Corporate Responsibility

The Bank pays special attention to corruption combating issues and has zero tolerance for manifestations of corruption in its activities. Activities in this area are carried out on an ongoing basis, in strict compliance with the requirements of the laws of the Republic of Kazakhstan and the Bank's internal documents.The Bank has developed and approved internal documents that implement procedures and controls, including procedures for conducting audits and investigations of corruption.

The Bank regularly conducts internal training of the Bank's employees on corruption combating issues with mandatory testing of the acquired knowledge.The Security Unit and Compliance Control Unit are the units performing the functions of detection, suppression and prevention of corruption offences.

The Bank has a Hotline, which serves as a tool for confidential receipt of information on corruption offences by the Bank's employees and consultants.All employees of the Bank and individuals rendering services to the Bank on the basis of civil law contracts, regardless of their position, are warned of the obligation to report facts of corruption known to them in the Bank to their immediate supervisors either to the Security Department or confidentially via the Hotline.In order to prevent corruption offences, the Bank carries out a set of measures resulting in the elimination of corrupt activities.

RESULTS of internal analysis of corruption risks in Otbasy Bank House Construction Savings Bank JSC for 12 months of 2020

Based on the results of the analysis of internal documents and identified observations, an action plan was drawn up to make amendments and additions to the Bank's internal documents in order to minimise factors potentially creating corruption risks.

All recommendations based on the results of internal analyses of corruption risks have been implemented.

Risk Management Framework

The Bank adheres to a conservative policy in managing financial risks. Financial risks in the Bank's portfolio of financial instruments are controlled through a system of limits and analyses of risk assets. Limits are allocated by business lines and types of operations. The methods used by the Bank to measure financial risks (credit, market, operational, liquidity risks) provide an opportunity to obtain an aggregate indicator of financial risk.

Financial risks are assessed and monitored in the context of an individual instrument and the portfolio as a whole by means of VaR methodology. The amount of economic capital set aside against possible losses due to financial risks is calculated. Three main methods of analysis are used to estimate VaR: covariance method, historical modelling method, stochastic modelling method (Monte Carlo).

In order to manage liquidity, a liquidity risk management policy has been defined, which provides for diversification of sources of resources to maximise liquidity. In order to optimise liquidity levels, the Bank annually sets limits on the maximum cumulative liquidity gap.

Operational risk is the probability of loss resulting from inadequate and insufficient internal processes, human resources and systems, or the impact of external events, excluding strategic risk and reputational risk

In order to maintain operational risk at a level acceptable to the Bank, which ensures preservation of equity capital and sustainable operation of the Bank, the Bank has developed the Operational Risk Management Policy. The policy reveals the objectives and principles of operational risk management, gives their detailed classification, and considers the organizational structure of operational risk management.

• identification of operational risks;
• assessment (measurement) of operational risks;
• monitoring;
• prevention/mitigation (control).

• Standardization of banking operations, providing for the development of detailed procedures (procedures, technology of operations and transactions, conclusion of agreements) regulating the Bank's operations, establishing requirements to the procedure and level of its approval;
• Organization of the system of additional and subsequent control, systems of current verification of transactions and operations conducted by means of examination of internal documents;
• Establishing an internal procedure for development and approval (sign-off) of internal regulatory documents;
• Formation of a centralized database of operating losses;
• Analysis of the impact of operational risk factors (both in aggregate and in terms of their classification) on the Bank's performance by activity area;
• Calculation of capital allowance for operational risk;
• Ensuring the required level of staff qualification, improving the level of staff qualification;
• Automation of banking processes and technologies, especially in areas involving standardized transactions and high volumes of work;
• Allocation of responsibilities between departments, taking into account optimization of the workload of individual employees;
• Comprehensive analysis and control of operational risks;
• Ensuring that employees are up-to-date with the Bank's internal documents.

• Regular credit risk assessment and monitoring, as well as measures to improve these processes;
• Improvement of the system of internal credit requirements to the Bank's borrowers and collateral offered under loans;
• Calculation and determination of credit risk limits for groups of related parties, for certain types of loan products and collateral, as well as for the level of authority of the Bank's credit collegiate bodies;
• Improvement of the Bank's problem asset management procedures, pre-trial and judicial recovery procedures.

All projects under consideration and current loans undergo a centralized credit risk assessment and risk mitigation measures are proposed.

Collateral is subject to a strict diversified approach to the quality and adequacy of collateral. The market value of the collateral is regularly confirmed. The Risk Management Division performs price analysis of real estate market trends in all regions of the Republic of Kazakhstan, as well as analysis of the structure of the pledge portfolio.

This system makes it possible to determine further loan dynamics at an early stage and to determine an acceptable level of losses.

• Information security risks are the probable occurrence of damage due to breach of confidentiality, deliberate violation of integrity or availability of the Bank's information assets.
• Information technology risks - probability of damage due to failure (malfunction) of information and communication technologies operated by the Bank.

Compliance risk management in the Bank is an integral part of the Bank's Risk Management System. The main objective of compliance risk management is to minimise and/or maintain compliance risks at an acceptable level, such as occurrence of financial losses of the Bank and application of legal sanctions to it due to non-compliance with the requirements of the laws of the Republic of Kazakhstan, regulatory legal acts of the authorised body, internal documents and procedures of the Bank, as well as the laws of foreign countries affecting the Bank's activities and recognized by the Republic of Kazakhstan.

All participants of the compliance risk management system (3 lines of protection) within their competence and responsibility manage compliance risks in strict and rigorous compliance with the requirements of the laws of the Republic of Kazakhstan, laws of foreign countries affecting the Bank's operations and recognized by the Republic of Kazakhstan, Bank's internal rules and procedures and generally accepted standards of conduct.

The Bank has an Internal Control System (hereinafter - ICS), which is built in accordance with the requirements of the current laws of the Republic of Kazakhstan, as well as generally accepted international practices. The Bank's ICS corresponds to the current market situation, strategy, volume of assets, and level of complexity of the Bank's operations.

Internal control in the Bank is a process embedded in daily activities carried out by authorised collegiate bodies of the Bank, structural divisions and all employees of the Bank in the performance of their duties.

Effective internal control in the Bank is ensured by establishing proper management control and culture of control (control environment).

The Bank's ICS is based on the following principles:

• participation of all structural divisions and employees of the Bank in the internal control process;
• coverage of all areas of activity and business processes by internal control and regulation of internal control procedures for all areas and business processes of the Bank;
• implementation of internal control on an ongoing basis (continuity).

The Bank identifies ICS participants on the basis of three lines of protection.

The Bank's ICS is monitored on an ongoing basis by the first and second line of protection, as well as by the Bank's Management Board. Significant deficiencies in internal control are brought to the attention of the Board of Directors. The internal audit division evaluates the effectiveness of internal controls. The Risk Management Committee under the Board of Directors oversees the operation of the ICS.

The Bank's ICS is an important component of the Bank's management, ensuring control over timely identification and assessment on an ongoing basis of risks inherent in the Bank and taking timely measures to minimise them in order to provide reasonable guarantees of achieving the set goals and objectives.