12.2.4. Operational risk

mBank organises the operational risk management process taking into account the regulatory requirements. PFSA resolutions and recommendations (including Recommendation M in particular) constitute a starting point for developing the framework of the operational risk control and management system in mBank Group.  

The Bank understands operational risk as the possibility of incurring a loss arising from inadequate or defective internal processes, systems, errors or actions taken by the Bank’s employee or from external events. Additionally, operational risk includes legal risk.

The operational risk control and management system, with its classification of roles and responsibilities, forms an organisational basis and the necessary structures in order to enable expedient and effective control and management of operational risk at every level of mBank’s organisational hierarchy. The structure of operational risk control and management covers in particular the role of the Management Board of the Bank, the Business and Risk Forum, the Chief Risk Officer, the Integrated Risk and Capital Management Department, and the tasks assigned to persons managing operational risk in particular organisational units and business areas of the Bank. The operational risk control and management process at mBank is developed and co-ordinated by the central operational risk control function while operational risk management takes place in every organisational unit of the Bank and in every subsidiary of mBank Group. It consists in identifying and monitoring operational risk and taking actions aimed to avoid, mitigate or transfer operational risk.

The entire operational risk control process is supervised by the Supervisory Board of the Bank through the Risk Committee of the Supervisory Board.