Process

Organization and powers of authority in the risk-management process

Responsibility for risk

The responsibility for risk is borne by the Board of Directors. It is its remit to ensure that an internal control system (ICS), as the basic prerequisite effective and efficient management of risks, is set up and maintained.

In particular, the Board of Directors is responsible for approving the risk policy, additional guidelines relating to matters of risk policy and the risk budget for the overall bank, for overseeing the implementation of the risk policy, the effectiveness of the organization supporting the risk management process and the risk situation of VP Bank Group. In assuming its duties, the Board of Directors is supported by the Audit & Risk Management Committee.

Group Executive Management

The Group Executive Management is responsible for the implementation of the strategies and business policies laid down by the Board of Directors. Amongst its core tasks are the management of risks and returns, the management of business and reputational risks as well as the approval of limits for the individual Group companies and the respective risk categories.

Boards of Directors of the Group companies

It is incumbent on the Boards of Directors of the Group companies to adapt the risk policy to local circumstances and regulations specific to the respective markets as well ensuring compliance therewith.

Group Risk Controlling

Group Risk Controlling is responsible for the measurement and control of financial risks at the portfolio level, the monitoring of compliance with the risk-policy guidelines as well as periodic and ad-hoc reporting on all risks to the Board of Directors and Group Executive Management. In addition, Group Risk Controlling computes the overall risk budget and the risk sub-limits and submits them for approval. Group Risk Controlling is a part of the central staff function Group Finance.

Group Treasury

The active and on-going management of liquidity, market and credit risks within the framework of the risk tolerance of the Bank as well as compliance with the riskpolicy guidelines is the responsibility of Group Treasury. Group Treasury takes responsibility for the gains and losses which were generated in respect of the risks entered into. Furthermore, Group Treasury is responsible for controlling of derivatives.

Steering Committee

In the Group Treasury steering committee which meets each monthly or as and when the need arises, decisions are taken on issues relating to the management of liquidity and limits, the management of own investments as well as asset and liability management (ALM).

Risk-management Process

The risk-management process of VP Bank comprises the four process phases risk identification, risk evaluation, risk management and risk monitoring. The responsibilities and powers of authority within this process as well as the methods employed and measures to be taken are laid down in detail for each individual phase and each risk category.

The knowledge of the risks inherent in the business activity forms the basis for effective risk management. The identification of risk is essential primarily in the granting of credit, the introduction of new financial instruments, the review of new strategic directions or the execution of unusual off-one transactions. In the area of risk evaluation, a distinction is made between risk measurement and
risk assessment.

In the process, it is also necessary to estimate non-quantifiable risks. Quantifiable risks are measured with the aid of the three following variables: expected loss, non-expected loss and stress tests.

The goal of risk management is the optimization of the relationship between risk and income within the framework of a defined risk appetite. Active management is undertaken within the framework of the legally stipulated limits and using an internal system of limits oriented to volumes, sensitivity indicators and size of losses. The management of qualitative risks is assured through key controls on the basis of stringently defined business processes.

Active risk management is accompanied by a functionally and organizationally independent risk monitoring process which encompasses the control of risks and reporting. The extent to which overall bank limits are utilized as well as observance of sub-limits are controlled. Group Risk Controlling immediately reports all excesses to the Chief Financial Officer. Periodic reporting ensures that all relevant information on the income-risk situation of VP Bank is presented and reported in a reliable and timely manner.

As of February 1, 2011, Group Treasury was integrated into the area of Group Finance; the functional segregation continues to be ensured through the two units Risk Control (for monitoring) and Group Risk Management (for active management).