2019 INTEGRATED ANNUAL REPORT
INFORMATION ABOUT RISK MANAGEMENT POLICIES AND ACTIVITIES ACCORDING TO TYPE OF RISK

Risk management activities are carried out with the underlying approach of aligning the Bank’s risk management functions with best practices by fostering a risk culture throughout the entire Bank and constantly improving system and human resources.

Risk management activities are conducted under the separate headings of “Credit Risk”, “Market Risk”, “Operational Risk”, and “Balance Sheet Risks”. Policies, practices, and procedures concerning the management of these risks are governed by regulations and resolutions approved by the Board of Directors for dealing with each category of risk. All risk management system activities are carried out through the involved participation of all the units with which each type of risk is associated.

Ziraat Bank has formulated an “Intrinsic capital adequacy assessment process” as required by BRSA Regulation on banks’ internal system and intrinsic capital adequacy assessment processes. The purpose of this process is to set up and maintain a system that will both determine the amounts of capital that are needed to cover the risks to which the Bank is or might be exposed and will ensure capital requirements and levels are used compatibly with the Bank’s strategic objectives. Analyses are performed in line with BRSA principles and are further supported by means of risk-specific stress tests and scenario analyses. Year-end Stress Test and Internal Capital Adequacy Assessment Process (ICAAP) reports are prepared with the involvement of other appropriate units and are sent to BRSA with the approval of the Board of Directors.

CREDIT RISK
Credit risk is an expression of the likelihood of the Bank’s suffering a loss because a debtor fails to fulfill, in a timely manner, some or all of his obligations under an agreement that he has entered into.
Credit risk management consists of discovering the credit risks to which the Bank is exposed and defining, measuring, monitoring, controlling, and reporting such risks.

According to BRSA Regulation on measurement and assessment of capital adequacy of banks, credit risk is to be measured using the Basel III Standardized Approach and the results of such measurements are to be included in one’s mandatory reporting. In compliance with this requirement, Ziraat Bank’s credit risk exposure on both a solo and a consolidated basis is reported monthly to BRSA. The measurement of the counterparty credit risk, which is considered in the framework of credit risk, is carried out by using the Reasonable Valuation Method.

Within the scope of credit management activities, validation studies are carried out for measurement of accuracy and performance with statistical methods based on credit rating models developed by the related units. As required by the Banks Association of Turkey’s Circular on internal rating notifications, which went into effect as of January 2014, Ziraat Bank sends its internal rating notices to the Association’s Risk Center every month. Scenario analyses and stress tests are performed with the application of internal and external shocks to credit risk factors. A Credit Risk Management with Advanced Methods that permits the use of advanced methods in the calculation of the Bank’s core credit risk exposure is carried out.

Both customer-segment-based credit risk limits and trigger values and portfolio-based counterparty credit risk limits and trigger values arising respectively from banking accounts and from trading accounts have been calculated and approved by the Board of Directors. All these values are monitored on a monthly basis. The risk-weighted assets which the Bank may hold on a segment and portfolio basis are subject to these limits.

MARKET RISK
Market risk is an expression of the possibility of loss that the Bank may be exposed to on account of its on- or off-balance sheet exchange rate, commodity, interest rate and stock position risk, which are subject to the Bank’s trading activities and followed up under the Bank’s accounts and positions valued at fair value, and which arise from the movements in market prices.

Risk measurement and monitoring is carried out in order to reveal the market risks to which the Bank may be exposed. The results of these activities are taken into account in the Bank’s strategic decision-making processes.

In order to manage market risk, market movements that affect the present value of the portfolios which expose the Bank to market risk in line with its trading strategies are kept track of on a daily basis and the impact that both upward/downward and ordinary/extraordinary movements may have on these portfolios is analyzed.

In the conduct of its day-to-day operations, trigger values are monitored as part of the early-warning process that is carried out to protect the Bank’s financial strength from being seriously affected by increases in market volatility. Risk exposure levels are kept within prescribed limits.

