Risk management activities are carried out with the underlying approach of aligning the Bank’s risk management functions with best practices by fostering a risk culture throughout the entire Bank and constantly improving system and human resources.
Risk management activities are conducted under the separate headings of “Credit Risk”, “Market Risk”, “Operational Risk”, “Balance Sheet Risks” and “Credit Risk Control Unit and Validation”. Policies, practices, and procedures concerning the management of these risks are governed by regulations and resolutions approved by the Board of Directors for dealing with each category of risk. All risk management system activities are carried out through the involved participation of all the units with which each type of risk is associated.
Ziraat Bank has formulated an “Intrinsic capital adequacy assessment process” as required by BRSA Regulation on banks’ internal system and intrinsic capital adequacy assessment processes. The purpose of this process is to set up and maintain a system that will both determine the amounts of capital that are needed to cover the risks to which the Bank is or might be exposed and will ensure capital requirements and levels are used compatibly with the Bank’s strategic objectives. Analyses are performed in line with BRSA principles and are further supported by means of risk-specific stress tests and scenario analyzes. Year-end Stress Test and Internal Capital Adequacy Assessment Process (ICAAP) reports are prepared with the involvement of other appropriate units and are sent to BRSA with the approval of the Board of Directors.
CREDIT RISK
Credit risk is an expression of the likelihood of the Bank’s suffering a loss because a debtor fails to fulfill, in a timely manner, some or all of his obligations under an agreement that he has entered into.
Credit risk management consists of discovering the credit risks to which the Bank is exposed and defining, measuring, monitoring, controlling, and reporting such risks.
According to BRSA Regulation on measurement and assessment of capital adequacy of banks, credit risk is to be measured using the Basel III Standardized Approach and the results of such measurements are to be included in one’s mandatory reporting. In compliance with this requirement, Ziraat Bank’s credit risk exposure on both a solo and a consolidated basis is reported monthly to BRSA. The measurement of the counterparty credit risk, which is considered in the framework of credit risk, is carried out by using the Reasonable Valuation Method.
Internal Rating Notifications are reported to Risk Center of Banks Association of Turkey on monthly basis, in accordance with Internal Rating Notification Circular which went into effect as of January 2014. Scenario analyzes and stress tests are performed with the application of internal and external shocks to credit risk factors. A Credit Risk Management with Advanced Methods Project that permits the use of advanced methods in the calculation of the Bank’s core credit risk exposure is carried out. The project includes model validations evaluating the compatibility, accuracy and durability of IRB model studies carried out within the framework of internal rating-based approach, creating macroeconomic models, making IRB models compatible with TFRS-9 and implementation of the results.
In the first quarter of 2021, a Credit Risk Control Unit was established under the Risk Management Department, and all activities managed based on Internal Rating were included within the scope of its duty of the relevant unit. After the model development activities were completed and the models passed through the validation processes, studies were initiated to calculate the amount subject to credit risk and expected credit loss with the newly created model parameters.
After the completion of all model outputs and IRB model validation tests, the amount based on credit risk calculated with the Basic and Advanced IRB methods could be retrieved from the system together with the results of the standard approach.
Both the Board of Directors approved customer-segment-based credit risk limits and trigger values and portfolio-based counterparty credit risk limits and trigger values arising respectively from banking accounts and from trading accounts have been calculated and monitored on a monthly basis. The risk-weighted assets which the Bank may hold on a segment and portfolio basis are subject to these limits.
MARKET RISK
Market risk is an expression of the possibility of loss that the Bank may be exposed to on account of its on- or off-balance sheet exchange rate, commodity, interest rate and stock position risk, which are subject to the Bank’s trading activities and followed up under the Bank’s accounts and positions valued at fair value, and which arise from the movements in market prices.
Risk measurement and monitoring is carried out in order to reveal the market risks to which the Bank may be exposed. The results of these activities are taken into account in the Bank’s strategic decision-making processes.
In order to manage market risk, market movements that affect the present value of the portfolios which expose the Bank to market risk in line with its trading strategies are kept track of on a daily basis and the impact that both upward/downward and ordinary/extraordinary movements may have on these portfolios is analyzed.
In the conduct of its day-to-day operations, trigger values are monitored as part of the early-warning process that is carried out to protect the Bank’s financial strength from being seriously affected by increases in market volatility. Risk exposure levels are kept within prescribed limits.
The Standardized Approach methodology is used to calculate the Bank’s exposure to market risk, the amount of which is included in its mandatory capital adequacy ratio. Market risk is also calculated on a daily basis using a VaR-based internal model. The effectiveness of the models being used is also analyzed regularly by means of backtesting.
OPERATIONAL RISK
Operational risk” is an expression of the likelihood of the Bank’s suffering a loss because of changes in value caused by the fact that the actual losses which are incurred on account of inadequate or failed internal processes, people, or systems or on account of external events (including legal risk) differ from expected losses. The operational risk exposure is calculated using the Basic Indicator Approach methodology.
A self-evaluation study covering the bank’s organization is carried out.
