Corporate Social Responsibility Report 2019
No notes
Empty basket

Risks and impact

  • [102-11] Precautionary Principle or approach Precautionary Principle or approach

    Go to indicator list
  • [102-15] Key impacts, risks and opportunities Key impacts, risks and opportunities

    Go to indicator list
Other guidelines:

Risk management system

Risk management policies are developed to identify and measure the risks taken, to determine the most favourable return at an acceptable risk level (risk-reward), and to regularly set and verify appropriate limits limiting the scale of exposure to risk.

The Santander Bank Polska Group modifies and develops risk management methods on an ongoing basis, taking into account changes in the Group’s risk profile, economic environment, regulatory requirements and best market practices. The Management Board and Supervisory Board set the course of action and actively support risk management strategies. This is manifested by the acceptance of key risk management policies, participation of Management Board Members in committees supporting risk management, reviews and acceptance of risks and reports on the level of risks.

The risk governance structure

Risk Committee
Supervisory Board of Santander Bank Polska S.A.
Management Board of Santander Bank Polska S.A.
Risk Control Committee
Risk Management Committee
Risk Management Forum (Credit Risk Panel, Market and Investment Risk Panel, Models and Methodology Panel)
Credit Committee
Provisions Committee
Recovery Committee
Information Management Committee
Capital Committee
Disclosure Committee
Regulatory and Reputational Risk Committee
Local Marketing and Monitoring Committee
General Compliance Committee
Anti-Money Laundering and Counter-Terrorism Financing Committee
Audit and Compliance Committee
Internal Audit Area

The identification, measurement, monitoring and mitigation of risk is the responsibility of all the Bank’s units which are organized into the so-called three lines of defence.

Three lines of defence: responsibilities

First line of defence

Management of risks in the bank’s operational activity is based on business units which, as part of their day-to-day activities, generate risks that affect achievement of the bank’s objectives.

The first line of defence includes activities performed by each employee to ensure the quality and correctness of the completed tasks.

The first line of defence checks the compliance with procedures and responds to any identified irregularities.

The rules of independent monitoring as part of this line of defence are established by the Management Board member in charge of a Division or a bank/Area director or the President of the Management Board of a subsidiary in the form of relevant internal regulations, taking into account the segregation of duties.

Second line of defence

Risk management by employees in dedicated roles or organisational units and the operations of the compliance unit.

Risk management as part of the second line of defence is independent from risk management in the first line of defence.

The second line of defence comprises functions which support the bank’s management in identification and management of risks. To that end, the second line of defence provides relevant tools, develops internal regulations and techniques for managing, monitoring, verifying, testing and reporting risks.

The units of the second line of defence conduct independent vertical monitoring in order to verify whether the first line of defence takes effective measures and applies the required controls.

Third line of defence

This role is fulfilled by the Internal Audit function which is responsible for independent and objective examination and assessment of the adequacy and effectiveness of the first- and second-line controls and reviewing and evaluating the management system of the bank and its subsidiaries, including the effectiveness of managing the risk related to the operations of the bank and its subsidiaries.

Risk identification and management

The level of acceptable risk and a number of risk limits are specified in the Risk Appetite Statement adopted by the Management Board and approved by the Supervisory Board. On the basis of the limits watch thresholds are set and risk management policies are constructed. The Group continuously analyses the risks to which it is exposed in its operations, identifying their sources and creating appropriate risk management mechanisms, including the measurement, control, mitigation and reporting of risks.

The risks of greatest importance include the following:

  • credit risk

  • concentration risk

  • market risk from the bank’s book and the trading book

  • liquidity risk

  • operational risk

  • compliance risk including reputational risk

The detailed rules, roles and responsibilities of the Group’s entities are described in the relevant internal policies for the management of particular risks. The subsidiaries implement risk management policies and procedures that reflect the principles adopted by the Santander Bank Polska S.A. Group.

The Bank, acting within the limits and under the rules of applicable laws, exercises supervision over the risk management system in Santander Consumer Bank S.A., following the regulations applicable to supervision of subsidiaries of the Santander Bank Polska Group.

Risk description Risk management Possible significant negative impact on the following areas:
Social aspects Employees Environment Human rights Anti-corruption
Operational risk is the risk of loss resulting from inadequacy or unreliability of internal processes, people and systems or from external events. The bank and the Group have developed the “Operational Risk Management Strategy”. In addition, detailed policies, procedures and guidelines are used to define how risks are identified, estimated, monitored and mitigated. The responsibility for setting operational risk management standards rests with the Operational Risk Management Committee (ORMCO).

(regulatory risk, conduct risk, AML/CFT risk and reputational risk).

