“Muganbank” OJSC’s Risk Management System complies with the requirements of the Law of the Republic of Azerbaijan on Banks, normative legal documents of the Central Bank of the Republic of Azerbaijan, “Rules on Application of Corporate Governance Standards in Banks”, recommendations of the Basel Committee and international practice, as well as the Bank's internal policy and carried out in accordance with the rules and procedures established by the methodology.

The main purpose of the risk management system is to determine the organization and principles of risk management, the duties and responsibilities of the responsible structures and to define the framework for strategic and day-to-day risk management, monitoring and control.

The Bank divides functions and responsibilities between its structural units according to the principle of 3 lines of defense, taking into account effective risk management, proper recognition of risks, assessment of risks, as well as ensuring continuity and efficiency between business processes and minimizing conflicts of interest. The functions mentioned on each line of defense can be performed by several structural divisions of the bank.

1st line of defense - this category includes all groups whose activities pose a direct risk to the Bank, branches and departments which are serving to the Bank's customers, as well as structural units engaged in the development of products and services. The functions of the structural units in the 1st line of defense include the following:

Detection and initial assessment of risks during operations and transactions;

Organization of activities within the established limits;

Informing the relevant structural units about the risks encountered during business processes.

2nd line of defense - mainly carried out by structural units of the back office. This includes structural units responsible for risk management, finance and accounting, legal and compliance, as well as security risk management. The 2nd line of defense involves adherence to established rules and procedures (compliance mechanism).

The functions of the structural units in the 2nd line of defense include the following:

Develop a risk appetite based on risk limits;

Setting / announcing risk limits for the 1st line;

Risk recognition, assessment and management;

Development of risk methodologies;

Risk forecasting;

Conducting stress tests;

Development and improvement of risk reporting;

Monitoring compliance with established limits on a regular basis;

Monitoring compliance with regulatory requirements.

3rd line of defense - monitors the adequacy of established procedures and mechanisms, as well as the identification of deficiencies that may arise in the course of work. This line of defense includes structural units such as the Internal Audit Department and the Audit Committee.

The functions of the 3rd line of defense include:

Checking the adequacy of business processes;

Evaluation of the risk management system;

Take necessary measures to eliminate gaps and deficiencies in the risk management system.

The Supervisory Board performs the following functions within the risk management system:

Ensures the establishment of a risk management system;

Approves the organizational structure of risk management;

Appoints members of the Risk management Committee;

Approves a “risk limit” for all risks and for each structural unit;

Approves all rules and procedures for risk management;

Approves the policy of the Risk Management Department;

Evaluates the risk management structure and the activities of risk management bodies.

The Board of Directors performs the following functions within the risk management system:

Creates an organizational structure for risk management;

Organizes risk management in the Bank;

Ensures the implementation of risk management procedures;

Includes risk management reports in its monthly and quarterly reports to the Supervisory Board.

The Chief Risk Officer (CRO) performs the following functions within the risk management system:

Develops risk management strategy and policy and submits to the Risk Management Committee;

Coordinates activities of the Board of Directors and structural units in terms of risk management;

Reports on risk limits monitoring results and risk profile on a monthly basis;

Ensures preparation of periodic risk reports in a reliable, transparent, comprehensive and timely manner;

Provides suggestions for improving the risk management system;

Ensures prudential requirements;

Participates in meetings of the Supervisory Board to discuss issues related to risk management.

Responsibilities of the Risk Management Committee:

Conducts risk analysis;

Prepares risk policy proposals;

Prepares proposals on risk limits;

Provides control over the decisions on risks;

Evaluates and revises risk management procedures;

Provides operational support to the risk management process;

Identifies relevant structural units or employees for risks.

Classification of risks:

1. Credit risk - is the risk of loss resulting from the borrower's inability to pay interest and principal in full or on time in accordance with the terms of the loan agreement.

The bank uses the following methods to manage credit risks:

Loan portfolio analysis;

Credit risk analysis based on vintage analysis;

Calculation of credit risks based on the risk equivalent to bankruptcy method;

Loan portfolio assessment based on analytical analysis method;

Loan portfolio assessment using statistical analysis method;

Loan portfolio diversification and limit system;

Application of rating and scoring systems.