Ziraat Bank employees perform their duties taking into account the operational risk-related principles and procedures set forth in the Bank’s internal regulations and in a manner that is both sensitive to the operational risks that may be incurred and mindful of Bank policies intended to create an operational environment that will reduce the likelihood of losses.
Signals and limits approved by the Board of Directors related to operational risks have been established within the scope of internal regulations and are monitored periodically.
Risks and actions taken within the scope of IT are monitored and reported to the senior management regarding operational risk.
In order to ensure the continuity of outsourced support services, the risks that might arise from their procurement are assessed in light of BRSA Regulation on the outsourcing of support services by banks.
As part of the Business Continuity Plan, “business impact analyzes” are carried out in order both to identify the risks that might arise if the Bank’s operations are interrupted and to determine their potential consequences. Analyses are also conducted into the portfolio custody service database.
BALANCE SHEET RISKS
“Balance sheet risks”, which are risks that arise from the Bank’s on- and off-balance sheet asset and liability accounts, are controlled so as to manage them in the most effective way possible. Risk measurement and monitoring is carried out in order to reveal the balance sheet risks to which the Bank may be exposed on account both of its liquidity risks and of its interest rate risks arising from its banking business accounts. The results of these activities are taken into account in the Bank’s strategic decision-making processes.
There are two components of liquidity risk: funding liquidity risk and market liquidity risk. The first is an expression of the likelihood of the Bank’s suffering a loss because it is unable to satisfy all of its foreseeable/unforeseeable cash flow requirements without otherwise impairing its day-to-day operations and/or financial structure; the second is an expression of the likelihood of the Bank’s suffering a loss because the Bank is unable to close or cover a particular position at the market price owing to insufficient market depth or to excessive market volatility. Interest rate risk consists of the possibility of sustaining losses on risk-sensitive assets, liabilities, and off-balance sheet items owing to changes taking place in interest rates.
Compliance with mandatory ratios pertaining to liquidity and interest rate risks arising from banking business accounts is also monitored. In addition to the foregoing, matters with the potential to affect liquidity risk management are monitored funding and lending maturity mismatches, assets’ and liabilities’ behavioral as well as contractual maturities, the level of primary (cash and cash-equivalent) liquidity reserves needed to conduct the Bank’s normal day-to-day operations, Central Bank liquidity facilities to which recourse may be had in order to cope with unexpected liquidity requirements, secondary reserves whose potential to be converted to cash is exposed to the risk of their being underpriced, and the ability to borrow from conventional markets are monitored. Additionally, within the content of scenario and sensitivity analyzes stress test is conducted to assess the Bank’s liquidity needs in the worst case scenario.
For the management of the interest rate risk arising on banking business accounts, attention is given to monitoring and analyzing such issues as rate and maturity mismatches between fixed- and variable-interest fundings and lendings, assets’ and liabilities’ behavioral as well as contractual maturities, both upward/downward and ordinary/extraordinary movements in interest rates, and the impact of interest rate income on the current value of assets and liabilities.
Additionally, trigger values are monitored as part of the early-warning process and associated risk exposure levels are defined within limits in light of such considerations as liquidity, income level targets, and appetite for risk, and come into force upon the approval of the Board of Directors.
CREDIT RISK CONTROL UNIT
The Credit Risk Control Unit is responsible for the design or selection, implementation, supervision and performance of the Bank’s rating systems, performing regular analysis of the results and reporting the results of the studies conducted, and the Bank’s Probability of Default (PD) within the scope of TFRS 9 Expected credit risk loss calculation. The Unit carries out activities to develop internal models of Loss at Default (THK) and Amount of Default (TT), to monitor their performance, and to develop scenario-based macroeconomic models of parameters related to future expectations.
The PD, LGD, EAD modelling studies for the calculation of credit risk with an internal rating-based approach have been completed within the scope of the “Credit Risk Management Project with Advanced Methods”, which will contribute positively to the determination of the Bank’s credit policies and balance sheet management, as well as in determining customer-oriented strategies.
Work continues on TFRS-9 integration of newly developed macroeconomic modelling and IRB models to be used in TFRS-9 provision calculations.
VALIDATION
The validation unit is responsible for evaluating the accuracy, consistency and adequacy of the internally used rating models and other measurement methodologies in order to accurately measure and manage the risks the Bank is exposed to, as well as evaluating the stability of risk models and output (risk estimates, rating grades) performances, and the reporting of the results of the activities under its responsibility to the senior management at regular intervals.
In this context, the unit aimed to carry out validation studies of IRB models, especially the integration between IRB models and TFRS-9 standards, administrative models, internal models used in the Bank’s decision-making processes such as İSEDES, operational risk and market risk models and to take necessary actions in view of the findings.
In validation activities, the process starting with data quality control consists of model initial validations and report preparation, evaluation of findings and the taking of necessary actions, final validation report and documentation, process validation and periodic validation studies.
Consultancy services were received for the validation of the developed IRB models, and the Bank’s validation unit completed the initial validation study in 2021, taking into account the quantitative and qualitative control points. Process and periodic validation studies of the models for which initial validations were completed will also be carried out in the future.
