Risk management foundations


mBank Group manages risk on the basis of regulatory requirements and best market practice by developing risk management strategies, policies and guidelines.

Risk management roles and responsibilities in mBank Group are organised around the three lines of defence scheme:

  • The first line of defence is Business (business lines), whose task is to take risk and capital aspects into consideration when making all business decisions, within the risk appetite set for the Group.
  • The second line of defence, mainly Risk (risk management area), IT, Security and Compliance function, is responsible for determining framework and guidelines concerning managing individual risks, supporting Business in their implementation as well as supervising the control functions and risk exposure.
  • The third line of defence is Internal Audit, ensuring independent assessment of the first and the second line of defence.


In the risk management process, the Bank attaches high importance to the communication between the first and the second lines of defence. An important role in this regard is played by the Business and Risk Forum of mBank Group which is a formal decision and communication platform dedicated for finding solutions ensuring the optimal relation between profits and risk taking, in accordance with the risk appetite approved by the Management Board. The Forum is constituted by the following bodies dedicated to individual business lines:

  • Retail Banking Risk Committee (KRD);
  • Corporate and Investment Banking Risk Committee (KRK);
  • Financial Markets Risk Committee (KRF).


The Committees are composed of the representatives of business lines and respective risk management area departments. Each Committee is responsible for all types of risk generated by business activity of the given business line.

Structure and tasks of the risk management area

The management function at the strategic level and the function of control of credit, market, liquidity and operational risks and risk of models used to quantify the aforesaid risk types are performed in the risk management area supervised by the Vice-President of the Management Board, Chief Risk Officer.

Individual units have specific roles in the process of identifying, measuring, monitoring and controlling risk. Within the scope of their powers, the units develop methodologies and systems supporting the aforesaid areas. Furthermore, the risk control units report the risk and support the major authorities of the Bank.

The risk management area is functioning within the following organizational structure:

  Vice-President of the Management Board, Chief Risk Officer  
Corporate Risk Processes Departament
  • Developing and implementation of corporate credit process and supervision over its effectiveness.
  • Preparing corporate credit risk management strategy of mBank Group as well as credit policies including policies regarding industrial risk appetite.
  • Preparing portfolio analysis and reports for the purpose of management of corporate credit risk.
  • Developing and monitoring the quality of rating models for retail and corporate clients and financial institutions (credit risk modelling).
  • Settlement and accounting of structured finance and mezzanine transactions and collection operations.
  • Verification of value, liquidity and attractiveness of real estate and movables provided for collateral of loans, and analysis of investments financed by the Bank.
Corporate Risk Assessment Department
  • Implementation of the Bank’s credit policy regarding corporate customers, countries and financial institutions.
  • Credit risk management in the Bank and the Group subsidiaries in the abovementioned areas.
Credit Processes and Retail Risk Assessment Department
  • Making credit decisions concerning retail banking products.
  • Monitoring credit agreements and performing administrative activities.
  • Developing and effectively using anti-fraud systems and tools.
  • Preventing credit fraud and exercising control over operational risk in the credit process for retail and corporate banking products, as well as developing the methodology of these processes.
  • Identifying gaps in processes, products and systems that impact an increase in fraud exposure and applying measures to eliminate such gaps.
Retail Risk Management Department
  • Development of risk management principles and processes.
  • Acceptance of retail banking products, including the impact on the different types of risk and capital requirements.
  • Development of reports for monitoring of risk management policies.
  • Development and management of systems supporting the risk assessment and decision-making process.
Retail Debt Restructuring and Collection Department
  • Handling the processes of debt restructuring and collection of receivables arising from retail loans granted on the Polish market.
  • Debt sale transaction of NPL for receivables arising from retail loans granted on the Polish market.
Financial Markets Risk Department
  • Identifying, measuring controlling and monitoring of market risk, interest rate risk of the banking book, liquidity risk and counterparty risk.
  • Developing methods for measuring market risk, interest rate risk of the banking book, liquidity risk and counterparty risk.
  • Developing methods for valuations of financial instruments.
  • Valuation and control of transactions and analysis of P&L of front-office units.
  • Content management of front-office systems and risk measure system.
  • Controlling of Bank’s contributions to WIBID/WIBOR fixing.
Integrated Risk and Capital Management Department
  • Integration of risk and capital management within the ICAAP.
  • Control of capital adequacy and risk bearing capacity as well as planning and limiting risk capital.
  • Formulation of risk appetite and coordination of the process of determining strategic risk limits.
  • Integration of risk valuation (economic capital, reserves, stress tests).
  • Integration of control of non-financial risks (including operational risk) and Internal Control System Self-assessment (ICS).
  • Integration of model management and validation of quantitative models.
Projects and Risk Architecture Management Department
  • Risk Projects Portfolio Management.
  • Performing the function of competence centre in the area of process management.
  • Development and optimization of the architecture of IT processes and applications of Risk.
  • Management of the IT applications of Risk (maintenance and development).
  • Risk data management and cooperation with the Finance Division within the scope of centralized management information system.
Foreign Branches Risk Department
  • Supporting the credit risk assessment process and taking part in the decision making process regarding credits in the Bank's foreign branches
  • Credits managing/settling in the Bank’s foreign branches.
  • Handling the vindication process in the Bank’s foreign branches.



