About bank

General Information

The risk management system of Kapital Bank OJSC is governed by the "Organizational Risk Management Policy," aligning with the "Corporate Risk Management Standards in Banks" set forth by the Central Bank of the Republic of Azerbaijan, along with directives from the Basel Committee and international standards and principles.

Purpose of the Risk Management Policy:

The primary aim of the policy is to establish a risk management framework, fostering a uniform and holistic approach to risk management. The adoption of a Risk Management Policy serves two key objectives: firstly, to promote an environment conducive to identifying and managing risks while using opportunities for growth and innovation; secondly, to foster a risk-aware culture adept at navigating uncertainties and challenges effectively. Adherence to such a policy protects the organization from unpredictable situations, ensuring sustained operations and long-term prosperity.

Risk Management Function

The risk management function within an organization is represented by a dedicated department or group entrusted with the task of identifying, evaluating, managing, and overseeing risks that could influence the realization of the organization's strategic objectives. The structure of the risk management function may vary depending on factors such as the organization's scale, complexity, and the nature of its business activities.

  • Develops, implements, and manages Organizational Risks Management Program.
  • Establishes and manages a Risk control matrix.
  • Identifies and assesses risks, collaborates with relevant departments to mitigate identified risks.
  • Prepares comprehensive risk reports consolidating risk information and submits them to the Risk Management Committee (RMC).
  • Initiates actions to enhance the risk culture within the Bank.
  • Facilitates data collection and records realized risks within the Bank, evaluates actual and potential losses, and generates relevant reports accordingly.
  • Identifies and applies key risk indicators, conducting thorough analyses as needed.
  • Proposes methodologies to define risk appetite aligned with the Bank's strategic objectives, develops tools for prompt detection of breaches in risk appetite thresholds, and conducts monitoring accordingly.

The Role of Senior Management and Committees in the Risk Management Process

Supervisory Board (SB):

  • Oversees the implementation of the risk management policy.
  • Reviews and approves the enterprise's risk management policy, including processes for identifying, assessing, mitigating, and monitoring risks.
  • Ensures that risk management is considered in strategic planning and integrated at different levels of the organization.
  • Reviews reporting on risk management and risk culture, including reports on the results of risk identification, risk assessment, and risk mitigation plan.
  • Reviews and approves reports on identified risks and the elimination of identified deficiencies.
  • Approves the organizational structure of Risk Management, relevant responsibilities, and authorities.
  • Reviews and approves the emergency action plan formed to ensure the continuity of the organization’s activities.
  • Reviews and approves the statement on risk appetite and risk limits.

            Risk Management Committee:

  • Reviews the strategy and risk management policy (at least annually), along with instructions, ensuring alignment with the organization’s objectives, regulatory requirements, and industry best practices, then submits them for approval by the Supervisory Board.
  • Reviews the report on risk appetite, including risk limits, and submits it to the Supervisory Board for approval.
  • Provides recommendations and proposals to the Supervisory Board concerning the organization’s risk appetite for both aggregate and individual risk types and proposes adjustments to established limits if violated.
  • Ensures the availability of procedures to uphold compliance of the organization’s activities with the risk management policy and oversees the Management Board's application of a preferred risk statement (risk appetite).
  • Monitors compliance of the organization’s capital and liquidity management objectives, as well as all inherent risks (such as credit, market, transaction, reputational, etc.), with the organization’s risk appetite.
  • Reviews reports on the Bank’s risk profile and the formulated action plans to mitigate risks.

Management Board (MB):

  • Reviews the risk management strategy, policies, and guidelines to ensure alignment with organizational objectives, regulatory requirements, and industry best practices.
  • Organizes the risk management process and ensures the implementation of the risk management policy.
  • Monitors the implementation of the enterprise's risk management strategy and policy.
  • Ensures that the organization’s risk level indicators are maintained within the established risk appetite.
  • Analyses the risks faced by the organization and takes necessary actions to address identified deficiencies.
  • Facilitates collaboration between other structural divisions of the organization and the risk management unit and takes measures to prevent interference in activities while creating appropriate conditions for operations in alignment with the organization's risk profile.

Chief Risk Officer (CRO):

  • Oversees the development of a risk management strategy and policy, submitting them to the SB for approval.
  • Coordinates risk management activities among the Management Board and various structural divisions.
  • Proposes enhancements to the risk management system and submits relevant proposals to the SB and the RMC.
  • Ensures alignment of the Bank's risks with its risk tolerance.
  • Implements measures to enhance the expertise and skills of employees in units responsible for risk management.
  • Ensures compliance of the risk management policy with international risk management standards and best practices.
  • Reviews reports and data pertaining to the risk profile provided by the risk management department, subsequently submits them to the appropriate management body.

1st Line of Defence: this comprises structural units directly engaged in daily operations. These units serve as risk owners and bear the responsibility for identifying, managing, mitigating, analysing, and reporting on key risks within their respective domains.

2nd Line of Defence: this comprises structural units tasked with overseeing the 1st line of defence in executing efficient risk management practices. These units operate independently, perform risk management and compliance functions. This line of defence specifically guarantees the efficiency and compliance of risk management and control procedures within the organization.

3rd Line of Defence –this comprises autonomous internal and external audit function that provides assurance regarding the efficiency of risk management, internal control processes, and internal bank policies, such as the risk management policy through conducting both general and risk-based reviews.

Classification of Risks by Type

In the area of financial services, where credibility is paramount, establishing an effective reputation management system holds significant importance for our Bank. The risks encountered across all risk categories directly and indirectly impact the Bank's overall reputation in the dynamic financial environment, making reputation safeguarding pivotal for sustained business continuity. To this end, the Bank integrates measures aimed at upholding a favourable reputation into all facets of its risk management strategy.

