Risk management activities are carried out with the underlying approach of aligning the Bank’s risk management functions with best practices by fostering a risk culture throughout the entire Bank and constantly improving system and human resources.

Risk management activities are conducted under the separate headings of “Credit Risk”, “Market Risk”, “Operational Risk”, “Balance Sheet Risks” and “Validation”. Policies, practices, and procedures concerning the management of these risks are governed by regulations and resolutions approved by the Board of Directors for dealing with each category of risk. All risk management system activities are carried out through the involved participation of all the units with which each type of risk is associated. In addition, compliance with local regulations regarding risk management and risk management ratios of foreign branches and subsidiaries are monitored.

Ziraat Bank has formulated an “Intrinsic capital adequacy assessment process” as required by BRSA Regulation on banks’ internal system and intrinsic capital adequacy assessment processes. The purpose of this process is to set up and maintain a system that will both determine the amounts of capital that are needed to cover the risks to which the Bank is or might be exposed and will ensure capital requirements and levels are used compatibly with the Bank’s strategic objectives. Analyses are performed in line with BRSA principles and are further supported by means of risk-specific stress tests and scenario analyses. Year-end Stress Test and Internal Capital Adequacy Assessment Process (ICAAP) reports are prepared with the involvement of other appropriate units and are sent to BRSA with the approval of the Board of Directors.

Credit Risk

Credit risk is an expression of the likelihood of the Bank’s suffering a loss because a debtor fails to fulfill, in a timely manner, some or all of his obligations under an agreement that he has entered into.

Credit risk management consists of discovering the credit risks to which the Bank is exposed and defining, measuring, monitoring, controlling, and reporting such risks.

According to BRSA Regulation on measurement and assessment of capital adequacy of banks, credit risk is to be measured using the Basel III Standardized Approach and the results of such measurements are to be included in one’s mandatory reporting. In compliance with this requirement, Ziraat Bank’s credit risk exposure on both a solo and a consolidated basis is reported monthly to BRSA. The measurement of the counterparty credit risk, which is considered in the framework of credit risk, is carried out by using the Standard Approach (SA-CCR Method.

Internal Rating Notifications are reported to Risk Center of Banks Association of Turkey on monthly basis, in accordance with Internal Rating Notification Circular which went into effect as of January 2014. Scenario analyses and stress tests are performed with the application of internal and external shocks to credit risk factors. The Credit Risk Management with Advanced Methods Project that permits the use of advanced methods in the calculation of the Bank’s core credit risk exposure has been completed.

Within the scope of Credit Risk Management with Advanced Methods, model validations that evaluate the compatibility, accuracy and robustness of the IRB model studies performed within the framework of the internal rating-based approach are carried out, macroeconomic models are created and the adaptation of IRB models to the TFRS-9 standard and the implementation of the results are carried out. Within the scope of this project, the initial validation of IRB models, the creation of macroeconomic models to be used in TFRS-9 provision calculations and their integration with TFRS-9 have been completed and the monitoring phase has been started.

All activities managed based on Internal Rating within the Risk Management Department are within the scope of the Credit Risk Control Unit. After the model development activities were completed and the models were validated, studies were initiated to calculate the amount subject to credit risk and expected credit loss with the newly created model parameters.

After the completion of all model outputs and IRB model validation tests, the amount based on credit risk calculated with the Basic and Advanced IRB methods could be retrieved from the system together with the results of the standard approach.

Both the Board of Directors approved customer-segment-based credit risk limits and trigger values and portfolio-based counterparty credit risk limits and trigger values arising respectively from banking accounts and from trading accounts have been calculated and monitored on a monthly basis. The risk-weighted assets which the Bank may hold on a segment and portfolio basis are subject to these limits.

Market Risk

Market risk is an expression of the possibility of loss that the Bank may be exposed to on account of its on- or off-balance sheet exchange rate, commodity, interest rate and stock position risk, which are subject to the Bank’s trading activities and followed up under the Bank’s accounts and positions valued at fair value, and which arise from the movements in market prices.

Risk measurement and monitoring is carried out in order to reveal the market risks to which the Bank may be exposed. The results of these activities are taken into account in the Bank’s strategic decision-making processes.

In order to manage market risk, market movements that affect the present value of the portfolios which expose the Bank to market risk in line with its trading strategies are kept track of on a daily basis and the impact that both upward/downward and ordinary/extraordinary movements may have on these portfolios is analyzed.

In the conduct of its day-to-day operations, trigger values are monitored as part of the early-warning process that is carried out to protect the Bank’s financial strength from being seriously affected by increases in market volatility. Risk exposure levels are kept within prescribed limits.

The Standardized Approach methodology is used to calculate the Bank’s exposure to market risk, the amount of which is included in its mandatory capital adequacy ratio. Market risk is also calculated on a daily basis using a VaR-based internal model. The effectiveness of the models being used is also analyzed regularly by means of backtesting.

Operational Risk

Operational risk” is an expression of the likelihood of the Bank’s suffering a loss because of changes in value caused by the fact that the actual losses which are incurred on account of inadequate or failed internal processes, people, or systems or on account of external events (including legal risk) differ from expected losses. The operational risk exposure is calculated using the Basic Indicator Approach methodology.

