risk management annual report 2017 - santander méxico · 2. introduction 2.1 the scope 2.2 risk...

102
9bB Risk Management Annual Report 2018

Upload: others

Post on 24-Mar-2020

9 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

9bB

Risk Management Annual Report

2018

Page 2: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

1

Risk Management Annual Report 2018

Banco Santander México

TABLE OF CONTENTS

1. Executive Summary

2. Introduction

2.1 The Scope

2.2 Risk Policy Framework in Banco Santander (Mexico)

3. Integral Risk Management

3.1 Basic Principles of Integral Risk Management

3.2 Instruments for proper Integral Risk Management

3.3 Management and control of risks

3.4 Governance Structure for Integral Risk Management

3.5 Risk Information Management

3.6 Risk appetite

4. Credit Risk Management

4.1 General Aspects

4.2 Credit Risk Cycle

4.2.1 Risk Study

4.2.2 Planning and setting boundaries

4.2.3 Decision on operations

4.2.4 Monitoring

4.2.5 Measurement and Control

4.2.6 Recovery Procedure

4.3 Risk Mitigation Techniques

4.4 Methodologies for Calculating Reserves for Credit Risk

4.4.1 Regulatory framework

4.4.2 Portfolios Authorized to Banco Santander (Mexico) for the use of

internal Calculation of Reserves for Credit Risk Methodologies

4.4.3 Principles of the Rating System Applied in Banco Santander

(Mexico)

4.4.4 Main Characteristics of Internal Methodologies with Foundation

Approach Authorized to Banco Santander (Mexico)

4.4.5 Main Characteristics of Internal Methodologies with Advanced

Approach allowed to Banco Santander (Mexico)

4.4.6 Internal Rating Systems Control

4.5 Counterparty Risk and Financial Instrument Transactions

4.6 Securitization Exposures Information

4.7 Distribution of Exposures by Credit Risk

4.7.1 General Aspects

4.7.2 Exposure by Portfolio Type

4.7.3 Exposure by Remaining Term

4.7.4 Exposure by Federative Entity

4.7.5 Estimates of Credit Risk by Federative Entity

Page 3: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

2

Risk Management Annual Report 2018

Banco Santander México

4.7.6 Portfolio Companies by Economic Sector Exposure

4.7.7 Estimates for Credit Risk by Economic Sector Portfolio Companies

5. Market Risk Management Trading Activity

5.1 Activities Subject to Market Risk Trading

5.2 Basic Principles in Risk Management Market Trading

5.3 Key processes in Risk Management Market Trading

5.4 Trading Market Risk Control

A. Trading Market Risk Metrics

B. Trading Market Control Risk Procedures

C. Figures from the Reporting Period

5.5 Derivative Financial Instruments

6. Structural Risk Management

6.1 Activities subject to Structural Risk

6.2 Basic Principles on the Structural Risk Management

6.3 Key Processes in the Structural Risk Management

6.4 Control of structural risks

A. Figures from the Reporting Period

6.5 Structural Risk in the Equity Portfolio

7. Liquidity Risk Management

7.1 Activities subject to Liquidity Risk

7.2 Basic principles on Liquidity Risk Management

7.3 Key Procedures in the Liquidity Risk Management

7.4 Control of Liquidity Risk

A. Figures from the Reporting Period

8. Operational Risk Management

8.1 General Aspects

8.2 Operational Risk Control

9. Capital

9.1 General Aspects

9.2 Capital Policies

9.3 Calculation of the Capital Requirement for Credit Risk

9.4 Calculation of the Capital Requirement for Counterparty Risk

9.5 Calculation of the Capital Requirement for Market Risk

9.6 Calculation of the Capital Requirement for Operational Risk

9.7 Regulatory Capital

Page 4: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

3

Risk Management Annual Report 2018

Banco Santander México

1. Executive Summary

With the publication of this report, Banco Santander (Mexico) complies with the obligation set forth in Article 88 of the CUB where banking institutions are required to disclose to the public, through its website, information on the comprehensive risk management that takes place on a daily basis in the institution.

Specifically, banking institutions are required to publish the objectives and policies for managing each of the different types of risk faced, including their strategies, processes, methodologies and levels of risk assumed. The information to be published is classified as both quantitative and qualitative. Quantitative information shall be disclosed quarterly and qualitative information may be disclosed annually.

The views expressed in this report and statistical information included (unless otherwise stated) comprises the following institutions:

Banco Santander (México), S.A., Institución de Banca Múltiple, Grupo Financiero Santander México.

Santander Hipotecario, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada. Grupo Financiero Santander México.

Santander Vivienda, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México.

Santander Consumo, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México.

Santander Inclusión Financiera, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México1.

Through December 2016, the Extraordinary Stockholders General Assemblies of Santander Hipotecario S.A. de CV. and Santander Vivienda S.A de CV. took place, in which the merge of both entities was agreed, Santander Hipotecario will be the merged company and Santander Vivienda the merger company. This report is prepared in accordance with applicable Mexican regulations in determining exposures, capital requirements for risks and reserve estimate.

Chapter 1 includes this Executive Summary.

Chapter 2 includes generally the Regulatory Framework for Risk within Banco Santander (Mexico).

Meanwhile Chapter 3 deals with Integral Risk Management, and outlines the basic principles and tools for proper Risk Management. It stresses that for the management of risk inherent in the Bank's operations, it is essential to understand and determine the behaviour of its financial auction and for the creation of a long-term value, fully attached to the regulatory requirements established by the CNBV (Spanish acronym for National Banking and Exchange Commission) and Mexico’s Central Bank.

1 At the end of December 2018 the portfolio ascends to 69.9 million of pesos, granted to 2.185 groups (8.7 members

on average) with an expected loss of 2.94 million of pesos. In the information reported in this document, this figures are included in credit to individuals (consumption).

Page 5: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

4

Risk Management Annual Report 2018

Banco Santander México

It also delineates how the management and risk control is structured in three lines of defence to develop the following functions:

First line of defence: Risk management from its genesis.

Second line of defence: responsible for overseeing risk-taking activities across the bank

and report to senior management on risk related items.

Third line of defence: Independent review of the risk activity.

Banco Santander (Mexico) has an agile and efficient governance structure that, among other things, ensures: (i) the participation in risk decisions and in monitoring and control of the governing bodies and senior management; (ii) coordination between the different lines of defence set the functions of management and risk control; (iii) the alignment of objectives, the monitoring of compliance and the implementation of corrective measures, and (iv) the existence of an adequate environment management and risk control.

Risk management and control require a high availability of hard data, capacity to analyse these data, and solid reporting procedures. Banco Santander (Mexico) management of risk information is governed by principles such as responsibility; technology architecture; risk data reconciliation; availability data; completeness and comprehensiveness; data quality indicators; quality control data; readiness; flexibility and adaptability; prospective approach and availability of documentation; data analysis and expert judgment.

The third chapter also defines the risk appetite as the maximum level and type of risk that the organization is willing to take, within its risk capacity to achieve its strategic objectives and the development of its business plan.

Chapter 4 describes major policies and fundamentals for credit risk management, as well as the detail of the key features of the methodologies to qualify the portfolios and determine the amount of the reserves for credit risk.

From the point of view of credit risk management, segmentation is based on the distinction between three types of customers:

Individuals: Includes all private persons, except those with an entrepreneurial activity. It

comprises portfolios of non-revolving mortgage loans for housing, credit card and consumer

loan not revolving portfolio.

SMEs, companies and institutions: involves natural and juridical persons with business

activity, as well as public and private entities of non-profit sector.

Corporate & Investment Banking (CIB): It consists of corporate, financial and sovereign

institutions, which make up a closed list, which is reviewed annually.

Credit Risk goes through a cycle or life process, whose phases are valid for any operation, notwithstanding the important differences that can be seen in the cycles of the risks of different segments, specifically between the private persons and the companies (SME, Companies and Institutions and CIB).2 Three stages are differentiated in the cycle of credit risk: pre-sale, sale and

2 The processes belonging to the pre-sale stage are those referring to the study of risk and are conducted as a prelude

to the credit risk approval step. The processes that belong to the sales phase are those that take place during the decision approving stage. Finally, the after-sales processes are those that take place after the approval of credit

risk.

Page 6: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

5

Risk Management Annual Report 2018

Banco Santander México

after-sales. This process is constant feedback, joining into the study of the risk and into the pre-sale planning and the results and conclusions of the after-sales phase.

The processes that take place in each of the above phases are:

Study of risk and credit rating procedure.

Planning and setting limits.

Decision on operations.

Monitoring.

Survey and Control.

Recovery management.

This chapter also details how credit risk is mitigated in general terms, through the use of securities. A security is defined as a measure of reinforcement added to an operation of credit in order to mitigate the loss in breach of the payment. The security is a component that mitigates the severity of the operation in case of default. The purpose of the security is to bring down the final operating loss, among other cases, where a long-term operation increases the risk of damage to the customer or because of possible and relevant external events that could jeopardize the success of the operation and to the creditor, it is difficult to manage.

Likewise, Chapter 4 explains clearly the criteria under which admission and security management are governed:

Expressly, subsidiary, accessory and essential character of the sureties.

Prudent and expert assessment.

Rating upgrade.

Securities correct Instrumentation.

Cautions on the conservation and availability of security.

Capacity of execution and settlement of surety.

Security block.

Security amendment.

Security implementation.

Security expiration.

Based on CUB provisions, this chapter explains that in order to calculate the reserves for Credit

Risk, institutions may use:

Standard Method.

Some of the methods based on internal ratings, basic or advanced, provided prior

authorization from the CNBV.

Since 2012 the CNBV authorized Banco Santander to use internal methodologies with the

Foundation Approach3 to corporate businesses, Corporate & Investment Banking, financial

institutions, banks and SME’s. In October 2015, it allowed the use of internal methodologies with

3 Under internal Methodologies with Foundation Approach (FIRB), the institutions obtained the Probability of Default

on its positions subject to credit risk, while for the rest of the components of risk, the institutions must conform to the provisions in accordance to Paragraph C Section Three of CUB.

Page 7: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

6

Risk Management Annual Report 2018

Banco Santander México

advanced approach4 for calculating credit reserves for portfolios of SME’s and property

developers.

The rest of the chapter details the main features of the internal methodologies authorized to Banco Santander (Mexico) and includes quantitative information on major exposures of the institution to credit risk. There is also a section on the counterparty risk, which is the one that the institution assumes with Government, government agencies, financial institutions, corporations, companies and individuals in its Treasury and correspondent banking activities. The survey and control of the credit risk on financial instruments, counterparty risk, is conducted by a specialized unit and with organizational structure independent of the business areas and control of this type of risk is performed daily, which allows to know the line of credit available with any counterparty.

Chapter 5 provides information on the activities subject to trading market risk and discusses its development during this year. It also describes the different methodologies and metrics used in the institution. The perimeter of identification, measurement, control and monitoring of the market risk function covers those operations that assume the equity risk. The survey of market risk quantifies the potential change in value of the positions taken as a result of changes in market risk factors. The risk arises from changes in risk factors: interest rate, exchange rate, equity, credit spread and volatility of each of the above, and liquidity risk of the various products and markets in which it the institution operates. Trading activities include both the provision of financial services to customers, in which the entity is the counterpart, as the activity of sale and own positioning in financial instruments. This heading provided the positions, which the entity keeps in their trading books. The basic principles of the Trading Market Risk Management are based on:

Independence of trading activities and balance sheet management.

Overview of risk assumed.

Definition of limits and allocations.

Control and monitoring.

Homogeneous and aggregated metrics.

Consistent and documented methodology. Additionally, the Chapter 5 explains the metrics and processes used for the trading market risk control: Metrics:

Value at Risk (VaR).

Stressed VaR.

Value at Earnings (VaE).

Scenario Analysis.

Trading Market Risk Limits Trading. Proceedings:

Market data retrieval.

Analysis of the metrics and trading market risk positions.

Control of the excesses of limits and products authorized.

Control of insurance operations.

Control of assessment model.

4 In the case of internal Methodologies with Advanced Approach (AIRB), the institutions estimate the Probability of

Default, Loss Given Default, Exposure at Default and Maturity Term.

Page 8: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

7

Risk Management Annual Report 2018

Banco Santander México

Control of long and short positions.

Control of liquidity.

Price control.

Financial Settlement.

The rest of the chapter includes quantitative information on this type of risk.

Chapter 6 contains information very similar to the one presented in Chapter 5 but in reference to the structural risks. Structural risks consist of market risks inherent in the institution's balance sheet, excluding negotiation portfolios. This risk includes both losses from price variation affecting the sale and maturity portfolios available, as losses arising from the management of assets and liabilities. The main structural risks are the following:

Structural Interest Rate risk.

Structural Change Risk.

Structural Equity Risk.

Inflation risk.

Market Liquidity Risk.

Prepayment or Cancellation Risk. As part of the financial management of the institution, Chapter 6 examines the sensitivity of the financial margin and the equity value of the various items of the balance sheet against changes in interest rates. This sensitivity arises from gaps in the dates of maturity and modification of interest rates occurring in the different categories of assets and liabilities. The rest of the chapter discusses the quantitative information on this type of risk.

Chapter 7 is very similar to the previous two chapters but deals with liquidity risk, which is fixed as the possibility of defaulting obligations on time or with excessive costs. The types of losses caused by these risk losses include enforced sales of assets or impacts on margin by the mismatch between cash outflows and inflows forecasts. This is the risk of loss of value of the buffer of liquid assets of the entity and is responsible for the variation of its operating value (derivatives and securities, etc.) which may involve additional collateral requirements and, therefore, worsening liquidity. Liquidity risk is classified into the following categories:

Financing Risk.

Mismatch Risk.

Contingency Risk.

The metrics that Banco Santander (Mexico) used for monitoring and controlling of liquidity risk

are:

Ratio of Structural Finance.

Liquidity horizon for a local systemic crisis.

Liquidity Risk Limits.

Liquidity Gap.

Available Liquidity.

Concentration of Funding Sources.

Stress Test.

Liquidity coverage ratio (LCR)

Net Stable Funding Ratio (NSFR)

Page 9: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

8

Risk Management Annual Report 2018

Banco Santander México

The rest of the chapter includes quantitative information on this type of risk.

Chapter 8 describes the main policies and principles for the management of the operational risk, covering losses by failures or deficiencies in internal controls, errors in processing and storage operations or transmission of information, as well as adverse administrative and judicial resolutions, fraud or theft, and comprises, among others, technological and legal risks.

For the identification and grouping of operational risks the different categories and business lines defined by both local regulators and the supervision of the institution they are used. The methodology is based on the identification and documentation of risks, controls and related processes also uses quantitative and qualitative tools such as self-assessment questionnaires, the development of historical databases and operating risk indicators, to name a few, both control and mitigation, and disclosure thereof.

For the calculation of regulatory capital required for operational risk, the Standard Alternative Method authorized by the CNBV and defined in the CUB is used.

Chapter 9 of this report describes the main policies and principles for capital management of the institution and how to calculate the capital requirement. Special mention is made to the internal methodology authorized for use by Banco Santander (Mexico) by the CNBV to calculate its capital requirement for credit risk.

Capital management in the institution seeks to ensure the solvency of the company and maximize profitability, ensuring compliance with internal capital targets and regulatory requirements. It is an essential tool for making strategic decisions in their management using the established objectives in determining the Appetite Risk, planning and Capital budget, as well as the use of metrics that allow to evaluate the profitability and the creation of their business value.

Capital management begins with the following key objectives:

Capital Budget.

Capital Planning in Optimal and Adverse Conditions.

Establishment of Risk Appetite.

Minimum criteria.

Capital policies that set the general guidelines are specified, which must govern the actions of the areas involved in the processes of management and control of capital.

Autonomy of the Capital.

Centralized Monitoring.

Proper distribution of own resources.

Strengthening Capital.

Capital Preservation.

Prudent management.

Maximizing value creation.

The rest of the chapter includes quantitative information on capital management and some metrics

as the probability of default and the credit risk weights.

Page 10: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

9

Risk Management Annual Report 2018

Banco Santander México

2. Introduction

2.1 Scope

The information in this report, as well as including statistical data (unless otherwise stated) comprises the following institutions:

Banco Santander (México), S.A., Institución de Banca Múltiple, Grupo Financiero Santander México.

Santander Hipotecario, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada. Grupo Financiero Santander México.

Santander Vivienda, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México.

Santander Consumo, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México.

Santander Inclusión Financiera, S.A. de C.V., Sociedad Financiera de Objeto Múltiple, Entidad Regulada, Grupo Financiero Santander México.

This report is prepared in accordance with applicable Mexican regulations in determining exposures, capital requirements for risks and reserve estimate.

Statistical information as well as accounting financial statements come from reports regulatory sent to the CNBV and the Banco de Mexico, for the characteristics of the portfolio of the institution (credit by credit information). The CNBV, through its website, has recognized the high quality of the information sent by the institution, and recommends its use without restriction.

2.2 Risk Policy Framework in Banco Santander (Mexico)

The internal manuals for Risk Management are technical documents that contain policies, procedures, data flow diagrams, models and methodologies necessary for the management and analysis of the different types of risk and requirements processing systems of information.

The risk internal regulation of Banco Santander (Mexico) develops in the following types of documents:

Corporate Frameworks: reflected the general principles and define the framework for action to be adjusted to other more concrete documents.

Models: develop frameworks or particular aspects thereof; specify the principles, processes and responsibilities, governance and instruments of regulated activity.

Risk policies: set quantitative limits and qualitative criteria to be observed in the processes of risk decision.

Regulations: meets the inner workings of the committees and other joint decision or deliberation forums.

Procedures: detail the embodiment of a process or set of processes.

Guidelines: collect additional elements to the internal rules, necessary for a complete replication of the process or for a better understanding of them.

Page 11: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

10

Risk Management Annual Report 2018

Banco Santander México

The internal regulation of risk within Banco Santander (Mexico) provides documentation that Risk

Management be developed in compliance with the principles described in Table 1A.

Table 1A Principles that complies the documentation of Banco Santander (Mexico)

Reflection of risk management

All relevant activities of the risk function should be duly regulated. Internal risk regulations should reflect the way in which risk is managed in the entity, but should also be used to encourage the evolution of activities towards best practices.

Responsibility of the regulations

Those responsible for the risk activities have to ensure

that their activity is regulated in accordance with the risk

policy model and in line with external regulations or

standards.

Governance of the regulations

Control (validation) and governance procedures have to be established to enable authorities to be assigned to approve each document type at the pertinent level, including the due weighing up of opinions and consultation of all those involved.

Coordination of the regulations

Producing consistent regulations, disseminating best practices, transferring knowledge and ensuring efficiency in the development of internal regulations requires extensive coordination in their development process, between both the Group's different units and the affected functions.

Accessibility and knowledge of the internal regulations

The internal risk regulations will be accessible to all affected staff members, and the training activities necessary for awareness of these should be promoted.

Use of reference documents

The regulatory development of those aspects for which there are reference documents has to be based, insofar as possible, on these, in order to add consistency to the Group's regulations and promote the use of best practices.

The governance of the internal regulations of risks is carried out through the support of several committees:

Board of Directors: responsible for approving and modifying the general risk policy and assigning faculties.

Comprehensive Risk Management Committee (CRMC): responsible for validating and ratifying frameworks, models and policies for comprehensive risk management, based on the objectives, guidelines and policies established by the Board of Directors.

Risk Policy Committee: approver of the risk policy documents and its prior validation regarding risks or others that may have implications for the risk area.

Page 12: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

11

Risk Management Annual Report 2018

Banco Santander México

3. Integral Risk Management

3.1 Basic Principles of the Integral Risk Management

Risk management is considered by Banco Santander (Mexico) as a competitive element of strategic nature with the purpose of maximizing the value for the stockholder. This management is defined, from a conceptual and organizational sense, as a comprehensive management of the different risks assumed by Banco Santander (Mexico) for the development of its activities. Managing the risk inherent in the operations of the Bank is essential to understand and determine the behavior of its financial situation and to create long-term value; entirely, it is attached to the regulatory requirements established by the CNBV and Banco de Mexico.

The Integral Risk Management is defined as the set of actions required for identification, decision, measurement, evaluation, monitoring and control of all risks.

On a fist level, the Risk Map that the institution has defined includes the following types of risk:

Credit Risk: this risk is caused by the possibility of losses arising from the total or partial

failure of the institution financial obligations by its customers or counterparts.

Counterparty Risk: is the risk that the counterparty to a financial contract will default prior

to the expiration of the contract and will not make all the payments required by the contract.

Counterparty risk applies to the following financial instruments: derivatives, repurchase

transactions, and securities lending.

Market Risk: risk incurred as a result of the possibility of changes in the market that affect

the value of the positions in trading portfolios.

Structural Risk: menace caused by the management of the different items of the balance

sheet, including those relating to the sufficiency of own resources and those arising from

the activities of insurance and pensions.

Liquidity Risk: crisis of failing to meet payment obligations on time or doing so with an

overcost.

Capital Risk: Risk caused by not achieving enough capital to fulfill regulatory requirements or the Institution objectives, either in quantity or quality.

Operational Risk: risk of losses by deficiencies in internal controls, errors in processing and storage operations or transmission of information, as well as adverse administrative and legal Resolutions, fraud or theft; includes, among others, the technological and legal risks:

Legal Risk: potential loss by failure to comply with the applicable legal and administrative provisions, the issuance of unfavorable administrative and judicial resolutions, and the application of sanctions, in connection with the transactions which the institution carries out.

Technological Risk: potential losses from damage, interruption, alteration or failures derived from the use of hardware, software, systems, applications, networks and any other means of transmission in the provision of banking services to customers of the institution.

Conduct Risk: risk occasioned by inadequate work placements and the relationship between the bank and his clients, as well as the treatment of products offered to their clients, also the customization of their products to their clients.

Page 13: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

12

Risk Management Annual Report 2018

Banco Santander México

Model Risk: acknowledge of losses originated by decisions made mainly by the outcome of the models, this comes because mistakes made in the inception, application and use of this models.

Reputational Risk: damage made by the perception of the bank form the public opinion, clients, investors, or any other stakeholder.

Risk Management at Banco Santander (Mexico) is governed by different principles, which are aligned with the strategy and business model of the institution:

Incorporation of a Risk Culture.

A strong risk culture, extending to all areas and employees and covers all types of risks is promoted. This culture includes a set of attitudes, values, skills and guidelines from the dangers integrated into all processes, including decision making change management and strategic planning and business.

Involvement of senior management.

There is a direct participation of the governing bodies and senior management in the development and implementation of risk culture, as well as in the management and control thereof.

Independence of the risk function.

The risk function operates independently to other competitions, covering all risks and providing adequate separation between the generating areas of risk and those responsible for its control and supervision. It has sufficient authority and direct access to the bodies responsible for setting and monitoring of the strategy and policies of management and Government risks.

Definition of Risk Appetite.

A key aspect of risk management is the definition of the risk appetite that determines the amount and type of risks considered reasonable to assume in the execution of its business strategy. The risk function boosts its definition, as well as its continuous control.

Comprehensive Consideration of Risks.

The identification and assessment of all risks that might impact on the income statement or capital position are basic premises to enable its management and control. The management and risk processes cover all activities and businesses. Risk management considers both the risks generated directly as those originating from outside the institution, but which may still affect it.

Organizational Model and Governance.

A model assigned to all risks, responsible for management and control while preserving the principle of independence and with clear and consistent reporting mechanisms.

Decision in Collegiate Bodies.

Decision-making through collegiate bodies is an effective tool to facilitate a proper analysis and different perspectives to be considered in risk management. The decision-making process includes a neat contrast of opinions provided to the potential decision impact and the complexity of the factors that may determine it. The risk governance model not only identifies the different bodies that compose it, but also defines the granting of faculties and powers of each of them.

Page 14: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

13

Risk Management Annual Report 2018

Banco Santander México

Anticipation and Predictability.

Risk assessment is an eminently proactive vocation, in order to estimate the evolution of risks in different scenarios and time horizons. Therefore, it focuses on the future projection of all those variables that determine the results. Whenever possible, the intention is that the risk assessment should include its quantification or measurement. The quantification of the risk is based on widespread use of models. In cases where this is not feasible, risk assessment aims to identify the elements of greater incidence on the probability of occurrence of a loss event and its impact, in order to facilitate the implementation of mitigation measures and controls.

