The Bank considers corporate governance as a tool to improve its efficiency, transparency and accountability, enhance its reputation and reduce its cost of capital, as well as its contribution to the rule of law in the Republic of Kazakhstan and as a factor in determining the Bank's place in the modern economy and society as a whole. The Bank ensures full transparency and clarity of its activities by disclosing information in accordance with the laws of the Republic of Kazakhstan. Rules of Information Disclosure of Otbasy Bank JSC
The Bank's corporate governance is based on the principles of fairness, honesty, responsibility, transparency, professionalism and competence. An effective corporate governance structure implies respect for the rights and interests of all persons interested in the Bank's activities and contributes to the Bank's success, including the growth of its value, maintenance of financial stability and profitability.
Relations between participants in the Bank's corporate governance system are regulated by the Bank's internal documents developed on the basis of international practice. The Bank's corporate governance structure complies with the laws and determines the division of responsibilities between the Bank's bodies. In accordance with the Law of the Republic of Kazakhstan "On State Property", the Bank's Internal Audit Department conducts an independent assessment of corporate governance on a periodic basis. Review of independent corporate governance diagnostics results
CORPORATE GOVERNANCE STRUCTURE
In accordance with the laws of the Republic of Kazakhstan, the organizational structure of the Bank consists of the following management bodies:
- Supreme body — Sole Shareholder
- Management body — Board of Directors
- Executive body — Management Board
- Орган, осуществляющий контроль за финансово-хозяйственной деятельностью Банка — Подразделение внутреннего аудита
- Other permanent collegial bodies of the Bank established in accordance with the laws of the Republic of Kazakhstan and internal documents of the Bank for implementation of various activities of the Bank.
RESULTS of internal analysis of corruption risks in Otbasy Bank House Construction Savings Bank JSC for 12 months of 2020
The internal analysis of corruption risks was conducted in the following areas:
- Identification of corruption risks in the Bank's internal documents;
- Identification of corruption risks in the Bank's organizational and management activities. The analysis was carried out by a Working Group formed in accordance with the Order.
Identification of corruption risks in the Bank's internal documents.
Identification of corruption risks in the Bank's organizational and management activities.
- Personnel management, including staff turnover: no corruption risks were identified in the framework of personnel management, including staff turnover.
- Conflict of interest management: no corruption risks have been identified within the framework of conflict of interest management
- Provision of public services: The Bank does not provide public services.
- Implementation of licensing functions: the Bank does not perform licensing functions.
- Implementation of control functions: the Bank does not perform control functions.
- Other issues arising from organizational and management activities.
The following recommendations were made based on the results of the analysis of the Bank's organizational and management activities:
- To regulate in the Bank's internal documents the procedure for consideration of candidates for vacant positions of the Central Office employees in case of non-compliance with the Bank's qualification requirements, except for middle managers and line managers
- To regulate in the Bank's internal documents the obligation of candidates for positions equivalent to positions authorised to perform public functions to notify the Bank's management in writing about close relatives, spouses and/or relatives working in this organization
- To amend and supplement the Bank's internal documents in order to minimise factors potentially creating corruption risks in accordance with the measures and deadlines stipulated in the action plan
- To provide for the inclusion of provisions in procurement contracts entered into by the Bank that stipulate mandatory compliance by the parties to the contract with anti-corruption laws
RISK MANAGEMENT AND INTERNAL CONTROL
The Bank adheres to a conservative policy in managing financial risks. Financial risks in the Bank's portfolio of financial instruments are controlled through a system of limits and analyses of risk assets. Limits are allocated by business lines and types of operations. The methods used by the Bank to measure financial risks (credit, market, operational, liquidity risks) provide an opportunity to obtain an aggregate indicator of financial risk.
Financial risks are assessed and monitored in the context of an individual instrument and the portfolio as a whole by means of VaR methodology. The amount of economic capital set aside against possible losses due to financial risks is calculated. Three main methods of analysis are used to estimate VaR: covariance method, historical modelling method, stochastic modelling method (Monte Carlo).
In order to manage liquidity, a liquidity risk management policy has been defined, which provides for diversification of sources of resources to maximise liquidity. In order to optimise liquidity levels, the Bank annually sets limits on the maximum cumulative liquidity gap.
Operational risk is the probability of loss resulting from inadequate and insufficient internal processes, human resources and systems, or the impact of external events, excluding strategic risk and reputational risk
In order to maintain operational risk at a level acceptable to the Bank, which ensures preservation of equity capital and sustainable operation of the Bank, the Bank has developed the Operational Risk Management Policy. The policy reveals the objectives and principles of operational risk management, gives their detailed classification, and considers the organizational structure of operational risk management.
