Risks and impacts

SDG: 
Goal 3 - Good health and well-being
Goal 8 - Decent work and economic growth
Goal 12 - Responsible consumption and production
Goal 13 - Climate action
Goal 17 - Partnerships for the goals

We use risk management policies to measure risks taken, to identify the best risk-reward ratio and to regularly set and review appropriate limits that reduce or exposure to risk.

  • GRI:
  • 102-11 Explanation of whether and how the organization applies the precautionary approach
    Explanation of whether and how the organization applies the precautionary approach
  • 102-15 Key impacts, risks and opportunities
    Key impacts, risks and opportunities
  • 102-30 Effectiveness of risk management processes
    Effectiveness of risk management processes
  • 103-1 Explanation of the material topics and their boundaries for the topic: Comprehensive risk management, including ESG risk;
    Explanation of the material topics and their boundaries for the topic: Comprehensive risk management, including ESG risk;
  • 103-2 Management approach to topics identified as material for the topic: Comprehensive risk management, including ESG risk
    Management approach to topics identified as material for the topic: Comprehensive risk management, including ESG risk
  • 103-3 Evaluation of the management approach to topics identified as material for the topic: Comprehensive risk management, including ESG risk
    Evaluation of the management approach to topics identified as material for the topic: Comprehensive risk management, including ESG risk
  • ESG: E – Environment Our approach to the environment
    Our approach to the environment
  • ESG: G – Governance Our approach to corporate governance
    Our approach to corporate governance
  • PRB 1 Alignment We will align our business strategy to be consistent with and contribute to individuals’ needs and society’s goals, as expressed in the Sustainable Development Goals (SDGs), the Paris Climate Agreement and relevant national and regional frameworks. We will focus our efforts where we have the most significant impact.
    We will align our business strategy to be consistent with and contribute to individuals’ needs and society’s goals, as expressed in the Sustainable Development Goals (SDGs), the Paris Climate Agreement and relevant national and regional frameworks. We will focus our efforts where we have the most significant impact.
  • PRB 2 Impact We will continuously increase our positive impacts while reducing the negative impacts on, and managing the risks to, people and environment resulting from our activities, products and services.
    We will continuously increase our positive impacts while reducing the negative impacts on, and managing the risks to, people and environment resulting from our activities, products and services.
  • KE/TCFD The impact of climate issues and related risks on a company's business model, strategy and financial plans. Climate impact of the business model
    The impact of climate issues and related risks on a company's business model, strategy and financial plans. Climate impact of the business model
  • KE/TCFD Management supervision over climate risks and opportunities
    The role of management in assessing and managing climate risks and opportunities
    Management supervision over climate risks and opportunities
    The role of management in assessing and managing climate risks and opportunities
  • KE/TCFD Processes used to identify and assess climate-related risks, main risk types and how to manage the risks
    Processes used to identify and assess climate-related risks, main risk types and how to manage the risks
  • KE/TCFD Main climate risks throughout the value chain in the short, medium and long term. Risk maps that take climate issues into account
    Main climate risks throughout the value chain in the short, medium and long term. Risk maps that take climate issues into account
  • KE/TCFD Integrating climate risk and opportunity assessment into relevant investment, credit and insurance strategies
    Integrating climate risk and opportunity assessment into relevant investment, credit and insurance strategies

Santander Bank Polska Group continuously modifies and develops its risk management methods, taking into account changes in the Group’s risk profile, the economic environment, regulatory requirements and market’s best practices. This is guided by the Management Board and the Supervisory Board who also actively support risk management strategies through the acceptance of key risk management policies, participation in risk management support committees, review and acceptance of risks and reporting on the risk level.

Risk management system

  • Risk Committee
    • Supervisory Board of Santander Bank Polska
    • Audit and Compliance Committee
      • Internal Audit Area
    • Management Board of Santander Bank Polska
      • Risk Control Committee
        • Risk Management Sub-Committee
      • Risk Management Committee
        • Risk Management Forum
          • Credit Risk Panel
          • Market and Investment Risk Panel
          • Models and Methodology Panel
        • Credit Committee
        • Provisions Committee
        • Recovery Committee
        • Information Management Committee
        • ORMCO
        • CyberTechRisk Forum
        • ALCO
        • Liquidity Committee
        • Capital Committee
        • Disclosure Committee
        • Regulatory and Reputational Risk Committee
        • Local Marketing and Monitoring Committee
        • General Compliance Committee
        • Anti-Money Laundering and Counter-Terrorism
          Financing Committee
        • Sappliers Panel

Three lines of defence

The identification, measurement, monitoring and mitigation of risk is the responsibility of all the Bank’s units which are organized into the so-called three lines of defence.