Risk Limitation.

All financial and non-financial risks in which the bank incurs are subject to objective, verifiable and consistent limits with risk appetite, both in regard to the types of acceptable risk and its quantitative level. The limits are allocated to the various types of risk, as well as the different activities and businesses. For non-financial and cross-cutting risks consistent tolerance level is set with its nature.

3.2 Adequate tools for Risk Management

All risks in its various manifestations should have a responsible for control and management. Also,

the structure of the risk function is proportional to the nature, scale and complexity of its activities.

The institution has the following essential tools for a proper performance of Risk Management:

Table 3A Tools for Risk Management

A regular process for identifying and assessing all risks

A periodic process simulation of the evolution of relevant risk factors and their impact

on the capital and results

A uniform risk reporting framework with common standards and metrics

Periodic planning processes of capital

and liquidity

Periodic (technological and operational) contingency and

business continuity plans

Periodic plans of feasibility and,

where appropriate, of resolution.

Page 15: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

14

Risk Management Annual Report 2018

Banco Santander México

3.3 Management and Control of Risks

The management and control of risks is structured in three lines of defense that developed three different functions:

First Line of Defense: Risk Management from its generation.

The first line of defense consists of lines of business or activities that originate the exposure to risk in the institution as part of its activity. The generation of risk in the first line of defense is set to appetite and defined limits. To serve its function, they have the means to identify, measure, manage and report the risks assumed.

Second Line of Defense: Control and Consolidation of Risks, Monitoring its Management.

The second line of defense is made up of teams specialized in risk control and supervision of the management of them. This line is responsible for the effective control of risks and ensures that they are managed according to the level of risk appetite defined by senior management; is responsible for the identification, measurement, management and reporting of the risks involved, without prejudice the needs of the first line for a proper management. Promotes the development of a common culture of risk, and provides guidance, advice and expert judgment in all matters related to risks, constituting the point of reference for the entity to these themes, as well as to propose methodologies of measurement and analysis.

Third Line of Defense: Independent Review of Risk Activity.

As a third line of Defense, are Internal Audit processes. Periodically evaluates that the policies, methods and procedures are appropriate and checks that they are effectively implemented in the operational management of the institution.

The management and control of risks includes processes of different natures which, according to

their scope and complexity, may differ in: (i) strategic management processes, which are those

that form part of the definition, implementation and monitoring of the risk strategy; (ii) the decision

processes are taking place to adopt and adequately implement concrete decisions that require

management and risk control and (iii) instrumental processes are necessary to make possible the

above. An overview of these processes is included in Table 3B.

Page 16: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

15

Risk Management Annual Report 2018

Banco Santander México

Table 3B: Risk Management Processes

Strategic Management Processes

Formulation and monitoring the Bank's risk appetite.

Defining the types and levels of risk consistent with the objectives.

Identification and implementation of strategies and activities to achieve and

maintain the desired risk profile.

Evaluation of the effectiveness of these deviations and the objectives pursued.

Setting targets and metrics to control it and follow it.

Decision Processes

Origination: They occur before effectively take the risk. These processes

determine whether to assume new risks.

Anticipation: they are intended to prevent situations of increased level of risk

and facilitate the adoption of corrective measures.

Mitigation: They cover the decisions to reduce the consequences of the events

of loss, both before and since such events occur. The key elements of

mitigation processes are anticipation and early identification of loss events; the

development of specific mechanisms for the management of these events and

the agility in implementing these mechanisms.

Instrumental Processes

Identification of the risks associated with operational activity or business.

Evaluation and measurement of risks, which aims to obtain an estimate of the

likelihood of different scenarios of loss as well as the potential impact of each.

Monitoring and control processes, ensures the continuous availability of

updated information on the levels of risk assumed in the development of a

business. Also cover policies and procedures compliance.

The information, which includes the generation, dissemination and provision

of relevant people the necessary information to know and assess the situation

of the risks and be able to take decisions and actions needed.

3.4 Governance Structure for Risk Management

Banco Santander (Mexico) has a structure of agile and efficient government that, among other things, ensures: (i) participation in risk decisions and in monitoring and control of the governing bodies and senior management; (ii) coordination between the different lines of defense which set the functions of management and risk control; (iii) alignment of objectives, monitoring compliance and implementation of corrective actions and (iv) existence of an adequate environment management and risk control.

To achieve these objectives, the scheme of the Committees Governance Model within the Bank is designed to ensure adequate:

Structure: It implies, at least, the stratification according to the levels of relevance, balanced

capacity of delegation and the elevation of incidents protocols.

Composition: With members of sufficient level of dialogue and appropriate representation

of the business and support areas.

Operability, the frequency, level of minimum assistance and timely procedures.

Page 17: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

16

Risk Management Annual Report 2018

Banco Santander México

In Banco Santander (Mexico), risk decision-making bodies start from the Board of Directors towards the administrative units responsible for the management and control of each one of them.

Board of Directors

In terms of risks, among other things, the Board of Director is responsible for establishing the

model of management and control of risks and to formulate the appetite for risk of the entity and

to conduct a regular monitoring of the adequacy of the risk profile of the institution to the defined

risk appetite. It establishes the minimum requirements of balance between profitability and risk of

business or activities and makes decisions on operations or specific limits.

Comprehensive Risk Management Committee (CRMC)

The CRMC aims to manage the risks to which the institution is exposed, as well as monitor that

the operations, complies with the desired risk profile (Risk Appetite) and the global limits of

exposure to risk, that must be approved previously by the Board of Directors.

The functions of the Committee are:

Propose to the Board of Directors for approval:

Objectives, guidelines and policies for IRM, as well as any modifications made to them.

Global limits of exposure to risk and specific risk exposure limits, considering:

The Consolidated Risks, broken down by business unit or risk factor, cause or origin, as set out in Articles 79-85 of the CUB and, where appropriate, risk tolerance levels.

The mechanisms for the implementation of correctives actions (once a year).

The cases or special circumstances that may exceed both the global limits of exposure to risk as a specific risk exposure limits.

Approve:

An exceptional specific limits adjustment and secondary of the risk appetite was made, when the Board had the faculties and approval com the Executive risk Committee, the risk levels tolerance (once a year), as well as the liquidity risk (article VIII).

Specific risk exposure limits, when the Board has delegated authority to do so, the levels of risk tolerance and liquidity risk indicators (Article 81 fraction viii of the CUB).

Methods and procedures to identify, measure, monitor, limit, control, report and disclose the different types of risk to which the institution is exposed (once a year).

Models, parameters, scenarios, assumptions, including those relating to stress testing established for liquidity risk (Annex 12-B CUB), to be used to carry out the assessment, measurement and control of risks to propose IRM.

Methodologies for the identification, evaluation, measurement and control of the risks of new operations, products and services that are intended to offer the market.

Corrective actions proposed by IRM as provided in section 69 of the CUB.

Manuals for the CUB, according to the objectives, guidelines and policies established by the Board. These must be technical documents containing, among others, policies, procedures, data flow diagrams, models and methodologies necessary for the management of the various types of risk (Article 78 of the CUB).

Technical Evaluation of the AIR (Article 77 of the CUB) for presentation to the Board and Committee.

Report of Technical Evaluation (Article 77).

Page 18: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

17

Risk Management Annual Report 2018

Banco Santander México

Assign (remove), notifying the Board of Directors, the responsible for Comprehensive Risk Management Unit.

Report to the Board at least quarterly:

Risk profile of the institution.

The adverse effects which could occur in the operation thereof.

The non-compliance of the desired risk profile, limits of exposure to risk and levels of risk tolerance established.

Corrective actions implemented (Article 69 of the CUB).

Ensuring awareness by all personnel involved in taking risks:

Desired risk profile.

Limits of exposure to risk.

Levels of risk tolerance.

Report to the Board at least once a year:

Business Continuity Plan.

Effectiveness test of the Business Continuity Plan.

Approve methodologies for estimating quantitative and qualitative impacts of operational contingency referred to in Article 74 fraction xi of the CUB.

Adjust or authorize the excess on specific risk exposure limits:

Exceptionally.

Approval of the Board.

According to the objectives, guidelines and policies for Integral Risk Management

When the conditions and environment of the institution so require.

Request to the board, the adjustment or the authorization to exceed, by way of exception, the global risk exposure limits.

Executive Committee of Risks

The Executive Committee of Risks’ goal is to analyze and, if applicable, approve the operations and financing according to the credit policies approved by the Bank’s Board of Directors, as well as operations and financing that, because of their relevance and strategy, must be approved by this Committee. In addition, among its responsibilities include identifying every risk for the Bank, assuring its correct measurement, tracing, control, information and mitigation, as well as the proper knowledge and follow up of credit approvals and financing by the committees with delegated faculties.

The Committee's functions are as follows:

Approve financing granted for clients according to credit policies.

Delegate faculties to Credit Committees of Corporate and Commercial Banking.

Propose the Bank’s Risk Appetite to the relevant committees.

Exceptionally approve operations and financing granted to clients that exceed main or secondary Risk Appetite limits, when the conditions and the environment of the institution requires so. This must be informed to the Board of Directors.

Propose Bank’s Risk Identification and Evaluation Methodology.

Propose Risk Management Models.

Page 19: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

18

Risk Management Annual Report 2018

Banco Santander México

Evaluate risk policies and procedures, according to the normative corporate model.

Approve the creation and modification of the Risk Committees, according to the corporate government model.

Monitor the Bank’s risk in all areas.

Credit Risk: (i) approve additional credit provisions to those required in the credit portfolio, (ii) approve credit operations as considered appropriate, (iii) follow the operations/clients that, because of their, size could have a relevant impact on Bank’s results.

Market Risk: (i) take notice about operations as considered appropriate, (ii) follow limits that, because of their size, could have a relevant impact on Bank’s results.

Operational Risk: (i) follow budgets/limits that, because of their size, could have a relevant impact on Bank’s results.

Implement necessary measurements to comply with the regulation and auditors.

Approve provision models and look overlook its adequate implementation. Supervise and approve the monthly provisions calculation, assuring their sufficiency according to normative, as well as follow the agreements of defined application plans, including the ones that refer to changing the final amount in the cases considered convenient.

Committee of Risks Control

The Committee of Control Risks has the power to monitor and control the risks of the Bank, giving a comprehensive, regular and adequate monitoring of all risks identified in the risk map of the general framework of risk, reporting and, if necessary, appropriate scaling the alerts to higher organisms.

The Committee's functions are as follows:

Review the determination of risk appetite and the defined strategy for its management.

Monitoring methodology Risk Identification and Assessment and monitoring the resulting assessment.

Ensure the implementation of Organizational Model Lines of Defense (LoD), at three levels: Risk Managers, Risk Drivers and Audit, clearly defining roles and responsibilities.

Supervise the fulfillment of the normative model of risks and their specific principles, in particular to define, evaluate and follow up the policies of risk deemed appropriate.

Validate the existence, updating and dissemination of Governance Risk Model, which defines the risk decision-making bodies, their powers, members and delegated powers.

Assess scenarios and assumptions to be used in conducting stress tests.

Follow up on recommendations from the audits of regulators and auditors.

Inform to the Executive Committee of Risks about important deviations, identifying sources of concern.

Committee of Operational Risk

The Committee of Operational Risk observe the identification, mitigation, monitoring and reporting of operational risk, survey the compliance with the Framework of operational risk limits and risk tolerance policies and procedures in this subject. Oversees the identification and control of current, emerging and operational risks, their impact on the risk profile and the integration of identification and management of operational risk in their decision-making processes.

Page 20: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

19

Risk Management Annual Report 2018

Banco Santander México

The Committee's functions are as follows:

Promote and review the availability of the Framework and Model Operational Risk Management, policies that develop and follow its implementation and development in the Institution.

Monitor the evolution of the operational risk profile through information provided by the established tools (loss database, self-assessment questionnaires, risk indicators, business environment, scenarios and metrics defined) as well as through other sources (customer claims, technological incidents, audit reports and supervisors, etc.) and check the evolution of the established metrics, raising, where necessary, appropriate alarms.

Perform the monitoring of operational risk losses annual budgets.

Review the main events of each period, determining if they fit into the categories of operational risk. In which case, analyze the causes and identify the controls set. Perform monitoring of corrective actions

Advise on issues appetite and tolerance for operational risk.

Propose, approve or validate, as a result of the powers assigned, action plans, mitigation

measures and monitoring plans and identified current controls.

Highlight the critical risks and follow up of mitigation plans.

Recommend the beginning of thematic reviews on specific processes or sources of risk.

Promote and follow the implementation of advanced models for calculating capital requirements for operational risk in the bank, and the specific elements related to operational risk in the capital plans in coordination with the corporate capital committee.

Understand, assess and monitor the observations and recommendations made by

supervisory authorities and by Internal Audit in relation to operational risk.

Track changes and developments of the regulations related to operational risk, assess the

issuance of comments by the Bank in this regard and further plans of action for its

implementation.

Contribute to the development and implementation of the culture of operational risk

management in the organization, through training programs, meetings and other outreach

initiatives.

Monitor the implementation of programs and initiatives of a corporate nature and/or

regulatory.

Participate in the revision and issue the opinion of different versions of the plans, like the

previous process to the presentation to corporate institute committee of Living Will and

other committees if needed, and the formal approval of the government.

Assist the consultative committee regarding technical questions about the content plans of

mitigation, as well as, giving them the pertinent follow up.

Guarantee that the business continuity plans and procedures are developed and updated

for Grupo Financiero Santander Mexico, as well as to ensure that the trials and drills as will

be effective according to the corporate policy and local regulation, ensuring an effective

response and continuity of the business in case any contingency will be presented.

Committee of Capital

The Capital Committee is responsible for the supervision, authorization and valuation of all

aspects related to the capital and the solvency of the Institution.

Page 21: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

20

Risk Management Annual Report 2018

Banco Santander México

The functions of the Committee are the following:

Supervise:

The analysis of solvency and capital adequacy.

Compliance with budgets, capital planning and stress test analysis.

Monitoring of capital consumption, RORAC and EVA, of the institution and by

businesses.

Monitoring of all aspects related to the implementation of advanced models.

Regarding capital management, the eventual decision to activate the Feasibility Plan in

terms of solvency, as this is established corporately, as it will be responsible for

submitting it to the CAIR.

Authorize:

Review and validation of capital planning and stress test exercises prior to their internal

and corporate approval or presentation to the corresponding supervisory authority.

Changes in capital models and methodologies, considered relevant for internal

purposes, accompanied by the report of the independent validation area, previously

presented in the Local and Corporate Models Committee for risks under the perimeter

of competence of the General Risk Department.

For the purposes of this framework, relevant changes are considered, those whose

impact exceeds a threshold of 1% of the Group's capital consumption. Annually, all the

changes made to capital models and methodology will be raised for consideration by

CAIR.

Identification of proposals.

Capital objectives for the planning horizon contemplated in the Capital Self-Assessment

Report.

Optimization of capital consumption.

Improvement of solvency ratios.

Improvement of capital models and the integration of these in management.

In terms of capital, this Committee coordinates the relationships with the supervisors and the flow

of information (Capital, RORAC and EVA) to the market.

3.5 Management of Risk Information

Risk management and control require high availability of hard data, ability to group and analyze these data as well as solid reporting procedures. The management of risk information in Banco Santander (Mexico) is governed by the following principles:

Responsibility: The Board of Directors is ultimately responsible for ensuring the

implementation of the framework for managing Risk Information.

Technological Architecture: It has a technological architecture for each type of risk that

ensures that risk information and baseline data provide answers to the general

requirements established for the Institution and reporting risks.

Reconciliation of risk data: The risk information is reconciled with the accounting data to

ensure the accuracy of it, and, where appropriate, with other relevant sources that may

exist.

Data Availability: data are available ensuring an appropriate level of detail for certain users

identified at all times through appropriate access credentials. The relevant users regarding

Page 22: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

21

Risk Management Annual Report 2018

Banco Santander México

risks have full access to risk data to ensure that they can be added, validate and reconcile

properly with risk reports.

Completeness and Exhaustiveness: Reports of risk management and aggregation criteria

cover all material risks consistent with the risk map.

Indicators of Data Quality: They are defined quality indicators covering aspects such as

accuracy, integrity, completeness, tolerance and availability in both normal and stress

situations.

Data Quality Controls: There are controls over processes in order to ensure data quality

at all levels.

Promptness: The reports should be available in the manner and time established, taking

into account the nature and volatility of the risk involved and the relevance of the report.

Flexibility and adaptability: The risk management reports are prepared according to the

needs of the organs and the key areas involved in risk management and monitoring.

Forward-looking Approach and availability of documentation: The risk reports contain,

where relevant, the likely path in the Bank's capital situation and risk profile thereof, and

provide information on estimates and forecasts in different scenarios, analyzing and

identifying stress levels and trends of emerging risks.

Data analysis and Expert judgment: The reports are both descriptive and prescriptive and

provide quantitative and qualitative data, including explanations, recommendations and

conclusions.

The above principles are developed through the implementation of various key processes

in the Information of Risk Management:

Data availability: The aim is to have a common infrastructure, accurate and reconciled

on different variables to respond to multiple requests for information necessary. To do

this, the information requirements are set; selected data needed to satisfy these

requirements are identified; data source systems are extracted; the source data is

transformed into the required data and data stored in repositories available for the

exploitation and use thereof.

Aggregation of Data: The aggregation process is driven by a particular data structure

based on different criteria and rules that allow a precise and homogeneous grouping of

data in order to generate different views of information, responding to needs analysis

different users.

Analysis and use of information: The data and risk information are available for use in a

homogeneous, flexible and with sufficient granularity environment, also are easily

understandable and accessible in a timely manner for use, analysis and distribution. The

information is available for use in both the reporting and other requirements for the

management processes and risk control.

Reporting and distribution to third parties: The process of reporting and distribution

guarantees it is available to all relevant parties. That provision, its form and frequency

depends on the relevance and materiality of informed risk and should be done on time

and according to established schedules.

The Executive Committee of Data and Information, sponsored by the Technology and Operations Division, is the collegiate body responsible for the governance and quality of data, and the needed processes to ensure the availability, extraction, aggregation, analysis and reporting of the information of Banco Santander (Mexico). Main functions of this Committee are:

Approve documentation that support the Model of Data and Information Management

(government, policies, roles and responsibilities) and ensure its compliance.

Page 23: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

22

Risk Management Annual Report 2018

Banco Santander México

Approve any significant changes in the process of data government.

Approve data quality objectives (criticality, indicators, tolerances, quality plans), and

monitor them informing their compliance to governance bodies.

Approve and supervise all activities related to the identification, assessment and

management of data quality, information and data aggregation.

3.6 Risk Appetite

Risk appetite is the maximum level and type of risk the organization is willing to take, within its risk

capacity to achieve its strategic objectives and the development of its business plan.

The risk capacity is the maximum level and nature of risks that the company can assume without

compromising its viability, determined by the level of sufficient resources (capital, liquidity, asset

and liability management systems and capabilities) to develop the activity the entity to the

demands of regulators, governments, shareholders, investors, customers, employees, suppliers

and social community.

The risk appetite is expressed, in general, aggregate and by type of risk, in Risk Appetite

Statement (ras).

Banco Santander (Mexico) is committed with a predictable medium-low risk profile through a

diversified business model focused on relationships with clients and an advanced risk

management model along with a robust control environment that provides stability to business

plans.

Santander’s ambition to maintain a medium-low risk profile, through the Risk Appetite Statement,

is materialized on the following 5 axes:

P&L volatility: to deliver regular and high quality earnings in order to ensure sustainable high levels of shareholder return (by dividend and share value).

Capital & solvency: to preserve strong capital ratios both under normal and stressed conditions, satisfying all minimum regulatory requirements with an additional buffer and supporting business plans.

Liquidity: to preserve strong liquidity ratios both under normal and stressed conditions, satisfying all minimum regulatory requirements with an additional buffer that supports business plans.

Concentration: to limit the impact in earnings and capital base from unexpected events due to concentration in large exposures, individual counterparties, commercial segments (especially high-risk) and economic sectors.

Non-financial risks: to control and limit non-financial risk events which lead or could lead to financial loss, fraud events, operative, technological, legal and regulatory breaches, conduct issues or reputational damage.

Santander has no tolerance to non-financial risks from a deficient bank’s risk management system

and limited tolerance to financial risks.

The maximum management body, The Board of Directors, is responsible for determining and approving risk appetite; It promotes its articulation in the form of policies and limits to ensure its implementation, communication and monitoring. The Board of Directors and the Risk Management Authority, are up to formulate the risk appetite of the entity, identifying its development elements and assign responsibilities for it, and perform periodic monitoring of the adequacy of the risk profile of the entity

Page 24: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

23

Risk Management Annual Report 2018

Banco Santander México

The Executive Risk Committee is responsible for ensuring the consistency of the actions of the Bank's risk appetite determined by the Board of Directors, and approves actions on the level of risk in light of the analysis and monitoring of risk appetite.

Page 25: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

24

Risk Management Annual Report 2018

Banco Santander México

4. Credit Risk Management

4.1 Overview

The credit risk arises from the possibility of losses derived from the total or partial failure to meet financial obligations to the institution by its clients or counterparties. The credit risk is caused by the possible failure to pay by the accredited both in lending operations that have involved a payment and those that do not involve any but whose performance is guaranteed by the Bank.

Segmentation from the point of view of credit risk management is based on the distinction between three types of customers:

Individuals segment includes all natural person except for those with business people.

Includes holdings of residential mortgage, credit card and non-revolving consumer portfolio.

SME’S, Companies and Institutions including legal entities and individuals with business

activity. In addition to public sector entities and private sector entities nonprofit.

Corporate & Investment Banking (CIB) is composed of corporate, financial and sovereign

institutions, which make up a closed list reviewed annually. This list is determined by a

thorough analysis of the company.

The governance of the Credit Risk Management is a committee structure that are responsible,

among other things, the following functions:

The decisions on ratings, operations and risk limits, within the powers that have been

granted by the bodies envisaged in the general framework of risk and credit risk and its

monitoring.

Validation and supervision of policies of credit portfolios.

Validation and monitoring of annual plans portfolios.

Monitoring the performance of exposures.

These committees, in appropriate cases, will have representatives of the business functions and

may delegate the functions they consider relevant in other organs, with the relevant regulations of

these committees to establish the process of granting powers and duties of each of them, including

qualitative and quantitative limits that define its scope and decision.

4.2 Credit Risk Cycle

The risk management process consists in identify, analyze, control and decide, where appropriate, the risks incurred by operations of Banco Santander (Mexico). During the process involves both business areas and senior management.

The credit risk is undoubtedly the most important risk in banking

Possible Causes: Insolvency of accredited.

Related-party transactions. Excessive concentration. Inadequate guarantees.

Other causes.

Table 4A Causes of Credit Risk

Page 26: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

25

Risk Management Annual Report 2018

Banco Santander México

Credit Risk through a cycle or life process, whose phases are valid for any operation, notwithstanding the important differences that can be seen in the cycles of the risks of different segments, specifically between Particular and Business.

In the Credit Risk Cycle three phases differ: Presale, sale and after-sales. The process is constantly fed back incorporating the results and conclusions of the study phase to the sales risk and pre-planning. The following table lists the processes that take place in each of the mentioned phases.

Table 4B

Credit Risk Cycle in the credit process

4.2.1 Risk Study

In general, the risk assessment carry out in the analysis of the credit application consists to analyze the customer's payment capacity5 to meet its contractual obligations with the Bank. This involves analyzing the credit quality thereof, its risk operations, solvency and profitability to obtain depending on the risk taken.

The risk analyst assesses the credit quality of each customer through a rating/score of the

customer and a valuation report associated with the rating/score that reflects those aspects that

determine the score. The rating/score is the basic tool of risk management, and together with the

associated evaluation reports are updated with a frequency that depends on the client's situation,

at least once a year.

All customers prior to the granting of a credit risk must be assigned an internal rating/score according to the rating model previously defined and authorized. The rating/score reflects the credit quality of a customer, and is built with both quantitative information (financial, external and internal, etc.) and qualitative (analyst expertise). This rating/score reflects the probability of customer default.