2. Market risk - is the risk arising from changes in market interest rates, exchange rates, securities and commodities. There are the following sub-categories of market risk:

2.1 Currency risk - is the risk that a bank may face as a result of undesirable changes in foreign exchange rates. The bank's exposure to currency risks depends on the size of the open (long / short) currency position.

Currency risk management is based on two principles:

Analytical approach;

Mathematical-statistical approach (based on the VAR model).

2.2 Interest rate risk - is the risk arising from changes in market interest rates on financial instruments and the economic value of a bank.

Interest rate risk management is based on the following principles:

Periodic distribution of interest-sensitive (fixed, floating) assets and liabilities of the bank in accordance with the principle of "Interest GAP";

Classification of instruments and contracts based on the degree of sensitivity to interest rate risks;

Modeling the structure of assets and liabilities;

Modeling interest rate change scenarios;

Interest-sensitive asset and liability management stages;

Interest margin calculation;

3. Liquidity risk - is the risk resulting from differences in time and size between assets and liabilities, as well as from the mismanagement of liquid assets; Liquidity is managed on a continuous and daily basis.

The Bank uses three types of ratios to manage liquidity risk.

Mandatory ratios:

Quick liquidity ratio;

Current liquidity ratio;

Liquidity adequacy ratio.

Early warning ratios:

The ratio of highly liquid (current) liabilities to total assets;

Ratio of pledged securities to all securities;

Loan portfolio / Deposits;

Loan portfolio / (Deposits + other attracted funds);

Ratio of total funds raised from local financial markets to total funds raised from foreign markets.

Informative ratios:

The ratio of the total amounts of demand deposits and fixed amounts of correspondent accounts of banks to the total amount of liabilities is found;

The structure of assets and liabilities by liquidity ratios is considered;

GAP analysis of liquidity;

Stress tests are performed;

Pessimistic, realistic and optimistic liquidity scenarios are considered;

Liquidity is discussed and forecasted on a monthly basis;

The Bank's profitability and efficiency ratios are constantly monitored;

4. Operational risk - is the risk of loss resulting from inadequate or unsuccessful intra-bank processes, people, systems and non-bank events.

Operational risk management involves the analysis of all aspects of the Bank's activities. This analysis is conducted at several levels:

Analysis of changes in the financial sector that may affect the effective operation of the Bank;

Analysis of the bank's operational exposure to operational risks, taking into account the bank's priorities;

Analysis of the bank's operations and deals;

Analysis of internal procedures and information exchange;

The Bank uses the following two main approaches to measuring operational risks and calculating minimum capital requirements for operational risks:

Basic Indicator Approach (BIA);

The Standardized Approach (TSA).

The following sub-categories of this risk are available:

4.1 Human resource risk - is the risk of damage caused by violation of existing legal acts, errors and omissions in the course of banking operations by employees of the bank, knowingly or unknowingly.

4.2 IT risk - is the risk of problems within bank's information and technology systems.

4.3 Legal risk - is a risk arising as a result of violation of legal acts, including legal acts of the supervisory authority and tax authorities, incomplete, untimely or incorrect application, non-acceptance of internal rules of the bank, as well as contradictions and gaps in internal rules.

4.4 Compliance risk - is a legal risk arising from the legalization of criminally obtained money or other property and non-compliance with legal acts in the field of terrorist financing, including the requirements of the supervisory authority and the financial monitoring body.

4.5 External risk – is the risk of damage caused by a third party or nature.

4.6 Reputation risk - is a risk that negatively affects the bank's profitability as a result of non-protection of customer satisfaction in banking activities, dissemination of information by customers, counter-agents, supervisory authorities that is not relevant to banking activities.

5. Strategic risk - unsatisfactory accounting of mistakes made in making decisions that determine the Bank's strategy and development and possible threats that could adversely affect the Bank's operations, improper identification of perspective directions of banking activity that may gain an advantage on competitors, ensuring the Bank's strategic goals the probability of losses due to lack of necessary resources and organizational measures.

The following activities are carried out to manage strategic risks:

Compliance with the Bank's strategic objectives are controlled;

Trends such as economic, political, social etc.in the business environment are followed;

Competitive conditions in the market are controlled;

New products, technologies and practices are monitored;

Controls the effective evaluation of alternative business directions;

Controls the efficient use of resources;

Monitors the effective implementation of strategic decisions.