Alior Bank Group’s employees is obliged to observe the law, guidelines of regulators, and the applicable Bank’s internal regulations and procedures. In their daily work, the Bank and its employees should also act in accordance with the „Code of Banking Ethics” („Principles of Good Banking Practice”) adopted by the Polish Bank Association and the in-house Ethics Code. Both Alior Bank S.A. and Alior TFI S.A. have applied best practices for companies listed on GPW.

Ethics – rules of conduct

Ethics, Simplicity, Agility and Team-Work are four principal values for Alior Bank S.A. We have defined them in the “Digital disruptor” business strategy adopted in 2017, which sets out the Bank’s activities for 2017-2020.

Our values

In 2019, Alior Bank continued the implementation of the leader role-model, meaning an ambassador of values and attitudes who sets out engaging and ethical goals, gives autonomy, supports employees development. Alior Bank’s Transformational Leader is a leader who ensures the implementation of business goals in an ethical way by building employees involvement and lasting customer relations.

Ethics is one of our basic values defined in Alior Bank’s Strategy 2017-2020. Every day, we take many activities and initiatives which focus on strengthening the awareness and attitudes of employees for Compliance and ethics.

The Code of Ethics is a set of the principal rules of conduct related to the Bank’s activity.It is addressed both to our employees, as well as to people through which the Bank performs banking activities. For Alior Bank’s employees, the Code is a guide which helps to take fair and legal decisions.

The Code of Ethics consists of four parts containing rules of conduct towards customers, towards each other, towards counterparties, and towards the market and communities. It contains guidance on the compliance at the workplace with the principles of professionalism, respect and good manners, as well as maintenance of openness to diversity and toleration. In addition, the document encourages care for the environment.

We do our best to make the Code of Ethics a pillar of our daily work, that’s why all employees of the Bank participate in training on various aspects of ethics. Employees who join Alior Bank are required to complete training as part of onboarding which is concluded with a test of knowledge. Other employees regularly use e-learning training to refresh their knowledge of ethical topics. Ethical rules are also promoted in cyclical Compliance Bulletin.

Alior Bank prohibits discrimination. The Bank is guided by high ethical standards in the process of employees recruitment, where the principle of no discrimination is overriding. The required competences and the expected attitudes of the candidate on the respective job are each time clearly and precisely formulated in job ads. The ads are published on generally available portals so that all potential candidates are able to reach them and apply for the job. The candidates are assessed according to the same criteria, taking into account the qualifications and attitudes expressing the values promoted by the Bank. Employment decisions are always taken collectively based on a procedure adopted for that purpose.

We put great store by properly organised system of breach reporting – we want that all employees are able to provide information or share their doubts easily and without fear.

Alior Bank ensures to its employees the possibility of using many communication channels for this purpose. The report may be oral, written or sent by e-mail to dedicated mailboxes, including directly to Members of the Management Board or of the Supervisory Board.

The adopted breach reporting system gives the possibility of maintaining anonymity. The Bank unconditionally prohibits any retaliation or discrimination, or other unfair treatment against any employee who has reported a breach in good faith. In addition, in 2018 we have launched a Policy of Working Environment Free from Undesirable Behaviour in Alior Bank S.A. and Procedure of Reporting Undesirable Behaviour in Alior Bank S.A., which apply, in particular, to such undesirable behaviours as discrimination, mobbing, humiliation, sexual harassment.An e-learning training has been prepared for all employees and made available on the training platform on undesirable behaviours at the workplace.

In 2019, we received 67 reports on potential breaches of ethics (including mistreatment of employees by managers, discrimination, mobbing, etc.). All reports were subjected to detailed review which found 17 of them reasonable. Recommendations were issued aimed at removing the inadequacies.

Fraud risk management

A major element of minimising the risk of non-compliance is for the Bank to ensure proper oversight of dealing with conflicts of interest. This area is governed within Alior Bank Group by the provisions of the Conflict of Interest Management Manual.

Conflict of interest management manuals have been adopted in five largest Alior Bank Group companies (Alior Bank S.A., Alior Leasing Sp. z o.o., Serwis Ubezpieczeniowy Sp. z o.o. and Alior TFI S.A., NCS Bancovo). The staff working in other companies are employed by Alior Bank S.A., and they are required to act in accordance with the rules of the Code applicable at the Bank.

