mBank organises the operational risk management process taking into account the rules and requirements set out in external regulations, in particular in the Recommendations M, H and D of the Polish Financial Supervision Authority (PFSA), CRR Regulation and Regulation of the Minister of Development and Finance (on the risk management system and internal control system, remuneration policy and detailed method of estimating internal capital in banks), which constitute a starting point for the framework of the operational risk control and management system in mBank Group.
In order to effectively manage operational risk, the bank applies quantitative and qualitative methods and tools, which intend to cause-oriented operational risk management.
The basic qualitative tool is the Self-Assessment of Internal Control System carried out by the bank’s organisational units and the Group subsidiaries. The Self-Assessment process aims to provide communication about the need to change and improve control processes, and thus a more pro-active approach to operational risk management and increasing operational risk awareness in mBank Group. The end result of the Self-Assessment is the evaluation of risks, control mechanisms and independent monitoring of control mechanisms as well as the creation of corrective action plans aimed at changing the structure or the optimization of the control mechanisms and their independent monitoring.
The bank also prepares scenario analyses describing risks associated with rare operational risk events with potentially very serious consequences.
In accordance with the requirements of Recommendation M, the bank has a process for identifying threats associated with operational risk in all relevant areas of the bank’s operations and for creating new and modifying existing products, processes and systems, as well as for changes in the organisational structure.
Quantitative tools include mainly collection of data on operational events and effects. With the use of the database available at mBank Group, data on operational risk losses are recorded with an emphasis on the cause. Recorded data are analysed by the Integrated Risk Management Department and at organisational units. This approach allows organisational units to carry out ongoing monitoring of their current risk profile. mBank has an access to external operational loss databases and applies them to analyse operational risk and potential threats, that institutions operating in the financial sector are exposed to.
The key risk indicators (KRI) are another tool. Ongoing monitoring of risk factors recognized as key at the given moment allows for prediction of an increased level of operational risk and adequate response by the organisational units in order to avoid the occurrence of operational events and losses.
mBank Group through operational risk tools monitors the processes operating during a pandemic and defines corrective action plans which will improve the methods of work performed by employees in the home office mode.
The organisation of the operational risk control and management system is aimed at enabling effective control and management of this risk at every level of the bank’s organisational hierarchy. The structure of operational risk control and management covers in particular the role of the Management Board of the bank, the Business and Risk Forum, the Chief Risk Officer, the Integrated Risk Management Department, and the tasks assigned to persons managing operational risk in particular organisational units and business areas of the bank. The operational risk control and management process at the bank is developed and coordinated by the central operational risk control function while operational risk management takes place in every organisational unit of the bank and in every subsidiary of mBank Group. It consists in identifying and monitoring operational risk and taking actions aimed to avoid, mitigate or transfer operational risk. The operational risk control process is supervised by the Supervisory Board of the bank through its Risk Committee.