2010 Annual Report
Risk Management Policies by Types of Risks
During 2010, risk management activities continued in parallel with risk management policies approved by the Board of Directors, legislation and international practices. The Bank closely monitored the BRSA’s Basel II draft guidelines and the capital adequacy guidelines of the Basel Committee (Basel III), and studies were carried out in relation to the possible effects of these guidelines upon the Bank’s capital adequacy ratio.
Scenario analyses also continued during the reporting period regarding the impacts of economic developments and outlook on capital adequacy standard ratio. Structural interest rate risk was monitored closely through gap/duration analyses and standard interest rate shock analyses. These research findings that are reported to the Audit Committee and the Bank’s senior management are also discussed at the Asset-Liability Management Committee meetings.
Credit Risk Management Policy Document, Operational Risk Policy and Implementation Principles Document, and Operational Risk Framework were reviewed and updated.
As part of operational risk management, the Bank collects operational risk loss and potential risk data that will allow the application of advanced measurement approaches. Currently, the Bank has collected eight years of operational risk data. Operational loss data were analyzed in order to identify the risk factors, and the findings were reported to the management levels of the Bank. The efforts to improve the technical infrastructure of the Operational Risk Database and to convert it into a web-based platform were brought to completion and are now ready for data input by relevant units.
The Impact Analysis activities are in progress, which cover the Head Office units and seek to take operational risks under control through analysis of business processes by the Risk Management Department, identification of ineffective and inadequate controls, and adoption of necessary measures.
The operational risk management approach of the Bank is to create a proactive control culture that encourages all employees to identify and assess the risks in their tasks, report the risk-related issues to their managers, and take the necessary steps to make the control function more effective. The Impact Analysis efforts within this scope are performed in task force meetings, employing self-assessment method.
In addition to impact analysis work, as part of the information systems risk management initiative, the Bank is conducting efforts for determining the recovery time objective (RTO) and recovery point objective (RPO) for the information systems in business processes, determining alternative systems and analyzing the impacts of risks that may arise.
Reports issued as a result of the abovementioned efforts and improvement action plans are reported to the relevant unit, the Audit Committee, senior management, the Board of Internal Auditors and the Internal Control Department. Action plans determined and approved to be implemented are monitored to establish whether they are implemented properly. The initiative is planned to be repeated at certain intervals.
The Risk Management Department’s activities in compliance with Basel II and the European Union capital adequacy regulations and developing the risk management applications in accordance with international best practices are still ongoing.
Risk Management Policies by Types of Risk
Market Risk: Market risk exposure occurs as a result of the changes and fluctuations that may occur in the foreign exchange rates, interest rates and stock prices. The market risk exposure of the Bank stemming from its trading activities is measured and monitored using the standard method and internal models in parallel to the local and international practices.
The market risk measurement results that are calculated as of the end of each month using the standard method within the framework of the provisions of “Regulation on the Measurement and Assessment of Banks’ Capital Adequacy” are reported to the Bank’s Senior Management and the Banking Regulation and Supervising Agency monthly on unconsolidated basis and quarterly on consolidated basis.
In addition, Historical and Simulation methods are used for internal model-based VaR calculations. This method meets the needs of the Bank considering the structure of the Bank’s portfolio and the market environment in Turkey.
VaR is calculated daily with the use of one-tail 99% confidence interval. The VaR that is calculated for one day is scaled to 10 business days on the basis of the square-root-of-time rule. The historical time period used in VaR calculation is one year.
The Bank performs daily back testing analyses in order to test the reliability and performance of the model results. Furthermore, scenario analyses and stress tests supporting the standard method and internal models are performed.
The Bank started working on creating a new VAR model, taking into consideration the developments in the Bank’s portfolio structure and the possible changes in national and international regulations; these efforts are almost completed. Upon finalization of these efforts, VAR will be calculated using one of the Parametric, Historical Simulation or Monte Carlo Simulation methods.
In order to ensure restriction of market risks, the Overall Bank Limit and VAR-Based Limit practices are in place, which are monitored on a daily basis.
Structural Interest Rate Risk: In order to determine the interest rate risk that the Bank may be exposed due to maturity mismatch on its balance sheet, the impacts of liquidity, gap, duration, interest rate sensitivity and the effects of interest rate increases/decreases on the returns are analyzed. All analyses are reported to the Board of Directors, Audit Committee and the Bank’s Senior Management.
Liquidity Risk: The Bank’s approach to liquidity risk management is based on the principle of monitoring the liquidity risk throughout the day on a continuous basis. To this effect, cash inflows and outflows in TL and FX are closely monitored every minute, long-term cash flow tables are created, and scenario analysis and stress tests based on the previous experiences and expectations are performed in order to determine the Bank’s resilience against sudden crises. In addition, the bank also adheres to the liquidity-related regulations of the regulatory authorities.
