Garanti BBVA measures and monitors its risk exposure on consolidated and unconsolidated bases by using methods compliant with international standards, and in accordance with the applicable legislation. Advanced risk management tools are utilized in measuring operational risk, market risk, asset and liability risk, counterparty credit risk and credit risk.
The Bank’s risk management strategy, policies and implementation procedures are reviewed within the frame of regulatory changes and the Bank’s needs.
Our risk management process is set up in a way, that the material themes and strategic objectives are linked and are the basis for the risks and opportunities identified.
Through the risk appetite framework, the Bank determines the risks that it is prepared to take based on the predicted capability of safe handling of risks so as to achieve the goals and strategic objectives as defined by the Board of Directors. Riskbased limits and metrics pertaining to capital, liquidity and profitability, which have been created as per the risk appetite framework are monitored regularly.
Risk Management coordinates the concerned parties and thus handles the preparation of the ICAAP report, which will be submitted to the BRSA. In addition, the stress test report is submitted to the BRSA, which addresses how the potential negative effects on macroeconomic data might alter the Bank’s three-year budget plan and results within the frame of certain scenarios, as well as their impact upon key ratios including the capital adequacy ratio.
The Bank identifies, evaluates and manages its reputational risk, avoiding all kinds of transactions and activities that would cause reputational risk in the eyes of, customers, legal authorities and other stakeholders. Trainings are held with the aim of raising awareness about reputational risk throughout the Bank and encouraging all employees to fulfill their duties and responsibilities.
In order to ensure efficient management of reputational risk across the Bank, it is aimed to monitor the Bank’s reputation and reputational risk through a methodological approach and take all necessary precautions before the reputational risk occurs. Through this methodology, the Bank regularly defines and reviews a map in which it prioritizesthe reputational risks it faces, together with a set of action plans to mitigate these risks. It defines key risk indicators for each risk factor to regularly monitor the strength of the risk mitigation The risks and risk factors are defined in dimensions such as customercenteredness, workplace, ethics and citizenship, finances and leadership.
Additional efforts carried out to monitor reputational risk include monitoring the media, the press and social media platforms with respect to the Bank’s reputation, conducting a regular reputation analysis and managing potential impacts; ensuring continued awareness of compliance with laws, corporate standards, Codes of Conducts and best practices, and development of processes that guarantee management of IT/information security and IT-related risks.
Reputational risk factors cover many aspects from marketing practices, customer service to products terms and are governed through the relevant committees within the Bank’s extensive committee structure.
ENVIRONMENTAL AND SOCIAL RISK
Banks, in particular, face risks associated with financing activities that could result in adverse impacts on the environment and society. Failure to address these risks in a timely and appropriate manner may result in reputational damage and consequently a loss of investor support and customer loyalty, among other challenges.
Garanti BBVA sees its proactive management of these risks, such as arising from climate change, not only as critical to its success but also as one of its most essential duties to its stakeholders Through its effective approach to sustainability embedded throughout its organization, Garanti BBVA monitors a variety of environmental and social indicators, benchmarks itself against best practices worldwide, takes steps to close the gap, raises the awareness of employees and collaborates with its peers, financial institutions, customers and business associations.
Garanti BBVA also implements an Environmental and Social Risk Assessment Process in line with international best practices to help drive improvement across its loan portfolios.
Within the scope of ESIAP, Garanti BBVA ensures that the projects financed by the Bank satisfy the social and environmental standards required by legislation and the Bank’s policies. If necessary, the Bank also ensures that the project owners undertake an impact assessment, take prescribed measures and establish effective control mechanisms.
Garanti BBVA has a full-time Sustainability Team which comprises of 5 fulltime members and is responsible of embeding sustainability criteria into core business. Reporting to the Sustainability Committee chaired by a Board Member, the Team’s responsibilities on environmental and social risk management is to: verify environmental and social risk management policies, strategy and implementation principles, ensure that risk management principles are widely embraced throughout Garanti BBVA and its subsidiaries; through hard and soft controls, provide technical and implementation support on E&S riskrelated measures to other departments as well as customers. Garanti BBVA's Corporate and Commercial Loans Risk Management Unit is also responsible for ensuring the effective implementation of ESIAP.
Operational risk is managed on the basis of the three lines of defense approach within the frame of risk management policies approved by the Board of Directors. The Board of Directors issues the risk appetite for operational risk and related limits, and senior management ensures consistent and efficient implementation and maintenance of the operational risk management framework in relation to all activities, processes and products.
First line of defence; composed of the business and support areas, responsible for the primary management of operational risk in their products, activities, processes and systems within the frame of the Bank’s policies and implementation principles.
Second line of defense; consists of the Operational Risk Management, Internal Control Unit, Compliance Department, Anti-Fraud Monitoring Department, Internal Risk Control and Internal Financial Control. Operational Risk Management that takes place in the second line of defense establishes policy and procedures (loss data, scenario analyses, risk indicators and self-assessment, new product and outsourcing assessment process) as part of operational risk measurement and management, and provides the necessary guidance and coordination for their use. Operational Risk Management uses the data obtained by measurement tools to generate reports.
