REPUTATIONAL RISK
Garanti BBVA measures and monitors the risks it is exposed to on a non-consolidated and consolidated basis, in compliance with legal regulations, by using methods compliant with international standards and advanced country practices as a reference. Credit risk, operational risk, market risk, counterparty credit risk, structural interest rate risk, structural foreign exchange risk, liquidity risk measurements, and valuation activities are carried out using advanced methods and sophisticated tools developed for these methods.
End-to-end structured processes are operated for the design, development, implementation, and regular updating of risk measurement models. The reliability of these risk measurement models is ensured through internal validation activities.
The Bank’s risk management strategies, policies, and implementation procedures, as well as the tools and models used in risk management, are reviewed within the framework of regulatory changes and the Bank’s needs.
The Bank defines the risks and levels of risks it is willing to accept to achieve its goals within the scope of organic growth of its activities, in line with the targets and strategies set by the Board of Directors. This is done through a risk appetite framework composed of risk appetite statements and indicators, integrated with the budget process. The indicators under the Bank’s Risk Appetite Framework follow a pyramid structure. Indicators at the lower levels serve the purpose of enhancing and distinguishing the indicators at higher levels by type of risk. As a result, the upper levels contain fewer and less detailed metrics, enabling more detailed management as you move down the pyramid, allowing for early detection of deviations at lower levels, while supporting foresight management at higher levels. Based on the risk appetite framework, statements setting out the general risk management principles in terms of capital adequacy, liquidity, funding and profitability are established. . In addition, key quantitative metrics are defined in line with the target risk profile determined within the risk appetite framework. Risk-based limits and indicators related to capital adequacy, liquidity and funding, and profitability established in accordance with the risk appetite framework are monitored regularly.
The Bank monitors risk appetite indicators according to internal and legal perspectives, including CAR within the scope of capital adequacy. Under liquidity, LCR (Liquidity Coverage Ratio) is monitored as one of the risk appetite metrics within the scope of legal requirements. Furthermore, to encourage profitable growth, the Bank measures profitability risk appetite statements using metrics such as Cost of Risk and Return on Equity. For regulatory metrics, the Bank defines risk appetite thresholds above the minimum required levels set by the regulatory authorities, in accordance with the pyramid structure of the framework.The workflow and stress-testing program for ICAAP (Internal Systems and Internal Capital Adequacy Assessment Process of Banks) is carried out with the participation of all relevant parties within the Bank. The results of capital planning, which includes macroeconomic scenario and risk-based stress testing analyses, are evaluated by the Board of Directors and submitted to the BRSA once a year. As a systemically important bank, the “Recovery Plan,” which is established to determine and define the precautionary measures that can be implemented and the decision-making process in the event of a hypothetical and significant deterioration in capital and liquidity indicators, is updated annually and shared with the BRSA.
For new products and services developed within the Bank, risk assessments are performed, and risk mitigation measures are defined with the participation of relevant parties. The adequacy of the created risk mitigation framework is evaluated by the relevant committees. The effectiveness and efficiency of risk management activities, as well as the precision and accuracy of measurements and reporting, are continuously reviewed and improved dynamically through ongoing automation and enhancements. Opportunities provided by artificial intelligence technologies are also being explored in line with the Bank’s innovative approach.
IDENTIFIED RISKS AND THEIR MANAGEMENT
The risks to which the Bank is exposed as listed below are defined and managed through policies approved by the Board of Directors. As part of the annual legal ICAAP and stress test program, the Bank calculates the internal capital requirement for the risks it has identified and evaluates the results of stress tests and scenario analyses. Additionally, periodic risk measurements and stress tests are conducted internally within specific methodologies and models for each type of risk.
CREDIT RISK
Credit risk is defined as the likelihood of loss to the Bank resulting from a change in the borrower’s ability or willingness to repay debts and fulfill all contractual obligations, due to adverse economic conditions or unforeseen events. For the entire credit portfolio, the “probability of default” generated by credit risk models, “loss given default” calculated using the Bank’s internal data, and “risk amount” parameters are used to calculate the internal capital requirement, which is then monitored as a metric.
