Operational risk is defined as the risk of occurrence of a loss due to non-compliance or unreliability of internal processes, people and systems or external events.
The objective of operational risk management is to optimise operational efficiency by reducing operating losses, costs streamlining and improving the timing and adequacy of the response of the Group to events which are beyond its control.
Operational risk management is performed through systemic solutions as well as regular ongoing management of the risk. Systemic operational risk management is centralised at the PKO Bank Polski SA Head Office level. The ongoing operational risk management is conducted by every organisational unit of the Bank.
The Bank uses various solutions to limit its exposure to operational risk, including the following:
- control instruments,
- human resources management instruments (staff selection, enhancement of professional qualification of employees, motivation packages),
- setting threshold and critical values of Key Risk Indicators (KRI),
- strategic tolerance limits and limits on operational risk losses,
- contingency plans,
- insurance,
- outsourcing,
- plan of continuing operation.
For the purpose of operational risk management, the Bank collects internal and external data about operational events and their effects, data about the operational environment and data concerning the quality of functional internal control.
If the risk level is elevated or high, the Bank applies the following approach:
- risk reduction – mitigating the impact of risk factors or the results of its materialisation,
- risk transfer – transfer of responsibility for covering potential losses to a third-party,
- risk avoidance – resignation from activity that generates risk or elimination of the probability of the occurrence of a risk factor.
In 2013, the dominant impact on the operational risk profile of the Group was exercised by the following 3 entities: PKO Bank Polski SA, the PKO Leasing SA Group and KREDOBANK SA. The other Group entities, considering their significantly smaller scale and type of activity, generate only reduced operational risk. The Group entities manage the operational risk in accordance with the rules implemented in PKO Bank Polski SA, taking into account the specific nature and scale of the business conducted by individual entities.
In the first half of 2013 in respect of operational risk, the Bank endeavoured to adapt to the requirements of Recommendation M of the Polish Financial Supervision Authority amended in January 2013 relating to operational risk management in banks. The Bank complied with all the recommendations by 30 June 2013, and complied with the recommendation relating to disclosure of information on operational losses – in accordance with Recommendation M – in the third quarter of 2013.