  • First line of defence
    • Management of risks in the bank’s operational activity is based on business units which, as part of their day-to- day activities, generate risks that affect achievement of the bank’s objectives.
    • The first line of defence includes activities performed by each employee to ensure the quality and correctness of the completed tasks.
    • The first line of defence checks the compliance with procedures and responds to any identified irregularities.
    • The rules of independent monitoring as part of this line of defence are established by the Management Board member in charge of a Division or a bank/Area director or the President of the Management Board of a subsidiary in the form of relevant internal regulations, taking into account the segregation of duties.
  • Second line of defence
    • Risk management by employees in dedicated roles or organisational units and the operations of the compliance unit.
    • Risk management as part of the second line of defence is independent from risk management in the first line of defence.
    • The second line of defence comprises functions which support the bank’s management in identification and management of risks. To that end, the second line of defence provides relevant tools, develops internal regulations and techniques for managing, monitoring, verifying, testing and reporting risks.
    • The units of the second line of defence conduct independent vertical monitoring in order to verify whether the first line of defence takes effective measures and applies the required controls.
  • Third line of defence
    • This role is fulfilled by the Internal Audit function which is responsible for independent and objective examination and assessment of the adequacy and effectiveness of the first- and second-line controls and reviewing and evaluating the management system of the bank and its subsidiaries, including the effectiveness of managing the risk related to the operations of the bank and its subsidiaries.

Risk identification and management

The level of acceptable risk and the risk limits are defined in the bank’s ”Risk Appetite Statement”  adopted by the Management Board and approved by the Supervisory Board. Based on the limits set out therein, observation limits are set and risk management policies are constructed. Santander Bank Polska Group continuously analyses the risks to which it is exposed in its operations – identifies their sources and creates risk management mechanisms, including their measurement, assessment, control/monitoring, mitigation and reporting.

The following significant risks have been identified in the risk management system:
  • credit risk (including concentration risk)

  • market risk (from the bank’s book and the trading book)

  • liquidity risk

  • operational risk

  • model risks

  • business risk

  • capital risk

  • risk of excessive leverage

  • reputational risk

  • compliance risk

The detailed rules, roles and responsibilities of the Group’s entities are described in the relevant internal policies concerning the management of individual risks. Both the bank and its subsidiaries implement risk management policies and procedures that reflect the principles adopted by Group. Within the limits and on the basis of the applicable law, supervision of the risk management system is exercised by the bank, guided by the rules relating to the supervision of the subsidiaries comprising the Group.

Possible significant negative impact on the following areas
Description of the risk Risk management Social Employees Environmental  Human rights  Anti-coruption
Risk defined as the loss resulting from the inadequacy or unreliability of internal processes, people and systems, as well as from external events. The bank and the Group apply the „Operational Risk Management Strategy”. In addition, they also comply with specific policies, procedures and guidelines which describe how risks are identified, assessed, monitored and mitigated. The operational risk management standards are defined by the Operational Risk Management Committee (ORMCO).

(regulatory risk; conduct risk; anti-money laundering and terrorist financing risk; and reputational risk).
Possible significant negative impact on the following areas
Description of the risk
Risk management
Social Employees Environmental  Human rights  Anti-corruption
Compliance risk is understood as the risk of legal, regulatory sanctions, material financial loss affecting performance, or adverse reputational impact which may occur as a result of non-compliance with laws, internal regulations and market standards. In the process of compliance risk management, the control function includes the application of controls, independent monitoring of compliance and reporting.

The control function is carried out through the so-called three lines of defence:

    1. compliance risk in operational activities; as part of the implementation of processes in both the conduct of business areas (so-called: conduct of business) and other areas of the bank’s operations (so-called: non conduct of business).
    2. The second line of defence consists of ongoing vertical verification and vertical testing, the scope of which is adapted to the specifics of the process and the level of risk. The tasks of the second line of defence are carried out by the Compliance Assurance Department or another designated organisational unit, acting on the basis of internal regulations
    1. The third line of defence consists of the activities of the internal audit function.

In addition, there are specialist committees to support risk management processes.

