, the loss data received from the Bank’s affiliates is regularly collected and saved in the data infrastructure. The “Impact Analysis” covering the Head Office’ departments, to analyze the business processes, and to take necessary measures after identifying the inadequate controls which are not effective, was re-performed on the business processes. Activities to assess processes which are updated via symptom monitoring activities and new assembled are proceeded. Risk assessments related to the new products are made within the scope of the “New Product Development Regulation.” Moreover, risk assessments related to the purchase of the support services are made within the scope of the “Support Service Procurement Procedures and the Risk Management Program.” Operational risk measurement results calculated annually on unconsolidated and consolidated basis using the key indicator approach within the framework of the “Regulation on Measurement and Assessment of Capital Adequacy of Banks”, are reported to the Bank’s top management, and the BRSA. In accordance with the “Guide About Reputation Risk Management” issued by the Banking Regulation and Supervision Agency; “Reputation Risk Management Policy” activities continue in order to determine the policies for identifying, evaluating, controlling, monitoring, reporting and managing the reputation risk that may arise from the Bank’s activities, practices, shareholders and employees. In accordance with the “Regulation On Banks’ Internal Systems and Internal Capital Adequacy Evaluation Process” and “Guide About Operational Risk Management” issued by the Banking Regulation and Supervision Agency, updating activities continue within the scope of the “Regulation On New Product Development”. »» CREDIT RISK Credit risk arises from the failure of counterparty to fulfil its obligations, partially or completely, in accordance with contractual requirements. The credit risk definition of the Bank takes the credit risk definition of the Banking Law as a base and comprises the credit risks involved in all products and activities. Credit risk is managed within the scope of the “Credit Risk Management Policy Document”. Furthermore, VakıfBank manages the country risk within the scope of the “Country Risk Management Policy Document”, and perceives indirect country risk, central management risk, contagion risk, macroeconomic risk, indirect FX risk, and transfer risk as the main components of the country risk. The findings being obtained from analyses of the composition and concentration of the Bank’s loan portfolio (type of loan, currency, maturity, sector, geographic region, segment, borrower, holding, group, subsidiaries); from the portfolio quality (standard loans, non-performing loans, deferred loans, analysis of the data obtained from the credit rating system); from country risk and scenario analysis and the studies on possible events of default are reported to the Bank’s top management as individual and monthly reports. Taking the Bank’s loan policy and economic changes into consideration; sectoral, geographical and individual loan concentration limits were updated, and segment based limits were included in the monitoring process in 2017 in order to identify loan concentration risks and create a balanced loan portfolio. In addition, the tables regarding the distribution of cash loans according to due date, credit distribution of subsidiaries and distribution of risk weighted assets by segments are included in the Loan Risks Reports submitted to the Bank’s top management on a monthly basis. Credit risk in fair value, measured within the scope of the provisions of the “Regulation on Measurement and Assessment of Capital Adequacy of Banks,” is reported to the Bank’s top management and the BRSA in unconsolidated and consolidated basis quarterly. The Capital Adequacy Standard Ratio is closely monitored in the Bank, calculated on a daily basis and reported to the top management after the scenario analysis/stress testing is performed. RISK MANAGEMENT POLICIES APPLIED BY RISK TYPE