In that document, employees of Alior Bank Group can find answers to the question of how to define a conflict of interest and determines its potential and actual consequences, and how they should act to avoid a conflict of interest. The manual governs such significant items as, e.g., the rules of serving relatives, acceptance of gifts and invitations, and conducting paid activities by the employees outside of the Group. This document also clearly defines the rules on on-job subordination between close relatives, placing special emphasis on the elimination of the risk of nepotism.

The Bank pursues the policy of full observance of the law and business integrity and ethics in all fields of its activity. Security Policy defines the principal rules of operation of Alior Bank’s Security System and provides the foundation on which to develop policies, detailed requirements, security processes and procedures, is an overriding document to other in-house regulations of the Bank related to security, such as Fraud Prevention Policy, Information and Communication System Security Policy, Information and Personal Data Protection Policy, Policy of Physical and Engineering Security of Banking Facilities, Prevention of Money Laundering and Terrorist Financing Programme. These documents are applicable to all those employed at the Bank, regardless of the employment basis, and apply, in the scope defined by agreements, to the employees of third parties collaborating with the Bank.

The employees of Alior Bank S.A., Alior Leasing and Alior TFI S.A. have received training on fraud prevention procedures and the rules of ethical conduct. Training at Alior Bank related to, among others, security policy and compliance risk, where conflict of interest was one of the addressed areas, in addition to banking confidentiality and gift policy. Training has been introduced as a duty for all new employees at Alior Bank.

In 2019, the Bank’s employees reported 268 cases of acceptance of valuable consideration, such as presents, invitations to conferences or training, tickets, gifts, etc., which were recorded in a special registry. Vast majority of the reported presents was within the admissible limit of PLN 200. For presents exceeding that value, the usual solution is donation to charity, e.g., to children’s homes. For invitations to conferences or business meetings, consent was given if the topics addressed were related to one’s business responsibilities.

In 2019, 171 cases of potential conflict of interest were identified, of which 106 were determined to be actual breach of the applicable conflict of interest avoidance rules. As a result of the discovered breaches, recommendations were issued for measures to restore the desirable status. The breaches related mostly to serving close relatives or undertaking potentially competitive activity.

Prevention of violation of human rights in the supply chain

Any entity joining a bid organised by the Bank is required to submit a special appendix to the bid –„Business Ethics” Statement, which is part of the formal legal evaluation of the bid. By signing that document, the bidder represents that within their business they comply with legislation and rules of ethical conduct. The crucial elements of the statement to be signed are:

The bank pursues a Purchasing Policy whose purpose is to define principal rules and guidelines for the Supplier selection process as part of purchasing conducted for Alior Bank S.A. and its subsidiaries. To care for information security and confidentiality, the Contractors are required to provide the following schedules, among others: Confidentiality Agreement and No-Relationship Statement. In 2019, the purchasing policy was additionally updated to include an Anti-Mobbing Policy.

In 2019, Alior Bank’s subsidiaries have implemented common rules for purchasing procedures for PLN 30,000 or more, to which Alior Bank’s Purchasing Policy applies.

In addition, Alior Bank operates an Outsourcing and Sensitive Services Management Policy, Policy of IT Service Provider Relations Management, and Manual for the Keeping of the Agreement Registry, as well as the Operating Rules of the Spending Control Team.

Management of risks related to business activity

Risk management is a crucial in-house process at the Bank and at Alior Bank Group. Risk management supports the delivery of the Bank’s strategy and is aimed at ensuring adequate level of profitability and security of business, while ensuring an adequate level of risk control and keeping it within risk tolerances (risk appetite) and the adopted limit system, in changing macroeconomic and legal conditions. The Bank’s risk management system is based on three independent lines of defence.

This framework is set by the standards applicable in the banking sector as well as guidelines in regulations and regulatory recommendations.