Credit Risk:

Credit risk emerges when a borrower fails to fulfil obligations to the bank timely or completely. This encompasses instances of delays in payments, debtor payment restructuring, and similar cases.

  •  The regulatory framework for credit risk management is established, continuously refined, and its implementation is closely monitored.
  • Prior to launching new products, assessments of credit risks are conducted to ensure they remain within acceptable thresholds.
  • New control mechanisms and reporting systems (such as red flags, scoring, stop loss, etc.) are developed based on the specific attributes of credit products.
  • Risk management tools are used to analyse the portfolio:
  • Portfolio risk exposure.
  • Calculation of expected loss (EL) and its components.
  • Vintage analysis.
  • Stress test models.
  • Scenario analysis and "What-if?" evaluations.
  • Transition matrices.
  • Analysis of the tracking system.
  • Retrospective modelling and forecasting.
  • Establishment of special reserves in accordance with IFRS and CBA standards to mitigate potential asset losses.


Operational Risk:

Operational risk refers to the potential for loss caused by deficiencies, human and system errors, legal risks, and external events stemming from inadequacies in internal processes.

There are the following subcategories of operational risk:

  • Human resource risk - arises from violations of existing legal regulations, errors, and omissions by bank employees, whether intentional or unintentional, during the execution of bank operations.
  • IT risk - emerges from issues within the bank's information systems or technologies.
  • Information security - occurs due to breaches in the protection of information confidentiality, integrity, and availability.
  • Legal risk - results from non-compliance with legal regulations, including those stipulated by regulatory bodies and tax authorities, encompassing incomplete, untimely, or erroneous application.
  • Deviations from business processes - entails the risk of violating the Bank's internal regulations and procedures due to errors in design of business processes.
  • External risk – stems from harm inflicted by external parties or natural occurrences.
  • Model risks - reflect the risks borne by the bank due to decisions reliant on model outcomes, attributed to errors in data, application, and processing employed in internal model development.

Activities related to operational risks in the bank are conducted through the following methods:

  • Identification, prevention, and mitigation of operational risks associated with new products, services, business processes, motivation systems, as well as modifications to existing offerings, services, motivation structures, projects, operational models, and business processes.
  • Utilization of Risk and Control Self-Assessment (RCSA) questionnaires.
  • Evaluation of role matrices and related modifications in terms of operational risk within authority distribution management in information systems.
  • Collection of information on risks and losses attributed to human factors, technology, etc., during banking operations, with classification and management based on Basel standards.
  • Determination, monitoring, and reporting of Key Risk Indicators (KRIs).
  • Conducting monitoring activities to proactively identify risks.
  • Identification of risks through incident analysis and evaluation.
  • Collection and analysis of data related to losses stemming from operational risks.


Liquidity Risk:

Liquidity risk management within the Bank is performed through the following directions:

  •  Selection and application of liquidity risk methods and models.
  •  Analysis of risk indicators encompassing both internal and external risk factors.
  •  Evaluation of Liquidity Stress Testing and Shock Events.
  •  Identification of finance concentration.
  •  Calculation and analysis of metrics such as Instant Liquidity, Liquidity Coverage Ratio (LCR), Net Stable Funding Ratio (NSFR), and other relevant indicators.
  •  Distribution of payment terms and analysis of liquidity gaps.
  •  Examination of liquidity and payments across different currencies, among other factors.
  • Breakdown of payment terms and analysis of liquidity gaps.
  • Examination of liquidity and payments across different currencies, etc.

Market risk: 

Market risk management within the bank encompasses the following directions:

  • Investigation of potential changes in economic and banking sector, and determination of possible impacts on lending and management of assets and liabilities.
  • Examination of interest rate risk, including variations in interest rates and potential volatility disruptions,
  • Economic Value of Equity
  •  Net Interest Income
  • Repricing Gap Analysis
  • Assessment of investment risks, including fluctuations in the value of stocks and bonds, yield curves, etc., and calculation of the risk-exposed value stemming from market risks associated with securities.
  • Review of potential negative effects of market risks on financial institutions.
  • Evaluation of the impact of risks arising from fluctuations in foreign exchange rates and commodity prices on bank assets.
  •  Stress testing
  • Scenario analysis, etc.


Strategic Risk:

Strategic risk arises from the incorrect selection of strategic goals. The following is performed for strategic risk management:

  • Controlling compliance with the Bank's long-term roadmap.
  • Tracking economic, political, social, and other trends that influence the transition to a new business environment (such as emerging market competition, products, technologies, and practices).
  • Effective evaluation of alternative business directions.
  • Monitoring the efficient utilization of resources.
  • Monitoring the effective implementation of strategic decisions, etc.

Compliance risk (https://www.kapitalbank.az/en/compliance):

Compliance risk refers to the potential for the Bank to encounter measures, sanctions, financial losses, or damage to its reputation due to non-compliance with legislation and legal regulations governing financial markets.

Information Security Risk

Information security risk encompasses the potential compromise of information's completeness (accuracy, clarity, relevance, and comprehensiveness), availability (access and possibility of control), confidentiality (restricted to authorized users and processes), and reliability (adequacy, objectivity, and usefulness).

Information security risk management is typically carried out through the following measures (at a minimum):

• Asset management.

• Control over network connections.

• Access control.

• Establishment of data handling rules and application of encryption requirements.

• Investigation of incidents related to information security, etc.

Updated: 29.02.2024

You can download the bank logo here