Third line of defense; Internal Audit Department, performs internal audit activities and independently reviews all aspects of operational risk management framework.
The definition of Operational Risk includes the following risk types: Processes, External and Internal Fraud, Technological, Human Resources, Business Practices, Disasters, Suppliers.
Market risk is measured in accordance with applicable regulations, Garanti BBVA's policies and procedures, employing internationally accepted methodologies that are aligned with the Bank’s structure, and they are evaluated within a continuously improving structure. Market risk is managed by measuring and limiting risk in accordance with international standards, allocating sufficient capital and minimizing risk through hedging transactions
arket risk is defined as the risk Garanti BBVA faces due to fluctuations in market prices in relation to the positions it maintains on or off its balance sheet for trading purposes, and is calculated daily using the Value-at-Risk (VaR) model. VaR is a measure of the maximum expected loss in the market value of a portfolio of a certain maturity as a result of market price fluctuations, at a specified probability within a certain confidence interval. VaR is calculated using historical simulation method and two-year historical data at 99% confidence interval. Regular backtesting is conducted to measure the reliability of the VaR model. The model is validated on an annual basis. Market Risk is managed through capital, VaR and stop/loss limits approved by the Board of Directors. Limit levels are determined according to annual profit/ loss targets. The limits set are monitored and reported daily by the Market Risk and Credit Risk Control Departments. VaR stood at TL 4.74 million by the end of 2017
VaR does not constitute an important risk for the Bank given the amount of Garanti BBVA's shareholders’ equity. In order to identify the risks that might arise from major market volatilities, regular stress tests and scenario analyses are conducted using the VaR model.
STRUCTURAL INTEREST RATE RISK
To determine and manage the Bank’s exposure to structural interest rate risk arising from maturity mismatches in its balance sheet, duration gap, economic value of equity (EVE), economic capital (ECAP), credit spread risk sensitivity, net interest income (NII), earnings at risk (EaR), available-for-sale (AFS) and held-to-maturity (HTM) portfolios are monitored by measuring market price sensitivity. The risk metrics calculated and the reports generated are used for managing balance sheet interest rate risk under the supervision of the Assets and Liabilities Committee (ALCO).
Stress tests and scenario analyses are carried out within the framework of structural interest rate risk to measure the risks resulting from Bank-specific negative developments or major risks and vulnerabilities that may potentially arise in the economic and financial environment under stress, by supervising the regulatory and internal interest rate risk management requirements.
Results of stress tests are used as input for determining risk appetite, limit and budget-related works, for generating balance sheet management strategies, and for evaluating the need for capital. Within this framework, internal limits for EVE sensitivity, ECAP, NII sensitivity, earnings at risk, securities revaluation differences and securities EVE sensitivity are regularly monitored and reported. The interest rate risk in the banking book is measured on an unconsolidated basis, using the standard shock method; the regulatory limit is monitored and reported to the Banking Regulation and Supervision Agency (BRSA) on a monthly basis. It is ensured that subsidiaries set and monitor internal structural interest rate risk limits.
STRUCTURAL EXCHANGE RATE RISK
The potential impact of negative exchange rate fluctuations upon the capital adequacy ratio and FC riskweighted assets are regularly followed up, monitored according to internal limits, and reported, in the case that the Bank performs material operations in currencies other than the local currency in its balance sheet or maintains positions for shareholders’ equity hedging purposes. The analysis conducted in this framework are expanded to encompass potential sensitivities that may result from Bank-specific negative events or changes in the market by supervising the regulatory and internal structural exchange rate risk management requirements. In addition, the Bank’s FC position and the profit/loss movements resulting from this position are monitored and reported at regular intervals. It is ensured that subsidiaries set and monitor internal structural exchange rate risk limits. FX sensitivity of 12-month projected P&L are monitored.
Within the framework of liquidity and funding risk policies approved by the Board of Directors, liquidity risk is managed under the supervision of ALCO in order to take appropriate and timely measures in case of liquidity squeeze arising from market conditions or Garanti BBVA's financial structure. Under the liquidity contingency plan approved by the Board of Directors, Garanti BBVA monitors liquidity risk within the scope of stress indicators and thresholds anticipating potential liquidity stresses which could activate the liquidity contingency plan, activation of the communication procedure, predefined measures and action plans and roles and responsibilities in a stress situation. Liquidity risk stress test is performed in order to identify potential liquidity tensions and to ensure that the Bank has a sufficient liquidity buffer to face exceptional liquidity stresses. Liquidity risk is monitored by internal limits and alert levels in order to assess the funding structure and liquidity capacity based on maturity buckets and to manage short term funding sources effectively, while compliance with regulatory liquidity ratios is ensured. Core deposit and average life analyses are performed for deposits, which is an important balance sheet item in terms of liquidity management. Concentrations in liquidity and funding risks are monitored. Within Internal Capital Adequacy Assesment Process (ICAAP), liquidity planning is performed annually. Stress test results for subsidiaries are monitored and it is ensured that subsidiaries which are concerned with liquidity risk establish and monitor internal liquidity and funding limits to assess the robustness of their liquidity and funding structures and have liquidity and funding risk policies approved by Board of Directors including liquidity contingency plan.