The overriding goal of the risk management policy pursued by the Bank is to ensure sufficiently early recognition and adequate management of all material risks related to the Bank’s activities. The Bank aims at keeping the level of risk within the adopted tolerances, in order to:

Risk management in Alior Bank is delivered in particular based on the following rules:

• The Bank manages all risks identified in its activity;
• Organisational structure and the assignment of functions to particular units of the Bank provide for precise division of responsibilities, and mitigate the risk of conflict of interest;
• Risk management process and methods are adequate to the scale of the Bank’s activity and adapted to the significance, scale and complexity of the respective risk;
• Risk management process is regularly adapted to new risk factors and risk sources, and to the changing business and regulatory environment;
• Risk management methods are periodically verified and validated;
• Risk management is integrated into planning and controlling processes;
• Risk level is regularly monitored and compared to the system of limits applicable at the Bank, and the Management Board and the Supervisory Board of the Bank receive regular information on the risk profiles and levels

The risk management system is comprehensive and integrated into the Bank’s operational processes. The basic steps of the risk management processes are as follows:

The risk management process is carried out at the Bank based on fully formalised in-house regulations.

The Bank exercises supervision of the operations of the subsidiaries belonging to the Bank’s Group. The Bank supervises the risk management systems in these entities and takes into consideration the risk level of activities of particular entities within the risk monitoring and reporting system on the level of the Bank’s Group.

The Bank has identified the following as major risks in its activities: credit risk, market risk (interest rate risk in the banking book, market risk in the trading book), liquidity, operational, compliance, model, business, reputation, and equity risks. Among them, the Bank recognises the following crucial risks: credit risk, operational risk, interest rate risk in the banking book, market risk in the trading book, and liquidity risk. Operational and compliance risks are of particular significance in terms of their effect on social, employees, environmental, human respect and anticorruption aspects.

Selected risks managed by the Bank taking into account sustainable development factors
(ESG – Environmental, Social, Governance)

Credit risk

Credit risk is taken to mean the risk of a loss as a result of customer default towards the Group or as a risk of lower economic value of the Group’s receivables as a result of customers’ reduced capacity to service their debt.

The purpose of credit risk management is to limit the loss on the credit portfolio and to minimise the risk of lending exposures which may lose their value, while keeping the expected level of profitability and value of the credit portfolio.

The management of credit risk and maintaining it at a secure level defined by the risk appetite is fundamental for stable operation and growth of the Bank. Regulations applicable at the Bank are used for the control of credit risk, in particular credit origination methodologies and the risk valuation models adapted to the customer segment, type of product and transaction, the rules for establishing and monitoring legal securities for loans, and by debt monitoring and collection processes. We aim at full centralisation and maximisation of automation of processes while making use of the available third-party and in-house information.

As part of minimisation of the risk level, each time when originating a credit product, we assess the customer’s credibility and credit rating, taking into account, among other things, detailed analysis of the source from which the exposure is to be repaid and the credibility of the provided security.

Operational risk

Operational risk is a risk of a loss due to failure to apply or fallibility of internal processes, people and systems, or external events. The operational risk includes legal risks, but does not include reputation risk and business risk. The purpose of operational risk management is to keep operational risk at a secure level adequate to the activities, objectives, strategies and development of the Bank.

Alior Bank has in place a formalised operational risk management system within which we prevents operating events and incidents and minimise the loss if the risk materialises.

We monitor operational risk at all levels of our organisation.

Market risk

The purpose of market risk management is to limit potential losses due to changes in market risk factors to an acceptable level by adequate composition of balance sheet and off-balance sheet items.

Alior Bank has identified the following market risks to be managed:

• Interest rate risk in the banking book;
• Market risk in the trading book (encompassing, in particular: interest rate risk in the trading book,currency risk, and commodity price risk).

Interest rate risk (including interest rate risk in the banking book) is defined as a risk of adverse effect of market interest rates on the current result or net current value of the Bank’s equity.

Due to its policy of limiting risks in the trading book, the Bank has attached special importance to specific aspects of interest rate risk related to the banking book, such as:

• risk of repricing gap;
• basis risk, or the risk of non-parallel shifts in various reference indices with similar repricing dates on the result of the Bank;
• yield curve risk;
• customer option risk.