Risk description Risk management Possible significant negative impact on the following areas:
Social aspects Employees Environment Human rights Anti-corruption
Compliance risk means the risk of legal or regulatory sanctions, significant financial losses (affecting performance results) or reputational damage that may arise from failure to comply with laws, regulations and market standards. Compliance risk is managed at the bank and in the Group as part of several processes, namely:

  • identification of compliance risk
  • assessment of identified risk
  • use of risk controls
  • monitoring the risk size and profile,
  • reporting results.

Compliance assurance, as part of the control function, encompasses implementation of controls, independent monitoring of their observance and reporting.

The control function is performed under the so-called three lines of defence:

  1. At the first line of defence, compliance risk is managed as part of business areas (conduct of business), and in other areas of the bank’s operations (non-conduct of business).
  2. The second line of defence includes ongoing vertical verification and vertical testing, the scope of which is adapted to the process characteristics and the risk level. The tasks of the second line of defence are carried out by the compliance function or another organisational unit operating in accordance with internal regulations, and in particular:
  • for labour law responsibilities – HR unit
  • for commercial companies law responsibilities – corporate governance unit
  • for health and safety responsibilities – health and safety unit
  • for accounting, reporting and tax responsibilities – financial, accounting and tax units
  • for prudential requirements – risk units.
  1. The third line of defence is the internal audit function.

In addition, risk management is supported by specialist committees, such as the General Compliance Committee, the Local Marketing and Monitoring Committee and the Anti-Money Laundering and Counter-Terrorism Financing Committee.

The key policies include the General Code of Conduct and the Corporate Defence Policy.

(an element of compliance risk)

Risk description
Risk management
Possible significant negative impact on the following areas:
Social aspects Employees Environment Human rights Anti-corruption
The risk of damage to the bank’s and Santander Group’s image from the point of view of the bank’s and Group’s customers, employees, shareholders and communities in a broad sense, occurring as a result of other types of risk, including other categories of compliance risk. Reputational risk is owned by the Corporate Communication and Marketing Area and by the Compliance Area, which use a number of mechanisms, including the bank’s Disclosure Policy, the Reputational Risk Management Policy, the Risk Appetite measures for reputational risk, the Compliance Policy of Santander Bank Polska, the Procurement Policy, the Supplier Selection Procedure, the Media Monitoring Policy, the Code of Conduct on the Securities Markets, customer satisfaction surveys and mystery shopping checks.
Risk description
Risk management
Possible significant negative impact on the following areas:
Social aspects Employees Environment Human rights Anti-corruption
Social and environmental risks resulting from customers’ activities in sensitive sectors, constituting elements of reputational risk. The key document on social and environmental risks is the Sustainability (CSR) Policy of Santander Bank Polska, which covers the whole Santander Bank Polska Group. The Policy is supplemented by policies on sectoral risk management for such sensitive sectors as defence, energy, soft commodities, mining and metal, as well as the policy of financing sensitive sectors (such as e.g. the media, religious institutions, sports clubs, gambling, etc.). Each sectoral policy defines the scope of its application, activities which are prohibited or restricted by the Santander Group in relation to respective sectors, approval limits for transactions and the responsibility for each policy and its maintenance.

Furthermore, in this area the bank respects international best practices concerning social aid and environmental protection, particularly the Equator Principles.

Social and environmental risk management

Issues related to social and environmental risks are described in the ″Sustainability Policy″ of Santander Bank Polska and in the complementary ″Climate Change and Environment Management Policy″. They include a commitment that ethical, social and environmental dimensions, as well as financial criteria and risk factors will be taken into account in decision-making processes.

We apply environmental policies for sensitive sectors, which define the criteria for awarding financial products and services (including all forms of financing, insurance services, asset management services, capital investments and advisory services):

  • Energy sector policy

  • Mining and metals sector policy

  • Defence sector policy

  • Soft commodities sector policy

In 2019, we introduced environmental and social elements of risk management as criteria for evaluating corporate and investment banking projects. We have implemented a procedure that sets out a process of social and environmental risk analysis that is obligatory for the bank and that may arise in connection with commercial activities conducted by our clients.

You can read more about environmental risk management HERE.

Risk culture

We build a risk culture among the employees of our organisation by regularly carrying out activities to raise awareness of risks, encourage accountability for managing them and advise how to respond to them.

Five principles of our Risk Pro culture:
  1. accountability,
  2. resilience,
  3. simplicity,
  4. challenge,
  5. customer focus.

We carry out various initiatives aimed at employees, including the annual event Risk Culture Week. The main theme of last year’s edition of the Risk Culture Week (September 2019) was open communication. We emphasised that good communication is an indispensable element of each of the Risk Pro principles. We reduce risk by: sharing knowledge with teammates, providing comprehensive answers to questions asked, solving problems together, listening to customers and offering them appropriate support or discussing our mistakes and successes with managers. Our employees were able to take part in competitions and occasional events and follow publications on the intranet.