Credit risk management, which is a process for consistent assessment and monitoring of credit risks, encompasses all credit portfolios. Credit risk management, which is a process in which credit risks are assessed and monitored in a consistent manner, covers all credit portfolios. Credit risk is managed on a portfolio basis by taking into account the risk/return balance and the Bank’s asset quality. Up-to-date analyses are conducted for risks that stand out or are expected to stand out in the relevant period. Stress test analyses are regularly updated and their results are evaluated. Level of compliance with the credit management guidelines issued are evaluated by all units linked to credits, referred to necessary committees, and decisions and actions are taken accordingly.
Limits for credit portfolios are determined by the Board of Directors by taking risk-based return into account. In line with the Bank’s Risk Appetite Framework, new limits are added or the scope and content of existing limits are updated according to the needs of the period. In extraordinary situations, limits are reviewed at more frequent intervals Internal capital limits for credit portfolios are determined and monitored. Impact analyses are conducted for internal capital requirement according to regularly reviewed credit risk parameters. Systems are developed to enable the use of risk-based measurements in areas such as pricing and portfolio management.
It is ensured that subsidiaries that are significant in terms of credit risk establish and monitor internal credit risk indicators and limits by taking into account their scale, balance sheet size, and the characteristics of their credit portfolios.
The necessary rating or scoring models are developed for the Bank’s credit portfolios, and these models are designed to best differentiate customers in terms of creditworthiness and to rate them based on objective criteria. The outputs of the internal rating and scoring models developed on a portfolio basis constitute an important part of the credit allocation process and are also used in measuring the default risk of the customer and the portfolio, expected loss, internal capital requirements, expected credit loss provisions in accordance with TFRS9, risk-based pricing, and risk-adjusted return analyses. All models and methodologies are subject to qualitative and quantitative validation; in addition, periodic model monitoring studies are conducted, and calibration and model improvements are carried out when necessary.
In order to perform an effective risk assessment and actively ensure risk management for its credit portfolios, the Bank implements an Environmental and Social Impact Assessment Process (ESIAP) within the framework of international best practices and carries out monitoring activities within the scope of environmental and social risks, including climate-related physical risks and transition risks. Within the scope of the ESIAP, the Bank ensures that the projects it finances comply with environmental standards imposed by legislation and the Bank’s policies, that an impact assessment is carried out by project owners when necessary, that the prescribed measures and sector-based best practices are adopted by project owners, and that project owners establish adequate control mechanisms.
In 2025, the Bank demonstrated a performance in credit risk management aligned with a prudent risk culture that takes into account the risks that may be encountered even under stress conditions. During this period, while continuing its TL portfolio-focused and selective growth strategy in loans, the Bank managed its asset quality in a disciplined manner despite macroeconomic and geopolitical uncertainties. As of the end of 2025, on a consolidated basis (including leasing and factoring receivables), the ratio of non-performing loans was at 3.1%; the share of Stage 2 loans in total loans was 9.9%, and the provisioning ratio for Stage 3 loans was approximately 62.8%. With a strong profitability performance, credit risk costs remained at the levels projected within the Bank’s risk appetite framework; thus, both the preservation of portfolio quality and the support of capital resilience under stress scenarios were ensured.
COUNTERPARTY CREDIT RISK
Counterparty credit risk (CCR) means the risk of a counterparty, which is a party to a transaction imposing an obligation on both parties, defaulting before the final payment included in the cash flow of the transaction. It is defined as the potential risk to be sustained by the Bank in the event of the counterparty’s failure to perform its obligations.
The Bank conducts continuous measurement, monitoring, and limit-setting activities to manage this risk. Counterparty credit risk arising from derivative transactions, repo transactions, securities, and commodity lending transactions is measured using a fair value-based valuation method and managed according to the results obtained through the internal model method. Risk mitigation techniques such as collateralization and margin calls are used to reduce risk, in accordance with both national and international regulations. The measurement model is validated at least once a year.
It is ensured that subsidiaries that are significant in terms of counterparty credit risk establish and monitor internal counterparty credit risk indicators and limits by taking into account their scale and balance sheet size.
The Bank also calculates internal capital for counterparty credit risk by using the loss given default and probability of default parameters calculated for each counterparty through the internal model.
MARKET RISK
Market risk is defined as the probability of loss that the Bank’s on-balance-sheet and off-balance sheet positions may be exposed to within the scope of foreign exchange risk, commodity risk, interest rate risk, credit spread risk, volatility, and equity position risk arising from changes in market prices.