Among the applicable policies in force, the General Code of Conduct and the Corporate Defense Policy should be highlighted.

(a component of compliance risk)
Possible significant negative impact on the following areas
Description of the risk
Risk management
Social Employees Environmental Human rights Anti-corruption
The risk of damage to the image of the bank and the Santander Group, as perceived from the perspective of the bank’s and the Group’s customers, their employees, shareholders and the wider community. It occurs as a result of the materialisation of other risks, including the various categories of Compliance Risk.
Reputational risk is owned by the Corporate Communication and Marketing Area and the Compliance Area, which use a number of mechanisms that include the bank’s Information Policy, Reputational Risk Management Policy, Reputational Risk Appetite indicators, Compliance Policy of Santander Bank Polska S. A. , purchasing policy and procedure for selecting suppliers, media monitoring, Code of Conduct for Securities Markets, customer satisfaction surveys or „mystery shopper” surveys.

Possible significant negative impact on the following areas
Description of the risk
Risk management
Social
Employees
Environmental
Human rights
Anti-corruption
Social and environmental risks arising from client activities in sensitive sectors. It is also a component of reputational risk
The overarching document on social and environmental risks is the „Santander Bank Polska S.A. Sustainability Policy „, which covers the entire Group. In terms of risk, it is complemented by sectoral risk management policies for „sensitive sectors” such as defence, energy, agri-food (soft commodities) and the financing policy for sensitive sectors.

Each sector policy defines the scope of its application, the activities prohibited or restricted by the Santander Group in relation to such sector, the acceptance thresholds for transactions, as well as the responsibility for each policy and the process for updating it.

Furthermore, the bank respects international good practices of social welfare and environmental protection, especially the Equator Principles.

Social and environmental risks

The social and environmental risks are addressed in the Sustainability Policy of Santander Bank Polska S.A. and the supplementary Climate Change and Environment Management Policy. In these documents we make a commitment  to take into account ethical, social and environmental dimensions, as well as financial criteria and risk factors in our decision-making process. We apply environmental policies for high-risk sectors in which we define the criteria for providing financial products and services (including all forms of financing, insurance services, asset management services, equity investments and advisory services).

  • Energy Policy

  • Mining and Metals Policy

  • Defence Sector Policy

  • Soft Commodities Policy

In 2019, we introduced environmental and social risk management aspects as criteria for evaluating projects of the corporate and investment banking segment. We implemented a procedure defining a mandatory process for the bank to analyse the socio-environmental risks that may arise in connection with the commercial activities carried out by our clients. From 2020, all the bank’s contracts with businesses that use coal include clauses prohibiting the use of granted finance for coal mining and production purposes. A dedicated socio-environmental risk unit is responsible for assessing the risks.

Risk culture

We are building a risk culture among employees in our organisation. We regularly conduct activities to strengthen awareness of risks, responsibility for managing them and ways to respond to them. As part of these activities, we carry out various initiatives aimed at employees, including a regular Risk Culture Week.

Five principles of our Risk Pro culture:

  1. accountability
  2. resilience
  3. simplicity
  4. challenge
  5. customer focus

Pandemic risks

In 2020, in the area of risks, the Santander Bank Polska Group focused on countering the risks arising from the COVID-19 pandemic. In a situation of epidemiological threat, operational risks related to the unavailability of human resources (employees and third parties) and buildings (branches and the Business Support Centre) were identified as crucial.

During the pandemic, the importance of cyber security also increased significantly due to the massive shift to remote working (covering almost all processes) and the rapidly growing use of remote channels by customers in sales and  after-sales processes. The Group continuously monitored and took actions to mitigate risks concerning customers and employees, actively warned about emerging threats and exercised enhanced supervision over areas exposed to fraud risk.

Crisis units set up by the Group (i.e. dedicated committees appointed in emergency situations) prepared a Pandemic Response Plan, including preventive and reactive actions. As part of the activities related to the course of the pandemic, the Group’s organisational units reviewed continuity plans on an ongoing basis, including the effectiveness of the adopted recovery strategies in the event of unavailability of key personnel. Priorities were defined for critical activities.

The development of risk indicators for loan portfolios in the wake of the COVID-19 pandemic and the lockdown of many areas of the economy was monitored with increased attention. Numerous internal regulations aligned as a matter of urgency, management reports and early warning systems were expanded and early restructuring measures were strengthened to limit the impact of the downturn.