Operational and Market Risk
Operational risk is managed on the basis of the three lines of defense approach within the framework of risk management policies approved by the Board of Directors. The Board of Directors issues the risk appetite for operational risk and related limits, and senior management ensures consistent and efficient implementation and maintenance of the operational risk management framework in relation to all activities, processes and products. First line of defense, composed of business and support areas, is responsible for the primary management of operational risk in the products, activities, processes and systems within the frame of the Bank’s policies and implementation principles. Accordingly, there are operational risk and control officers responsible for ensuring the implementation of policies and procedures associated with operational risk management and expanding risk determination methodology on the basis of each business and support area.
Second line of defense is composed of the Risk Management Department, Internal Control Unit and Compliance Department functions, in order to assist the senior management in understanding and managing the operational risk exposure, and the Board of Directors in overseeing operational risk management activities. In addition, Operational Risk and Control Specialty Functions (Finance, Legal, Compliance, Risk, Talent and Culture, Process, Third Party, Information and Data Security, Technology Security, Physical Security) provide support, to the extent necessary and appropriate, to the second line of defense in the management of operational risks that other units are exposed to in accordance with Article 26 of the Operational Risk Management Guide published by the BRSA.
Capital and Operational Risk Department that reports to the Risk Management Department establishes the policies and procedures governing operational risk management, provides that operational risk management tools (loss data, risk and control self-assessment, key risk indicators and scenario analyses) are used by the first line of defense, and evaluates, verifies and reports the outcomes obtained from these tools. Third line of defense, i.e. the Internal Audit Department, performs internal audit activities and independently reviews all aspects of operational risk management framework.
The definition of Operational Risk includes the following risk types: Processes, External and Internal Fraud, Technological, Human Resources, Business Practices, Disasters, Suppliers.
Managed within the frame of a policy approved by the Board of Directors, market risk is measured employing internationally accepted methodologies that are aligned with applicable regulations, Garanti BBVA’s policies and procedures, the Bank’s structure, and they are evaluated within a continuously improving structure. Market risk is managed by measuring and limiting risk in accordance with international standards, allocating sufficient capital and minimizing risk through hedging transactions.
Market risk is defined as the risk Garanti BBVA faces due to fluctuations in market prices in relation to the positions it maintains on or off its balance sheet for trading purposes, and is calculated daily using the Value-at-Risk (VaR) model. VaR is a measure of the maximum expected loss in the market value of a portfolio of a certain maturity as a result of market price fluctuations, at a specified probability within a certain confidence interval. VaR is calculated using historical simulation method and two-year historical data at 99% confidence interval. Regular backtesting is conducted to measure the reliability of the VaR model. The model is validated on an annual basis. Market Risk is managed through capital, VaR and stop/loss limits approved by the Board of Directors. Limit levels are determined according to annual profit/loss targets. The limits set are monitored and reported daily by the Market and Structural Risk Department. In order to identify the risks that might arise from major market volatilities, regular stress tests and scenario analyses are conducted using the VaR model.
Stress tests and scenario analyses are conducted with market risk internal capital annually within the scope of ICAAP (Banks’ Internal Systems and Internal Capital Adequacy Assessment Process) and stress testing.