Market risk is managed effectively through a structure that can rapidly adapt to continuously evolving and changing market conditions and the regulatory framework, by measuring and limiting risks in line with international standards, allocating capital accordingly, reducing risks through hedging transactions, and using methods and models accepted in international best practices.
In addition to the measurement of regulatory capital requirements under the standard method, the Value at Risk (VaR) model is used at the Bank for the identification, measurement, and assessment of market risks. Regulatory capital requirement and internal capital requirement based on VaR are also calculated and monitored as a metric for the portfolio the Bank maintains for trading purposes. In this context, VaR measures the maximum value loss that is estimated to occur, within a specified confidence interval and probability, due to fluctuations in market prices over a certain holding period. VaR is calculated using the historical simulation method with two years of historical data and a 99% confidence interval, while back-testing is regularly performed to measure the reliability of the VaR model. Regularly reviewed depending on need, the model is validated on an annual basis at a minimum.
Market risk is managed through close monitoring by means of risk mitigation in line with the risk appetite and trading policies, the establishment of an effective control environment, and the use of limits. To this end, limits such as economic capital, VaR, stop/loss, etc., approved by the Board of Directors or relevant committees are applied. The levels of these limits are determined based on the annual profit/loss targets related to the Bank’s trading portfolio and new business strategies. In addition to the aforementioned limits, the market risk to which the Bank is exposed is limited by desk-based VaR and risk factor sensitivity limits, and the determined limits are monitored on a daily basis and regularly reported to senior management and relevant committees. The stress period used in stress VaR calculations is regularly reviewed and updated when necessary.
In addition, stress tests and scenario analyses are regularly conducted using the VaR model to identify risks that may arise from market fluctuations, and the results are reported to the relevant parties.
It is ensured that subsidiaries exposed to market risk establish and monitor internal market risk indicators and limits by taking into account their scale and balance sheet size.
The year 2025 was a year in which Türkiye entered a gradual interest rate cut cycle, credit spreads hovered near historically low levels, and the economic outlook continued to stabilize; at the same time, global uncertainties, particularly in the United States, and fluctuations in gold prices were observed. While market risk limits at the Bank continued to be closely monitored, the profitability of the trading portfolio continued to be preserved in a sustainable manner.
OPERATIONAL RISK
Operational risk is defined as the probability of loss resulting from human error, inadequate or failed internal processes, improper communication with respect to customers, markets or organizations, failures, interruptions or faults in systems or communication, improper data management, and external events including regulatory risk, cyber-attacks, external fraud, natural disasters and faulty services rendered by suppliers.
Operational risk is managed through the three lines of defense approach. Operational risk appetite and associated limits are determined by the Board of Directors, and the senior management ensures that the operational risk management framework is consistently and effectively implemented and maintained across all operations, processes and products. The first line of defense, consisting of business and support units, is primarily responsible for the management of the operational risk in products, operations, processes and systems within the frame of the Bank’s policies and procedures. The second line of defense consists of the Risk Management Department, Internal Control Unit, and Compliance Department, which assist senior management in understanding and managing operational risks and assist the Board of Directors in monitoring operational risk management activities. The Internal Audit Department that constitutes the third line of defense carries out internal audit activities, and assesses the operational risk management framework independently from all aspects.
Operational risk loss data covering the Bank and subsidiaries are collected, analyzed and reported to define, measure, monitor and mitigate operational risks. Risk and Control Self-Assessment that defines operational risks and measures controls including their risk mitigating impacts serves to identify potential weaknesses, and necessary actions are followed up. Key Risk Indicators that point out major risks are defined, and monitored within the frame of determined thresholds. As part of stress testing, low frequency, high-impact operational risk incidents included in the scenario portfolio are analyzed in detail. An internal model is used at the Bank for the identification, measurement, and assessment of operational risks. The measurement model used is reviewed and subject to validation at least once a year.
2025 was a year in which operational risk losses remained limited thanks to a strong risk management culture that rapidly adapted to the dynamic risk environment shaped by changing regulations and new technology-driven risk factors, despite the increase in the Bank’s gross revenues driven by its activities.
STRUCTURAL INTEREST RATE RISK
Structural interest rate risk is defined as potential changes in the Bank’s net interest income and/or overall economic value resulting from interest rate fluctuations. Structural interest rate risk is assessed within the frameworks of repricing risk, yield curve risk, basis risk, and optionality risk. It is measured in accordance with international standards, and risk mitigation techniques are applied through limiting and hedging transactions. The measurement of structural interest rate risk uses both income/expense and economic value approaches. The income/expense approach considers changes in the Bank’s net interest income due to interest rate fluctuations. The economic value approach analyzes the impact of interest rate changes on the present value of the Bank.