The Standardized Approach methodology is used to calculate the Bank’s exposure to market risk, the amount of which is included in its mandatory capital adequacy ratio. Market risk is also calculated on a daily basis using a VaR-based internal model. The effectiveness of the models being used is also analyzed regularly by means of backtesting.

OPERATIONAL RISK
Operational risk” is an expression of the likelihood of the Bank’s suffering a loss because of changes in value caused by the fact that the actual losses which are incurred on account of inadequate or failed internal processes, people, or systems or on account of external events (including legal risk) differ from expected losses. The operational risks that arise throughout the Bank are monitored through the Operational Risk Loss Database. The operational risk exposure is calculated using the Basic Indicator Approach methodology.

Ziraat Bank employees perform their duties taking into account the operational risk-related principles and procedures set forth in the Bank’s internal regulations and in a manner that is both sensitive to the operational risks that may be incurred and mindful of Bank policies intended to create an operational environment that will reduce the likelihood of losses.

Signals and limits related to operational risks established within the scope of “Risk Management, Stress Test Program and ISEDES Regulation” are monitored periodically.

Risks and actions taken within the scope of IT are monitored and reported to the senior management regarding operational risk.

As part of the Business Continuity Plan, “business impact analyses” are carried out in order both to identify the risks that might arise if the Bank’s operations are interrupted and to determine their potential consequences.

In order to ensure the continuity of outsourced support services, the risks that might arise from their procurement are assessed in light of BRSA Regulation on the outsourcing of support services by banks.

Analyses are also conducted into the portfolio custody service database.

BALANCE SHEET RISKS
“Balance sheet risks”, which are risks that arise from the Bank’s on- and off-balance sheet asset and liability accounts, are controlled so as to manage them in the most effective way possible. Risk measurement and monitoring is carried out in order to reveal the balance sheet risks to which the Bank may be exposed on account both of its liquidity risks and of its interest rate risks arising from its banking business accounts. The results of these activities are taken into account in the Bank’s strategic decision-making processes.

There are two components of liquidity risk: funding liquidity risk and market liquidity risk. The first is an expression of the likelihood of the Bank’s suffering a loss because it is unable to satisfy all of its foreseeable/unforeseeable cash flow requirements without otherwise impairing its day-to-day operations and/or financial structure; the second is an expression of the likelihood of the Bank’s suffering a loss because the Bank is unable to close or cover a particular position at the market price owing to insufficient market depth or to excessive market volatility. Interest rate risk consists of the possibility of sustaining losses on risk-sensitive assets, liabilities, and off-balance sheet items owing to changes taking place in interest rates.

Compliance with mandatory ratios pertaining to liquidity and interest rate risks arising from banking business accounts is also monitored. In addition to the foregoing, matters with the potential to affect liquidity risk management are monitored funding and lending maturity mismatches, assets’ and liabilities’ behavioral as well as contractual maturities, the level of primary (cash and cash-equivalent) liquidity reserves needed to conduct the Bank’s normal day-to-day operations, Central Bank liquidity facilities to which recourse may be had in order to cope with unexpected liquidity requirements, secondary reserves whose potential to be converted to cash is exposed to the risk of their being underpriced, and the ability to borrow from conventional markets are monitored. Additionally, within the content of scenario and sensitivity analyses stress test is conducted to assess the Bank’s liquidity needs in the worst case scenario and the loss that may result therefrom.

For the management of the interest rate risk arising on banking business accounts, attention is given to monitoring and analyzing such issues as rate and maturity mismatches between fixed- and variable-interest fundings and lendings, assets’ and liabilities’ behavioral as well as contractual maturities, both upward/downward and ordinary/extraordinary movements in interest rates, and the impact of interest rate income on the current value of assets and liabilities.

Additionally, trigger values are monitored as part of the early-warning process and associated risk exposure levels are defined within limits in light of such considerations as liquidity, income level targets, and appetite for risk, and come into force upon the approval of the Board of Directors.