To manage properly the credit risk must be reached a near vision to the client, both in quantitative

and qualitative aspects, in order to meet their needs and anticipate risks that might affect the good

end of the contracted operations. Customer allocation to a risk analyst has the primary goal that

the analysts have an intimate knowledge of him.

5 Includes confirmation that economic activity in the potential customer is not within the list of activities in

which the Bank has decided not to establish business relationship (eg. trade and distribution of weapons, people whom deduct may be related whit criminal activities).

Presale

•Study of risk and credit rating process

•Planning and setting limits.

Venta

•Decision on operations

Postventa

•Monitoring

•Measurement and Control

•Recovery Management

Page 27: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

26

Risk Management Annual Report 2018

Banco Santander México

The ratings accorded to customers are regularly reviewed, at least once a year, incorporating new financial information and experience in the development of the banking relationship. The frequency of review is increased in the case of clients who reach certain levels in the automatic warning systems and in those classified as special monitoring. Similarly, the tools of rating are reviewed to be able to adjust the accuracy of the rating given6.

Against the use of ratings in the wholesale world and the rest of the companies and institutions,

in particular the individuals segment dominated the scoring techniques, which almost always,

automatically assigned a valuation of transactions that occur and have designed to identify the

credit quality of customers, in addition to estimating the probability of default. This process is aided

by origination tool for high-volume applications and seeks to discriminate in the best way possible

to the good from the bad payers.

4.2.2 Planning and setting limits

The commercial strategic planning is implemented through the Strategic Business Plan. This plan is the union of the business plan with the credit policy and the means required for their achievement on which the business budget is based and must be approved prior to the budget. The three elements are closely connected and feed each other:

Business plan: set goals in exercise and specific action plan to be implemented to achieve the budget. Credit Policy: moved the risk appetite to each business line in the form of portfolio policies, policies for the granting, management and credit recovery and decision rules. Media Plan (infrastructure): lists the models, systems and resources required for the implementation of planned actions.

The commercial and strategic planning should include safeguard, first of all, the principles established in the General Corporate Framework of Risks. It is also ruled by principles that are structured in the following categories:

Principles of integration and consistency with other management tools.

Principles concerning the scope of planning.

Organizational and governance principles.

Within the annual planning, the levels of risk the bank assumes limited in an efficient and comprehensive and budgets of each of the Bank's business are set out in terms of objectives and limits on portfolio level, within defined limits risk appetite and risk policies established, defining the scope of the entity's risk management, and media (models, resources, processes and systems) needed for the annual achievement of these objectives are set.

The credit policies moved the risk appetite to each business line, setting the scope of the annual plan. The definition of the general, policies and portfolio approval policies, management and recovery of credit policies are the responsibility of the risk function, and its approval competence of the governing bodies established for the purpose of risk.

6 Banco Santander (Mexico) has an internal area of Risk Methodology, responsible for the development, review and

calibration tools.

Page 28: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

27

Risk Management Annual Report 2018

Banco Santander México

The annual process of setting limits is a dynamic process that determines the willingness to take

risks with each client. This limit is consistent with the budget, and with the risk appetite for which

they have tools and/or processes that allow, among other things, define the limits (joint

responsibility for the functions of risks and commercial), approving (according to the corporate

governance and committee established) and control.

The management limits are intended to avoid unexpected negative impacts on the income statement. Define the boundary of acceptable risk for the unit and its definition is not conditional on the budget for year. The indicators subject to define a limit, determinates an Alert threshold and a Stop threshold that are easily understood and measurable.

At the wholesale level and other companies and institutions, an analysis is done at the client level. When certain features occur, the customer is the subject of establishing an individual limit (pre-classification). The result of the pre-qualification is the highest level of risk that can be assumed with a customer or group of customers in terms of amount or period. In the corporate segment, a more simplified model for those customers who meet certain requirements (high knowledge, rating, among others) is used.

4.2.3 Decision on operations

This process aims at the analysis and resolution of operations, approval risks being a prerequisite before any operation risk hiring, being the risk approval a prerequisite before hiring any risk operation. This process should take into account the defined policies of approval and take into account both risk appetite and those elements of the operation that are relevant to achieve the balance between risk and return.

The staff of the business areas performing loans promotion does not participate the approval process. Also, it is strictly forbidden employees, officers and directors of the institution involved in approving loans in which they have or may have conflicts of interest. The decisions taken in the credit approval process should be duly documented in the minutes of the Committee session and/or official authority responsible for the decision, which must be jointly signed by the participating members.

The loan approval is the responsibility of the Board, which delegated this function to the Committees. Credit Committees have as a priority that studied, discussed and appropriate decisions, allowing healthy growth and stability risks.

In the area of smaller individuals and SME’s it facilitates the management of large volumes of credit transactions with the use of automatic decision models that qualify binomial customer/operation. With them, the investment is organized into homogeneous risk groups from the classification that the model gives to the operation, according to the information on the characteristics of the operation and characteristics of the owner.

In the Personal Risk assessment, analysis and approval it is done through an automatic decision model, which considers the assessment of minimum admission criteria, scores, limiting rules and calculation amount.

In the field of companies, the decision is the joint, between the risks functions in the different approval committees, and depending on the delegated faculties, there are two types of operations:

Pre-classification. It consists in the assignment of a global limit of risk to a client, during a

determined period of time. If the requested proposal fits into the pre-classification, the

approval of the proposal is made based on the powers delegated to the risk analyst and /

Page 29: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

28

Risk Management Annual Report 2018

Banco Santander México

or commercial manager. In the case that the requested proposal does not fit within this limit,

the possibility of studying the proposal out of limit, or the modification of the global limit for

its inclusion, is valued, according to what is stipulated in the admission process for specific

operations.

Punctual risk operations not covered by a global limit. The analyst must review the

information of the proposal, generate an opinion on it, request additional guarantees if

applicable and resolve or raise to a higher level, according to faculties, for its resolution.

In CIB, the management of the operations attends a global relation model using global systems

for the production of the rating and the pre classifications of the clients; the operations’

authorization decisions are submitted to the local and global Credit Committees. The authorization

of the pre classifications of the clients is delegated to the Global Account Officer (GAO's) for the

administration of the credit limits in its different products.

Although they are relevant in all phases of credit risk in the decision on operations plays an

especially important role considering mitigation techniques.

It is important to point out that in addition within the institution, is a continuous monitoring of the models of decision on operations, with the aim of ensuring that systems remain effective and robust. The aspects discussed in the follow-up to decision models are:

Stability. Effect of changes in the composition of the target population as a result of

commercial actions, adding new customers and current characteristics variation.

Performance. Evaluation of the ability of the model of decision to discriminate between

different risk profiles and predict its evolution.

The findings of the follow-up decision models lead to actions whose main objective is to improve the quality of the final resolutions, through amendments to the decision models and improvements to the capture and quality of information.

4.2.4 Monitoring

After the admissions process and decision, once the risk is incorporated in the portfolio, it is

necessary to conduct a continuous process of risk assessment undertaken in order to anticipate

situations of risk and possible deterioration of the measures and preventive and corrective actions.

The risk monitoring allows evaluate the development of all the elements that can affect the quality

of the risks contracted operations or in the effectiveness of the instruments and mechanisms used

in risk management. The monitoring is based on customer segmentation and performed by risk

teams, complemented by the work of internal audit. The function is specified in the identification

and monitoring of special surveillance firms, regular reviews of credit ratings and scores initially

assigned to customers, in addition to the continuous monitoring of indicators and metrics.

The continuous monitoring aims the proactive and preventive advance through periodic review of

all customers over the predefined actions associated with each situation and its implementation,

in a shared manner between the business and risks functions.

The system named companies in special surveillance (FEVE) distinguishes different degrees depending on the level of concern of the circumstances observed (extinguish, secure, reduce and follow). Including a FEVE position does not mean have been defaults, but the advisability of

Page 30: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

29

Risk Management Annual Report 2018

Banco Santander México

adopting a specific policy with it. Customers classified as FEVE are reviewed at least every six months or quarterly for more serious degrees.

The revision of the allocated ratings is performed at least once a year, but if weaknesses are detected are performed more regularly. For risks of individuals and SME’s of lower turnover, a monitor of key indicator is conducted in order to detect deviations in the behavior of the loan portfolio with respect to the forecasts made in the Strategic Business Plan.

The process of managing customer base of the perimeters companies, SMEs and individuals can

observe the portfolio from a global perspective to analyze the observed deviations from planning

and risk factors, and project its impact on portfolio performance regarding the expectations about

it and establishing action plans.

The primarily responsible for the portfolio executive process is the portfolio manager of each of the segments. Within the portfolio management it has been identified the Strategic Business Plan as a key tool. This Plan is the conjunction of the business plan; credit policy and the means required for their achievement and consist in a policy-based management and strategic planning.

This monitoring process through the Bank’s Plan ensures that policies referred to therein are met, the business goals (budget) and recovery strategies. If significant deviations occur, the necessary measures are taken to bring them back.

The portfolio management is a continuous process analysis in order to collect common elements of the environment and portfolio, and if necessary, modify the policy. Projective metrics and scenarios are used, analyzing deviations from planning and identifying sources of concern. Anticipation is the key element along the analysis of risks and possible impacts on profitability. The anticipation is focused on the identification of potential deterioration of the risk profile, adverse situations or business opportunities.

Within portfolio monitoring, the portfolio manager carries out a follow up the evolution of the macroeconomic environment and the political and economics one of the country. Likewise, also it analyzes the commercial processing and risk (strategies, prices and offers, among others) of the competitors.

On the other hand, performs the simulation of adverse scenarios. These scenarios are often historical or hypothetical, built based on regulatory and management information, for which projected risk parameters are calculated.

This analysis of the environment and the market is performed in order to assess the financial situation of the entity under different circumstances; ensure that planning and strategies defined in the entity take into account the market situation; detecting whether the strategies defined are suited to the current macroeconomic conditions and establish the necessary preventive measures adapted where necessary to specific sectors. The portfolio manager, as appropriate, restates the definition of new strategies or adapts existing strategies.

Another phase of portfolio monitoring is to analyze the portfolio in terms of both structure and indicators. The portfolio manager performs this analysis. To do this, evaluates the structure of the portfolio using different criteria (concentrations of term, of risk per customer –in the case of companies- and sectorial, inter alia).

Page 31: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

30

Risk Management Annual Report 2018

Banco Santander México

4.2.5 Measurement and Control

In addition to monitoring the creditworthiness of customers, Banco Santander (Mexico)

established control procedures necessary to analyze the current portfolio credit risk and its

evolution through the various stages of Credit Risk.

The function is developed evaluating the risks from different perspectives, establishing as the main

elements control by geographical area, business areas, management models, products, etc.

facilitating early detection of outbreaks of specific attention, and the development of action plans

to correct any damage.

Moreover, there is in this process a periodic review of risk limits, which are approved and reviewed

at least once a year, unless significant changes occur in the economic environment and/or in the

company and/or with the individual, or when required by the highest management body, it is

promoted by the responsible for controlling these risks function or any function involved in the

management of these limits (business function or risk).

Each control shaft supports two types of analysis:

Quantitative and Qualitative Analysis of the Portfolio

The evolution of risk is controlled permanently and systematically regarding to budgets,

limits and standards of reference, evaluating the effects to both exogenous future situations

such as those arising from strategic decisions, in order to establish measures that put the

profile and volume the risk portfolio within the parameters set.

Assessing the control processes

Includes the systematic and periodic review of the procedures and methodology developed

through the entire cycle of credit risk, to ensure its effectiveness and validity. The existence

and policy compliance is verified and they allow the execution of business plans defined

under the established risk appetite.

The Internal Audit is responsible for ensuring that the policies, methods and procedures are

adequate, effectively implemented and reviewed regularly. It is verified that the methods, actions,

and means related risk management is adequate, applied and perform their function efficiently

within the expected standards.

4.2.6 Recovery Management

The Credit Risk manifests after the granting of credit under a double circumstance:

Default on the operation, as an objective and early sign of its possible future and final

accident rates.

Insolvency of the holder, observable by the change in his financial position and/or the

appearance of signs on his credit behavior in public databases.

The process of recovery management includes those activities designed to mitigate the consequences of loss events, both before they (management of irregularity or early default) occur as after such events occur (recovery of bad debts and foreclosed assets management).

Recovery management through its focus on preventive management is linked to monitoring processes, to anticipate the event of default and taking with it the most corrective measures appropriate to each situation.

Page 32: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

31

Risk Management Annual Report 2018

Banco Santander México

Areas of recoveries are business areas and direct customer management, whose creation of value is based on the effective and efficient management of the collection, either by regularizing outstanding balances or total recovery. It requires proper coordination of all areas of management and is subject to ongoing review and continuous improvement of processes and management methodology that underpin.

A proper recovery management act in four main phases: early irregularity or default, recovery of bad debts, default recovery and management of foreclosed assets. The scope of this function begins even before the first default, when the client shows signs of deterioration and ends when the same debt has been paid or regularized. The recovery function aims to advance the event of default and focuses on preventive management.

The recovery activity is structured based on the following four pillars or elements:

Policy of risks recoveries.

Strategies of Management.

Implementation and monitoring of the business.

Control and monitoring of integrated business risk.

Recovery management is subject to political control and an environment defined by the risk function. As business activity, recovery management policies are subject to an environment defined by the risk function.

Risk policies that rule the key recovery management strategies are particularly applicable (remove, nonrecourse, sales, portfolio and reconductions) or those that rules customer recovery management at different stages, depending on the status of their payments (irregular, doubtful or failed).

Apart from measures aimed at adapting operations to the customer's payment capacity, deserves special mention recovery management, where alternatives to law for early payment of debt are sought. The main forms of recovery are presented:

Cash collection: it should always be the first option for recovery. The regularization of debt by charging involves the total or partial cancellation of debt.

Reconducting or Restructuring: these are the operations that due to financial difficulties of the customer, current or expected to meet their payment obligations to the Group in the contractual terms in force it is necessary to modify, cancel and/or formalizing a new operation with assumable conditions of the client.

Reductions or Write-Offs: they are a finalist loan recovery strategy consisting of an agreement between the company and the customer, whereby the customer is exempt from payment of the amounts for interest, ordinary or remunerative and/or equity or principal. Usually performed in Exchange for the cancellation of the rest of the debt, thus giving a definitive solution to the issue in management, either, as according to term, offering the customer a reorganization of their payments with the entity so that allow or encourage meet their payment commitments.

Nonrecourse: is the act of cancellation of all or part of the debtor's obligation to the entity by providing certain goods or rights other than those due as a result of a bilateral agreement. It is a strategy that arises when the client has a capacity of very impaired or no payment.

Portfolio/Credit Sale: these are the transactions which are transferred by or transmitted to a third party (buyer) certain loans to the entity or entities of the Group have towards their

Page 33: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

32

Risk Management Annual Report 2018

Banco Santander México

customers, or cash flows of certain receivables that the entity has against its customers, for a specified price.

Allocation: is consistently acted in the cancellation of the debtor's obligation to the entity, in whole or in part, by providing certain goods or rights other than those due as a result of a court ruling.

While these strategies are defined by the function of recoveries, running at all times under the provisions of the respective policies regulating risk.

4.3 Risk mitigation techniques

The credit risk is mitigated in general terms through the use of guarantees. A guarantee is defined as a measure of reinforcement added to a credit operation in order to mitigate the loss by failure to pay. The guarantee is an element for mitigating the severity of the operation in case of default. Its purpose is to reduce the final operating loss, among other cases, where the long-term operation increases the risk of damage to the customer or because of possible and relevant external events that could jeopardize the success of the operation and are hardly manageable by creditor.

The guarantees accepted by the institution are classified:

Admission and management of securities shall be governed in any case under the following criteria:

Express, subsidiary, accessory and essential character of the securities

The constitution of securities in contracts must be express, trying to set a clear and precise legal nature and scope. The guarantee is subsidiary because the creditor takes with it the right to demand payment, both the debtor and the guarantor, but the claim to it is subordinate to the former does not comply. The security is ancillary because it presupposes the existence of a valid principal obligation and current call. If he dies, the guarantee disappears. The admission of any operation is based on the debtor's ability to pay and in the economic sense of the operation; however, the guarantee is an essential element in reducing the cost of funds to the client. To the extent that the provision of guarantee reduces the eventual loss of all operations, facilitate access to financing on terms more favorable.

Personal Guarantees:

Gives the creditor a right of personal nature or ability that targets the own assets of the

guarantor. This kind of security will be provided

by parties other than the debtor, and in the credit agreement itself or in a separate contract

(reliable firm and credit derivatives).

Real Guarantees:

Those that are constituted on real assets (equipment or real state) or specific and

certain rights. These are rights that secure the

creditor the performance of the principal obligation through a special link of an asset.

Because of this special relationship, in case of default of the secured obligation, the creditor

can realize the economic value of the asset through a procedure regulated and charged

with the proceeds being opposable preference

in the collection in this way against other creditors.

Page 34: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

33

Risk Management Annual Report 2018

Banco Santander México

Careful and Expert Assessment The valuation of the guarantees must use conservative criteria and suitable for the time horizon of the secured transaction and realized with processes that minimize the risk of valuation of them. The assessment should always be made in view of the purpose of the operation, according to objective criteria of truth and transparency, and respecting the rules that will result from implementing and caring for their formal and structural aspects.

The time value of the security offered and its possible change in the nature or value risk reduction, amortization or disappearance, should be appropriate to the maturity and payment flows of the main transaction.

In Table 4C key elements required for the valuation of securities are presented.

Table 4C: Elements required for the valuation of the securities

Real Estate Guarantees: They must be valued by an independent third party to the operation7, with specific expertise in this subject, ensuring that assessments meet the legal requirements that exist in this regard, and they must contain:

The legal purpose of the valuation and the valuation method used.

Registration of property ownership and characteristics of the guarantee.

Load situation, reservations, liens, and limitations of domain. This reference is essential in assessing, for the property or rights where an organized and sufficiently liquid market exists. For those who are considered unusual by its nature, an independent evaluation by a third specialist with proven experience and credibility in the sector must be obtained that the case.

Personal Guarantees:

The updated documentation of guarantors that allows quantify its financial solvency is collected. In any case, joint obligors, guarantors or sureties should be equally valued by the current system of internal risk assessment according to their characteristics.

Valuation Update

The value of securities could be subject to significant changes over the life of credit operations. The proper management of guarantees requires full registration in the systems of the institution, allowing:

Conduct joint evaluations of portfolios subject to certain guarantees, either to changes

in actual market data or to possible future scenarios.

Identify operations associated with certain safeguards and, where appropriate,

implement concrete actions on them.

Run processes of assessment indexes or other formulas that identify operations that

exceed certain levels of alert.

7 Banco Santander (Mexico) has an internal area of Technical Evaluation of Real Estate Projects in charge of the

valuation of real estate securities for commercial loans.

Page 35: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

34

Risk Management Annual Report 2018

Banco Santander México

Correct instrumentation of securities

The correct implementation of the operation that gave rise to the guarantee is necessary and indispensable premise for its existence, so that all are extreme care to ensure that the guarantee is valid and fully effective.

Cautions on the conservation and availability of security

Guarantees can change its value by market conditions, but can also undergo significant changes in value for its own preservation. Therefore, it is essential to observe certain criteria about. In the case of security, the client must be agreed with the subscription of compulsory insurance to ensure the reinstatement of the asset value to events that could cause its impairment. In the case of security interests, to the extent that the business permits without altering its normal operation, must be deposited the guarantee in the bank itself or held by an independent third party, establishing safeguards that will strengthen the duties of conservation and maintenance of the item.

Capacity of Execution and Clearing of Guarantee

The possibility and feasibility of execution of the guarantee and their settlement should be considered. Among the aspects to be evaluated are:

The full title of the total ownership of the domain is an essential element in the ability to

liquidate the security in case of need.

The order of priority in the implementation of the guarantee. The existence of prior rights

on the guarantee prevents its correct valuation.

The existence of a deep and liquid market where redeem the guarantee.

Be careful with the securities on shares of companies whose law precludes negotiation

or not quoted on organized markets.

The feasibility and settlement in the case of special projects, where the guarantees on

rights related to the project itself are subject to its feasibility.

Security Blocking

Blocking the guarantee involves limiting the right to dispose of assets or rights pledged as collateral security by the guarantor. The policy is limit or block the availability on the security, with greater emphasis on anything that may be subject to fraud. Therefore, unless authorized should:

In the case of financial stocks, mark the values pertaining to the guarantee in the entity

or released to the depository institution.

In the case of property or rights on which there is a public record, make the appropriate

entry or retention of title in the register against third parties.

In the case of third party depositary of good, ensures the communication and decision

by the third party in right of preemption on the goods provided as security, its duty of

care and maintenance that affect them.

In the case of financial assets, pledges and trusts are prior to the availability of resources, and in the case of mortgages may be delayed up to an average of 6 months, as recorded in the Public Registry of Property.

Page 36: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

35

Risk Management Annual Report 2018

Banco Santander México

Amendment of the Guarantee

If at the request of the company or customer, the ability to modify the guarantee arises, the request is handled as a new guaranty claim and must be authorized by the committee with authority to do so.

Execution of the Guarantee

The failure of the secured obligation gives the entity the possibility of requiring the execution of the guarantee in accordance with the agreement in the contract.

Extinction of the Guarantee

The guarantee is void for the reasons specified in the instruments to which it is formalized, and the legally established causes. Generally, these causes are:

By the extinction of the principal obligation for pay, compensation, confusion, forgiveness or other institutions that apply in each legislation.

For the loss or destruction of the property contributed as guarantee.

The course of the security period, regardless of subsisting or not an obligation or guaranteed.

In the calculation of the regulatory capital, the mitigation techniques of the credit risk impacts

on the value of the risk parameters and thus in the capital, distinguished by type of guarantees,

including secured and personal.

Personal guarantees impact on the value of the probability of default (PD) by replacing the PD

of the counterparty to the transaction by the PD of the guarantor or credit derivative

counterparty.

When internal methodologies used, securities impact on the value of the loss given default

(LGD). Mitigation consist in to associate to the operation guaranteed a specific LGD according

to their security, taking into account also other factors such as the type of product, the balance

of the operation and others. In the case of mortgages, the LGD of the operation will depend on

the Loan to Value (LTV), plus the time that the operation carried on the balance sheet of the

bank. If eligible financial guarantee, LGD zero is assigned to the part of the exposure covered

by the security value after applying a regulatory haircut.

Page 37: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

36

Risk Management Annual Report 2018

Banco Santander México

Table 4D Loan portfolio covered by guarantees 8

4.4 Methodologies for calculating Reserves for Credit Risk

4.4.1 Regulatory Framework

In accordance with the provisions of the CUB to calculate the reserves for credit risk, institutions

may use:

The Standard Method by which the institutions in order to determine their reserves for the

credit risk, must use the parameters and formulas established in the regulation to determine

the probability of default (PD), the LGD AND Exposure at Default (EAD).

8 Guarantee data used for the calculation of reserves.

Financial collateral 32,099 30,352

Non financial collateral 49,795 53,659

Total guarantees 81,895 84,011

Portfolio coverd with guarantees 85,861 84,404

Total loan portfolio 235,128 228,868

Financial collateral 7,029 7,277

Non financial collateral 141,622 144,316

Total guarantees 148,651 151,593

Portfolio coverd with guarantees 59,009 62,591

Total loan portfolio 130,173 128,624

Non financial collateral 32,337 35,215

Total guarantees 32,337 35,215

Portfolio coverd with guarantees 31,328 33,504

Total loan portfolio 31,495 33,908

Companies with annual sales of less

than 14 millions of UDIS

States and municipalities loans

millons of pesos

Companies with annual sales equal or greater

than 14 millions of UDIS

dic-18

millons of pesos

millons of pesos

Concept sep-18

dic-18

Concept sep-18 dic-18

Concept sep-18

* It does not include loans to government agencies, parastatals, and

productive state enterprises.

* It does not include loans to government agencies, parastatals, and

productive state enterprises and commercial.

Page 38: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

37

Risk Management Annual Report 2018

Banco Santander México

Any of the Methods Based on Internal Ratings, foundation or advanced, provided they

obtain prior authorization from the CNBV.

Consumer Credit Portfolio, Mortgage Portfolio and Commercial Portfolio, the Internal

Methodology with Advanced Approach (AIRB), according to the institutions will obtain

the allowances using their own estimates of PD, LGD and EAD.