For the purpose of identifying and managing structural interest rate risk that the Bank may be exposed to due to potential maturity mismatches in its balance sheet structure, duration gap, economic value, economic capital, credit spread risk sensitivity, net interest income, net interest income at risk, and the market price sensitivity of securities in the banking book are measured and monitored. Behavioral models, such as early loan payoffs, deposits, and collection maturities for non-performing loans, are continuously reviewed and used to account for risks such as basis risk and optionality, thus providing more realistic balance sheet positions. The measurement models used are reviewed and subject to validation at least once a year. The calculated risk metrics and generated reports are used in balance sheet interest rate risk management under the supervision of the Asset Liability Committee.
Stress tests and scenario analyses are carried out within the framework of structural interest rate risk to measure the risks resulting from Bank-specific negative developments or major risks and vulnerabilities that may potentially arise in the economic and financial environment under stress, by observing the regulatory and internal interest rate risk management requirements. Results of stress tests are used as input for determining risk appetite, limit and budget related works, for generating balance sheet management strategies, and for evaluating the need for capital. Furthermore, the interest rate risk in the banking book is measured on an unconsolidated basis, using the standard approach. The regulatory limit is monitored in this context and reported to the BRSA on a monthly basis.
It is ensured that subsidiaries that are significant in terms of structural interest rate risk establish and monitor internal structural interest rate risk indicators and limits by taking into account their balance sheet structures and business models.
The year 2025 continued to be a period in which regulatory changes were effective; the shortening of TL time deposit maturities and the growth of the TL balance sheet following the termination of FX-protected deposits contributed to the upward trend in interest rate risk. In order to minimize the risk of potential changes in the Bank’s net interest income and total economic value due to possible changes in interest rates, structural interest rate risk continued to be managed prudently and closely monitored. Within the scope of the regulatory amendments regarding Interest Rate Risk in the Banking Book published by the BRSA in May, interest rate risk models were reviewed, and transition efforts to the new calculation infrastructure were completed, with calculations compliant with the new regulation commencing as of October.
STRUCTURAL FOREIGN EXCHANGE RISK
Structural foreign exchange risk is defined as the potential impact of adverse exchange rate fluctuations on the capital adequacy ratio and the amount of foreign currency risk-weighted assets when the Bank conducts significant activities in currencies other than the local currency on its balance sheet or holds positions for the sake of preserving capital.
In cases where the Bank conducts significant activities in currencies other than the local currency on its balance sheet or holds positions to preserve its capital, the potential impact of adverse exchange rate fluctuations on the capital adequacy ratio and foreign currency risk-weighted assets is regularly monitored, tracked within internal limits, and reported. Within this framework, analyses are expanded to include sensitivities that may arise as a result of Bank- specific adverse conditions or changes in the market, taking into account regulatory and internal structural foreign exchange risk management requirements. In addition, the Bank’s foreign currency position and the profit and loss movements that may result from exchange rate volatility associated with this position are regularly monitored and reported.
It is ensured that subsidiaries that are significant in terms of structural foreign exchange risk establish and monitor internal structural foreign exchange risk indicators and limits by taking into account the foreign currency composition of their balance sheets.
In 2025, while structural foreign exchange risk continued to be managed prudently, the sensitivity of equity to exchange rate fluctuations decreased relatively as a result of the issuance of subordinated loans.
REPUTATIONAL RISK
Reputational risk is defined as the Bank’s risk of loss due to negative views of stakeholders such as customers, employees, shareholders, suppliers, competitors and supervisory authorities or loss of trust in the Bank or reputation impairment as a result of non-compliance with existing legal regulations.
The Bank considers and manages its reputational risk within the frame of the Board of Directors approved policy, avoiding all kinds of transactions and activities that would cause reputational risk in the eyes of customers, legal authorities and other stakeholders. Trainings are organized to raise awareness of reputational risk across the Bank and to encourage all employees to fulfill their duties and responsibilities.