Credit risk management is a process for consistently evaluating and monitoring credit risk, and covers all credit portfolios. Concentrations are monitored across the portfolio with respect to internal risk ratings, sectors, regions, groups and customers.
Under IAS 39 collective provision calculation is performed for the entire Bank. Risk adjusted return based limits are determined for retail and corporate portfolios, as part of asset allocation across the Bank. The adequacy of the Bank’s internal capital is evaluated with stress tests and scenario analyses.
In order to rate customers using objective criteria with respect to corporate and commercial loans portfolio, outputs from internal risk rating models, which were developed using statistical methods on historical data, are incorporated into the relevant lending policies and procedures. Models are used for the evaluation of specialized lendings according to supervisory slotting criteria. The internal risk rating models calculate the probability of default for each customer and keep this data up-to-date. For the corporate portfolio, ratings are actively used for credit allocation, authorization, internal capital and risk-based provision calculations, risk appetite indicator, limit creation for asset allocation, risk-based profitability calculations, budgeting concentration risk calculations and stress tests.
Basically, two rating systems are used in the lifecycle of retail receivables; an application score calculated at the time of the loan application so as to include external factors, as well, and a behavior score targeting to measure the credit risk periodically taking into consideration the behavioral characteristics of the customer / product following loan disbursement. In the allocation processes of generalpurpose, auto, mortgage, commercial mortgage, home equity, overdraft loans and commercial credit cards and credit card portfolio, which undergo retail and SME lending processes, application score is utilized. In retail portfolio, the behavior score is used for the limit management of revolving products, internal capital calculations, risk appetite indicator, riskbased profitability calculations, budgeting and concentration risk calculations, stress tests and limit creation for asset allocation.
In IFRS9, together with other important explanatory variables, the output of internal credit decisioning systems as specified above (i.e. internal risk rating models, retail application and behavioral scorecards) are used as risk drivers as to determine the final score bucket and the corresponding probability of default. Expected credit loss is calculated using probability of default as well.
Collection performances of nonperforming loans in any portfolio are analyzed, and loss given default ratios are calculated in view of the time value of the money and costs incurred for making the collections, on the basis of segments in the case of commercial loans and of products and segments in the case of retail loans. Studies are carried out to predict the level of loss ratios at times of economic downturn. These ratios are used to calculate expected loss, limit creation for asset allocation, risk-based profitability and internal capital.
Qualitative and quantitative validation is performed in particular for credit risk models and methodologies that are primarily used for capital calculation.
Model monitoring activities are done and actions are taken if necessary.
COUNTERPARTY CREDIT RISK
Counterparty credit risk strategy, policy and implementation principles are defined in the policy document approved by the Board of Directors. The Bank measures, monitors and creates limit for this risk in line with this policy. The Bank uses the internal model method (IMM) to measure and report the counterparty credit risk for derivative transactions, repurchase transactions, security and commodity lending in addition to using Current Exposure Method (CEM) for regulatory purposes. Within this scope, the Bank employs risk mitigation techniques through framework agreements (ISDA, CSA, GMRA, etc.), obtaining collateral and complementing margins as part of counterparty credit risk management to the extent allowed by national and international legislation.
The Bank also calculates economic capital for counterparty credit risk by way of a model that uses parameters (Rating, PD, LGD) based on the internal model
Under the country risk policy approved by the Bank’s Board of Directors, methods compliant with international norms and local regulations are employed to evaluate and monitor developments in country risk on the basis of individual countries. Actions are taken to make sure that the Bank’s country risk exposure remains within the set limits, and related reporting, control and audit systems are established as necessary
The Bank defines and monitors any concentrations among different types of risks or in any individual risk, which might result in material losses that would endanger the ability to sustain fundamental activities or the financial structure or lead to a significant change in the risk profile, within the frame of the policy approved by the Board of Directors. Qualitative and quantitative assessments of concentrations on the basis of individual risks or among risks are addressed in reports produced according to risk-oriented policies and procedures.
RISK MANAGEMENT IN AFFILIATES
The Bank determines the needs for risk management of affiliates and ensures that required studies and reports with the scale appropriate for the structure, complexity level, size and risks are effectively managed in coordination with risk management units/functions in affiliates. Necessary work is carried out with affiliates in accordance with market conditions and legal regulations to align risk management policies, rules, procedures and risk limits with the Bank. Risks associated with affiliates, risk management results and other risk management activities are monitored. The Bank’s risk management oversees and evaluates the risk management activities carried out at affiliates, and supports them with the methodology needed in this respect. Consolidated perspective is also applied as and when appropriate.