For Commercial Portfolio, the institution may use the Internal Methodology with

Foundation Approach (FIRB), according to the allowances using their own estimates of

PD for each borrower and using the LGD and EAD settled in the regulation.

4.4.2 Portfolios authorized to Banco Santander (Mexico) for the use of Internal

Methodologies for the Calculation of Reserves for Credit Risk

Since 2012, the CNBV authorized Banco Santander (Mexico) to use Internal Methodologies with

Foundation Approach (FIRB) for calculating credit reserves and minimum capital9 requirements

for portfolios of Corporate & Investment Banking Firms and Banks and Financial Institutions.

In October 2015, the CNBV authorized Banco Santander (Mexico) to use Internal Methodologies

with Advanced Approach (AIRB) for calculating credit reserves and minimum capital10 for

Corporate and Real Estate Developers

Table 4E

Internal Methodologies Outstanding at

December 31, 2016

Foundation Approach

Advanced Approach

Business Corporate & Investment Banking

Corporate

Banks Financial Institutions Promoters Real Estate

Business Corporate & Investment Banking (CIB). This portfolio segment consists of a closed list of companies and groups that is reviewed annually. This list is determined by a thorough analysis of the company (business, countries in which it operates, product types used and more).

Banks Financial Institutions. They are all customers whose current exhibition, more lines or requested risks of the

commercial portfolio by firm or economic group, exceed 8 million pesos.

9 The Chapter about Capital detailed the use of internal methodologies (FIRB) for the calculation of capital requirement for credit risk. 10 The Chapter about Capital detailed the use of internal methodologies (AIRB) for the calculation of capital requirement for credit risk.

Page 39: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

38

Risk Management Annual Report 2018

Banco Santander México

Corporate11.

They are all customers whose current exhibition, more lines or requested risks of the

commercial portfolio by firm or economic group, exceed 8 million pesos. Exceptionally,

individualized management are considered those that do not exceed 8 million pesos according

to the above criteria, but that potential and foreseeable reach it in a maximum period of one

year. Among the types of companies to find within this segment, the following customers are

recognized:

Juridical Persons and Natural Persons with business activity, including Agribusiness.

Corporations that are not included in the Corporate & Investment Banking.

Natural Persons who are shareholders or directors of the entities individualized or

customers of Private Banking.

Real Estate Companies (Property Developers)

It comprising the operations financed construction projects for further promotion (vertical and horizontal housing, shopping malls, hotels, offices and more). It is important to note that, generally, the Bank's financing in this sector often have the mortgage to finance property, to win, therefore, especial importance the proper valuation of property and its tracking, because usually that property will own income generator intended for credit repayment, being, also, secondary source of repayment in the event of having to enforce the security.

Natural Persons and Juridical Persons comprise the domestic segment of Real Estate Companies with business activity whose core activity is a source of Real Estate Risk (the credit risk which arises in lending transactions is maintained with clients whose main business is real estate activity). The real estate sector is a very broad activity that includes many activities and sub activities. In this sense, the different types of property risk identified in the institution are:

Property Development: Development and construction of buildings/properties for resale,

usually housing/residential but also other commercial uses (premises, offices, other).

Properties that Produce Income: The construction or purchase of a property is financed

by a loan whose repayment source consists in renting of the offices, premises or housing

spaces. In the case of financing the purchase of a property already constructed it is

normal that the rents are already in force.

Others Minority Risks of Property: Included in this section all those real estate risks of

different types to those detailed in the above and for which no study or specific referred

is necessary for being minority risks in the portfolios of the Retail Banking Industrialized

Risk. While behind these businesses are real estate assets, it is usually business whose

analysis for other types of expertise are required.

11 For Corporates, since 2012, the CNBV authorized Banco Santander to use models based in internal ratings by the

Foundation Approach. Then, in October 2015, the CNBV authorized the use of an Internal Model with Advanced

Approach.

Page 40: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

39

Risk Management Annual Report 2018

Banco Santander México

Table 4F

4.4.3 Principles of valuation system authorized for internal models applied in Banco

Santander (México)

The valuation system of Banco Santander (Mexico) quantifies the probability of default of each counterparty (company or group) and is the basic tool of risk management of the Bank and its main objectives are:

Report any risk decision (approval of limits and operations, risk policies, and monitoring of

customer, among other).

Estimate the fair price for each operation.

Determine the reserves and equity consumption for each operation (in the case of approval

of internal models).

The resulting valuation calculates the probability of default, defined as arrears in the next 12 months. There is a one to one correspondence between rating and probability of default.

Foundation

Approach

Advance

Approach

States and Munucipalities 33,908 - - 33,908

Financial Institutions 17,732 1,860 637 20,230

Companies with annual Sales equal or greater than 14 millions of UDIS 5,269 90,382 133,217 228,868

Companies with annual sales of less than 14 millions of UDIS 97,617 1,702 29,305 128,624

Project Finance 19,022 - - 19,022

Residential Mortgage 141,649 - - 141,649

Non - revolving Consumer 54,610 - - 54,610

Credit Card 56,730 - - 56,730

Subtotal 426,538 93,944 163,159 683,640

Interest Collected in Advance 616-

Financial Burder Leasing Operations 177-

Total 426,538 93,944 163,159 682,848

* The information of companies loans includes loans to government agencies, parastatals, and productive state enterprises.

Gross exposures acordding to rating methodology

December 2018millions of pesos

Loan TypesStandard

Method

Internal Methodology

Total

Page 41: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

40

Risk Management Annual Report 2018

Banco Santander México

Table 4G Characteristics of Valuation System of Banco Santander (Mexico)

Predictive:

It is a reflection on the probability of default (PD) of analyzed customer.

Includes all the quantitative and qualitative aspects that PD defines.

Homogeneous:

Analysts use the same criteria wherever they are.

It has a definite style used by all.

Specific:

It caters for the specificities of each company, mainly its sector,

country, environment.

Validated:

It is officially accepted by regulators, internal and external audits,

rating agencies.

Efficient:

The effort is proportional to the benefit received.

Relevant:

It provides useful information for decision-making.

It addresses the most relevant points for each company from the point

of view of risks.

Among the general principles of the institution valuation system, are:

Sectoral Approach: Industry knowledge is critical as much of the value of a company

depends on its sector. The sector risk is a reference of the maximum value that can suck a

company in this sector.

Forward-Looking Approach: It is to measure the probability of default in the future. It required

analyzing and assessing the perspectives of both the industry and the company.

Comparable: Assessment must always be justified in comparison to other companies within

and across sectors, domestic and abroad.

Consistency in the Cycle: The assessment should be consistent throughout an economic

cycle. It must take into account the current situation of the company, as the expectation of

cycle change.

Quantitative Approach: Each of the above must be accompanied by metrics and quantitative

information regarding the client's financial statements, the economic sector. Competition

and other macroeconomic variables.

Knowledge-based Opinion: Valuation should therefore reflect the opinion of the Analyst Risk

on the creditworthiness of the company, for which it will rely on the analysis of the company

and its knowledge of the sector, the economic environment of the company, the financial

characteristics business and possible uncertainties about its future performance.

Page 42: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

41

Risk Management Annual Report 2018

Banco Santander México

4.4.4 Main Characteristic of Internal Methodologies with Foundation Approach Authorized by the CNBV to Banco Santander (Mexico)

Since 2012, the CNBV authorized Banco Santander (Mexico) to use models based in internal

ratings by the Foundation Approach in order to calculate loan loss reserves and capital

requirements for credit risk of the following credit portfolios12:

Business Corporate & Investment Banking (CIB).

Banks Financial Institutions.

The Internal Methodology with Foundation Approach is based on determining the probability of default by rating process that includes a quantitative or statistical module based on the financial reasons information of the customer (company in the case of CIB and the bank in case of the financial intermediation institutions (FII's bank)) and a qualitative or expert module, based on the opinion of the analyst, who rate the model variables according to their experience and according to the expert and financial analysis of the entity. The rating assignment process is schematically summarized as:

Table 4H

General Outline Rating

The rating thus obtained is called rating adjusted or final rating, in the event that no further required adjustments (special cases holding company or support required external).

Quantitative module is a linear regression transformed model whose variables are made for financial reasons. The list of financial ratios used in the model was proposed by analysts for admission of risks that based on his experience in analyzing counterparts, choose those they consider the most significant in predicting the probability of bankruptcy.

The quantitative module is calibrated based on the market price of credit derivatives or credit default swaps. The probability of default implied premium quoted by the market is extracted and also builds a model relating said probability of default to customer balance information, so that

12 For Corporates, since 2012, the CNBV authorized Banco Santander to use models based in internal ratings by the

Foundation Approach. Then, in October 2015, the CNBV authorized the use of an Internal Model with Advanced

Approach.

Statistical Model

Financial Ratios

Statistical RatingExpert Model

Analyst Opinion

Qualitative variables

(knowledge of the company

and its environment)

Final Rating

Page 43: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

42

Risk Management Annual Report 2018

Banco Santander México

from this information can obtain the probability of default even without liquid entities trading on these instruments.

The main elements of the model are included in table’s 4I y 4J.

Table 4I Types of Financial Ratios Included in the Statistical Model

CIB FII’s Banks

Resources Generation Asset Quality Size Capitalization

Profitability Transactions Solvency Liquidity

Liquidity

After obtaining statistical rating, the analyst takes this information as a reference, but reviewed and adjusted to obtain the final rating, which is thus markedly expert. Sometimes also adjusts ratings in cases where the valued customer belongs to a group that receive explicit support.

Table 4J Valuation Areas

For Qualitative Model

CIB FII’s Banks

Market Asset Quality Management Management/Regulation

Access to Credit Reputational Profitability

Resources Generation

Solvency

The ratings accorded to customers are regularly reviewed to incorporate new financial information

available. The timing of the reviews increases when certain automatic warning systems are

activated. Likewise, also reviewed the rating tools to go adjusting the accuracy of the rating given.

Thus the calculation of the probability of default by the borrower meets all regulatory requirements,

among which are:

Use of information and techniques that consider the long-term experience in estimating the

average PD in each classification.

Allocations used not only expert judgment.

Banco Santander (Mexico) executes a series of internal controls in order to ensure consistency of the concession process, the reliability of the data used, and in any case the proper management and control of the risks of all exposures. Conducting risk processes ensures that each step is done properly, data operations and market positions used are correct and that the generated data and information risk are reliable.

Page 44: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

43

Risk Management Annual Report 2018

Banco Santander México

4.4.5 Main Characteristic of Internal Methodologies with Advanced Approach

Authorized by the CNBV to Banco Santander

In October 2015, the CNBV authorized Banco Santander to use models based in Internal rating

in order to calculate the minimum capital requirements for credit risk by the advanced method

(AIRB), as well as determine the allowance for credit risk of exposures to:

Corporate.

Real Estate Companies (Property Developers).

The determination of the probability of default by determining rating is based on an automated

module that collects the first intervention of the analyst and that may or may not be supplemented

later.

The automatic model determines the rating in two phases, a quantitative and a qualitative based

on a corrective questionnaire, which enables the analyst to modify the automatic scoring by a

limited number of rating points.

The automatic evaluation is obtained from a multivariate linear regression model whose variables are composed of financial ratios and credit bureau data13, plus the answers of a closed questionnaire, which the Analyst performs. The variables used were previously identified as the most predictive power failure capacity of a company.

Automatic assessment provides a global credit rating ("rating") for the company, collecting thus quantitative and qualitative aspects. The algorithm for obtaining this score is made as the sum of the product of the score and the percentage weighting assigned to each of these areas.

This is a client portfolio manager with sufficient experience and associated internal defaults; the

estimate is based on that inner experience of the institution. The PD is calculated by observing

the entries in delinquency of the portfolios and putting those entries in relation to the rating

assigned to customers.

The matrix of qualitative information that analyst rate, consists in a questionnaire with different areas of valuation:

Product and Market.

Profitability.

Solvency

Administration.

Access to credit. When real estate companies are a special purpose vehicle (SPV) and concentrated real risk, there two types of slightly different rating models applied to automatic Rating Model described in previous paragraph.

Rating SPV Model of Recent Creation Applies to property risk operations for which financing is provided a SPV. This is a project planning or construction stage where the repayment of the operation rests solely on the future cash flows to be generated by the real estate asset that guarantees the operation or lack of

13 Incorporate Credit Bureau data, gives the model a higher discriminating power and greater robustness, to include

other aspects that are not collected, or do so with lower sensitivity, in purely financial information.

Page 45: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

44

Risk Management Annual Report 2018

Banco Santander México

income. A manual model whose rating is obtained as a result of the analysis and rating of three areas of valuation, subjectively evaluated by each analyst of the Project: Product/demand/market; access to credit and professionalism of managers.

Rating SPV Model Underway It is isolated projects where repayment of the operation rests solely on the cash flows generated by the property assets that guarantee the operation already in operation or operating stage and generate recurring income (at least one full year). A manual and expert model based on the knowledge and experience of the construction credit analyst is applied, with the main objective to establish the ability of the project/company to meet the payment obligations with the bank through the funds generated by the project. Rating assessment is done through six valuation areas: product/demand/market; management; access to credit; cost effectiveness; resource generation and solvency.

Within the Internal Methodology with Advanced Approach, calculating LGD meets the following requirements:

Calculate based on the internal experience of recovery flows in breach contracts.

Be adjusted to the worst moment in the cycle, so it is considered as a severe downturn.

Be consistent with the definition of default given by Basel and the CNBV.

Comply with the requirements established by the CUB from the CNBV to reflect the severity of the loss, considering the unfavorable economic conditions14.

In this sense, the LGD is defined, as the expected percentage loss of such an operation would have for breach. The estimated LGD is, therefore, the expectation of the random variable “percentage loss given default”.

The calculation is based on observing the recovery process credit operations and takes into consideration not only the accounting records of income and expenses associated with the recovery process, but also the time when these occur, to calculate their present value, and indirect costs associated with this process.

To estimate LGD is used the recovery movements, expenses and nonrecourse or awards observed from the operations that have entered into a state of "default" within the observation period. The Recovery Unit is responsible for integrating information related to recovery flows of records that have fallen into arrears after it enters in default until the end of the recovery process marked by the normalization of the contract or the settlement thereof.

The process involves discounting all flows of recovery to date when the breach occurred; the loss

observed for each operation in default is defined by the following variables:

Amount in debt at the time of default.

Date default.

Flows of recovery.

Flow of expenditure incurred in recovery.

Flow derived from nonrecourse in payment or award.

14 For calculating loss reserves a Long Run LGD (average economic cycle referred to in the estimate) is applied while

the capital requirement for the use LGD Downturn (estimate considering the worst moment of the economic cycle referred to in the estimation).

Page 46: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

45

Risk Management Annual Report 2018

Banco Santander México

The LGD finally assigned to each operation must be compatible with the requirements of the CUB, in the sense of reflecting the severity of loss given unfavorable economic conditions. This means that the expected loss should be conditional on the worst moments of the cycle in order to calculate a "downturn LGD" which will eventually be used for purposes of calculating regulatory principal. Calculating a "long-run LGD" or LGD cyclically adjusted, which is used for calculating economic capital and loss reserves estimation also it is included. In Banco Santander México most of credit contracts contain a Clause of Denunciation or Restriction of Contract that establishes "the Accredited is appropriate that the Bank remains authorized to restrict the amount of the credit or the term to use the same one, or both simultaneously, as well as to denounce the contract in any time, using simple communication in writing directed the Accredited, staying consequently, limited or extinguished as it is the case, the right of this to use the amount undrawn". This faculty of the Bank is realized in conformity by the established in the article 294 of the “Ley de Títulos y Operaciones de crédito”.

For Corporates, Real-estate Companies and States, Municipal Governments and Public Organisms, Banco Santander México possesses an immaterial percentage of committed irrevocable credit lines.

In not retail portfolio only possesses available balances of credit assessed for some accredited in the portfolios of Financing Specializes and Corporate & Investment Banking being the latter considered for the Internal Methodology with Foundation Approach and others for Corporate and Real estate developers for the Internal Methodology with Advanced Approach.

On not having possessed available balance material assessed in credit operations, the application of Credit Conversion Factor (CCF) corresponding to the Methodology by Foundation Approach of the Agreement of Basel will be considered.

For the rest of the contingent off-balance sheet items, other than unused credit lines such as: financial guarantees, commercial guarantees, documentary credits, etc., conversion factors (CCF) established in the regulation apply

4.4.6 Control of internal rating systems

Banco Santander (Mexico) internal validation covers all model used in the risk function. The scope

of validation includes not only the theoretical and methodological aspects, but also, technological

systems and the quality of the data that enable and where their effective functioning is based and,

in general, all relevant aspects of management (controls, reporting, uses, involvement of senior

management, other).

The result of the validation of the quality of a model is summarized in a final risk rating indicates

the model according to the following scale:

Low: The behavior of the model and its use is appropriate. The quality of the information

used in the development is good. The methodology used complies with the standards and

best practices defined. Documentation, processes and regulations in relation to the model

is clear and complete. Any deficiency is of little relevance and does not affect the

performance of the model.

Moderate-Low: The behavior of the model and its use is appropriate. The assumptions

considered in the development of the model are reasonable. There are areas for

improvement, but they are not keys or relevant. Do not expect any problems in the

Page 47: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

46

Risk Management Annual Report 2018

Banco Santander México

implementation and use of the model. Changes in the model should be considered if the

benefits outweigh the cost of change.

Moderate: The behavior of the model and its use is appropriate. The assumptions

considered in the development of the model are reasonable. There are areas for

improvement in the model. Corrections of deficiencies must be made in the medium term

or must analyze the cost benefit changes.

Moderate-High: There are deficiencies in the model behavior or use. The assumptions of

the model, the qualities of the sample information or predictions development thereof are

questionable. Prior to the implementation or use of the model is highly recommended that

some deficiencies are planned or remedied for its correction in the short term. Others

alternatives in the development to mitigate risk model should be considered.

High: The behavior of the model is not suitable, and it is not being used for the purpose for

which it was developed or model assumptions are incorrect. Some aspects need to be

corrected immediately. It is recommended not to implement or use the model as it has been

presented.

4.4.7 Counterparty Risk

Within the set of credit risk, there is a concept, which, by its peculiarity, requires specialized management: Counterparty Risk. The counterparty risk of a transaction is the probability a counterparty do not comply in time or manner with its contractual obligations to the Bank during the life of the transaction. The financial instruments that have Counterparty Risk are the Derivative Instruments, Securities Lending and the Repos.

The measurement and control of counterparty risk, is in charge of a specialized risk unit that is independent from the business units.

The counterparty risk control is performed daily by a computer system, which identifies the credit line available with any counterparty, in any product and term. To control counterparty lines, the Equivalent Credit Risk (REC) is used. If such counterparty commits a default in any moment until the maturity date of transactions. REC takes into account the Current Credit Exposure, which is defined as the cost to substitute the transaction at market value provided that this value is positive for the Bank, and it is measured as the market value of the transaction (“MtM”).

In addition, REC includes the Potential Credit Exposure or Potential Additional Risk (“RPA”), which represents the possible evolution of the current credit exposure until maturity, given the characteristics of the transaction and the possible variations in the market factors.

REC calculation takes into account collateral received to mitigate risk. Usual mitigants are cash and bonds. Every month a "Back testing" is done comparing the estimated exposure and the one actually observed.

In addition to the Counterparty Risk, there is the Settlement Risk, which is present in every transaction at its maturity date, when the possibility that the counterparty does not comply with its payment obligations arises, once Banco Santander (Mexico) has complied with its obligations by issuing payment directions.

Page 48: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

47

Risk Management Annual Report 2018

Banco Santander México

For the process of control for this risk, the Deputy General Direction of Financial Risks oversees on a daily basis the compliance with the limits on counterparty credit risks by product, term and other conditions stipulated in the authorization for financial markets. Likewise, it is the responsible for communicating on a daily base, the limits, consumptions and any incurred deviation or excess.

On a monthly basis, a report is presented to the Integral Risk Management Committee. The

aggregated Counterparty Risks, Issuer Risks and Sovereign risk are presented. In addition,

excesses to established limits are presented to the Corporate Banking Credit Committee and

Commercial Credit Committee.

Expected Loss at month end for current transactions in financial markets under several stress

scenarios are presented to the Integral Risk Management Committee.

Currently, we have approved lines of Counterparty Risks in the Institution for the following segments: Mexican Sovereign Risk and Domestic Development Banking, Foreign Financial Institutions, Mexican Financial Institutions, Corporations, Companies Banking-SGC, Institutional Banking, Large Enterprises Unit, Project Finance.

Equivalent Net Credit Risk of the lines of Counterparty Risk and Issuer Risk of Banco Santander (Mexico) for the last quarter:

Table 4K

The equivalent credit risk lines maximum gross counterparty risk of the Bank at the last quarter, which corresponds to derivatives transactions, is distributed depending on the type of derivative:

Table 4L

Segment oct-18 nov-18 dic-18 Average

Sovereign Risk, Development

Banking and Financial Institutions 17,453 20,852 18,732 19,013

Corporates 811 760 773 781

Companies 110 102 162 125

Equivalent net credit riskmillions of U.S. dollars

Type of DerivativeEnd of fourth

quarter of 2018

Interest Rate Derivatives                       

15,634.34

Exchange Rate Derivatives                       

34,831.36

Bonds Derivatives

                                    

Equity Derivatives

     

                   1,087.22

TOTAL                       

51,552.92

Equivalente gross credit risk

millions of U.S. dollars

Page 49: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

48

Risk Management Annual Report 2018

Banco Santander México

The expected loss at the end of the fourth quarter and the quarterly average of the expected loss of the lines of Counterpart risk and issuer risk of Banco Santander (Mexico) are:

Table 4M

Segments of Mexican financial institutions with foreign financial institutions are very active counterparties with whom Banco Santander (Mexico) has current positions of financial instruments with Counterparty Credit Risk.

Respect to total collateral received for derivatives transactions as of the year end:

Table 4N

Regarding the management of securities, collateral, in the case of instruments derivatives, the

transactions subject to collateral agreements are valued according to the frequency indicated in

the collateral agreement; all agreements have now established daily basis. In this assessment,

the agreed parameters are applied in the collateral agreement so that the amount to give or

receive from the counterpart is obtained. These amounts (margin calls) are requested by the party

entitled to receive collateral, usually on a daily basis, as stipulated by the agreement collateral.

The counterpart that receives delivery of the collateral requirement checks assessment, and may

arise discrepancies in this process.

On the other hand, the correlation might exist between increased exposure to a client and its

creditworthiness is analyzed by the admission area and limited by the amount of counterparty

credit line and/or REC amount of specific approvals, established in the authorization line process;

among many aspects Admission verifies that transactions in derivative for corporate, companies

and individuals be hedging purposes and not speculative.

Regarding the correlation between the collateral received and the guarantor in derivatives

transactions, it is confirmed that to date, government bonds and/or cash as collateral are received

Segment oct-18 nov-18 dic-18 Average

Sovereign Risk,

Development Banking and

Financial Institutions

17.02 16.9 10.32             

14.75

Corporates 1.67 1.60 1.80                1.69

Companies 2.11 0.81 1.25                1.39

Expected loss of the lines of counterparty

millions of U.S. dollars

Cash collateral 91.99%

Collateral refer to bonds issued by

the Mexican Federal Government8.01%

Total collateral received for derivatives transactions

Page 50: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

49

Risk Management Annual Report 2018

Banco Santander México

only, which means that there is practically no risk of adverse effects because the existence of

correlations.

Faced with the possibility of a drop in the credit rating of Banco Santander (Mexico) and the

possible effect it would have on a real increase in supply guarantees, it is estimated that the

impact of collateral that the Bank would have to provide if one reduction in its credit rating would

not be significant. This is because some insignificant percentage of collateral agreements is

conditional on the rating of bank.

4.5 Information regarding securitization exposures

To fulfill the obligation set forth in Article 88 of the CUB, Banco Santander (Mexico) reported that

they have no significant position in this type of transaction.

