Risk Management and Internal Control | Otbasy bank JSC
Leave a message
eng
Internet banking
Consultants
baspana.kz
Управление рисками

Risk management and internal control

Financial risk management

The Bank adheres to a conservative policy in managing financial risks. Financial risks in the Bank's portfolio of financial instruments are controlled through a system of limits and analysis of risk assets. Limits are allocated by business lines and types of operations. The methods used by the Bank to measure financial risks (credit, market, operational, Liquidity risk) provide an aggregate measure of financial risk.

Financial risks are assessed and monitored in terms of individual instruments and the portfolio as a whole by means of VaR methodology. The amount of economic capital reserved against possible losses due to financial risks is calculated. Three main methods of analysis are used to estimate VaR: covariance method, historical modeling method, stochastic modeling method (Monte Carlo).

In order to manage liquidity, the liquidity risk management policy is defined, which provides for diversification of sources of resources to achieve maximum liquidity. To optimize the liquidity level, the Bank annually sets limits on the maximum cumulative liquidity gap.

Operational risk

Operational risk is the probability of losses resulting from inadequate and insufficient internal processes, human resources and systems, or the impact of external events, except for strategic risk and reputational risk;

In order to maintain operational risk at a level acceptable to the Bank, which ensures preservation of equity and sustainable operation of the Bank, the Operational Risk Management Policy has been developed. The Policy discloses the objectives and principles of operational risk management, gives their detailed classification, and considers the organizational structure of operational risk management.

Operational risk management is a continuous management process operating in the Bank, which consists of the following main stages:

  • identification of operational risks;
  • assessment (measurement) of operational risks;
  • monitoring;
  • prevention/mitigation (control).

The Bank uses the following methods of OR management in its work:

  • Standardization of banking operations, providing for the development of detailed procedures (procedures, technology of operations and transactions, conclusion of agreements) regulating the procedure of the Bank's operations, establishing requirements for the procedure and level of its approval;
  • Organization of the system of additional and subsequent control, systems of current verification of conducted transactions and operations by means of examination of internal documents;
  • Establishment of the internal procedure for development and approval (signing) of internal regulatory documents;
  • Formation of a centralized database of operational losses;
  • Analyzing the impact of operational risk factors (both in the aggregate and in terms of their classification) on the Bank's performance indicators by line of business;
  • Calculation of capital reservation for operational risk;
  • Ensuring the required level of personnel qualification, raising the level of personnel qualification;
  • Automation of banking processes and technologies, especially in areas related to standard operations and large volumes of work;
  • Distribution of responsibilities between subdivisions taking into account optimization of the workload of individual employees;
  • Comprehensive analysis and control of operational risks;
  • Providing employees with up-to-date UA of the Bank.

Credit risk management

The Bank's effective Risk Management System allows the Bank to maintain one of the best loan portfolio quality indicators among STBs. The system to control the quality of loan portfolio includes the following activities:

  • Regular credit risk assessment and monitoring, as well as measures to improve these processes;
  • Improvement of the system of internal credit requirements to banks / borrowers and collateral offered for loans;
  • Calculation and determination of credit risk limits set for groups of related parties, for certain types of loan products and collateral, as well as for the level of authority of the Bank's credit collegial bodies;
  • Improvement of the Bank's problem asset management procedures, pre-trial and judicial recovery procedures.

All projects under consideration and existing loans undergo a centralized credit risk assessment, and risk mitigation measures are proposed.

A strict diversified approach to the quality and sufficiency of collateral is applied to collateral. The market value of collateral is regularly confirmed. The risk management division performs price analysis of real estate market trends in all regions of the Republic of Kazakhstan, as well as analysis of the structure of the collateral portfolio.

This system allows to determine at an early stage the further dynamics of loan development and to determine the acceptable level of losses.

Information technology and information security risks.

In order to minimize Information technology risks, information security risks, as well as for business continuity management purposes, the Bank has appropriate systems in place and is constantly improving them.

Information security risks are the probable occurrence of damage due to breach of confidentiality, deliberate violation of integrity or availability of the Bank's information assets.

Information technology risks - probability of damage due to failure (malfunction) of information and communication technologies operated by the Bank.

Compliance risk management

Compliance risk management in the Bank is an integral part of the Bank's Risk Management System. The main objective of compliance risk management is to minimize and/or maintain at an acceptable level compliance risks, such as occurrence of financial losses of the Bank and application of legal sanctions to it due to non-compliance with the requirements of the legislation of the Republic of Kazakhstan, regulatory legal acts of the authorized body, internal documents and procedures of the Bank, as well as the legislation of foreign countries affecting the Bank's activities and recognized by the Republic of Kazakhstan.

All participants of the Risk Management System (3 lines of protection) within their competence and responsibility perform compliance risk management in strict and strict compliance with the requirements of the legislation of the Republic of Kazakhstan, the legislation of foreign countries affecting the Bank's activities and recognized by the Republic of Kazakhstan, internal rules and procedures of the Bank and generally accepted norms of conduct.

Internal control

The Bank has an Internal Control System (hereinafter - ICS), which is designed in accordance with the requirements of the current legislation of the Republic of Kazakhstan and generally accepted international practices. The Bank's ICS corresponds to the current market situation, strategy, volume of assets and complexity of the Bank's operations.

Internal control in the Bank is a process embedded in daily activities carried out by the authorized collegial bodies of the Bank, structural units and all employees of the Bank in the performance of their duties.

Effective internal control in the Bank is ensured through formation of proper management control and control culture (control environment).

The Bank's ICS is based on the following principles:

  • participation of all structural units and employees of the Bank in the internal control process;
  • coverage of all areas of activities and business processes by internal control and regulation of internal control procedures for all areas and business processes of the Bank;
  • implementation of internal control on a permanent basis (continuity).

The Bank determines ICS participants on the basis of three lines of defense.

The Bank's ICS is monitored on an ongoing basis by the first and second line of defense, as well as by the Bank's Management Board. Significant deficiencies in internal control are brought to the attention of the Board of Directors. The Internal Audit Division assesses the effectiveness of internal control. The Risk and Internal Control Committee of the Bank's Board of Directors oversees the functioning of ICS.

The Bank's ICS is an important component of the Bank's management, ensuring control over timely identification and assessment on an ongoing basis of the risks inherent in the Bank and taking timely measures to minimize them in order to provide reasonable guarantees of achieving the set goals and objectives.

Risk Management Policy of JSC Otbasy Bank

Questionnaire on AML/CFT issues

Information letter of the Bank on AML/CFT measures

Information on accepted risks, risk and capital management procedures of JSC Otbasy Bank for 2024

Booking, changing, and canceling appointments online
Have you been a victim of fraud?
You received a call from fraudsters, found a fake website or account in social media
Money was debited from your account, you took out a loan or transferred money to a fraudster
Actions taken by fraudsters *
They called your phone
Sent an SMS or message via messenger
I discovered a fake website or social media account
Attached files
The file size should not exceed 12 MB,
and up to 10 files can be attached.

ХОТИТЕ УЗНАВАТЬ О НАШИХ АКЦИЯХ ПЕРВЫМИ?!

Request a call