Organizational units outside the risk management area are in charge of the management and control of other risks (business risk, capital risk, reputational risk, legal risk, IT systems risk, personnel and organisational risk, security risk and compliance risk).

Vision of the Risk Management Area

In connection with the approval by the Management Board and the Supervisory Board of the Bank of the mBank Group Strategy 2016-2020 “mobile Bank” and having regard to the progressive changes in the use of new technologies, significant demographic changes and increase in restrictiveness of the regulatory environment the risk management area redefined its vision which is now as follows:


Vision of the Risk Management Area

We take advantage of the opportunities in a dynamically changing environment, using innovative methods of risk management.

Bearing in mind the bank’s efficiency and safety, we create value for the customer in a partner dialogue with the business.


The risk management area is actively involved in the implementation of initiatives and actions undertaken while realization of the new strategy of the Group, building its objectives for the coming years around the pillars of the new strategy which are: (1) Empathy to customers, (2) Mobility, (3) Efficiency: Productivity. Capital. Financing, (4) Engaged employees, (5) Technological advantages.


Key changes in the risk management area in 2016


mBank Group is continuously improving risk control and management process with a focus on a streamlining integrated risk management from the perspective of concentration on a customer.

Selected projects realized in 2016 are described below:

  • Adaptation works to the requirements of Recommendation W concerning model risk management in banks (published in July 2015 by the Polish Financial Supervision Authority) were completed. The abovementioned works resulted, among others, in the update of Model Management Policy, which was supplemented with provisions addressing requirements of the Recommendation W. The model risk tolerance level was also defined. In addition, Model Risk Committee responsible for supervising model risk management process was appointed. The Committee performs information, discussion, decision and legislative functions. In particular, the Committee:
    • approves the new and redesigned models, as well as amendments thereto, deciding also about the resignation from the application of the model;
    • takes decisions on the scope of application of the group and external models, including central models, in banking processes;
    • recommends the tolerance level for model risk and submits its findings to the decision of the Management Board and the Supervisory Board;
    • takes the final decision regarding approval of the significance assigned to a given model;
    • approves preventive and remedial measures indicated within the results of monitoring;
    • accepts the schedule for validation of models and the results of each model validation.
  • Implementation of the Internal Control System Self-assessment was completed in mBank Group subsidiaries. In the Bank, the Self-assessment was implemented in 2015. Thus, the process covers the whole activity of the Group. Self-assessment process is carried out on an annual basis and it aims at a comprehensive assessment of operational risk.
  • “Credit policy of financing residential developers projects by mBank Group” was adopted. A framework for the risk appetite and development of acquisition in this market was determined, the definition of residential developer’s project was developed, risks were identified and their mitigants were introduced, and the limit for the portfolio of residential developers’ projects was implemented.
  • Continuation of the program – launched in 2015 - of continuous increase of effectiveness of work in the risk management area based on the principles of Lean Management with an emphasis on implementing a culture of responsibility and mechanisms for continuous improvement of processes. The aim of the program is to enable the absorption of the increasing number of tasks resulting from the business development and increasing regulatory requirements, without necessity to enlarge significantly the available resources.
  • The Bank carried out IFRS 9 implementation project, including, among others, analytical work in assessing the impact of IFRS 9 on the methodology for calculation of provisions in the Group; implementation of the necessary changes was also started. IFRS 9 changes the requirements for classification and evaluation of financial assets and implements the impairment model based on the expected losses calculated for certain instruments over the lifetime of the asset. IFRS 9 will take effect starting from January 2018.



