mBank Group manages risk on the basis of regulatory requirements and best market practice by developing risk management strategies, policies and guidelines. The risk management process is conducted at all levels of the organizational structure, starting at the levels of the Supervisory Board (including Risk Committee of the Supervisory Board) and the bank’s Management Board, through specialised committees and units responsible for risk identification, measurement, monitoring, control and reduction, down to each business unit.
Risk management roles and responsibilities in mBank Group are organised around the three lines of defence scheme:
The first line of defence
The first line of defence is Business (business lines), whose task is to take risk and capital aspects into consideration when making all business decisions, within the risk appetite set for the Group;
The second line of defence
The second line of defence, mainly the risk management area, IT, Security and Compliance function, is responsible for determining framework and guidelines concerning managing individual risks, supporting Business in their implementation as well as supervising the control functions and risk exposure. The second line of defence acts independently of the Business;
The third line of defence
The third line of defence is Internal Audit, making independent assessment of activities connected with risk management performed by the first and the second line of defence.
Key activities and changes in the risk management area in 2018:
Risk appetite was defined for the subsequent planning horizon. Conclusions from analyses and discussions on potential impact on the Group of several issues identified during the managerial dialogue with particular emphasis on the package of non-financial risks, were taken into account while formulating risk appetite;
The Risk Management Strategy of mBank Group, the strategies for managing particular risks (concentration risk, credit risk in the corporate and the retail areas, market risk, liquidity risk, operational risk and reputational risk), as well as the Limit Book and the Stress Test Book were updated. Periodic risk inventory process was carried out resulting in the update of the Risk Catalogue of mBank Group. The internal capital adequacy assessment process (ICAAP) and the internal liquidity adequacy assessment process (ILAAP) were reviewed. The results of the reviews were presented to the Management Board and the Supervisory Board of mBank;
The process related to the application of the strategy for stabilizing net interest income from instruments financed by stable parts of capital and current accounts as well as the method of measuring the interest rate risk of the banking book were changed to facilitate the control of the impact of the adopted strategy on the market risk level. Measurement and analysis take place in two perspectives (including and without taking into account the modelling of stable parts of capital and current accounts, insensitive to changes in interest rates). The change was approved by the Management Board;
Programme of continuous increase of work efficiency based on the Lean Management rules was continued. The purpose of the programme is to allow the growing number of tasks accompanying business growth and increasing number of regulatory requirements without the need to significantly increase resources and to reallocate resources from the streamlined operating areas to the areas where resources need to be increased due to the realized projects or growing scope of tasks.