PASHA_BANK ANNUAL REPORT 2021

175 Annual Report 2021 PASHA Bank (Convenience Translation of Publicly Announced Financial Statements Originally Issued in Turkish, See Note I of Section Three) (Amounts are expressed in thousands of Turkish Lira (“TL”) unless otherwise stated.) PASHA Yatırım Bank A.Ş. Notes to Unconsolidated Financial Statements At 31 December 2021 INFORMATION RELATED TO UNCONSOLIDATED FINANCIAL POSITION AND RISK MANAGEMENT (Continued) VIII. EXPLANATIONS ON THE RISK MANAGEMENT Notes and explanations in this section have been prepared in accordance with the “Communiqué on Disclosures about Risk Management to be Announced to Public by Banks” that have been published in official gazette no 29511 on 23 October 2015. Since Internal Rating-Based (IRB) approach is not applied, tables that have to be prepared within the scope of IRB, are not presented. a. Bank’s risk management approach Effective risk management constitutes one of the most important competitive strength of the Bank. Risk management system is assessed as a critical process which includes all units starting from the Board of Directors level. General strategies regarding Bank’s risk management are given below: - Effective risk management within the Bank’s risk profile based on materiality; implementing a centralized risk framework that includes all major risk areas. - Managing existing and potential risks from the beginning through forward looking risk strategies, policies and procedures, models and parameters, - Applying a risk-focused management approach in the strategic decision process, - Complying with all national risk management requirements, where the Bank operates. The Bank’s Board of Directors has the ultimate responsibility for setting-up and monitoring the efficiency of such a risk management system. The Board of Directors manages the risks through Risk Management Committee (RMC). RMC is responsible for the development of risk policies, measurement of risks and determination of methods to manage them, setting up of appropriate risk limits and their monitoring. All the risk policies of RMC are written and integrated with the Bank’s long term strategy. The Board of Directors fulfils its monitoring responsibility through the Auditing Committee, the Executive Risk Committee, the Credit Committee and other related intermediary committees and by means of regular risk, control and audit reporting system. The Board of Directors regularly reviews and approves Bank’s main risk approach, risk principles and policies which are initially discussed and decided by the Risk Management Committee. The Board of Directors also determines Bank’s risk appetite by risk limits taking market conditions and Bank’s risk taking capacity into consideration. Risk limits are made up of regulatory and internal limits on the basis of risk types. Bank’s Senior Management is responsible to the Bank’s Board of Directors that daily activities are executed within the risk management procedures and risk limits determined by the Board of Directors and that risk management system operates in effective and efficient manner. The Internal Audit, the Internal Control and Compliance Presidency and The Risk Management Departments which directly report to the Board of Directors operate in coordination with the business units of the Bank. In this scope, it is also Senior Management’s responsibility to take necessary measures in order to resolve identified weaknesses, deficiencies and errors stated in the reports of internal and external audits, internal control and risk management. Locally and internationally accepted risk models and parameters are used in the identification, measurement and monitoring of risks within the scope of risk management. The Bank strives continuously for development and improvement of internal methods and models. Forward looking risk reports prepared through regular and close monitoring of the market developments are made available for the Senior Management and the Board of Directors. In order to analyse the potential risks that the Bank may be exposed in extreme cases, various scenario analyses are performed and contingency plans are prepared. The Bank’s internal capital adequacy assessment process (“ICAAP”) has been established and the ICAAP has been performed parallel to the annual budget process on an annual basis. Moreover, various risk mitigation techniques are utilized to limit and provide protection against risks the Bank is exposed to. The effectiveness and efficiency of the risk mitigation techniques are regularly monitored.