Section IV Operational and Market Risk
OPERATIONAL AND MARKET RISK
Operational risk is managed on the basis of the three lines of defense approach within the framework of risk management policies approved by the Board of Directors. The Board of Directors issues the risk appetite for operational risk and related limits, and senior management ensures consistent and efficient implementation and maintenance of the operational risk management framework in relation to all activities, processes and products.
First line of defense, composed of business and support areas, is responsible for the primary management of operational risk in the products, activities, processes and systems within the frame of the Bank’s policies and implementation principles.
Second line of defense is fulfilled by the Internal Control Unit, Risk Management and Compliance Department functions, which are independent units that report directly to the Board of Directors. In addition, units that have responsibility in relation to factors with a potential direct and/or indirect impact on the Bank’s general operational risk level (Financial Reporting and Accounting Department, Anti-Fraud Monitoring Department) provide support, to the extent necessary and appropriate, to the second line of defense in the management of operational risks that other units are exposed to in accordance with Article 26 of the Operational Risk Management Guide published by the BRSA. Operational Risk Management that takes place in the second line of defense establishes policy and procedures (loss data, scenario analyses, risk indicators and self-assessment, new product and outsourcing assessment process) as part of operational risk measurement and management, and provides the necessary guidance and coordination for their use. Operational Risk Management uses the data obtained by measurement tools to generate reports.
Third line of defense, e.g. the Internal Audit Department, performs internal audit activities and independently reviews all aspects of operational risk management framework.
The definition of Operational Risk includes the following risk types: Processes, External and Internal Fraud, Technological, Human Resources, Business Practices, Disasters, Suppliers.
Market risk is measured in accordance with applicable regulations, Garanti BBVA's policies and procedures, employing internationally accepted methodologies that are aligned with the Bank’s structure, and they are evaluated within a continuously improving structure. Market risk is managed by measuring and limiting risk in accordance with international standards, allocating sufficient capital and minimizing risk through hedging transactions.
Market risk is defined as the risk Garanti BBVA faces due to fluctuations in market prices in relation to the positions it maintains on or off its balance sheet for trading purposes, and is calculated daily using the Value-at-Risk (VaR) model. VaR is a measure of the maximum expected loss in the market value of a portfolio of a certain maturity as a result of market price fluctuations, at a specified probability within a certain confidence interval. VaR is calculated using historical simulation method and two-year historical data at 99% confidence interval. Regular backtesting is conducted to measure the reliability of the VaR model. The model is validated on an annual basis. Market Risk is managed through capital, VaR and stop/loss limits approved by the Board of Directors. Limit levels are determined according to annual profit/loss targets. The limits set are monitored and reported daily by the Market and Structural Risk Department. In order to identify the risks that might arise from major market volatilities, regular stress tests and scenario analyses are conducted using the VaR model.