Main risks in the mBank Group’s business


The Management Board of mBank takes measures necessary to ensure that the Bank manages all material risks arising from the implementation of the adopted strategy of mBank Group, in particular, through approving strategies and processes for managing material risks in the Group.

The following risks were recognized as material in the operations of the Group as of the end-2016:

Credit risk
  • Counterparty/default risk: risk of losses resulting from counterparty’s failure to perform their obligations and the risk of reduction in the economic value of the credit exposure as a result of deterioration in the counterparty’s ability to serve the liability.
  • Concentration risk: risk of a high concentration of credit losses resulting from high exposures.
  • Residual risk: risk resulting from the defective nature of collateral accepted and, hence, ineffectiveness of applied techniques of credit risk mitigation.
  • Reserve risk: risk of an underestimation of loan loss provisions for exposures in default status.
  • Participation investment risk: risk of decrease in economic value of participation exposure not traded on a regulated capital market as a result of worsening economic and financial situation of the issuer.
Market risk Risk resulting from unfavourable change of the current valuation of financial instruments in the Bank’s portfolios due to changes of the market risk factors, in particular interest rates, foreign exchange rates, stock share prices and indices, implied volatilities of relevant options and credit spreads.
Operational risk Risk of loss resulting from a mismatch or unreliability of internal processes, people or systems or external events. Operational risk includes, in particular, the following sub-categories: legal risk, IT systems risk, personnel and organizational risk, security risk, compliance risk.
Business risk Risk of losses resulting from deviations between actual net operating result of the mBank Group and the planned level.
Liquidity risk Risk of failure to fund assets and meet payment obligations arising from balance sheet and off-balance sheet items owed by the Bank in a timely manner and at a market price.
Reputational risk Risk resulting from a negative perception of the image of the bank or other member of the group among their stakeholders.
Model risk Risk of negative consequences connected with the decisions made on the basis of the output data of models which have been improperly constructed or are improperly administered.
Capital risk Risk resulting from the lack of sufficient capital to absorb unexpected losses.


Download pdf file :

Download pdf file:

Download xls file:

mBank monitors all the aforementioned risks. The following section presents the rules of monitoring credit, market, liquidity and operational risk in mBank Group using risk measures applied by mBank and taking into account differences in the profile and scale of business of the Group.

The detailed information on managing the abovementioned risks as well as information concerning the management of other types of risk, that is business risk, reputational risk, model risk and capital risk are included in the Consolidated Financial Statement of mBank Group in the chapter 3. Risk Management.


Capital adequacy


Maintaining an adequate level of capital is one of the main tasks of the Bank. The Management Board of mBank ensures consistency of the capital and risk management process by means of a system of strategies, policies, procedures and limits for the management of particular risks which constitute the ICAAP architecture. Furthermore, in line with the Capital Management Policy applicable at mBank, the Bank maintains an optimum level and structure of own funds, guaranteeing maintenance of the total capital ratio at a level higher than the supervisory requirement, at the same time covering all significant risks identified in the Bank’s operations and key risk concentrations resulting from applied business strategy. The assessment process comprises determination of the appropriate capital surplus required to cover potential losses resulting from materialization of particular risk factors related to the existing portfolios and planned activity. New regulatory requirements as well as possible adverse macroeconomic changes are also taken into account in the capital management process.

The Capital Management Policy at mBank is based on two main pillars:

  • maintenance of an optimal level and structure of own funds, with the use of available methods and means (retained net profit, issue of shares, subordinated bonds, etc.);
  • effective use of the existing capital among others by applying a system of capital utilisation measures resulting in reduction of the activity that is not generating the expected return and development of products with lower capital absorption.