Operational risk management is an ongoing management process consisting of the following main stages:
- identification of operational risks;
- assessment (measurement) of operational risks;
- prevention/mitigation (control).
The Bank uses the following methods of OR management in its work:
- Standardization of banking operations, providing for the development of detailed procedures (procedures, technology of operations and transactions, conclusion of agreements) regulating the Bank's operations, establishing requirements to the procedure and level of its approval;
- Organization of the system of additional and subsequent control, systems of current verification of transactions and operations conducted by means of examination of internal documents;
- Establishing an internal procedure for development and approval (sign-off) of internal regulatory documents;
- Formation of a centralized database of operating losses;
- Analysis of the impact of operational risk factors (both in aggregate and in terms of their classification) on the Bank's performance by activity area;
- Calculation of capital allowance for operational risk;
- Ensuring the required level of staff qualification, improving the level of staff qualification;
- Automation of banking processes and technologies, especially in areas involving standardized transactions and high volumes of work;
- Allocation of responsibilities between departments, taking into account optimization of the workload of individual employees;
- Comprehensive analysis and control of operational risks;
- Ensuring that employees are up-to-date with the Bank's internal documents.
Credit risk management
- Regular credit risk assessment and monitoring, as well as measures to improve these processes;
- Improvement of the system of internal credit requirements to the Bank's borrowers and collateral offered under loans;
- Calculation and determination of credit risk limits for groups of related parties, for certain types of loan products and collateral, as well as for the level of authority of the Bank's credit collegiate bodies;
- Improvement of the Bank's problem asset management procedures, pre-trial and judicial recovery procedures.
All projects under consideration and current loans undergo a centralized credit risk assessment and risk mitigation measures are proposed.
Collateral is subject to a strict diversified approach to the quality and adequacy of collateral. The market value of the collateral is regularly confirmed. The Risk Management Division performs price analysis of real estate market trends in all regions of the Republic of Kazakhstan, as well as analysis of the structure of the pledge portfolio.
This system makes it possible to determine further loan dynamics at an early stage and to determine an acceptable level of losses.
Risks of information technology and information security.
- Information security risks are the probable occurrence of damage due to breach of confidentiality, deliberate violation of integrity or availability of the Bank's information assets.
- Information technology risks - probability of damage due to failure (malfunction) of information and communication technologies operated by the Bank.
Compliance risk management
Compliance risk management in the Bank is an integral part of the Bank's Risk Management System. The main objective of compliance risk management is to minimise and/or maintain compliance risks at an acceptable level, such as occurrence of financial losses of the Bank and application of legal sanctions to it due to non-compliance with the requirements of the laws of the Republic of Kazakhstan, regulatory legal acts of the authorised body, internal documents and procedures of the Bank, as well as the laws of foreign countries affecting the Bank's activities and recognized by the Republic of Kazakhstan.
All participants of the compliance risk management system (3 lines of protection) within their competence and responsibility manage compliance risks in strict and rigorous compliance with the requirements of the laws of the Republic of Kazakhstan, laws of foreign countries affecting the Bank's operations and recognized by the Republic of Kazakhstan, Bank's internal rules and procedures and generally accepted standards of conduct.
The Bank has an Internal Control System (hereinafter - ICS), which is built in accordance with the requirements of the current laws of the Republic of Kazakhstan, as well as generally accepted international practices. The Bank's ICS corresponds to the current market situation, strategy, volume of assets, and level of complexity of the Bank's operations.
Internal control in the Bank is a process embedded in daily activities carried out by authorised collegiate bodies of the Bank, structural divisions and all employees of the Bank in the performance of their duties.
Effective internal control in the Bank is ensured by establishing proper management control and culture of control (control environment).
The Bank's ICS is based on the following principles:
- participation of all structural divisions and employees of the Bank in the internal control process;
- coverage of all areas of activity and business processes by internal control and regulation of internal control procedures for all areas and business processes of the Bank;
- implementation of internal control on an ongoing basis (continuity).
The Bank identifies ICS participants on the basis of three lines of protection.
The Bank's ICS is monitored on an ongoing basis by the first and second line of protection, as well as by the Bank's Management Board. Significant deficiencies in internal control are brought to the attention of the Board of Directors. The internal audit division evaluates the effectiveness of internal controls. The Risk Management Committee under the Board of Directors oversees the operation of the ICS.
The Bank's ICS is an important component of the Bank's management, ensuring control over timely identification and assessment on an ongoing basis of risks inherent in the Bank and taking timely measures to minimise them in order to provide reasonable guarantees of achieving the set goals and objectives.