Currency risk is defined as the risk of a loss occurring due to changes in foreign exchange rates in connection with currency positions maintained. Currency risk is measured by monitoring and mitigated by limiting currency positions taken by the Bank.

Commodity price risk is defined as the risk of a loss occurring due to changes in commodity prices. Commodities are taken to mean all material trading objects defined as to type and quality, the quantity of which may be expressed in physical units of measurement. Measurement is conducted by monitoring and commodity risk is limited by limiting commodity positions so that this risks becomes insignificant for the Bank.

Liquidity risk

Liquidity risk is the risk of being unable to meet payment obligations resulting from balance sheet and off-balance sheet items held by the Bank on terms and conditions convenient for the Bank and at reasonable prices.

The purpose of liquidity risk management is to ensure funding to meet current and future (including potential) liabilities, taking into account the specific features of the activity and the needs that may emerge as a result of changing market or macroeconomic conditions. Liquidity risk is measured and assessed using indicators and the related liquidity limits.

Compliance risk

Compliance Risk is the risk of legal sanctions, financial losses or loss of reputation due to non-observance by the Bank, entities acting on its behalf or its employees, of the law, requirements of supervisory authorities, internal regulations or adopted standards of conduct and ethical standards. Of particular importance for compliance risk are topics related to, among others: adaptation to new regulations, processing and protection of personal data and banking confidentiality, conflict of interest, protection of confidential information and prevention of market manipulation, and proper treatment of the employees.

The purpose of compliance risk management is to reduce the level of risk and ensure safe level of operations in dynamically changing and demanding legal and market environment, without adverse consequences of breaches of legislation, regulations and ethical standards.

Environmental risk

As a socially responsible financial institution, we measure the environmental risks involved in the customers and projects which we finance. We conduct careful assessment of environmental risks, including community risk, for customers whose total exposure (actual and applied for) exceeds PLN 1 million.

Environmental risk is defined as a risk of deteriorated credit rating of the customer due to adverse financial and legal consequences caused by the business activity conducted or contemplated by the customer, or the proposed collateral, which has or may have major adverse effects on the environment or communities.

We have developed for our employees an Environmental Risk Assessment Checklist which enables them to precisely determine the level of environmental risk related to the transactions to be financed by the Bank. The statements and documents submitted by customers are carefully reviewed and verified. In special cases, we also use independent expert consultancy on the level of environmental and community risks involved in the respective project.

Alior Bank has regulations in place which define the entities active in the areas not financed by the Bank:

• manufacturing or sales of weapons and arms, fighting vehicles and warships
• gambling
• production of nuclear energy or nuclear fuels
• cultivation of tobacco, manufacturing of tobacco products, wholesale trade in unprocessed tobacco
• fisheries in marine waters where the entity uses drifting nets longer than 2.5 km,
• alcohol distilling, rectification and mixing
• production of industrial cooling and ventilation equipment if it uses substances which destroy the ozone layer,
• inshore marine transport of goods if the activity involves transport of oil or other materials dangerous to the environment using tankers which fail to meet the requirements of the International Maritime Organisation,
• speculative deals, except for Treasury limits secured with a deposit,
• projects which may generate high reputation risk,
• enterprises operating in breach of the applicable regulations of the Polish law or of the law of the country of origin of the activity, or holding no licenses, authorisations or permits or rights which are required to operate the respective business,
• activities with a negative impact on neighbouring areas protected under national law and international conventions, places of scientific interest, habitats of rare/endangered species, or such as would have adverse effect on places of cultural or archaeological significance.

Alior Bank also does not finance the activities of religious organisations, political parties, sporting clubs or any projects involving harmful or exploitative forms of child labour, direct discrimination or practices which prevent the employees from their legal rights of affiliation and collective bargaining.

The bank has in place numerous risk management policies. These include, among others: Alior Bank Group Risk Management Policy for Subsidiaries; Policy of Credit Risk Management at Alior Bank S.A., Credit Concentration Risk Management Policy; Model Risk Management Policy, Policy of Operation Risk Management at Alior Bank S.A., Policy of Capital Management and Capital Planning at Alior Bank S.A. In 2019, the Bank has implemented the Alior Bank S.A. Assets and Liabilities Management Policy for 2019-2021.