The Bank’s operational risk loss database, which is integrated with the Bank and compatible with the accounting system, was established in line with a classification covering the loss event type and activity lines of the Basel Banking Supervision and Audit Committee, and includes data obtained from foreign and domestic branches and subsidiaries. The operational risk outlook of the company is monitored with effective methods.

A self-evaluation study covering the Bank’s organization is carried out.

Ziraat Bank employees perform their duties taking into account the operational risk-related principles and procedures set forth in the Bank’s internal regulations and in a manner that is both sensitive to the operational risks that may be incurred and mindful of Bank policies intended to create an operational environment that will reduce the likelihood of losses.

Signals and limits approved by the Board of Directors related to operational risks have been established within the scope of internal regulations and are monitored periodically.

Risks and actions taken within the scope of IT are monitored and reported to the senior management regarding operational risk.

In order to ensure the continuity of outsourced support services, the risks that might arise from their procurement are assessed in light of BRSA Regulation on the outsourcing of support services by banks.

As part of the Business Continuity Plan, “business impact analyses” are carried out in order both to identify the risks that might arise if the Bank’s operations are interrupted and to determine their potential consequences. Analyses are also conducted into the portfolio custody service database.

Reputation risk management activities are included in operational risk activities. Within the scope of reputation risk studies, various factors are monitored in terms of the Bank’s reputation and reputation risk analyzes are reported regularly.

Balance Sheet Risks

“Balance sheet risks”, which are risks that arise from the Bank’s on- and off-balance sheet asset and liability accounts, are controlled so as to manage them in the most effective way possible. Risk measurement and monitoring is carried out in order to reveal the balance sheet risks to which the Bank may be exposed on account both of its liquidity risks and of its interest rate risks arising from its banking business accounts. The results of these activities are taken into account in the Bank’s strategic decision-making processes.

There are two components of liquidity risk: funding liquidity risk and market liquidity risk. The first is an expression of the likelihood of the Bank’s suffering a loss because it is unable to satisfy all of its foreseeable/unforeseeable cash flow requirements without otherwise impairing its day-to-day operations and/or financial structure; the second is an expression of the likelihood of the Bank’s suffering a loss because the Bank is unable to close or cover a particular position at the market price owing to insufficient market depth or to excessive market volatility. Interest rate risk consists of the possibility of sustaining losses on risk-sensitive assets, liabilities, and off-balance sheet items owing to changes taking place in interest rates.

Compliance with mandatory ratios pertaining to liquidity and interest rate risks arising from banking business accounts is also monitored. In addition to the foregoing, matters with the potential to affect liquidity risk management are monitored funding and lending maturity mismatches, assets’ and liabilities’ behavioral as well as contractual maturities, the level of primary (cash and cash-equivalent) liquidity reserves needed to conduct the Bank’s normal day-to-day operations, Central Bank liquidity facilities to which recourse may be had in order to cope with unexpected liquidity requirements, secondary reserves whose potential to be converted to cash is exposed to the risk of their being underpriced, and the ability to borrow from conventional markets are monitored. Additionally, within the content of scenario and sensitivity analyses stress test is conducted to assess the Bank’s liquidity needs in the worst case scenario.

For the management of the interest rate risk arising on banking business accounts, attention is given to monitoring and analyzing such issues as rate and maturity mismatches between fixed- and variable-interest fundings and lendings, assets’ and liabilities’ behavioral as well as contractual maturities, both upward/downward and ordinary/extraordinary movements in interest rates, and the impact of interest rate income on the current value of assets and liabilities.

Additionally, trigger values are monitored as part of the early-warning process and associated risk exposure levels are defined within limits in light of such considerations as liquidity, income level targets, and appetite for risk, and come into force upon the approval of the Board of Directors.

Validation
The validation unit is responsible for evaluating the accuracy, consistency and adequacy of the internally used rating models and other measurement methodologies in order to accurately measure and manage the risks the Bank is exposed to, as well as evaluating the stability of risk models and output (risk estimates, rating grades) performances, and the reporting of the results of the activities under its responsibility to the senior management at regular intervals.

In this context, the unit aimed to carry out validation studies of IRB models, especially the integration between IRB models and TFRS-9 standards, administrative models, internal models used in the Bank’s decision-making processes such as İSEDES, operational risk and market risk models and to take necessary actions in view of the findings.

Validation activities are carried out under two main headings; initial and periodic validation. Models and methodologies are evaluated qualitatively and quantitatively in both validation types. Models and methodologies, especially data quality controls, performance analyses, evaluation of basic working logic, compliance with legal and internal regulations, documentation and implementation are comprehensively addressed in the validation process. In addition, the preparation of the final validation reports, the evaluation and follow-up of the findings and actions are also included in the validation processes.

The process has been initiated for the initial validation of the developed IRB compliant TFRS 9 models. The validation unit will complete the initial validation, taking into account the quantitative and qualitative control points. The unit will also carry out periodic validation studies of the models where initial validations have been completed.