4.6 Exposures by Credit Risk

In this subsection information on exposures to credit risk it is shown in the following breakdowns:

General profile of bank exposures

Exposures by type of portfolio and calculation methodology for regulatory capital

Exposures by remaining term

Exposures and reserves by State

Exposures and reserves by economic activity (in the case of commercial loans)

4.7.1 Overview

Table 4O

It does not include:

Interest collected in advance

Financial burden leasing operations

Loan portfolio evolutionmillions of pesos

619 632 653681 684

dic-17 mar-18 jun-18 sep-18 dic-18

11%

Page 51: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

50

Risk Management Annual Report 2018

Banco Santander México

Table 4P

4.7.2 Exposure by Type of Portfolio Table 1

Balance at the

end of quarter

Quarter

average

monthly

balance

PerformingNom

Performing Performing

Nom

Performing

Balance at the

end of quarter

Past quarter

Balance (June)Variation

States and Munucipalities 33,908 32,508 33,908 0 0 0 188 187 2 0

Financial Institutions 20,230 20,552 20,222 0 0 7 113 120 -7 0

Companies with annual Sales equal or greater than 14

millions of UDIS228,868 230,587 225,704 3 339 2,821 3,633 3,498 135 137

Companies with annual sales of less than 14 millions of UDIS 128,624 131,665 124,473 390 1,353 2,408 2,793 2,858 -65 1,434

Project Finance 19,022 18,851 19,022 0 0 0 96 93 2 0

Residential Mortgage 141,649 140,503 134,822 1,628 653 4,545 2,677 2,055 622 131

Non - revolving Consumer 54,610 54,730 50,684 0 2,071 1,855 4,240 4,318 -78 1,329

Credit Card 56,730 56,948 51,676 114 2,625 2,315 7,358 7,246 113 1,934

Subtotal 683,640 686,344 660,513 2,135 7,041 13,951 21,099 20,375 724 4,964

Interest Collected in advance -616

Financial Burden Leasing Operations -177

Total 682,848

1/ It does include loans to government agencies, parastatals, and productive state enterprises.

2/ Register during the reported quarter

Gross Exposures

December 2018millions of pesos

Tipos de Cartera

Total Loan Portfolio

Credit Status

Allowance for Loan Losser

Write Offs 2/

Nom Impaired Impaired

Companies rating distribution

2%

26%

69%

2%

Optimal(9)

Very good(7-8)

Good(5-6)

Deficient(3-4)

Page 52: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

51

Risk Management Annual Report 2018

Banco Santander México

Table 2

Concept sep-18 dic-18

Total Loan Portfolio

Performing Loans (Non Impaired) 232,382 225,704

Performing Loans (Impaired) 164 339

Non Performing Loans (Non Impaired) 48 3

Non Performing Loans (Impaired) 2,534 2,821

Total 235,128 228,868

Exposure at Default

Performing Loans (Non Impaired) 234,875 228,340

Performing Loans (Impaired) 164 339

Non Performing Loans (Non Impaired) 48 3

Non Performing Loans (Impaired) 2,534 2,821

Total 237,620 231,504

Allowance for Loan Loss

Balance 3,498 3,633

Standard Methodology

Performing Loans (Non Impaired) 5,182 5,269.23

Performing Loans (Impaired) . -

Non Performing Loans (Non Impaired) 0 -

Non Performing Loans (Impaired) 5 -

Total 5,187 5,269

Internal Rating Methodology

Performing Loans (Non Impaired) 227,201.04 220,437.04

Performing Loans (Impaired) 163 338

Non Performing Loans (Non Impaired) 48 3

Non Performing Loans (Impaired) 2,529 2,820

Total 229,941 223,599

Companies with annual sales equal or greater than

14 millions of UDIS

millions of pesos

* It does not include loans to government agencies, parastatals, and productive state

enterprises.

Exposure at Default According to Risk Rating Methodology

Page 53: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

52

Risk Management Annual Report 2018

Banco Santander México

Table 3

Table 4

Concept sep-18 dic-18

Total Loan Portfolio

Performing Loans (Non Impaired) 125,660 124,473

Performing Loans (Impaired) 1,355 1,353

Non Performing Loans (Non Impaired) 261 390

Non Performing Loans (Impaired) 2,897 2,408

Total 130,173 128,624

Exposure at Default

Performing Loans (Non Impaired) 128,593 128,346

Performing Loans (Impaired) 1,381 1,377

Non Performing Loans (Non Impaired) 261 390

Non Performing Loans (Impaired) 2,857 2,396

Total 133,093 132,508

Allowance for Loan Loss 2,858 2,793

Balance

Exposure at Default According to Risk Rating Methodology

Standard Methodology

Performing Loans (Non Impaired) 95,489 95,162

Performing Loans (Impaired) 1,025 949

Non Performing Loans (Non Impaired) 253 380

Non Performing Loans (Impaired) 1,324 1,126

Total 98,091 97,617

Internal Rating Methodology

Performing Loans (Non Impaired) 30,184 29,299

Performing Loans (Impaired) 356 428

Non Performing Loans (Non Impaired) 8 11

Non Performing Loans (Impaired) 1,533 1,269

Total 32,082 31,006

Companies with annual sales of less than 14 millions

of UDISmillions of pesos

Concept Sep-18 Dic-18

Total Loan Portfolio

Performing 31,495 33,908

Non Performing

Total 31,495 33,908

Exposure at Default 31,495 33,908

Allowance for Loan Loss 187 188

States and municipalities loansmillions of pesos

Page 54: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

53

Risk Management Annual Report 2018

Banco Santander México

Table 5

Table 6

Table 7

Table 8

Concept Sep-18 Dic-18

Performing Loans

Total Loan Portfolio 17,274 20,230

Exposure at Default 17,274 20,230

Allowance for Loan Loss

Balance 120 113

Standard Methodology 13,451 17,732

Internal Rating Methodology 3,823 2,498

Total 17,274 20,230

Exposure at Default According to Risk Rating Methodology

Financial institutions loans

millions of pesos

Concept Sep-18 Dic-18

Total loan portfolio

Performing 132,569 135,475

Non performing 5,965 6,173

Total 138,534 141,649

Allowance for loan loss 2,055 2,677

millions of pesos

Mortagage loans

Concept Sep-18 Dic-18

Total loan portfolio

Performing 52,590 52,755

Non performing 1,883 1,855

Total 54,473 54,610

Allowance for loan loss 4,318 4,240

Non revolving consumer

millions of pesos

Concept Sep-18 Dic-18

Total loan portfolio

Performing 53,129 54,301

Non performing 2,377 2,429

Total 55,507 56,730

Allowance for loan loss 7,246 7,358

*It does not include cards issued to legal entities

Credit cards loans

millions of pesos

Page 55: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

54

Risk Management Annual Report 2018

Banco Santander México

4.7.3 Remaining Term Exposure

Table 9

Table 10

Remaining term sep-18 dic-18

Up to 1 year 92,233 90,823

More than 1 year and up to 3 years 29,623 31,162

More than 3 years and up to 5 years 41,453 53,237

More than 5 years and up to 10 years 44,304 29,704

More tha 10 years - -

Revolving 27,516 23,943

Total 235,128 228,868

Total loan portfolio

millions of pesos

Companies with annual sales equal or greater than 14 millions

of UDIS

* It does not include loans to government agencies, parastatals, and productive

state enterprises.

% weight over total

portfolio

Revolving 74,059 11% 74,649 11% 590

1 año 158,506 23% 149,799 22% -8,707

3 años 92,561 14% 94,889 14% 2,328

5 años 131,509 19% 134,312 20% 2,804

10 años 79,439 12% 81,386 12% 1,947

>10 años 144,870 21% 148,605 22% 3,735

Variation

Sep 18 - Dec 18September 18 % December 18 %

Revolving11%

1 year22%

3 years14%

5 years20%

10 years12%

>10 years22%

Risk

683,640

Page 56: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

55

Risk Management Annual Report 2018

Banco Santander México

Table 11

Table 12

Table 13

Remaining term sep-18 dic-18

Up to 1 year 2,079 2,226

More than 1 year and up to 3 years 21,122 20,155

More than 3 years and up to 5 years 31,067 31,937

More than 5 years and up to 10 years 205 291

More than 10 years 0 -

Total 54,473 54,610

Total loan portfolio

millions of pesos

Non revolving consumer

Remaining term sep-18 dic-18

Up to 1 year 13,946 19,553

More than 1 year and up to 3 years 28,091 35,358

More than 3 years and up to 5 years 36,479 36,621

More than 5 years and up to 10 years 25,841 14,489

More than 10 years 25,817 22,604

Revolving

Total 130,173 128,624

Total loan portfolio

millions of pesos

Companies with annual sales of less than 14 millions of UDIS

* It does not include loans to government agencies, parastatals, and productive state

enterprises and comercial.

Remaining term sep-18 dic-18

Up to 1 year 126 117

More than 1 year and up to 3 years 717 723

More than 3 years and up to 5 years 2,466 2,540

More than 5 years and up to 10 years 19,435 20,378

More than 10 years 115,790 117,890

Total 138,534 141,649

Total loan portfolio

millions of pesos

Mortgage loans

Page 57: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

56

Risk Management Annual Report 2018

Banco Santander México

4.7.4 Exposure by State

Table 14

Table 15

Performing Non

Performing Total Performing

Non

Performing Total

Ciudad de Mexico 94,194 2,095 96,289 91,631 2,196 93,827

Nuevo Leon 28,387 170 28,556 22,148 169 22,317

Jalisco 13,574 106 13,680 13,363 192 13,555

Sinaloa 14,035 9 14,044 13,351 8 13,359

Veracruz 5,494 128 5,622 5,117 148 5,265

México 13,359 7 13,366 28,463 18 28,480

Quintana Roo 7,114 - 7,114 7,059 0 7,059

Chihuahua 4,797 8 4,805 4,974 8 4,982

Querétaro 5,265 - 5,265 5,402 - 5,402

Coahuila 4,297 - 4,297 4,242 - 4,242

Other Satates 42,030 58 42,088 30,293 86 30,378

Total 232,546 2,582 235,128 226,044 2,824 228,868

* It does not include loans to government agencies, parastatals, and productive state enterprises.

dic-18

Total loan portfolio by state

millions of pesos

Companies with annual sales equal or greater than 14 millions of UDIS

State

sep-18

Performing Non

Performing Total Performing

Non

Performing Total

Ciudad de Mexico 35,624 365 35,989 44,473 592 45,065

Nuevo Leon 8,398 300 8,698 8,661 358 9,019

Jalisco 8,781 636 9,417 9,939 567 10,507

Sinaloa 7,500 195 7,695 8,071 185 8,257

Veracruz 3,395 54 3,449 3,874 200 4,074

México 2,165 148 2,313 2,684 100 2,783

Quintana Roo 3,691 57 3,748 3,469 27 3,497

Chihuahua 4,135 27 4,162 4,540 43 4,584

Querétaro 3,601 68 3,669 4,455 79 4,534

Coahuila 7,731 275 8,005 2,492 44 2,536

Other States 41,993 1,034 43,027 33,168 602 33,770

Total 127,015 3,159 130,173 125,826 2,798 128,624

* It does not include loans to government agencies, parastatals, and productive state enterprises.

dic-18

Companies with annual sales of less than 14 millions of UDIS

Total loan portfolio by state

millions of pesos

State

sep-18

Page 58: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

57

Risk Management Annual Report 2018

Banco Santander México

Table 16

Table 17

Performing Non

Performing Total Performing

Non

Performing Total

Ciudad de Mexico 29,554 863 30,416 29,845 906 30,751

Nuevo Leon 15,413 624 16,037 15,698 660 16,359

Jalisco 11,466 569 12,035 11,754 597 12,351

Sinaloa 11,946 369 12,315 12,189 368 12,557

Veracruz 5,628 237 5,865 5,664 236 5,900

México 6,904 182 7,087 7,273 183 7,457

Quintana Roo 4,766 425 5,191 4,771 445 5,216

Chihuahua 4,608 181 4,788 4,739 197 4,936

Querétaro 4,324 261 4,585 4,448 267 4,715

Coahuila 4,045 132 4,177 4,189 128 4,317

Other States 33,917 2,122 36,038 34,903 2,187 37,090

Total 132,569 5,965 138,534 135,475 6,173 141,649

Mortgage loans

millions of pesos

State

sep-18 dic-18

Total loan portfolio by state

Performing Non

Performing Total Performing

Non

Performing Total

Ciudad de Mexico 8,095 339 8,434 8,119 312 8,431

Nuevo Leon 5,822 238 6,059 5,830 237 6,067

Jalisco 4,763 138 4,901 4,740 133 4,873

Sinaloa 3,906 150 4,056 3,941 141 4,082

Veracruz 2,941 111 3,051 2,937 117 3,054

México 2,346 69 2,416 2,362 67 2,429

Quintana Roo 2,562 82 2,644 2,557 77 2,634

Chihuahua 1,615 51 1,667 1,647 52 1,699

Querétaro 1,798 61 1,859 1,824 62 1,886

Coahuila 1,666 61 1,727 1,680 65 1,744

Other States 17,076 583 17,659 17,118 592 17,710

Total 52,590 1,883 54,473 52,755 1,855 54,610

Non revolving consumer

millions of pesos

State

sep-18 dic-18

Total loan portfolio by state

Page 59: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

58

Risk Management Annual Report 2018

Banco Santander México

Table 18

4.7.5 Estimates of Credit Risk by State Table 19

Performing

Non

Performing Total

Performing

Non

Performing Total

Ciudad de Mexico 20,415 731 21,146 20,658 752 21,409

México 3,888 225 4,113 3,981 234 4,215

Jalisco 3,627 166 3,793 3,760 176 3,936

Nuevo León 2,789 119 2,908 2,841 120 2,961

Veracruz 2,244 121 2,366 2,294 129 2,423

Tamaulipas 1,383 60 1,443 1,421 64 1,484

Puebla 1,436 73 1,508 1,496 75 1,571

Guanajuato 1,319 68 1,387 1,365 62 1,426

Chihuahua 1,526 68 1,594 1,554 73 1,627

Baja California 1,616 79 1,695 1,638 83 1,720

Other States 12,888 666 13,554 13,294 663 13,958

Total 53,129 2,377 55,507 54,301 2,429 56,730

*It does not include cards issued to legal entities

Credit card

Total loan portfolio by state

millions of pesos

State

sep-18 dic-18

State sep-18 dic-18

Ciudad de Mexico 2,248 2,358

Nuevo León 293 270

Baja California 10 15

México 95 194

Jalisco 176 225

Veracruz 120 144

Sinaloa 90 43

Campeche 16 22

Quintana Roo 43 19

Chihuahua 43 29

Other States 363 315

Total 3,498 3,633

Companies with annual Sales equal or greater

than 14 millions of UDIS

Allowance for loan losses and by state millions of pesos

* It does not include loans to government agencies, parastatals,

and productive state enterprises.

Page 60: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

59

Risk Management Annual Report 2018

Banco Santander México

Table 20

Table 21

State sep-18 dic-18

Ciudad de Mexico 416 739

Nuevo León 19 18

Baja California 78 75

México 282 41

Jalisco 381 393

Veracruz 69 192

Sinaloa 149 211

Campeche 245 336

Quintana Roo 23 50

Chihuahua 61 32

Other States 1,135 706

Total 2,858 2,793

Companies with annual sales of less than 14

millions of UDIS

Allowance for loan losses and by state millions of pesos

* It does not include loans to government agencies,

parastatals, and productive state enterprises.

State sep-18 dic-18

Jalisco 192 216

Ciudad de Mexico 291 284

México 239 244

Nuevo León 135 132

Baja California 84 83

Quintana Roo 71 67

Veracruz 142 150

Puebla 82 81

Querétaro 76 75

Sonora 36 36

Other States 708 1,308

Total 2,055 2,677

Mortgage Loans

Allowance for loan losses and by state millions of pesos

Page 61: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

60

Risk Management Annual Report 2018

Banco Santander México

Table 22

Table 23

State sep-18 dic-18

Ciudad de Mexico 702 674

México 505 494

Veracruz 350 331

Jalisco 322 319

Nuevo León 254 248

Tamaulipas 174 176

Puebla 197 191

Baja California 125 125

Guanajuato 138 140

Chihuahua 148 149

Other States 1,403 1,393

Total 4,318 4,240

Non Revolving Consumer

Allowance for loan losses and by state millions of pesos

State sep-18 dic-18

Ciudad de Mexico 2,489 2,519

México 587 599

Jalisco 495 511

Nuevo León 369 375

Veracruz 347 356

Tamaulipas 199 204

Puebla 213 218

Guanajuato 191 193

Baja California 234 240

Chihuahua 206 215

Other States 1,916 1,929

Total 7,246 7,358

*It does not include cards issued to legal entities

Credit Card Loans

Allowance for loan losses and by state millions of pesos

Page 62: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

61

Risk Management Annual Report 2018

Banco Santander México

4.7.6 Exposure of Corporate Portfolio by Economic Sector

Table 24

Table 25

Performing Non

Performing Total Performing

Non

Performing Total

Professional, scientific and technical services 27,337 8 27,345 27,552 9 27,561

Construction 25,863 2,039 27,902 25,813 2,165 27,978

Wholesale trade 27,767 48 27,815 28,266 65 28,331

Transportation 5,611 163 5,774 8,917 163 9,080

Retail trade 21,589 43 21,632 21,450 46 21,496

Agriculture, animal breeding and production 15,769 7 15,776 10,080 29 10,109

Nonmetalic mineral products manufacturing 7,116 - 7,116 7,205 0 7,205

Mass media information 15,159 29 15,187 6,867 56 6,922

Food industry 8,891 35 8,926 9,112 - 9,112

Basic metal industry 4,513 8 4,521 4,104 0 4,105

Chemical industry 9,899 5 9,904 8,592 - 8,592

Other manufacturing industries 2,389 106 2,496 2,123 108 2,231

Temporary accomodation services 2,320 - 2,320 2,396 - 2,396

Metal products manufacturing 2,605 48 2,652 2,629 50 2,679

Others 55,719 43 55,762 60,937 133 61,070

Total 232,546 2,582 235,128 226,044 2,824 228,868

* It does not include loans to government agencies, parastatals, and productive state enterprises.

Companies with annual Sales equal or greater than 14 millions of UDIS

millions of pesos

Economic sector

sep-18 dic-18

Total loan portfolio by economic sector

Performing

Non

Performing Total

Performing

Non

Performing Total

Profesional, scientific and technical services 16,046 436 16,482 21,686 294 21,981

Construction 15,641 1,876 17,517 19,389 425 19,814

Retail trade 9,352 173 9,525 10,795 143 10,938

Wholesale trade 10,544 330 10,873 14,629 317 14,946

Agriculture, animal breeding and production 4,773 102 4,875 5,923 140 6,063

Beverage and tobacco industries 226 7 233 674 5 678

Business support services 9,745 247 9,992 7,120 205 7,325

Transportation 4,016 57 4,073 11,049 76 11,125

Food industry 1,741 46 1,787 2,129 25 2,154

Machinery and equipment manufacturing 825 13 839 1,272 19 1,290

Chemical industry 3,017 39 3,056 2,031 187 2,218

Other manufacturing industries 1,493 19 1,512 1,846 18 1,864

Temporary accomodation services 772 15 786 1,706 5 1,711

Health care and social assistance services 764 9 773 1,068 8 1,075

Plastic and rubber industry 1,159 26 1,185 1,690 57 1,746

Others 46,902 236- 46,665 22,819 874 23,693

Total 127,015 3,159 130,173 125,826 2,798 128,624

* It does not include loans to government agencies, parastatals, and productive state enterprises.

Companies with annual sales of less than 14 millions of UDIS

millions of pesos

Economic Sector

sep-18 dic-18

Total loan portfolio by economic sector

Page 63: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

62

Risk Management Annual Report 2018

Banco Santander México

4.7.7 Estimate for Credit Risk in Corporate Portfolio by Economic Sector

Table 26

Table 27

Economic sector sep-18 dic-18

Professional, scientific and technical services 193 154

Construction 1,684 1,882

Retail trade 160 135

Wholesale trade 220 254

Clothing industry 26 5

Transportation 114 192

Nonmetalic mineral products manufacturing 57 83

Agriculture, animal breeding and production 101 57

Mass media information 238 136

Food industry 72 40

Chemical industry 83 40

Basic metal industry 50 28

Other manufacturing industries 61 86

Metal products manufacturing 19 49

Temporary accomodation services 14 11

Others 406 482

Total 3,498 3,633

* It does not include loans to government agencies, parastatals, and productive

state enterprises.

Companies with annual Sales equal or greater than 14

millions of UDIS

Allowance for loan losses

millions of pesos

Economic Sector sep-18 dic-18

Construction 498 611

Professional, scientific and technical services 384 307

Nonmetalic mineral products manufacturing 4 4

Retail trade 214 160

Wholesale trade 298 290

Agriculture, animal breeding and production 115 133

Paper industry 211 253

Other manufacturing industries 49 24

Business support services 174 156

Food industry 36 28

Transportation 109 87

Machinery and equipment manufacturing 26 24

Beverage and tobacco industries 8 6

Plastic and rubber industry 46 48

Temporary accomodation service 11 18

Others 674 643

Total 2,858 2,793

Companies with annual sales of less than 14 millions of UDIS

Allowance for loan losses

millions of pesos

* It includes Project Finance. It does not include loans to government agencies,

parastatals, and productive state enterprises.

Page 64: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

63

Risk Management Annual Report 2018

Banco Santander México

Table 28

Loan

PortfolioAllowance for loan losses

Impaired December 2018 20,649 9,963

Increase by new origination + 7,542 3,448

Increase/decrease by balance variation-/+ -2,798 -967

Decrease because rating improvement - -2,275 -244

Decrease because of write offs - -1,919 -1,225

Decrease beause of payoffs - -206 -78

Impaired December 2018 20,993 10,898

millions of pesos

Impaired Loans

December 2018

Page 65: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

64

Risk Management Annual Report 2018

Banco Santander México

5. Management of Trading Market Risk

This chapter provides information on the activities subject to trading market risk and its evolution in the last year. Different metrics and methodologies employed in the institution are also described.

5.1 Activities Subject to Trading Market Risk

The perimeter of identification, measurement, control and monitoring function of Market risk covers those operations where equity risk is assumed. The measurement of market risk quantifies the potential change in value of the positions taken as a result of changes in market risk factors. The risk arises from changes in risk factors: interest rate, exchange rate, equity, credit spread and volatility of each of the above, and liquidity risk of the various products and markets in which it operates Institution.

Trading activities include both the provision of financial services to customers, in which the entity is the counterparty, as buying and selling activity and proper positioning in financial instruments. This heading provided the positions which the entity keeps in their trading book.

Table 5A: Trading Market Risk function of the variable that generates

Interest Rate Risk: The possibility that variations in rates may adversely affect the

value of a financial instrument.

Equity Risk: The possibility that variations in the price of a stock may adversely affect the value of one share certificate and / or a financial instrument. Credit spread risk: The possibility that changes in credit spread curves associated with issuers and types of debt could adversely affect the value of a financial instrument. Volatility Risk: The possibility that variations in the listed volatility of market variables may adversely affect the value of a financial instrument. Cancellation or prepayment risk: The possibility of early termination without negotiation, on transactions whose contractual relationship permitted explicitly or implicitly, to generate cash flows that must be reinvested at an interest rate potentially lower.

When significant risks are identified, they measured and allocated limits in order to ensure an adequate control. Global risk measurement is done through a combination of methodologies applied to trading books.

5.2 Basic Principles on the Trading Market Risk Management

Independence of trading activities and balance sheet management. The management and

control of the trading books and balance are clearly differentiated Procedures for each of

the activities and processes already exist.

Overview of risk assumed. Aggregate overview of all the risks assumed by the institution,

in trading activities and in the management of balance, for effective, efficient and consistent

management of the Trading Market Risk and Structural Risk.

Page 66: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

65

Risk Management Annual Report 2018

Banco Santander México

Definition of limits and allocations. The Board of Directors is responsible for setting limits of

risk which the institution is willing to take, according to risk appetite. The limits clearly define

the types of activities, segments, products, risks that can be incurred and decisions can be

taken regarding risks.

Control and supervision. Control mechanisms considered all the risks and its comparison

with the structure of limits.

Homogeneous and aggregated metrics. They identify and define the appropriate metric for

management and control of Trading Market Risk and Structural Risk. Evaluation of Trading

Market Risk and Structural Risk assumed is based on a process of measuring them. The

measures take into account all relevant risk components in their life cycle.

