AtaBank OJSC fulfils regulations and requirements of the Central Bank of the Republic of Azerbaijan and the Financial Market Supervisory Authority (FIMSA) of the Republic of Azerbaijan in the field of risk management in accordance with the requirements of the bank’s Charter, internal rules and methods of risk management.

The bank has identified its key priorities, covering goals and perspectives in several areas for more effective, efficient and comprehensive risk management:

  • Objectivity;
  • Timely and accurate diagnosis;
  • Timely implementation of more effective measures to reduce risks and minimize impacts;
  • Timely implementation of more effective measures to reduce risks and minimize impacts;
  • Implementation of backtesting.

To address these issues, the bank takes into account both the regulatory requirements of local laws and codes, regulatory bodies, and international experience (international standards and ratios, including experience and risk management techniques in several of the world's leading banks). In order to comply with the requirements of regulatory acts, the bank also applies the methods used in international practice and which are more practical for the bank. Analysis of the results of the application of these methods allows expanding the use of the more relevant of them and replacing the relatively less effective with the more effective ones.

Rights, duties and authorities in risk management are maximally distributed in the organizational structure of the bank. Taking into account the “Law of the Republic of Azerbaijan on Banks”, “Rules on Risk Management in Banks” and “Standards of Corporate Governance in Banks”, approved by the Financial Market Supervisory Authority (FIMSA) of the Republic of Azerbaijan and the Central Bank of Azerbaijan, as well as the requirements of other regulatory acts, duties and authorities are distributed between the Supervisory Board, the Risk Management Committee, the Board, the Chief Risk Management Director and the Risk Management Department.

The bank considers the following issues as its main strategic priorities in the field of risk management:

  • Each bank employee is also a risk manager;
  • Credit and operational risks are important but informational, legal, and other risks should be kept in focus at least at the same level;
  • The correct diagnosis covers 50% of risk management;
  • Risk measurement should not be formal, should not be limited to mathematical measurements and analysis, and objective and subjective factors should be taken into account when managing risks.

The main methods and proceduresof the bank for the implementation of the aforementioned strategic priorities:

  • The bank’s “Risk Management Guidelines” identify about 30 types of risks specific to the country's banking sector, reflecting their nature, characteristics and features. The Guide also notes the necessary measures to minimize these risks;
  • The bank emphasizes the importance and significance of the “Risk Map” and placed all the risks reflected in the “Risk Management Guidelines” in the annually updated “Risk Map”. The Map is created using the broken line model, based on the probability of occurrence of risks and the degree of damage (very low, low, medium, high, very high). Risks located on the Map above the broken line should always be monitored and measured for the next year. The main goal is to reduce these risks and bring them below the level of the broken line. Risks located below the broken line have a low level of probability of occurrence and damage. Even if the likelihood of some risk with a low damage level is moderate, placing it below the broken line can be considered acceptable in exceptional cases;
  • Daily MIS reports cover and reflects all the risks presented in the “Risk Map”. In addition, these reports describe in more detail the risks that are above the broken line in the “Risk Map”. If any risk for the next year is not reflected in the daily MIS reports, then a new report(s) will be prepared that cover these risks;
  • Stress tests, what-if analysis. The bank conducts stress tests with different shock scenarios, where the main goal is to measure the bank's resistance to various shocks;
  • Microeconomic indicators are influenced by macroeconomic indicators and depend on them. This influence and dependence can be direct and indirect, delayed and instantaneous. Considering this economic pattern as one of its main priorities, the bank constantly analyzes macroeconomic indicators, trends and situation, and also measures, using various methods, the direct and indirect, delayed and instantaneous influence of macroeconomic indicators on the bank.

Credit and operational risks:

For the credit and operational risks management, the bank has developed a “Credit Risks Management Guidelines” and an “Operating Risks Management Guidelines”, which were also approved by the Supervisory Board of the bank. To measure credit and operational risks, the bank applies both international methods (measuring risk exposure, bankruptcy risk, conducting vintage analysis, measuring portfolio exposure to risk), as well as practical methods used by various banks in the world and in the country to measure various risk indicators of credit portfolios. For example, the ratio of individual loans, as well as individual loan products and loan portfolios by sector, to the total loan portfolio is given, and the risks inherent in the portfolio are determined. After collecting statistical data of operational risks, analyzing the frequency of occurrence of risks and calculating the level of potential damage, high-level risks are determined and an action plan is prepared to prevent them.

Risks in the field of information technology:

The sustainable development of information technology from day to day increases the risks in this area. It should be borne in mind that hackers and scammers use modern technology, knowledge, skills and experience at a high level. Therefore, the bank has identified separate guidelines and procedures for risks in the field of information technology and conducts a separate professional audit of risks in this area. Information technology risks are managed differently than credit and operational risks. It is enough to note one moment to show how the risk assessment in this area is important for the bank: in 2011, for the first time among the country's banks, AtaBank together with an international auditing company, conducted “penetration testing” and continues to conduct similar tests periodically.

Other risks:

The bank believes that the management of legal, reputational, personnel, strategic and other risks is also one of its priorities. In general, consideration of the likelihood of any risk causing a new risk, infection, implementation of timely diagnosis, as well as relying on preventive measures, as having a great effect, are considered decisive factors in risk management.