The capital ratios of mBank Group in 2016 were driven by the following factors:

  • inclusion in Common Equity Tier 1 capital the remaining part of the net profit of mBank Group for the year 2015, not included in Common Equity Tier 1 capital on the basis of the PFSA decision obtained in 2015;
  • inclusion in Common Equity Tier 1 capital the verified net profit of the mBank Group for the first, second and third quarters of the year 2016, net of expected charges and dividends, on the basis of the PFSA decisions from June 21, 2016, September 7, 2016 and December 14, 2016 respectively;
  • classification of capital instruments issued within incentive programs in the period from January 1, 2016 till July 31, 2016 as instruments in Common Equity Tier 1 capital;
  • change of calculation methodology for the additional value adjustments deducted from Common Equity Tier 1 capital;
  • change of the limit for unrealized gains measured at the fair value included in the own funds calculation from 40% in 2015 to 60% in 2016;
  • change of the limit for grandfathered subordinated instruments included in the own funds;
  • adjustment of the application of the regulatory floor to the requirements of article 500 of the CRR Regulation, also complying with the provisions of the ITS Regulation. The adjustment was implemented to ensure a full comparability, transparency and compliance of the Bank's capital position presented in the financial statement and regulatory reporting with the approach used by the EU parent institution (Commerzbank AG) and observed in other EU member states. The method used by the Bank in the past followed the local authorities' approach to the issue at hand. The PFSA within correspondence conducted by the Bank on the subject of the abovementioned adjustment, stated that it is not coherent with the local regulatory approach to own funds assessment which has been used so far and is still expected to be used;
  • extensions of the AIRB approach and the changes of the AIRB models:
    • the implementation of the material change to the internal corporate LGD model (having satisfied the suspensive conditions) for which the Bank obtained the joint consent of the European Central Bank and of the PFSA on September 15, 2016;
    • the receipt on July 26, 2016 of an official confirmation from the European Central Bank and the PFSA regarding the Bank's fulfilment of the high significance conditions stipulated in the conditional consent to apply the internal rating based approach to the calculation of the capital charge for credit risk for the credit exposures of the subsidiary mLeasing;
  • expansion of the mBank Group business activity;
  • depreciation of the Polish currency against the foreign currencies.

From 2016 banks are obliged to maintain additional own funds to cover the capital buffers implemented as a result of the Act on Macro-prudential Supervision over the Financial System and Crisis Management in the Financial System that entered into force in 2015 and transposed the CRD IV provisions to the Polish prudential regulations. As of December 31, 2016, Bank was obliged to ensure adequate own funds to meet conservation capital buffer of 1.25% of the total risk exposure amount.

As of the end of 2016 the countercyclical capital buffer rate set for relevant exposures in Poland according with the article 83 of the Act amounted to 0%. mBank Group specific countercyclical capital buffer calculated in accordance with the provisions of the Act as the weighted average of the countercyclical buffer rates that apply in the countries where the relevant credit exposures of the Group are located, amounted to 0% as of December 31, 2016.

In Q4 2016, the Bank received an administrative decision of the PFSA that identified mBank as other systemically important institutions (O-SII) and imposed a capital buffer of 0,5% of the total risk exposure amount, calculated in accordance with article 92(3) of the Regulation, to be maintained on individual and consolidated levels.

Consequently, the combined buffer requirement set for the mBank Group as of the end of 2016 amounted to 1.75% (of the total risk exposure amount).

Additionally, as a result of risk assessment carried out by the Polish Financial Supervision Authority within the supervisory review and evaluation process, in particular with regard to the evaluation of risk related to the portfolio of foreign exchange retail mortgage loans, mBank Group received an individual recommendation to maintain own funds on the consolidated level to cover additional capital requirement of 3.25% in order to mitigate the risk and 2.44% for Tier 1 capital (on individual basis: 3.81% at the level of own funds and 2.86% at the level of Tier 1 capital)

High level of additional capital requirement in Pillar II was due to the fact that the Polish Financial Supervision Authority applied one methodology to all banks in Poland. This failed to take into account the results of internal models applied by mBank to the calculation of capital requirements for credit risk. According to this methodology, the calculation of the additional capital requirement for each and every bank uses the risk weight under the standardised approach (100%) as a starting point. Consequently, more than half of the additional capital requirement calculated by the PFSA for mBank Group comes from “aligning” the capital requirement to the requirement calculated under the standardised approach. The second important component with effect on an additional capital requirement within Pillar II was related to the BION score quantifying the risk of foreign exchange retail mortgage loans portfolio, taking into account the specific nature of the Group portfolio, the following factors were taken into account:

  • the share of loans with LTV >100% in total FX lending portfolio;
  • the level of margin realised in the Group on FX lending portfolio;
  • sensitivity of total capital ratio to exchange rate and interest rate changes;
  • Group’s readiness to absorb losses of a potential portfolio currency conversion.