Operational Risk: Operational risk is the possibility of incurring loss that may result from factors such as overlooking the errors and irregularities as a result of the defects in the Bank’s internal audits, the failure of the Bank’s management and personnel to act timely and in accordance with the market conditions, the judgment errors of the Bank’s management, the errors and breakdowns in the information technology systems, the acts of God such as earthquake, fire, flood as well as terror attacks.
Oversight of operational risks is performed by the Board of Internal Auditors and the Internal Control Department whereas the Risk Management Department is responsible for the evaluation and analysis of the data obtained and the creation of the operational risk database. In addition, joint work is conducted with the Board of Internal Auditors to create the “VakıfBank Risk Map”.
The operational loss data collected from the Board of Internal Auditors, Internal Control Department, General Accounting and Financial Affairs Department, Human Resources Department, Treasury Operations Department, Credit Cards Department and Banking Operations Department are analyzed regularly by the Risk Management Department and the risk factors that the Bank is exposed during the course of its operations are identified. These findings are reported to the Board of Directors, Audit Committee and the Bank’s Senior Management.
Operational Risk Framework, which is a common dictionary that comprehensively identifies all major risks the Bank is exposed to by category and includes definitions and examples, and the Operational Risk Policy and Implementation Principles were updated in 2010.
The operational risk capital requirement is calculated on unconsolidated and consolidated basis within the scope of the Key Indicator Approach pursuant to the “Regulation on the Measurement and Assessment of Banks’ Capital Adequacy”, and Value at Operational Risk is reported annually to the Bank’s senior management and the Banking Regulation and Supervision Agency. Our ultimate goal is to use advanced measurement approach in operational risk measurement.
Credit Risk: Credit risk arises from the failure of counterparty to partially or entirely fulfill its commitments in accordance with contractual requirements. The credit risk definition of the Bank is based on the credit risk definition of the Banking Law and includes the credit risk involved in all products and activities.
The findings from analyses of the composition and concentrations of the Bank’s loan portfolio (type of loan, currency, maturity, sector, geographical region, borrower, holding, group, participation), quality of the portfolio (standard loans, non-performing loans, delinquent loans, and the analysis of the data obtained from the credit rating system), portfolio analysis (duration, average maturity, interest rate sensitivity), and from scenario analyses, as well as studies on possible defaults are reported to the Board of Directors, Audit Committee and the Bank’s senior management by means of monthly reports and individual reports.
The Bank uses rating and scoring models for assessing the borrower’s credit quality. During 2010, the Risk Management Department carried out a work to validate the Credit Rating Model and shared the outcomes with relevant units and the Audit Committee. In order to determine the risks resulting from concentration of loans and create a balanced loan portfolio, sector-based concentration limits and country risk limits were set, which are updated in view of the Bank’s credit policy and economic developments. A key target in the Bank’s credit risk management is to implement credit risk internal methods in accordance with Basel II, the European Union Capital Adequacy Regulation and the international best practices.
Legal Compliance
The Bank’s Board of Directors established the Legal Compliance Department with its resolution dated January 22, 2009 in an attempt to fight more effectively against the laundering of proceeds of crime and to prevent the use of the financial system by criminals, within the frame of the Law No. 5549 on Prevention of Laundering Proceeds of Crime and related regulations,
Approved by the Board of Directors and enforced as of May 14, 2009, the Bank’s Policy Document on the Prevention of Laundering Proceeds of Crime and the Financing of Terrorism has been revised and renamed as “Policy Document on the Prevention of Laundering Proceeds of Crime and Financing of Terrorism and Implementation Principles” in an effort to set forth the principles and approaches that will form the basis for the prevention of proceeds of crime and financing of terrorism, and the implementation principles. The said document has been approved and enforced by the Board of Directors on October 15, 2010.
Within the frame of training activities that we are obliged to provide pursuant to applicable legislation, face-to-face and e-learning training programs were developed by the joint efforts of the Legal Compliance Department and the Training Department for the entire personnel including new hires, so as to create awareness on the prevention of laundering proceeds of crime and financing of terrorism.
The policy document mentioned above will be converted into a training module and assigned to all of the Bank employees within the scope of e-learning trainings as of 2011. In addition to in-house training programs, VakıfBank employees attend training sessions on this issue organized by the Financial Crimes Investigation Board (MASAK) of the Ministry of Finance of Turkey and the Banks Association of Turkey.
Furthermore, the Bank is represented at the MASAK task force of the Banks Association of Turkey by the Legal Compliance Department.