Homogeneous and documented methodology. The valuation of the instruments and their

risks is a central element in the key processes of management and risk control.

The adequate development of the design and control of market risk management is found within a governance structure that is agile and efficient, allowing for the participation of all involved.

To ensure proper management of Trading Market Risk, there is a Committee of Risk Control with the following terms:

Propose methodology applicable of Trading Market Risk, including one that corresponds to calculation models of Trading Market Risk and valuation of financial products subject to market valuation.

Understand and analyze Trading Market Risk exposures of the Institution.

Control measures of Trading Market Risk.

Develop proposals for Trading Market Risk limits, new products, and underlying terms for its approval.

Accept the proposed modifications of Trading Market Risk limits, in terms of deadlines, products and underlying.

Review the regulations applicable to Trading Market Risk and formulate proposals for improvement.

The area of Trading Market Risk Management Unit within Risk Management has the responsibility to recommend administration policies Trading Market Risk of the Institution, establishing parameters for measuring risks and delivering reports, analyzes and evaluations to the senior management, Committee of Integrated Risk Management and to the Board of Directors.

5.3 Key processes in the Trading Market Risk Management

The admission and control of Trading Market Risks is based on the following key processes:

Definition of Limits, Products and Underlying.

Fixing Trading Market Risk limits, it is essential to maintain risk levels within the risk appetite

of the institution. This limits admission includes both the underlying process of setting annual

limits, as well as the approval of amendments to the previously established limits and

approval of new products and underlying.

Page 67: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

66

Risk Management Annual Report 2018

Banco Santander México

Definition, Capture, Validation and Distribution of Market Data.

Market data are the basis for Trading Market Risk management. Decisions on sources of

information capture, calculation methodologies or processed data on the use of

approximations when there is no specific information corresponding to the risk function.

Measurement, Analysis and Control of Trading Market Risks.

Group all these functions that have as work materials the metrics of market risk that are

used to identify and anticipate risks.

Calculation, Analysis, Explanation and Reconciliation of Management Results.

Reconciliation of operating results, besides being the essential element in the evaluation of

the management of risk takers, is a piece of information needed to understand the Trading

Market Risk is being taken in the different activities.

Consolidated information.

The consolidated information allows to manage the level of Trading Market Risk assumed

by the institution and transform isolated measures of risk and return on consolidated figures

that incorporate diversification effects. The consolidation process includes the calculation

and analysis of the consumption of regulatory capital in accordance with the provisions of

the equity framework.

5.4 Control of Trading Market Risk

A. Metrics de Trading Market Risk

Value at Risk (VaR)

It is the standard used by the market to measure, using statistical techniques, the potential maximum loss in market value under normal conditions, can generate a certain position or portfolio for a given degree of statistical certainty (confidence level) and a defined time horizon.

The VaR provides a universal measure of the level of exposure of the various portfolios of risk and allows comparison of the level of risk assumed among different instruments and markets by expressing the level of each portfolio through a unique figure in economic units.

The VaR is calculated using historical simulation with a window of 521 working days (520 percentage changes) and a one-day horizon. The calculation is based on the number of simulated losses and profits as 1% percentile with constant pesos and with pesos decreasing exponentially with a factor of decay that is reviewed annually, reporting the measure that is more conservative. A confidence level of 99% is assumed.

Stressed VaR

It consists in obtaining a weighted daily VaR at 99% confidence level and considering a time series of 260 data that takes into account a period of turbulence in the relevant markets for the trading portfolio of the institution.

Page 68: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

67

Risk Management Annual Report 2018

Banco Santander México

Value at Earnings (VaE)

Statistical measure complementary to VaR to measure the benefit that could be obtained under normal market conditions in a time interval and confidence level.

Scenario Analysis

It is to define alternative performance of different financial variables and obtain the impact on results when applied to trading activities. These scenarios can replicate past events (such as crises) or, conversely, may identify feasible alternatives that do not correspond to past events. Three types of scenarios are defined as a minimum: probable, possible and remote, getting along with the var a more complete spectrum of the risk profile.

Trading Market Risk Limits

It refers to the thresholds defined by the institution, according to the level of disaggregation of risk appetite, with the aim of controlling and managing the different factors of market risk to which the products and underlying the trading book are exposed.

The limits are used to control the Trading Market Risk of the Institution, from each of their portfolios and books. The structure of limits applies to control exposures and establish the total risk granted to the business units. These limits are set for VaR, Loss Trigger, Stop Loss, equivalent volume of interest rate, equity equivalent volume and open currency positions. Also, it has a structure of limits for sensitivities Market Risk factors noted above.

B. Process control of Trading Market Risk

a) Data collection

The data corresponding to the position of the trading book are found on the institution

electronic platform and from there travel to market risk calculation engine. Additionally, the

function of market data through the tool of prices, sends those prices to the mentioned

calculation engine.

With exposures and prices, the compute engine Market Risk generates the following

information:

Positions Metrics, considering the different types of sensitivities.

Risk Market Metrics, considering VaR and Stressed VaR.

b) Analysis of the metric and positions of Trading Market Risk

The Market Risk function performs a daily analysis of the metric and its variation on the

previous day. It performs an analysis of sensitivities by position, to identify the products in

which the variation occurs in order to determine the causes of the changes in the various

metrics used.

On the other hand, the Market Risk function performs an analysis of VaR and Stressed VaR

in a daily basis, additionally, comparing them in order to observe how responsive the

positions and changes to these two scenarios. In the case that there are 20 consecutive

Page 69: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

68

Risk Management Annual Report 2018

Banco Santander México

exceptions that occur for which the VaR percentile is greater than the Stressed VaR, the

Market Risk function analyzes the vectors of loses and gains in light of the metrics that have

been calculated in order to identify positions and market movements that

have been generated.

The analysis performed aims to identify and remove the causes of exceptions into two basic

categories:

Market Movements: in this case the revision of the window used for calculating the

Stressed VaR may become necessary.

Significant changes in the composition of the portfolio: in this case the function of market

risk analyzes, together with the business functions, if new positions are permanent or is

it specific operations, in order to decide whether to revise the window used for calculating

the Stressed VaR.

In the event that it is necessary to check the window marked (the window review occurs, at

least, on a quarterly basis), the market risk function performs simulations that include long

periods (performed in 2008 to the date of execution of VaR) in order to verify which is the

suitable window.

c) Control of the excesses of limits and products authorized

If as a result of the analysis of the level of VaR excesses occur within the limits of market

risk or hiring a product term or unauthorized underlying is detected, the Market Risk function

release such excess to the business functions involved, who develops an action plan that

details the actions to take to reduce the levels of risk assumed.

d) Control of insurance operations

Financial risk function conducts a monthly control to confirm that all operations of fixed

income underwriting and equities in which the business functions have been involved, have

their proposed model and resolution insurance operations in markets.

e) Assessment Model

The control objective is to ensure models of product assessment mitigate the risk of

erroneously rating or no rating certain operations. Monthly, it verifies that the parameters of

the assessment models are within the recommended values.

f) Control of Long and Short Positions

The aim is to control long and short positions (no net) for products and underlying that are

traded on the negotiating table. To this end, quarterly, the Market Risk function reviews the

consumption and liquidity levels with the business function for fixed income products,

equities and foreign exchange.

g) Control of Liquidity

The control objective is to establish limits and control the liquidity of the positions held by

the tables to cover the risk of losses because they cannot cover or break a position within a

specified term.

Page 70: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

69

Risk Management Annual Report 2018

Banco Santander México

h) Control of prices

The aim of control is to ensure correct capture and validation of market prices for its use in

the various systems, in order to cover the risk of improper valuation of products and perform

transactions with different prices to market prices. The price control is regulated in the data

processing market.

i) Financial Reconciliation

The aim of surveillance is to ensure that risk and estimated results are correct, ensuring

consistency of information between the accounting and management systems.

C. Data of the reported period

a. VAR

The Value at Risk for the close of the fourth quarter 2016 (unaudited) amounted to:

Table 5B

The Value at risk corresponding to the average of the fourth quarter of the last year (unaudited) amounted to:

Table 5C

VaR

(Thousands of mexican

pesos)

Trading Desks 69,112 0.06%

Market Making 71,947 0.06%

Propietary Trading 8,718 0.01%

Risk factor

Interest rate 54,637 0.04%

Foreign exchange 65,250 0.05%

Equity 4,325 0.00%

* % of VaR with respect to Net Capital

VaR at the end of the fourth quarter of 2018

%

VaR

(Thousand of mexican

pesos)

Trading Desks 125,506 0.10%

Market Making 79,397 0.07%

Propietary Trading 22,278 0.02%

Risk factor

Interest rate 91,562 0.08%

Foreign exchange 97,024 0.08%

Equity 5,309 0.00%

* % of VaR with respect to Net Capital

%

Average VaR fourth quarter of 2018

Page 71: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

70

Risk Management Annual Report 2018

Banco Santander México

b. Sensitivity Analysis

The measure of sensitivity Trading Market Risk is a measure of the variation (sensitivity) of

the market value of the financial instrument in question, to changes in each of the risk factors

associated with it. The sensitivity of the value of a financial instrument to changes in market

factors, is obtained by full revaluation of the financial instrument.

The following sensitivities are listed under each risk factor and the associated historical

consumption of trading book.

1. Sensitivity to Risk Factor “Equity” (“Delta EQ”) The EQ Delta shows the change in the portfolio's value in relation to changes in the prices of equities. The EQ Delta calculated for the case of derivative financial instruments considered the relative change of 1% in the prices of the underlying assets in equities, in the case of equities, this considers the relative variation of 1% of market price title.

2. Sensitivity to Risk Factor “Foreign Exchange” (“Delta FX”)

The FX Delta shows the change in the portfolio's value in relation to changes in asset prices exchange rate. The FX Delta calculated for the case of derivative financial instruments considered the relative change of 1% in the prices of the underlying assets of the exchange rate, In the case of currency positions, this considers the relative variation of 1%of the corresponding exchange rate.

3. Sensitivity to Risk Factor “Volatility” (“Vega”) Vega sensitivity is the measure resulting from changes in the volatility of the underlying asset (the reference asset). Vega risk is the risk that a change in the volatility of the underlying asset value, that results in a change in the market value of the derivative. The calculation of Vega sensitivity, considers the absolute change of 1% in the volatility of the underlying asset value.

4. Sensitivity to Risk Factor “Interest Rate” (“Rho”)

This sensitivity quantifies the change in value of financial instruments for the trading portfolio in the face of a parallel increase in the interest rate curves of a basis point.

The table below presents the sensitivities described above corresponding to the position of

the trading portfolio, as of the end year of the fourth quarter:

Table 5D

PesosOtras

DivisasEQ FX IR EQ FX

0.82 8.06 0.02 1.61 -1.66 0.54 -13.12

Sensitivity analysis

Vega risk factor Delta risk factorInterest rate

sensitivity(1pb)

Page 72: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

71

Risk Management Annual Report 2018

Banco Santander México

On the basis of the aforementioned. This reflects a prudent management of the Bank’s

portfolio with respect to risk factors.

c. Stress Test

Also, monthly simulations of gains or losses of portfolios by revaluations of them under

different scenarios (Stress Test) are performed. These estimates are generated in two ways:

Applying to market risk factors observed percentage changes in certain period of history,

which includes significant market turbulence.

Applying Market Risk factors changes depending on the volatility of each of these.

Then different scenarios are shown stress test considering various scenarios calculated for

the trading book of the institution.

Probable scenario

This scenario was defined based in the movements derived from a standard deviation, with

respect to risk factors that have an influence over the valuation of financial instruments.

Specifically:

Risk factors of Interest Rate (“IR”), volatility (“Vol”) and rate of Exchange (“FX”) were incremented in a standard deviation.

Risk factors with respect to stock market (“EQ”) were decreased in a standard deviation.

Possible scenario Under this scenario, as requested in the official letter, risk factors were modified in 25%. Specifically:

Risk factors: IR, Vol and FX were multiplied by 1.25 that means, they were incremented in 25%.

Risk factor EQ was multiplied by 0.75 that means, it was decreased in 25%.

Remote scenario Under this scenario, as requested in the official letter, risk factors were modified in 50%. Specifically:

Risk factors IR, Vol and FX are multiplied by 1.50, that is, they were incremented in 50%.

Risk factor EQ was multiplied by 0.5, that is, it was decreased a 50%.

The following table shows the possible income (loss) for the trading book of the institution, according to each stress scenario at the end year of the fourth quarter:

Table 5E

Risk profileStress all

factors

Probable Scenario-11.44

Remote Scenario -335.43

Possible Scenario -167.78

Possible lncome (loss)

Stress test

millions of pesos

Page 73: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

72

Risk Management Annual Report 2018

Banco Santander México

d. Backtesting

The overall objective of the backtesting is to contrast the goodness of the VaR calculation

model. That is, accept or reject the model used to estimate the maximum loss on a portfolio

for a certain level of confidence and a time horizon determined.

On a monthly basis, these backtesting are conducted to compare the daily gains and losses

which would have been observed if the same positions had remained, considering only the

change in value due to market movements, against the calculation of value at risk and

therefore to calibrate the models used. These reports, even if they are made monthly,

include daily tests.

5.5 Derivatives Financial Instruments

The Corporate & Investment Banking offers its customers, derivative products in order to mitigate the financial risk. Derivatives are financial instruments or contracts whose value depends mainly on the behavior of the price of one or more underlying assets:

Swaps: A contract through which two parties agree to exchange a series of cash flows at a future date. There are various types of swaps: Interest Rate, Foreign Exchange, UDIs, and Equity swaps.

Forwards: A forward contract whose settlement is deferred until a later date specified therein. Unlike futures contracts, they are not traded on an organized market. They are private agreements between two financial institutions or between a financial institution and one of its corporate clients.

Futures: A futures contract is a kind of forward contract, but standardized and negotiable on a regulated market. This type of contract has margins and capital that supports its integrity and includes details such as quantity, quality, delivery date, delivery method, among others. All positions handled in these contracts, are between a participant on one side and the clearing on the other.

Options: It is a standardized contract in which the buyer pays a premium and acquires the right, but not the obligation, to buy (call) or sell (put) an underlying asset (which can be shares, stock market indices, etc.) an agreed price (strike or exercise price) at a predetermined future date at a set period (maturity).

The Bank may enter into derivatives transactions with the following financial intermediaries:

Decentralized agencies, credit institutions and brokerage firms authorized to operate as participants and / or intermediaries in the derivatives markets.

It can also operate with domestic and foreign companies with no legal impediment and that demonstrate high moral and financial solvency, which satisfy the minimum requirements of process analysis and risk assessment.

To celebrate derivatives transactions, customers must have a credit line with or without guarantees for the operation and shall not in any case exceed the ceiling of the authorized line. To assess exposure to credit risk of derivatives is taken into account implied volatility in the value of the instruments, in order to determine the maximum possible loss that can assume the

Page 74: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

73

Risk Management Annual Report 2018

Banco Santander México

counterparty (REC) and relate to the amount total credit line. Derivatives operations conducted with clients and intermediaries shall be documented by establishing framework contracts.

Derivative financial securities are valued at reasonable value, according to the accounting rules established in the Circular Letter for Credit Institutions issued by the National Banking and Exchange Commission, in Principle B-5 “Derivative Financial Instruments and hedging Transactions” and the provisions in Principle A-2 “Application of specific rules”, and the provisions in the specific rule included in Bulletin C-10 of the Financial Information Rules.

A. Methodology of Valuation

1. Trading Purposes

Organized Markets

The valuation is made at the relevant market closing price. Prices are provided by the supplier of prices.

Over the Counter Market

Derivative financial instruments with optionality:

In the majority of the cases, a general form of the Black & Scholes model is used.

Such model assumes that the underlying product follows a lognormal distribution. For

exotic products where Black & Scholes model doesn’t fit properly numerical methods

are used for valuation purposes, such as Monte Carlo simulations and partial

differential equations.

Derivative financial instruments without optionality:

The valuation technique is to obtain the present value of the estimated future flows.

In all cases the institution carries out the valuation of its positions and registers the corresponding value. In some cases, a different calculation agent is designated, and such calculation agent may be the counterparty or a third party.

2. Hedging Purposes

In the performance of its commercial banking activities, the institution has tried to cover the evolution of the financial margin of structured portfolios that are exposed to adverse movements in interest rates. The ALCO, the body responsible for the management of long-term assets and liabilities, has constituted the portfolio via which the Bank achieves such hedge.

An accounting hedge is defined as a transaction that complies with the following conditions:

A hedge relationship is designated and documented from the beginning in an individual

file, where its objective and strategy is established.

The hedge is effective for the compensation of variations in the reasonable value or in

the cash flows attributed to such risk, according to the risk management documented at

the beginning.

The Management of Banco Santander (Mexico) performs derivative transactions for hedging purposes with swaps. Derivatives for hedging purposes are valued at market value, and the effect is recognized depending on the type of accounting hedge, pursuant to the following:

Page 75: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

74

Risk Management Annual Report 2018

Banco Santander México

In the case of fair value hedges, they are valued at market value for the risk covered,

the primary position and the hedging derivative instrument, and the net effect is

registered in the statement of income of the corresponding period.

In the case of cash flow hedges, the hedging derivative instrument is valued at market

value. The effective portion of the hedge is registered in the comprehensive income

account, within the stockholders’ equity, and the ineffective portion is registered in the

statement of income.

The Institution ceases the recording of hedges at the maturity date of the derivative, or when such derivative is sold, cancelled or exercised; when the derivative does not reach a high efficiency in compensating the changes in the reasonable value or the cash flows of the covered item, or when Banco Santander (Mexico) decides to cancel the hedge.

It shall be fully evidenced that the hedge fulfills the objective for which derivatives were contracted for. This effectiveness requirement assumes that the hedge must comply with a maximum range of deviation with respect to the initial objective of 80% to 125%.

In order to demonstrate the efficacy of hedges, two tests are to be carried out:

Forward-looking Test: it is demonstrated that, in the future, the hedge will be within the

aforementioned range of deviation.

Retrospective Test: This test reviews if, in the past, from its initial date to now, the hedge

has been maintained within the allowed range of deviation.

In the cases of Fair Value Hedges and the Cash Flow Hedges, they are retrospective and forward-looking efficient and within the allowed maximum range of deviation.

B. Overview of the Position

The most relevant reference variables are Exchange Rates, Interest Rates, Stocks, baskets and market indexes. The frequency with which financial products trading and hedging purposes are valued is daily.

At the end year of the fourth quarter, the institution has no situation or contingency such as changes in the value of the underlying asset or the reference variables, that may cause the use of the derivative financial instruments to be different to their original intended use, a significant change in their scheme or the total or partial loss of the hedge, requiring the Issuer to assume new obligations, commitments or variations in its cash flow or affecting its liquidity (day trade calls), nor contingencies or events known or expected by the Management that may affect future reports.

Page 76: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

75

Risk Management Annual Report 2018

Banco Santander México

Table 5F

The institution, at the execution of transactions of OTC derivative financial instruments, has Collateral formalized agreements with many of its counterparties, which function as market value guarantee of the derivative transactions, and it is determined based on the exposure of the net position on risk with each opposing party. The managed Collateral consists mainly in cash deposits, whereat there is not a deterioration situation.

There are no derivative financial instruments whose underlying assets are treasury shares or securities representing them during the quarter.

Table 5G

Purpose of

Derivative

Notional

amount

Actual

Quarter

Previous

Quarter

Forwards Bonds Trading 0 0 0

ForwardsForeingn

CurrencyTrading 470,089 1,405 1,901

Forwards Equity Trading 23,537 1 -8

FuturesForeingn

CurrencyTrading 8,272 0 0

Futures Market Index Trading 888 0 0

Futures Interest Rate Trading 0 0 0

Futures Equity Trading 0 0 0

Options Equity Trading 401 -124 -61

OptionsForeingn

CurrencyTrading 175,327 -327 -5

Options Market Index Trading 6,954 -111 124

Options Interest Rate Trading 274,961 -85 -131

SwapsCross

CurrencyTrading 831,354 27 2,177

Swaps Interest Rate Trading 5,598,918 -385 -1,478

Swaps Equity Trading 1,008 69 -205

ForwardsForeingn

CurrencyHedging 58,098 2,135 6,567

SwapsCross

CurrencyHedging 53,880 -3,175 -2,527

Swaps Interest Rate Hedging 13,615 255 124

Type of Derivative Underlying

Fair Value

Summary of derivative financial instrumentsmillion of mexican pesos as of December 31, 2018

Description MaturitiesClosed

Positions

Caps and Floors 555 17

Equity Forward 4 7

OTC Equity 204 56

OTC Fx 1,337 335

Swaptions 1 0

Forward 1,378 87

IRS 1,231 745

CCS 320 249

Number of expired derivative financial

instruments and closed positions

Page 77: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

76

Risk Management Annual Report 2018

Banco Santander México

6. Structural Risk Management

This chapter provides information on the activities subject to Structural Risks and expose its evolution during the last year. Different metrics and methodologies employed in the institution are also described.

6.1 Activities subject to Structural Risk

The perimeter of identification, measurement, control and monitoring function of market risk covers those operations where equity risk is assumed. The measurement of market risk quantifies the potential change in value of the positions taken as a result of changes in market risk factors. The risk arises from changes in risk factors: interest rate, exchange rate, equity, credit spread and volatility of each of the above, and liquidity risk of the various products and markets in which it operates the institution.

The structural risks consist of market risks inherent in the balance sheet of the institution, excluding trading portfolios. This risk includes both losses from price changes affecting the portfolios available for sale and held to maturity, as well as losses from the management of recorded assets and liabilities (banking book).

The main structural risks are the following:

Structural Interest Rate Risk: It arises from mismatches between maturities and repricing

of assets and liabilities in the balance.

Structural Exchange Rate Risk: Exchange rate risk is a result of operating in a currency

other than the Mexican Peso.

Structural Risk in the Equity Portfolio: Includes investments through equity to non-

consolidated financial and non-financial, such as portfolios available for sale consist of

equity positions.

Inflation Risk: The possibility that changes in inflation rates may adversely affect the value

of a financial instrument or portfolio.

Market Liquidity Risk: The possibility that the institution is unable to reverse or close a position in time without impacting the market price or in the cost of the transaction.

Prepayment or Cancellation Risk: The possibility of early termination without negotiation in

transactions whose contractual relationship so permits, explicitly or implicitly, to generate

cash flows must be reinvested at an interest rate potentially lower.

When significant risks are identified, they measured and allocated limits in order to ensure proper control. The overall measurement of Structural Risk is made through a combination of methodology applied to the Portfolio of Management Balance-Sheet.

6.2 Basic Principles on the Structural Risk Management

Independence of the Trading Activities and Balance-Sheet Management. The management

and the control of trading books and balance-sheet portfolios are clearly differentiated.

There are procedures for each of the activities and processes.

Overview of risk assumed. There is an aggregate overview of all the risks assumed by the

institution, in trading activities and in the management of balance-sheet, for effective,

efficient and consistent management of the Trading Market Risk and Structural Risk.

Definition of limits and allocations. The Board of Directors is responsible for setting risk

limits that the Institution is willing to assume, according to risk appetite. The limits clearly

Page 78: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

77

Risk Management Annual Report 2018

Banco Santander México

define the types of activities, segments, products, risks that can be incurred and decisions

can be taken regarding risks.

Control and supervision. The mechanisms of control that considers all the risks and

compares these with the structure of limits.

Homogeneous and Aggregated Metrics. They identify and define the appropriate metric for

management and control of Trading Market Risk and Structural Risk. The evaluation of the

Trading Market Risk and Structural Risk assumed is based on a measurement of the same

process. The measures take into account all relevant risk components in their life cycle.

Homogeneous Methodology and documented. The valuation of the instruments and their

risks is a central element in the key processes of management and risk control.

The proper development of the function of admission and Structural Risk control is within an agile and efficient structure of governance bodies that ensures the participation of all parties and makes compatible the appropriate function development.

To ensure proper management of structural risks, there is a Committee of Risk Control with the

following terms:

a. Propose a methodology of Structural Risks applicable, including that corresponds to calculation models of Structural Risk and valuation of financial products subject to the market assessment.

b. Understand and analyze exposure to Institutional Structural Risks. c. Supervise the design and operation of internal models of Structural Risks. d. Control of Structural Risk Measures. e. Develop proposals for Structural Risk limits, new products, and underlying terms for its

approval. f. Admit the proposed amendments to Structural Risk limits, in terms of deadlines, products

and underlying. g. Review the regulations implementing to Structural Risks and formulate proposals for

improvement.