The level of the required capital ratios encompasses:

  • the basic requirement of PFSA addressed to banks in Poland to maintain the total capital ratio of 12% and the Tier 1 ratio of 9%;
  • the combined buffer requirement of additional 1.75%;
  • the additional capital charge in Pillar II – 3.25% (consolidated level) and 3.81% (individual level).

At the end of 2016 mBank Group comfortably met the PFSA’s required levels: its capital ratios on consolidated basis and individual basis were above the required values.

Capital ratios on individual level and consolidated Common Equity Tier 1 ratio together with Tier 1 ratio stayed above the required values during whole 2016. From the beginning of January 2016 consolidated total capital ratio of mBank Group should amount to at least 16.97% according to requirements in force at that time. Untill March 24, 2016, i.e. the day on which the Ordinary General Meeting of mBank approved consolidated financial statements of mBank Group and decided not to pay a dividend from 2015 profit, consolidated total capital ratio of mBank Group stayed slightly below the required value. From March 24, 2016 till the end of 2016 consolidated total capital ratio of mBank Group stayed above the required value.

With a considerable surplus of own funds mBank Group comfortably meets the additional own funds requirement related to Pillar II and the combined buffer requirement

  mBank Group mBank
Capital ratio Required level 31.12.2016 Required level 31.12.2016
Total capital ratio (TCR) 17.00% 20.29% 17.56% 24.07%
Tier 1 ratio 13.19% 17.32% 13.61% 20.59%
Common Equity Tier 1 ratio 12.57% 17.32% 12.88% 20.59%

Without adjustment of the approach to the application of the regulatory floor to the requirements of article 500 of the CRR Regulation, capital ratios of mBank Group as of December 31, 2016 would amount to as follows: Total capital ratio – 18.35%, Common Equity Tier 1 ratio – 15.66%. Additionally, had the Group adjusted the approach to the application of the regulatory floor as of December 31, 2015 the capital ratios of mBank Group would not change.

Without adjustment of the approach to the application of the regulatory floor to the requirements of article 500 of the CRR Regulation, mBank capital ratios as of December 31, 2016, would amount to as follows: total capital ratio – 21.93%, Common Equity Tier 1 ratio – 18.76%. Additionally, had the Bank adjusted the approach to the application of the regulatory floor as of December 31,2015 the mBank capital ratios would increase respectively: by 0.33% in case of total capital ratio and by 0.27% in case of Tier 1 ratio and Common Equity Tier 1 ratio.

The second component of the adequacy assessment of Group’s capital base, alongside the calculation of capital ratios and their comparison with the required levels (taking account of the combined buffer requirement and the additional capital chargé within Pillar II), is verification whether Group meets requirements resulting from article 500 of the CRR. To this end, own funds are compared to the value of the „regulatory floor” accounting for 80% of the comparable standardised-driven total capital requirement. This parallel calculation is to ensure that the Group’s own funds calculated under the internal rating based approach are sufficient and they do not fall below 80% of own funds that the Group would have to maintain under the standardised approach. mBank Group’s own funds are well above the level determined by the regulatory floor.

The consolidated leverage ratio calculated in accordance with the provisions of CRR Regulation and Commission Delegated Regulation (EU) 2015/62 of October 10, 2014, amending Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to the leverage ratio, including provisions regarding transitional period, amounted to 8.23%.

Stress tests

In order to ensure compliance with regulatory requirements under normal and stress conditions the Group and the Bank carry out sensitivity analyses for key concentration risks. These analysis are used among others for calculation of the capital surplus above the level of regulatory requirements.

Additionally integrated stress tests are conducted based on scenario of unfavourable economic conditions that may adversely affect the Bank’s financial position in at least a full two-year time horizon (for liquidity risk - a one-year time horizon). The risk scenario, i.e. the most plausible (in at least a full two-year time horizon) scenario of negative deviations from the base scenario, expressed in terms of macroeconomic and financial ratios, is common for all risk types, applied at Group level and aligned with the corresponding scenario accepted by the consolidating entity.

Reverse stress tests are conducted in order to identify events that might potentially pose a risk to the functioning of the Group and the Bank.

The Group and the Bank take part in regulatory stress tests conducted by the Polish Financial Supervision Authority in order to determine the impact of assumed macroeconomic stress scenarios on the Group’s balance sheet and P&L as well as on prudential norms.


Explanatory note - risk management


Download pdf:

Download xls: