The first line of defence is Business (business lines), whose task is to take risk and capital aspects into consideration when making all business decisions, within the risk appetite set for the Group;
mBank Group manages risk on the basis of regulatory requirements and best market practice by developing risk management strategies, policies and guidelines.
The risk management process is conducted at all levels of the organisational structure, starting at the levels of the Supervisory Board (including Risk Committee of the Supervisory Board) and the bank’s Management Board, through specialised committees and units responsible for risk identification, measurement, monitoring, control and reduction, down to each business unit.
Risk management roles and responsibilities in mBank Group are organised around the three lines of defence scheme:
The second line of defence, mainly the risk management area, Security and Compliance function, is responsible for determining framework and guidelines concerning managing individual risks, supporting Business in their implementation as well as supervising the control functions and risk exposure. The second line of defence acts independently of the Business;
The third line of defence is Internal Audit, which independently assesses risk management activities performed by the first and the second line of defence
In the communication between organisational units in the risk management area and business lines in mBank as well as between the bank and the Group subsidiaries an important role is played by the Business and Risk Forum of mBank Group which is constituted by the Retail Banking Risk Committee, Corporate and Investment Banking Risk Committee, and Financial Markets Risk Committee. The main function of these committees is to develop the principles of risk management and risk appetite in a given business line, by making decisions and issuing recommendations concerning in particular: risk policies, risk assessment processes and tools, risk limit system, assessment of the quality and profitability of the portfolio of exposures to clients, approval of introducing new products to the offer.
The management function at the strategic level and the function of control of credit, market, liquidity and operational risks and risk of models used to quantify the aforesaid risk types are performed in the risk management area supervised by the Vice-President of the Management Board, Chief Risk Officer.
Pillars of risk management
Risk management framework in mBank Group rests on three pillars concept:
- Customer Focus which means striving to understand and balance specific needs of the risk management area’s various stakeholders (Business, Management Board, Supervisory Board, shareholders, regulatory authorities).
- One Risk understood as an integrated approach to risk management and responsibility towards the clients for all types of risk defined in the Risk Catalogue of mBank Group.
- Risk vs Rate of Return perspective understood as a support for the business decision-making process based on the long-term relationship between risk and the rate of return, avoiding tail risks.