The area of Structural Risk Management within the Unit of Integrated Risk Management, is responsible for recommending policies of structural risk management of the Institution, establishing risk measurement parameters, and providing reports, analyzes and evaluations to the Senior Management, Integrated Risk Management Committee and the Board of Directors.

6.3 Key Processes in the Structural Risk Management

The admission and control of structural risks is based on the following key processes:

Definition of limits, products and underlying.

The fixing of the Structural Risk limits is key to maintaining the risk levels within the risk

appetite of the institution. This admission of the limits includes both the process of setting

annual limits, as well as the approval of amendments to the previously set limits and

approval of new products and underlying.

Definition, capture, validation and distribution of market data.

Market data are the basis for the management of Structural Risk. Decisions on sources of

information capture, calculation processed data methodologies on the use of the

approximations when there is no specific information corresponding to the risk function.

Page 79: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

78

Risk Management Annual Report 2018

Banco Santander México

Measurement, Analysis and Control of Structural Risks.

It brings together all those functions whose work material Structural Risk metrics used in

order to understand and anticipate the risks.

Calculation, Analysis, Explanation and Reconciliation of Management Results.

Reconciliation of operating results, besides being the essential element in the evaluation of

the management risk-taking areas, is a key piece of information to know the structural risks

that are being made in the different activities.

Consolidated information.

The consolidated information to manage the level of structural risks assumed by the

institution and transform isolated measures of risk and return on consolidated figures that

incorporate diversification effects.

6.4 Control of Structural Risk

Banco Santander (Mexico) commercial banking activity generates significant account balances that are recorded on the balance sheet. The Committee of Asset and Liabilities (ALCO) is responsible for determining the risk management guidelines of financial margin, equity value and liquidity, whose must to be followed in the different commercial portfolios. Under this approach, the Corporate Finance Department is responsible for implementing the strategies defined in the Committee of Assets and Liabilities in order to change the risk profile of the trade balance by following established policies, for which it is essential to take the information requirements for interest rate risk, exchange rate risk and liquidity risk.

A. Structural Risk Metrics

As part of the financial management of the institution, the sensitivity of financial margin and equity value of the different balance-sheet, against changes in interest rates, is analyzed. This sensitivity arises from gaps in maturity dates and modification of interest rates occurring in the different categories of assets and liabilities.

Sensitivity to Net Interest Income (NIM)

The sensitivity of the Net Interest Income measures the change in the expected accruals for a specific period (12 months) given a shift in the interest rate curve. The calculation of this sensitivity is done by simulating the margin both for a scenario of changes in the rate curve as well as the current situation, the sensitivity being the difference between the two margins calculated.

As part of the control system of structural risk derived from changes in the interest rate set a limit of sensitivity of the Net Interest Income to one year. In case of exceeding this limit occur, those responsible for risk management must explain the reasons for it and facilitate action plan to correct it.

Sensitivity to Market Value Equity (MVE)

The Sensitivity of Market Value Equity is a measure of the sensitivity of the financial margin and measures the interest risk implicit in the equity value (own resources) on the basis of the incidence that has a variation of interest rates at current values assets and liabilities.

Page 80: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

79

Risk Management Annual Report 2018

Banco Santander México

The analysis is based on the classification of each item sensitive to interest rates over time, according to their date of redemption, expiration, or contractual modification of the interest rate applicable.

As part of the control system of Structural Risk deriving from changes in the interest rate set a limit on the MVE. In case of exceeding this limit occur, those responsible for risk management must explain the reasons for it and facilitate action plan to correct it.

Treatment of liabilities without defined maturity

The volume of account balances without specific maturity is divided between stable and unstable balances. This separation is obtained using a model based on the relationship between the account balance and fluctuating averages. From this monthly cash flows are obtained.

The model requires different inputs among which are: own product parameters, parameters of customer behavior, market data and historical data from its own portfolio.

B. Data from the reporting period

This sensitivity is derived from the difference between maturity dates of assets and liabilities and

the dates interest rates are modified. The analysis is performed from the classification of each

item sensitive to interest rate throughout time, according to their repayment, maturity or contractual

modification of the applicable interest rate:

Table 6A

Using simulation techniques, the predictable change of the net interest income and the market

value of equity are measured in different interest rate scenarios, and their sensitivity under

extreme movement of such scenarios, as the end of year:

Table 6B

Scenario Total DerivativesNon

DerivativesScenario Total Derivatives

Non

Derivatives

Balance MXN

GAP-100 -147 -448 301 100 -3,935 -103 -3,832

Balance USD

GAP-100 -454 167 -620 -100 -1,703 -1,595 -107

Thousand of millions pesos

Sensitivity NIM Sensitivity MVE

Sensitivity NIM & MVE. Derivatives and non derivatives

millions of pesos

oct18 nov18 dic18 Promedio oct18 nov18 dic18 Promedio

Balance

MXN GAP27% 20% 10% 19% 81% 83% 93% 86%

Scenario -100 -100 -100 N/A 100 100 100 N/A

Balance

USD GAP60% 70% 70% 66% 82% 86% 87% 85%

Scenario -100 -100 -100 N/A -100 -100 -100 N/A

Sensitivity analysis

Sensitivity NIM Sensitivity MVE

Page 81: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

80

Risk Management Annual Report 2018

Banco Santander México

The Committee of Assets and Liabilities adopts investment and hedging strategies to maintain these sensitivities within the target range.

6.5 Structural Risk in the Equity Portfolio

At ended December the Bank has equity positions in its banking book. These positions are maintained as shares and registered in the account: “Permanent Investments in Shares”.

This position is valued at its fair value using market values. If the market value cannot be obtained reliably, or if it is not representative, taking into account the event that there is no frequent activity in the market in which it negotiated the title, an insignificant volume is traded or its price is suspended, the fair value is determined based on the equity method and/or based on the acquisition cost adjusted by updating factors, or to last determined fair value.

In the case of equity securities valued at acquisition cost, they are adjusted to net realizable value when it is less than the updated cost. This value shall be determined based on formal valuation techniques. The amount by which the value of debt and equity is reduced, should be recognized against income for the year.

If at a later date to the value of a security was decreased, there is certainty that the issuer will cover a larger amount than in books, it may make a new estimate of its value. The effect of this revaluation should be recognized in the results when it happens. Under no circumstances should this reassessment may exceed book value at that date would have the title if it had not been adjusted for the decrease decrement.

Table 6C

The capital requirement for the equity position of Banco Santander (Mexico) at the end of year

amounted to $326 million of pesos.

POSITIONS HELD FOR PROFIT

Publicly Traded Positions 2,347 2,347 2,347 -64 0

Publicly No-Traded Positions

POSICITIONS HELD FOR OTHER REASONS

Publicly Traded Positions 480 480 480 -70

Publicly No-Traded Positions 27,690 27,690 27,690

REVALUATION

PROFITS

UNREALISED

STOCK POSITIONDecember 2018

VALUE OF THE TOTAL POSITION IN BALANCE

millons of pesos

CONCEPTBALANCE

VALUEFAIR VALUE

MARKET

VALKUE

CAPITAL

GAIN MAID

UNREALISED

GAIN

Page 82: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

81

Risk Management Annual Report 2018

Banco Santander México

7. Liquidity Risk Management

7.1 Activities subject to Liquidity Risk

Liquidity risk is defined as the possibility of failing to meet payment obligations on time or to do so at excessive cost. The types of losses that are caused by this risk include forced sales of assets or impacts on margin mismatch between the forecasts of cash outflows and inflows. It is the risk of loss of value of the buffer of liquid assets of the entity and the change in value of the operations of the entity (derivatives and guarantees, among others) which may involve additional collateral requirements and thus worsening liquidity.

Additionally, it includes the risk of being unable to meet payment obligations as a result of timing differences in cash flows, cash unforeseen needs, inadequate liquidity structure of assets and liabilities or concentration in finance providers. Under this, the Liquidity Risk is classified into the following categories:

Financing Risk: It identifies the possibility that the entity is unable to meet its obligations as a result of an inability to sell assets or obtain financing. The funding liquidity risk arises from the time lag in the cash flows or unforeseen cash requirements, either by improper design of active and passive operations, or unforeseen liquidity needs.

Mismatch Risk: It identifies the possibility that the differences between the structures of maturities of assets and liabilities generate an additional cost to the entity.

Contingency Risk: Refers to extraordinary liquidity needs and identifies the possibility of not having elements of management adequate for obtaining liquidity as a result of an extreme event involving major needs of financing or collateral to obtain the same.

7.2 Basic Principles on Liquidity Risk Management

Admission, control, consolidation and Liquidity Risk reporter contemplate and safeguard the principles established in the framework of the Integrated Risk Management and is governed by the following principles:

Financial Autonomy Banco Santander (Mexico) independently handles its liquidity, which means that the Bank must capture and manage its own financial resources and maintain liquidity levels required internally at the entity level and by supervisors and regulators. Using homogeneous and aggregated metrics The assessment of the risks taken is based on a process of quantifying or measuring of them. The measures take into account all relevant components and dimensions of risk throughout their life cycle. The company ensures the identification, definition and knowledge of the appropriate management metrics and control of liquidity risk. The determination of the maturity of the derivative financial instruments is a key element in the processes of Liquidity Risk, particularly for those without a contractual behavior defined and/or dependent on the behavior of customers. Therefore, all flow calculation methodologies are homogeneous, are adequately documented and approved by the relevant bodies and are subjected to appropriate validation processes.

Page 83: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

82

Risk Management Annual Report 2018

Banco Santander México

Establishment and adaptability of limits Setting limits is to meet, efficiently and comprehensively, levels of Liquidity Risk that Banco Santander (Mexico) is willing to assume, according to the risk appetite set by its board of directors, and according to the capacity of managers, the infrastructure available for the management and control, knowledge of the liquidity of the products and information available at appropriate times. Additionally, agile mechanisms of modification of boundaries can adapt to extreme or adverse market situations, as well as responding to normal opportunities. Regulatory Environment Banco Santander (Mexico) must meet not only the requirements set by the regulator, but also must meet the requirements of the corporation so that it can adequately respond to the scrutiny supervisor on a consolidated basis.

7.3 Key Process in Liquidity Risk Management

The model of Liquidity Risk in Banco Santander (Mexico) is based on the following key processes:

Admission

Setting limits and approval of new products and specific operations. Prior to admission of Liquidity Risk, the financial management function defines the perimeter of trading activity and balance sheet management of the entity, that is, the determination of the geographical segments, business and associated portfolios.

Provisioning of Information

As a preliminary step to the realization of control the risk of liquidity, information is collected on the principal items of the balance sheet of the entity (Expiries, stock of liquid assets, issues, commitments, among others). In this process, the function of Liquidity Risk obtains information from market data provided by market data function, which performs the following steps:

Capture: obtaining market variables.

Calculation: modification, transformation and interpolation of data captured from

information systems.

Validation: filtering the data according to defined quality requirements.

Certification: generation of end of day prices and official data used in the process.

Dissemination: setting the certified data available to different systems

Liquidity risk control

Measurement, analysis and control of liquidity risk is to ensure that the level of balance sheet liquidity is consistent with the approved limits and risk appetite established by the governing body of the entity. This process aims:

Understand, analyze, control and monitor continuously the situation, evolution and

trends in liquidity risk generated by the balance, reporting periodically to the address and

requesting measures to be taken.

Conduct analysis and control liquidity risk in the different axes, and levels and defined

metrics.

Understand, analyze, control and monitor the possible concentrations in funding sources

or suppliers.

Page 84: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

83

Risk Management Annual Report 2018

Banco Santander México

Monitoring and analysis of Liquidity Risk excess, regarding the approved limits, notifying

the excesses of risk-taking functions and requesting, where appropriate, actions that

serve to its regularization.

Respond in a timely manner to the requirements set by regulators, filling information

Liquidity risk of the entire balance sheet.

7.4 Liquidity Risk Control

As already mentioned, the liquidity risk is associated with the ability that Bank Santander (Mexico)

has to finance its commitments undertaken, at reasonable market prices and to carry out its

business plans with stable sources of funding. The factors that influence can be external (liquidity

crisis) and internal due to excessive concentration of maturities.

Bank Santander (Mexico) hits a coordinated management of the maturities of assets and liabilities, monitoring the maximum gap profiles. This surveillance is based on analysis of maturities of assets and liabilities both contractual and management. The Bank performs a control for maintaining sufficient liquid assets to ensure survival horizon for a minimum of days faced a liquidity stress scenario without resorting to additional sources of funding. Liquidity risk is limited in terms of a minimum of days established for local and foreign currencies in consolidated form.

A. Liquidity Risk Metrics

Structural Finance Ratio.

After analyzing the components of the balance sheet, for those whose treatment is affected by variations and balances, the institution calculates the ratio of structural finance in order to measure the excess or deficit of liquidity structural in the balance. The structural liquidity analysis allows to determine how are funding the structural needs and if there is a high reliance on the use of instruments considered volatile or highly correlated with market variables.

Liquidity Risk Limits.

The limits of liquidity risk refer to those minimum thresholds defined by the entity in order to control and manage the risks relating to liquidity, balance sheet structure to which the entity is exposed.

Liquidity Gap.

Shows the liquidity risk profile or mismatches in the cash flows, assuming a normal course of business and stable market conditions. It consists of the contractual gap, coupled with the best estimate available of the flows that could affect the liquidity situation of the entity from the trade balance, other balance sheet items and other inputs and outputs known.

Liquidity Available.

It is defined as the amount of the public debt plus cash and other liquid assets without pledged and which can become almost immediately liquidity by direct sale on the market, without significantly affecting its price or to serve as collateral in operations of temporary assignment of assets (or other financing collateral) with reasonable haircuts.

Page 85: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

84

Risk Management Annual Report 2018

Banco Santander México

Concentration of Funding Sources

Shows the main funding sources or suppliers, volumes and terms of financing. The analysis of this information allows evaluate possible concentrations and effects faced possible changes in the sources or suppliers or its availability to provide it.

Stress Test

Metrics by which the time horizon of liquidity stress scenarios is obtained, such as wholesale liquidity metrics (wholesale stress scenario), and stressed liquidity metrics (applying stress scenarios of local crisis, global crisis and idiosyncratic crisis). This metric provides information about how long the entity could survive without requesting funds to markets and what is the quantity and minimum time to obtain funds to cover the liquidity needs.

Liquidity Coverage Ratio (LCR)

The LCR shown resistance to short-term of the liquidity risk profile of the Bank, ensuring that it has sufficient high-quality liquid assets to overcome an episode of significant stress for 30 calendar days. The severity of stress period stated in the CUB issued by the CNBV.

Net Stable Funding Ratio (NSFR)

The NSFR is set as a long-term financing ratio which is facing structural funding needs against financing sources of a stable entity. This requires banks to maintain a stable funding profile in relation to the composition of its assets and off-balance sheet activities.

B. Data from the reporting period

Structural Gap

Table 7A Millions of pesos

Total 1D 1S 1M 3M 6M 9M 1A 5A >5A

Structural

GAP 172,798 - 8,374 15,055 2,317 45,979 43,062 28,872 85,199 258,559 -297,871

Non Derivatives 141,870 - 8,374 14,402 2,214 45,871 43,205 27,649 84,785 246,608 -314,491

Derivatives 30,927 - 652 103 108 - 144 1,222 415 11,951 16,620

STRUCTURAL GAP

Page 86: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

85

Risk Management Annual Report 2018

Banco Santander México

LCR Y NSFR

Table 7B

Structural Finance Ratio

Table 7C

178%169%

100%

120%

140%

160%

180%

200%

220%

dic

.-1

7

en

e.-

18

feb

.-18

ma

r.-1

8

ab

r.-1

8

ma

y.-1

8

jun

.-18

jul.-1

8

ag

o.-

18

sep.-

18

oct.-1

8

no

v.-1

8

dic

.-1

8

CCL

126% 130%

0%

40%

80%

120%

160%

200%

dic

.-1

7

en

e.-

18

feb

.-18

ma

r.-1

8

ab

r.-1

8

ma

y.-1

8

jun

.-18

jul.-1

8

ag

o.-

18

sep.-

18

oct.-1

8

no

v.-1

8

dic

.-1

8

NSFR

dic-18

Structural Funding Ratio 114%

Structural Funding Ratio 811,098

1. Clients funds 548,032

2. Issuance 137,253

3. RRPP 125,813

Structural financing needs 713,949

1. Lending 671,671

2. Investments in group companies 227-

3. Reserve Requirements 28,093

4. Other financing needs 14,412

STRUCTURAL FUNDING RATIO

Page 87: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

86

Risk Management Annual Report 2018

Banco Santander México

8. Operational Risk Management

8.1 Overview

The Operational Risk is the risk of loss due to failures or deficiencies in internal controls resulting from errors in processing and storage operations, or in the transmission of information, inadequate or failed internal processes, people and internal systems or from external events as well as adverse administrative or legal resolutions, frauds or theft and includes, among others, Technological Risk and Legal Risk.

This risk is inherent in all products, activities, processes and systems and is generated in all areas of business and support. Therefore, all employees are responsible for managing and controlling operational risks generated in its scope, from branches to support functions every employee of Santander is bounded to comply operational risk management.

In terms of operational risk, Banco Santander (Mexico), aligned with the corporate methodology, has policies, procedures and methodologies for identification, control, mitigation, monitoring and disclosure of operational risks which are reviewed yearly

In order to identify and group the operational risk use is made of distinct categories and business

lines defined by the regulatory authorities, both local and as per the supervision of the institution.

The methodology is based on the identification and documentation of risks, controls and related

processes and uses quantitative and qualitative tools such as risk control self-assessment

process, the development of historical databases and operational risk indicators, among others,

for both the control and mitigation and disclosure requirements.

Among the operational risks, is technological risk, which is defined as the potential losses from damage, interruption, alteration or failures derived from the use or reliance on hardware, software, systems, applications, networks and any other distribution channel of the information in providing banking services to customers of Banco Santander (Mexico).

The Bank has adopted a corporate model for technological risk management, which is integrated into the processes of service and support of computer areas to identify, monitor, control, mitigate and report risks to Information Technology. This is designed to prioritize the establishment of control measures that reduce the likelihood of risks materializing.

Another operational risk is legal risk, which is defined as the potential loss due to noncompliance with legal and administrative provisions, issuance of adverse administrative and judicial decisions and sanctions, related to bank operations.

In fulfillment of the steps outlined in the administration of risks, the following functions have been

developed:

Establish a 3 Line of Defense Model for Operational Risk Management.

Establish policies and procedures to identify, analyze, control and report Operational Risk,

which are reviewed on periodically basis.

Analyze the amount of direct or/and potential losses, resulting from the materialization of

the latent operational risks.

Disseminate within managers and employees, legal and administrative provisions

applicable to operations.

Mandatory annual training regarding Operational Risk for all employees.

Perform internal legal audits at least once a year.

Page 88: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

87

Risk Management Annual Report 2018

Banco Santander México

For the calculation of regulatory capital required for operational risk since November 2016, the Alternate Standard Approach defined in CUB is used.

Thus, to calculate the capital requirement for its exposure to operational risk, just as in the standard method, for each line of business a percentage was established on the income, but it determines that for the commercial and retail banks the income shall be substituted by the amount of loans and total amount each line of business.

During some months of 2018, Operational Risk losses of Santander Mexico exceeded the budget, mainly because of extraordinary events in external fraud, for which action plans were designed and implemented. Positive results of such plans began to be observed during the second semester.

Figure 1 Operational Risk Losses

Santander Mexico has no appetite to have more than 1.75% of the gross margin of operational losses. During 2018 the ratio stayed consistently below that level

Figure 2 Operational Risk Losses between Gross Margin Ratio

1.17%

1.60%

1.75%

1.00%

1.20%

1.40%

1.60%

1.80%

2.00%

en

e.-

18

feb.-

18

ma

r.-1

8

ab

r.-1

8

ma

y.-

18

jun.-

18

jul.-1

8

ag

o.-

18

sep.-

18

oct.-1

8

no

v.-

18

dic

.-1

8

Ratio Alert Limit

7256

138

186

87

187

144

68

96

66

111

61

79

0

20

40

60

80

100

120

140

160

180

200

en

e.-

18

feb

.-1

8

ma

r.-1

8

ab

r.-1

8

ma

y.-

18

jun.-

18

jul.-1

8

ag

o.-

18

se

p.-

18

oct.

-18

no

v.-

18

dic

.-1

8Losses Budget

Page 89: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

88

Risk Management Annual Report 2018

Banco Santander México

8.2 Operational Risk Control

Operational risk management is developed taking the following elements:

Identify the operational risk inherent in all activities, products, processes and systems.

Define the operational risk profile specifying unit strategies and time horizon, through the establishment of appetite and risk tolerance, and budget monitoring.

Promote the involvement of all employees in operational risk culture.

Measure and evaluate the Operational Risk continuously and consistently with regulatory standards.

Deploy control procedures.

Monitor, verify and suggest mitigation measures that minimize operational risk.

Identify the real operational risk exposure of Santander Mexico.

Produce regular reports on the exposure to operational risk and level of control of both internally and to the market and regulators bodies.

For each of these elements, Banco Stander (Mexico) should define and deploy systems to monitor and control operational risk exposures, integrated in the daily management of the bank, taking advantage of existing technology.

Table 8A Properties model management and control of operational risk

implemented in Banco Santander (Mexico)

Promotes the development of operational risk culture

Allows a comprehensive and effective operational risk management

(identification, measurement, assessment, control, mitigation and

information).

Improves the coordination between departments to identify, communicate

risks and boost efforts for the control.

Operational risk information helps to improve the processes and controls, reduce losses and income volatility.

Deliver information to the General Management for decision making.

Facilitates the establishment of limits for operational risk appetite.

Page 90: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

89

Risk Management Annual Report 2018

Banco Santander México

9. Capital

9.1 Overview

Capital management in the institution seeks to ensure the solvency of the company and maximize profitability, ensuring compliance with internal capital targets and regulatory requirements established by CNBV. It is process for making strategic decisions using their management objectives established for determining risk appetite, planning and capital budgeting, and the use of metrics to evaluate the profitability and value creation business. To carry out this management is part of the following key objectives:

Capital Budget: It is held annually determining a set of target values for each of the months

of the following year, which ensure that capital levels are adequate at all times with the risk

profile of the entity and regulatory minimum requirements.

Capital Planning: It is made considering applicable regulatory requirements, and in it the

sufficiency of current and future capital is analyzed by capital projections under different

macroeconomic scenarios (base and stressed scenario).

Establishment of Risk Appetite: Budget processes and capital planning must be aligned

and coordinated with the establishment of risk appetite.

Minimum Criteria: In preparing proposals for capital targets should be considered:

All material risks to which the institution is exposed and are consistent with its risk profile

referred.

They are consistent with the budgets, strategic plans and business results forecasts,

and liquidity and ability obtain funding from various sources, taking into account the

correlation and dependency thereof.

Incorporate risk factors external to the entity, arising from the regulatory, legal

environment, economic or business.

All applicable regulatory requirements are met.

To be considered plausible stress scenarios in addition to the regular scenarios.

That the objectives include at least quality and composition of capital (equity mix), ratios

or levels of solvency, dividend policy and target values metric of profitability of invested

capital and creating value by product segments, business and/or units.

9.2 Capital Policies

Capital policies set general guidelines that should govern the actions of the areas involved in the processes of management and control of equity.

9.2.1 Capital Strategic Policies

Autonomy of Capital: Banco Santander (Mexico) is endowed with the capital required to

autonomously develop their activity and meet regulatory requirements on capital and

liquidity.

Page 91: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

90

Risk Management Annual Report 2018

Banco Santander México

Central Monitoring: The capital management model ensures a comprehensive view, so that

the control exercised primarily by Banco Santander (Mexico) is complemented by the

monitoring provided by the corporate unit.

Proper Distribution of own Resources: Banco Santander (Mexico) should monitor their

adequate capitalization (including its subsidiaries) and the adoption of balanced approach

in the allocation of own resources to optimize the relationship between solvency and

profitability.