In order to ensure the effective management of reputational risk at the Bank, it is aimed to monitor the Bank’s reputation and reputational risk through a methodological approach and to take all necessary measures before reputational risk materializes. Through this methodology, the Bank defines and reviews a map in which it prioritizes the reputational risks it faces, together with a set of action plans aimed at mitigating these risks. To regularly monitor the effectiveness of risk mitigation efforts, key risk indicators are defined for each risk factor. Risks and risk factors are defined across the dimensions of products and services, ethics and workplace, leadership and finance, innovation and digital transformation, and citizenship and sustainability.
Additional activities for monitoring reputational risk include monitoring the media, the press and social media platforms with respect to the Bank’s reputation, conducting a regular reputation analysis and managing potential impacts; ensuring continued awareness of compliance with laws. Corporate standards, Code of Conduct and best practices, and development of processes that guarantee management of IT/ information security and IT-related risks. Reputational risk factors cover a wide range of issues from marketing practices to customer services and product terms, and are managed through appropriate committees within the Bank’s comprehensive committee structure.
According to the Reputational Risk Resilience Assessment conducted for 2024, Garanti BBVA’s resilience score was realized at a high level, reaching 74 out of 80. Based on the results of the assessment, corrective measures were implemented for the limited number of risk factors identified as areas for improvement.
CLIMATE CHANGE RISK
Climate change risk refers to transition risks that may be encountered due to process of adaptation to a low-carbon economy and physical risks that may arise from the impacts of natural events caused by climate change. Climate change–related risks are considered as an additional factor affecting the Bank’s already identified risk categories and are therefore managed through the Bank’s existing risk policies.
In this context, climate-related risks are gradually incorporated into the planning and management of the Bank’s new credit allocations. To combat the increasing effects of the climate crisis, risk indicators supporting the transition to a low-carbon economy are included within the Bank’s risk appetite framework. The Bank assesses climate-related financial risks that could significantly affect its and its clients’ financial positions, considering their effects over various time horizons and interactions with other risks. In addition, assessments regarding the impact of climate-related financial risks on the Bank are included in the ICAAP study. The measurement model used is reviewed and subject to validation at least once a year.
COUNTRY RISK
Country risk is defined as the default risk faced by the Bank, beyond ordinary commercial risks, in the activities of its overseas branches and financial subsidiaries with counterparties that are not resident in the same country (counterparties resident in a country other than the risk-taking country).
Country risk is assessed and monitored on a country basis using methods in line with international standards and local regulations. Country risk is monitored and reported on a non-consolidated and consolidated basis by country. Actions are taken to make sure that the Bank’s country risk exposure remains within the set limits, and related reporting, control and audit systems are established as necessary.
CONCENTRATION RISK
Concentration risk refers to risks arising from concentrations, either across different risk types or on an individual risk basis, that may threaten the ability to sustain core activities or the financial structure, or that may result in significant losses at a level that could cause material changes in the risk profile.
Risk concentration resulting from the interaction of different risk positions within an individual risk category with one another is defined as “risk-based concentration”, and that resulting from the interaction of different risk positions between different risk categories as “inter-risk concentration”. Internal capital requirement calculations for credit concentration risk are performed separately on a sectoral and single-name basis. The measurement approach used is subject to validation at least once a year.
Qualitative and quantitative assessments regarding concentrations by other risk types and across risks, other than credit risk, are included in reports prepared within the framework of risk policies and procedures. Concentration risk indicators are monitored and reported on a monthly basis.
LIQUIDITY RISK
Liquidity risk is defined as the risk that the Bank may be unable to meet its payment obligations on time and without incurring additional costs due to the lack of cash or cash inflows of sufficient level and quality to fully and timely cover cash outflows as a result of imbalances in cash flows.
