PASHA_BANK ANNUAL REPORT 2021

General Information Financial Information and Risk Management Review Information on Management and Corporate Governance Principles Credit Risk is also monitored within the scope of regulatory reports, credit risk and credit risk capital requirement were calculated. Historical trend of credit portfolio and concentration risk were monitored. To keep credit concentration under control, concentration limits were identified and monitored for individual firms, group companies and banks. Provisions were calculated using provision methods established within the frame of compliance with legal and international standards based on IFRS 9. Under the scope of credit risk, life cycle of the internal risk assessment model was completed, which aimed to digitize the risk considering the financial and qualitative data, behavioral data, group approach and warning signals with the objective of assessing the customers by more objective criteria and increasing the risk quantification efficiency. Validation studies for the model were performed for its strength of distinction and reliability. It was decided that the model was performing at the expected level. Results of the rating model were continued to be used in processes such as credit rating, pricing, monitoring and credit provision calculation. Capital adequacy calculations were transferred to a module which is integrated in the core banking system. As a result, systematic calculations are made at a sophisticated software instead of manual calculations, thus preventing possible operational risks. All of the analysis and reports covering the credit, market, liquidity and operational risks were submitted primarily to Asset‑Liability Committee and Risk Management Committee and to relevant committees. Stress tests and scenario analyses which are intended to assess and measure all risks that the Bank may be exposed to and which enables the determination of necessary capital amount were performed and shared with the Board of Directors within the scope of Internal Capital Adequacy Assessment Process (ICAAP). Risks that the Bank may be exposed to and the risk appetite regarding these risks were identified by taking the stress test results into consideration and the Risk Appetite Statement was updated. Policies and procedures of Risk Management Department are updated to include the Bank’s current structure and risks that the Bank may be exposed to. Improvement of technical infrastructure and competences were achieved in terms of the Bank’s risk identification, monitoring, control, risk reduction and stress testing processes within the scope of the action plans established so that Risk Health Indicators (RHI) scores reach the expected levels, which is among the Bank’s strategic key performance indicators. Assessments were made within the Bank to increase risk awareness within the scope of the risk culture project of the Holding. Improvement areas were identified and action plans were established. Internal systems departments are at the focus of all transactions within the Bank in terms of risk, organization, quality management, effectiveness, adequacy and compliance. In this context, Internal Control and Risk Management Departments which constitute the second line of defense will continue its activities such as updating the infrastructure, performing second level controls, monitoring and reporting of results, fulfilling regulatory requirements and demands, improvement of the Bank’s internal control and risk management environment in 2022. Compliance Department will also continue its monitoring and control activities in accordance with the legislation. Similarly, Internal Audit Department will continue its activities to fulfill its auditing responsibilities for effectiveness, adequacy and compliance of internal control and risk management environment in the Bank, with the same scope and attention in 2022. Assessments of the Audit Committee on the Activities of Internal Systems