Liquidity risk is managed under the supervision of the Asset Liability Committee and other relevant committees/working groups in order to ensure that necessary measures against potential liquidity squeezes arising from market conditions or the Bank’s financial structure are taken in a timely and appropriate manner. Under the Liquidity Contingency Plan approved by the Board of Directors, liquidity risk is monitored within the scope of stress indicators and thresholds anticipating potential liquidity stresses which could activate the liquidity contingency plan, activation of the communication procedure, predefined measures and action plans and roles and responsibilities in a stress situation. Liquidity risk stress testing is conducted to identify potential liquidity stresses and to ensure that the Bank maintains a sufficient liquidity buffer to withstand extraordinary liquidity stresses. Liquidity risk is monitored through internal limit levels in order to assess the funding structure and liquidity capacity by maturity buckets and to manage short-term funding sources effectively, while compliance with regulatory liquidity ratios is ensured. For deposits, which are an important balance sheet item in terms of liquidity management, deposit behavioral models are developed. Liquidity and funding risk concentrations are monitored across different dimensions such as counterparty, product, maturity, and business line. The TL Loan/Deposit ratio metric, whose limit level changes during the year (based on a regularly determined moving average period) is monitored in reference to the sector. Within the scope of consolidated monitoring, consolidated stress test analysis results are regularly monitored throughout the year. Intraday liquidity risk is monitored regularly through defined indicators. Within the scope of the contingency plan under the liquidity and funding risk procedure approved by the Risk Committee, situations that may anticipate intraday liquidity stress and require the activation of the contingency plan are monitored, and intraday liquidity stress tests are conducted. On an annual basis, liquidity planning is prepared within the scope of the internal liquidity adequacy assessment process.
Liquidity stress test results for subsidiaries are monitored. Subsidiaries that are significant in terms of liquidity risk are ensured to establish and monitor internal liquidity and funding limits in order to assess the robustness of their liquidity and funding structures.
In addition to recurrent activities carried out as part of liquidity risk analyses, in line with the Bank’s strategy in the field of sustainability, transactions falling under Environmental, Social, and Governance principles are segregated within the framework of stress test assumptions and assigned higher renewal rates. In addition, stress test assumptions are reviewed every three-month period during the year in terms of consistency and prudence. The potential impacts of climate change transition risk on the liquidity buffer are assessed through the valuation and availability of high-quality liquid assets.
In 2025, domestic and global macroeconomic developments, the Bank’s new product and service initiatives, and budget processes were closely monitored. The impact of relevant changes on liquidity indicators was regularly analyzed and shared with the Bank’s senior management.
The Bank’s liquidity position continued to be proactively and closely monitored. The Liquidity Coverage Ratio (LCR), which represents the proportion of high-quality liquid assets held by financial institutions to ensure the continued fulfillment of short-term obligations, maintained its strong stance throughout the year, with the monthly simple arithmetic average calculated for the last three months of 2025 realized at 148.57%. In addition, the Net Stable Funding Ratio (NSFR) remained well above the regulatory minimum level, continuing its strong trend, and was realized at 135.72% in the last quarter of the year.
MODEL RISK
Model risk is defined as the potential loss that the Bank may experience as a result of decisionsmade based on incorrect model outputs, errors arising during development, or the use of a model outside its intended purpose.
Model risk refers to potential risks that may be encountered throughout the lifecycle of risk models. The Bank aims to minimize model risk and manages it through its established model risk management framework. In order to effectively monitor and manage model risk, the Bank uses the Model Risk Model and measures model risk through quantitative and qualitative indicators within this scope.
The Model Risk Model determines the level of model risk by taking into account all risk models in the Bank’s model inventory. It is reviewed and subject to validation on an annual basis, and is updated when necessary.
RISK MANAGEMENT IN SUBSIDIARIES
The Bank closely monitors the risk management activities carried out in subsidiaries from an integrated risk management perspective, in conformity with international best practice standards in risk management and in a manner appropriate to each subsidiary’s specific risks, activities, and regulations. In order to identify the needs related to subsidiaries’ risk management practices and to ensure that necessary activities and reporting are managed effectively in proportion to each subsidiary’s structure, level of complexity, size, and risks, the Bank coordinates the relevant risk management units/departments. Necessary work is carried out with subsidiaries within the framework of market conditions and regulatory requirements to align risk management policies, rules, procedures, and risk limits with those of the Bank. Risks related to subsidiaries, risk measurement results, and other risk management activities are monitored. The Bank’s risk management oversees and evaluates the risk management activities carried out at subsidiaries, and supports them with the methodology needed in this respect. Consolidated perspective is also applied as and when appropriate.
The year 2025 was a year in which strong capital and liquidity positions were maintained for subsidiaries. Within the scope of managing climate change risks, transition risks related to the shift to a low-carbon economy and externally driven physical risks were included not only in the Bank’s but also in subsidiaries’ risk management frameworks. These matters were addressed in the relevant sustainability reporting. As part of efforts to align subsidiaries’ non-financial risk management practices with those of the Bank, key risk indicators began to be monitored. Within the scope of managing model risk from a consolidated perspective, efforts were carried out to align the development and validation methodologies of all models with those of the Bank.