Reinforcement of Capital: Regardless of the need to operate with an adequate level of own

funds (capital available) to meet legal and regulatory requirements, It ensures proper

composition promoting the choice of computable elements of the highest possible quality

(according to their ability to absorb losses, the retention time in the balance sheet of the

entity and priority in the authorization) in order to guarantee its stability.

Capital Preservation: The capital is a very scarce resource that must be used in the most

efficient way possible. In this regard Banco Santander (Mexico) has mechanisms for

continuous monitoring of capital consumption optimization.

Sound Management: The capital management is based on ensuring the solvency based on

an acceptable level of profitability on invested capital. This management is based on equity

targets consistent with the risk profile of the institution limiting the levels and types of risks

that the institution is willing to take on the development of its activity and ensuring the

maintenance of adequate capitalization.

Maximizing Value Creation: Investment decisions are aimed at optimizing the creation of

value on invested capital, enabling management to align the business with capital

management from analysis and monitoring of a set of metrics that relate the capital cost of

resources to the benefit obtained by reversing the investment of them, that make it possible

to compare performance on a standardized basis of operations, clients, portfolios and

businesses.

Stress Test: Banco Santander (Mexico) periodically performs stress tests under adverse

scenarios to assess that capitalization remains solid and above risk appetite limits,

approved and established by the corporate governance entities.

9.2.2 Management and Control Policies

Objective of analysis and derivative actions: The main objective of the monthly monitoring

and measurement metrics, is to help senior management in the process of making strategic

decisions on solvency, capitalization and profitability of business.

Minimum Frequency: At least once a month takes place a process of control and monitoring

of the evolution of the different metrics of capital through various reports that are distributed

to senior management and internal and corporate areas.

Content of the Analyses: The causes of the variations in the amounts and/or deviations

from budget or for business, changes in markets or economic variables, changes in the

Page 92: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

91

Risk Management Annual Report 2018

Banco Santander México

methodology of the models or parameters, changes in legislation or otherwise nature are

studied Specifically, the main analyzes carried out with recurring basis are:

Analysis of solvency and its evolution, comparing domestic capital base with regulatory

capital requirements.

Development of key capital metrics and analysis of the major monthly variations.

Analysis of the volume of required capital and risk weighted assets based on risks other

than credit risk.

Analysis of the impact produced by recalibration, methodological changes in the patterns

and changes in legislation.

Analysis of the composition of capital in order to maintain a strong capital level, both in

amount and composition thereof.

9.2.3 Organizational Structure and Governance Model

The proper development of the function of capital, both in terms of decision-making and in terms of supervision and control, it needs a structure of agile and efficient governance organs to ensure the participation of relevant stakeholders, and ensure the necessary involvement of senior management.

Table 9A Banco Santander (Mexico)

Structure for Capital Management

Comprehensive Risk Management Committee (CRMC): CRMC is responsible for submitting to the Board of Directors the following aspects of equity:

Communications with the controller information on aspects relating to solvency and capital; evolution of figures of capital, return on capital, adjusted for risk; compliance with capital and budget plans associated with the implementation of internal models.

Application for approval of objectives, guidelines, policies of capital:

Minimum level of solvency of the entity.

Minimum requirements for return on equity of business or transactions.

Consejo de

Administración

CAIR

Comité de

Capital

Comité de

Dirección

Page 93: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

92

Risk Management Annual Report 2018

Banco Santander México

Allocation of capital needed to the business units.

Transactions with significant impact on the management of capital and solvency levels.

Stress tests carried out to assess the sensitivity of capital to unlikely but plausible scenarios that affect business planning and its capital required, and the necessary measures to ensure minimum levels of solvency in the event of stress scenarios posed occur.

Board of Directors In terms of capital, performs the functions of:

Capital Budget.

Briefing of the main decisions taken by the Committee of Capital.

Periodic review of the capital figures of the institution and business.

Monitoring of projects associated with the effective implementation of policies and tools relating to capital.

INTEGRANTES Committee of Capital The Committee of Capital is responsible for the supervision, approval, and valuation of all aspects of capital and solvency of the institution whose primary responsibilities are:

In terms of supervision:

Analysis of the solvency and capital adequacy.

Monitoring of compliance with budgets, capital planning and stress test analysis.

Monitoring the use of capital, RORAC and RORWA, of the institution and business.

Supervision and monitoring of all aspects related to the implementation of internal

models.

With respect to capital management, will be responsible for raising the CAIR eventual

decision to activate the viability plan in terms relating to the solvency.

Presentation and major decisions taken by the Committee of Capital to CAIR on

solvency and capital adequacy.

In terms of authorization:

Review and validation of the planning exercises and capital stress test prior to internal

approval or presentation to the relevant supervisory authority.

Approval of changes in capital models and methodologies, considered as relevant for

internal purposes, together with the report of the independent validation area.

In terms of identification of proposals:

Objectives of capital for the planning horizon.

Optimization of capital consumption.

Improvement of solvency ratios.

Improved capital models and their integration in management.

In terms of capital, this Committee coordinates relations with supervisors and the flow of

information to the market.

Page 94: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

93

Risk Management Annual Report 2018

Banco Santander México

9.3 Calculation of the Capital Requirement for Credit Risk

In accordance with the provisions of the CACI, to calculate their capital requirements for credit

risk, the institution may use:

The standard method by which the institutions in order to determine their capital

requirements for credit risk shall classify their operations Subject to credit risk in any of the

groups established in the regulation, according to the issuer or counterparty or, where

applicable, the type of credit of the case.

Some of the methods based on internal, basic or advanced ratings, provided they obtain

prior authorization from the Commission to the effect. To use internal methodologies to

calculate capital requirements for credit risk, must be used own estimates of risk

components in their positions subject to credit risk:

Being an Internal Methodology with Foundation Approach, obtaining the probability of

default (PD) of their positions subject to risk based on own estimates and for the rest of

the components of credit risk, institutions shall comply with the provisions of the CUB.

In the case of an internal methodology with advanced approach, using proprietary

Probability of Default (PD) estimates, the Severity of Loss Given Default (LGD),

Exposure at Default (EAD) and the Term Cash or expiration of their positions subject to

credit risk.

To calculate the capital requirement for credit risk under the standard method, the transactions subject to credit risk according to the issuer or counterparty to the transaction or, where applicable, the type of credit that are classified concerned:

Group 1-A: Cash, federal government and IPAB. Group 1-B: Derivatives.

Group 2: Sovereign and multinational development banks. Group 3: Financial Entities and brokerages.

Group 4: Development banks, trusts and parastatal. Group 5: States and Municipalities. Group 6: Credit to individuals (Mortgage for housing and consumption). Group 7: Credit to business. Group 8: Past-due portfolio. Group 9: Other assets.

Based on these groups of risk weights to be used in each different group for the calculation of

capital requirements15 are defined. To determine the degree of risk of each of the loans making

up these portfolios, ratings apply to all operations whose counterparty credit risk or issue is rated

by rating agencies duly authorized by the CNBV. The Institution Standard and Poors, Fitch,

Moody’s and HR Ratings use the ratings.16

15 Risk levels indicated in the tables of correspondence of ratings and degrees of risk, long term and short term, for both global and for Mexico scale, included in Annex 1-B of the CUB and are required to determining the average weight for credit risk.

16 It should be noted that the institution does not assign public ratings to comparable assets that are unrated.

Page 95: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

94

Risk Management Annual Report 2018

Banco Santander México

The organization uses risk mitigation techniques using both collateral and personal securities, complying at all times with the principles set out in Section 4.3 of this chapter.

In particular, the results of the risk mitigation process for calculating the capital requirement for credit risk of rated portfolio with the standard method at the end year of the fourth quarter, is presented in the table below.

Table 9B

Standard Method. Risk Mitigation

Since 2012, the CNBV authorizes Banco Santander (Mexico) using methods based on basic

internal rating to calculate the capital requirement for credit risk of the loan portfolios following:

Business Corporate & Investment Banking (CIB).

Financial Institutions Banks.

Corporate17.

The application of this methodology for these portfolios is implemented in the calculation of capital in December 2013.

The following tables can be seen quantitative information corresponding to key metrics of the internal methodology with Foundation Approach by regulatory segment:

17 For the Corporate, in 2012 the CNBV authorized Banco Santander (Mexico) the use of internal ratings-based method

for the Basic model. In October 2015 this model migrated to an advanced internal model approach after authorization

from the CNBV.

Standard Methodology. millions of pesos

Standard Credit Risk

Groups

EAD covered

by personal

guarantees

EAD covered by

collateral - Simple

Method

EAD covered by

collateral - Integral

Method

Group I 2,803

Group II 30,126

Group III 4,775

Group IV 16,692 492

Group V

Group VI

Group VII 36,549

Group VIII

Group IX

Group X

Total December 2018 49,622 41,816 -

Total September 2018 17,048 37,138 -

Page 96: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

95

Risk Management Annual Report 2018

Banco Santander México

Table 9C18

PD, EAD, LGD by interval of probability of default

(Foundation Internal Rating Based-FIRB)

In October 2015, the CNBV authorized Banco Santander (Mexico) using models based on internal

ratings for the calculation of minimum capital requirements for credit risk by the advanced method

for the next portfolios:

Corporate.

Real Estate Companies (Property Developer).

This methodology with advanced approach is implemented in calculating capital in October 2015.

The following tables can be seen quantitative information corresponding to key metrics of the internal methodology with advanced approach by regulatory segment:

18 This information does not consider the transactions secured by the financial guarantee of second losses.

FOUNDATION INTERNAL RATING BASED. FINANCIAL INSTITUTIONS

PD Interval Levels

S&P

Balance

Million of

pesos

EAD

Millions of

pesos

PD weighted

by EAD

LGD weighted

by EAD

RWA / EAD

Credit Risk

weight

Expected loss /

EAD

Write offs (1)

Million of

pesos

Recoveries (2)

Million of

pesos

Provisions (3)

Millions of

pesos

[0,00296;0,00769) AAA

[0,00769;0,01474) AA+

[0,01474;0,025) AA

[0,025;0,045) AA-

[0,045;0,065) A+

[0,065;0,075) A

[0,075;0,11) A-

[0,11;0,17) BBB+

[0,17;0,26) BBB

[0,26;0,375) BBB-

[0,375;0,555) BB+ 365.40 365.52 1% 48% 52% 0%

[0,555;0,905) BB 31.48 31.48 1% 35% 47% 0%

[0,905;1,72) BB- 19.82 19.82 1% 45% 88% 4%

[1,72;3,52) B+ 0.05 0.05 3% 35% 85% 16%

[3,52; 6,325) B 13.25 13.25 4% 48% 139% 3%

[6,325;17,395) B-

[17,395;100) CCC/C

100.00000 D

Total December 2018 430 430 0.68% 46.48% 55.87% 0.53% - -

Total September 2018 704 704 0.85% 43.09% 58.86% 0.35% - -

Total December 2018 21.17

PD Interval Levels

S&P

Balance

Million of

pesos

EAD

Millions of

pesos

PD weighted

by EAD

LGD weighted

by EAD

RWA / EAD

Credit Risk

weight

Expected loss /

EAD

Write offs (1)

Million of

pesos

Recoveries (2)

Million of

pesos

Provisions (3)

Millions of

pesos

[0,00296;0,00769) AAA

[0,00769;0,01474) AA+

[0,01474;0,025) AA

[0,025;0,045) AA-

[0,045;0,065) A+

[0,065;0,075) A

[0,075;0,11) A-

[0,11;0,17) BBB+

[0,17;0,26) BBB 13,109.44 13,237.06 0.25% 36.77% 41.75% 0.00088

[0,26;0,375) BBB-

[0,375;0,555) BB+ 39,974.82 42,422.17 0.52% 45.75% 65.41% 0.27%

[0,555;0,905) BB 7,057.53 7,068.73 0.63% 35.90% 58.81% 0.22%

[0,905;1,72) BB- 32,383.44 34,762.73 1.18% 44.30% 77.68% 0.74%

[1,72;3,52) B+ 2,211.19 2,211.59 1.88% 36.22% 85.71% 0.65%

[3,52; 6,325) B 9,381.01 9,760.20 4.22% 44.32% 124.87% 2.10%

[6,325;17,395) B- 1,135.97 1,135.68 12.69% 37.76% 182.48% 4.54%

[17,395;100) CCC/C 42.12 42.12 27.88% 36.42% 204.07% 10.80%

100.00000 D 1,005.38 1,006.35 100.00% 59.76% 57.31% 55.18%

Total December 2018 106,301 111,647 2.08% 43.34% 72.78% 1.10% 167 16

Total September 2018 130,695 135,265 1.65% 43.67% 74.09% 0.73% 317 23

Total December 2018 1,668.55

FOUNDATION INTERNAL RATING BASED

COMPANIES WITH ANNUAL SALES EQUAL OR GREATER THAN 14 MILLIONS OF UDIS

Page 97: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

96

Risk Management Annual Report 2018

Banco Santander México

Table 9D19 PD, EAD, LGD by interval of probability of default

(Advanced Internal Rating Based-AIRB)

19 This information does not consider the transactions secured by the financial guarantee of second losses.

ADVANCED INTERNAL RATING BASED. FINANCIAL INSTIUTUTIONS

PD Interval Levels

S&P

Balance

Million of

pesos

EAD

Millions of

pesos

PD weighted

by EAD

LGD weighted

by EAD

RWA / EAD

Credit Risk

weight

Expected loss /

EAD

Write offs (1)

Million of

pesos

Recoveries (2)

Million of

pesos

Provisions (3)

Millions of

pesos

[0,00296;0,00769) AAA

[0,00769;0,01474) AA+

[0,01474;0,025) AA

[0,025;0,045) AA- 0 7,376 0 0 0 0

[0,045;0,065) A+ 1,296 10,652 0.05% 45.00% 21.56% 0.00023

[0,065;0,075) A

[0,075;0,11) A- 0 171 0.09% 45.00% 29.84% 0.00038

[0,11;0,17) BBB+ 564 2,893 0.14% 45.00% 41.54% 0.00063

[0,17;0,26) BBB 0 81 0.23% 45.00% 55.63% 0.00105

[0,26;0,375) BBB-

[0,375;0,555) BB+ 0.00 44.86 0% 45% 61% 0%

[0,555;0,905) BB 0.00 46.61 1% 45% 105% 0%

[0,905;1,72) BB-

[1,72;3,52) B+

[3,52; 6,325) B

[6,325;17,395) B-

[17,395;100) CCC/C

100.00000 D

Total December 2018 1,860 21,265 0.06% 45.00% 23.16% 0.03% - -

Total September 2018 3,119 20,412 0.07% 45.00% 24.82% 0.03% - -

Total December 2018 14.06

ADVANCED INTERNAL RATING BASED. COMPANIES WITH ANNUAL SALES EQUAL OR GREATER THAN 14 MILLIONS OF UDIS

PD Interval Levels

S&P

Balance

Million of

pesos

EAD

Millions of

pesos

PD weighted

by EAD

LGD weighted

by EAD

RWA / EAD

Credit Risk

weight

Expected loss /

EAD

Write offs (1)

Million of

pesos

Recoveries (2)

Million of

pesos

Provisions (3)

Millions of

pesos

[0,00296;0,00769) AAA

[0,00769;0,01474) AA+

[0,01474;0,025) AA

[0,025;0,045) AA- 0 268 0 0 0 0

[0,045;0,065) A+ 29,963 41,648 0.05% 45.00% 15.40% 0.00022

[0,065;0,075) A

[0,075;0,11) A- 3,374 6,038 0.08% 45.00% 28.03% 0.00038

[0,11;0,17) BBB+ 23,025 34,173 0.14% 45.00% 29.53% 0.00064

[0,17;0,26) BBB 10,634 11,913 0.24% 45.00% 47.74% 0.00108

[0,26;0,375) BBB-

[0,375;0,555) BB+ 9288.49 11621.10 0% 45% 52% 0%

[0,555;0,905) BB 10805.32 12319.54 1% 45% 77% 0%

[0,905;1,72) BB- 1033.06 1294.70 1% 45% 102% 1%

[1,72;3,52) B+ 117.70 117.70 2% 45% 112% 1%

[3,52; 6,325) B

[6,325;17,395) B- 1 1 0 45.00% 164.03% 0.03856

[17,395;100) CCC/C

100.00000 D 2140.126119 2140.126119 1 0.45 0 0.45

Total December 2018 90,382 121,535 1.97% 45.00% 33.63% 0.89% 49 3

Total September 2018 99,246 127,159 1.79% 45.00% 30.61% 0.80% 477 4

Total December 2018 683.63

ADVANCED INTERNAL RATING BASED. COMPANIES WITH ANNUAL SALES OF LESS THAN 14 MILLIONS OF UDIS

PD Interval Levels

S&P

Balance

Million of

pesos

EAD

Millions of

pesos

PD weighted

by EAD

LGD weighted

by EAD

RWA / EAD

Credit Risk

weight

Expected loss /

EAD

Write offs (1)

Million of

pesos

Recoveries (2)

Million of

pesos

Provisions (3)

Millions of

pesos

[0,00296;0,00769) AAA

[0,00769;0,01474) AA+

[0,01474;0,025) AA

[0,025;0,045) AA- 0 1,612 0 0 0 0

[0,045;0,065) A+ 0 0 0.05% 45.00% 6.41% 0.00023

[0,065;0,075) A

[0,075;0,11) A- 263 285 0.09% 45.00% 11.46% 0.00038

[0,11;0,17) BBB+ 0 0 0.14% 45.00% 31.24% 0.00063

[0,17;0,26) BBB

[0,26;0,375) BBB-

[0,375;0,555) BB+ 1115.69 1115.69 0% 45% 66% 0%

[0,555;0,905) BB 322.64 324.04 1% 45% 60% 0%

[0,905;1,72) BB- 0.00 3.64 1% 45% 72% 1%

[1,72;3,52) B+

[3,52; 6,325) B

[6,325;17,395) B- 0 75 0 45.00% 228.03% 0.06137

[17,395;100) CCC/C

100.00000 D

Total December 2018 1,702 3,416 0.52% 45.00% 40.66% 0.23% - -

Total September 2018 648 2,508 0.54% 45.00% 27.63% 0.24% 486 22

Total December 2018 948.76

Page 98: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

97

Risk Management Annual Report 2018

Banco Santander México

Table 9E20

Similarly to, what was said to the standard method, the Bank uses risk mitigation techniques complying at all times with the principles set out in Section 4.3 of this chapter. In particular, the results of the risk mitigation process for calculating the capital requirement for credit risk of ratings portfolio with basic internal method at the end year of fourth quarter, are presented in the following table:

20 This information does not consider the transactions secured by the financial guarantee of second losses.

EAD (million of pesos)

Type sep-18 dic-18

Financial Instituitions 21,116 21,695

Companies > 14 MM 262,424 233,181

Companies < 14 MM 35,307 31,247

PD weighted by EAD

Type sep-18 dic-18

Financial Instituitions 0.10% 0.07%

Companies > 14 MM 1.72% 2.02%

Companies < 14 MM 6.40% 6.49%

LGD weighted by EAD

Type sep-18 dic-18

Financial Instituitions 44.94% 45.03%

Companies > 14 MM 44.31% 44.20%

Companies < 14 MM 40.78% 41.02%

RWA / EAD

Type sep-18 dic-18

Financial Instituitions 25.95% 23.81%

Companies > 14 MM 53.02% 52.37%

Companies < 14 MM 70.41% 71.72%

PE / EAD

Type sep-18 dic-18

Financial Instituitions 0.04% 0.04%

Companies > 14 MM 0.77% 0.99%

Companies < 14 MM 3.60% 3.56%

RISK PARAMETERS EVOLUTION

Page 99: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

98

Risk Management Annual Report 2018

Banco Santander México

Table 9F21

On November 30th the bank signed a financial security agreement with an unrelated company that guarantee the second losses within a range to 1% to 8% of the balance of the credits secured by this agreement. The amount of the security was $32,050 up to the signature date; the agreement maturity is aligned with the maximum of the maturity of the secured credits. It is noteworthy that the main characteristics of the parameters of internal methodologies are detailed in the section on Credit Risk.

9.4 Capital Requirement Calculation of Counterparty Risk

In calculating capital requirements for counterparty risk under the standard method, prior to credit

risk weight, a value of conversion to credit risk is determined. In the case of derivative transactions,

the value is the positive amount of the subtract of the fair value of the active part of the operation,

less the fair value of the passive part plus an additional factor to reflect potential future exposure

over the remaining term of the operation (one year or less, from one to five years and over five

years) and the type of the underlying (interest rates, currencies, equities, precious metals, other).

After obtaining the conversion value, the risk weight is determined according to the form that

contractually has defined for settlement.

Derivatives operations have a weighting factor of 2% when settled by a clearinghouse authorized

by the Secretaría de Hacienda y Crédito Público or when settled in clearinghouses abroad, the

Banco de Mexico recognizes them.

When the institution can’t perform operations directly on their own to a clearing house and acts

through a clearing partner for the clearing house, these operations have a weighting of 4% if the

institution is not protected against breach of the clearing partner or 2% when it is protected.

21 This information does not consider the transactions secured by the financial guarantee of second losses.

Personal Collateral Average weighted PD by

EAD before mitigation

Average weighted PD by

EAD after mitigation

Financial Instituitions 0.07% 0.07%

Companies > 14 MM 2.13% 2.02%

Companies < 14 MM 6.72% 6.49%

Effective Collateral -

Integral Method

Average weighted LGD by

EAD before mitigation

Average weighted LGD by

EAD after mitigation

Financial Instituitions 45.03% 45.03%

Companies > 14 MM 44.20% 44.20%

Companies < 14 MM 41.02% 41.02%

FIRB & AIRB

December 2018

PD y LGD WITH RISK MITIGATION

Page 100: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

99

Risk Management Annual Report 2018

Banco Santander México

Table 9G Counterparty risk exposure

9.5 Calculating the capital requirement for market risk

To calculate the capital requirement for market risk, the methodology established in the CUB is followed, and operations are classified according to the type of market risk incurred (type of interest rate, exchange rate, inflation, minimum wage and others):

Transactions with nominal interest rate.

Transactions with real interest rate.

Transactions indexed to minimum wage.

Transactions indexed to the exchange rate.

Transactions indexed to inflation.

Transactions with shares or referred to a stock index.

Transactions with goods.

In each of these cases the asset and liability positions classified in the band that corresponds to its term to maturity or duration, and multiplied by the coefficient of charge for market risk, once the compensation allowed by the regulation is done:

Net position of each band.

Compensation within the bands.

Compensation between bands of the same area.

Compensation between bands of different area.

Specifically, in the operations of options and warrants, apply the formulas set out in the regulation to calculate the capital requirement for market risk by measuring the gamma impact (depending on the variability of the underlying) and Vega impact (depending on the volatility of the option).

From September 2016, the CNBV approved the usage of the internal “Stability and Sensitivity of Demand Deposits” model, that statistically determines the stability of MXN demand deposits and

millons de pesos Dic-18

Total 63,422

Of: Derivatives 60,304

Exposure in derivatives. Effect of Netting and Collaterales Dic-18

(A) Gross Positive fair value of the contracts 163,371

(B) Add-on 93,418

(C) Positive effects as a result of the mitigation of netting agreements. 154,669

(D) Current credit exposure after netting. 102,120

(D.1) Addon net 37,367

(D.2) MtM net 64,753

(E) Collateral received 41,816

(F) Credit exposure in derivatives 60,304

Total exposure to counterparty risk

(Standard Method)

Exposure in derivatives (Standard Method )

Page 101: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

100

Risk Management Annual Report 2018

Banco Santander México

the sensitivity to the paid rate compared to the market rates, in accordance with Annex 1-A, paragraph 1, numeral 1.1 of the Circular Única de Bancos (Circular applicable to Credit Institutions).

9.6 Calculation of the Capital Requirement for Operational Risk

The calculation of the Operational Risk Capital Requirement is based on the Alternative Standard Approach, approved by the CNBV during 2016 in accordance with Title First Bis – Chapter V – Article 2 Bis 114 of the Circular Única de Bancos, Banco Santander (Mexico) complied with the requirements described in the Annex 1D of the same.

9.7 Regulatory Capital

The integration of net capital is determined according to the provisions of Chapter II of Title First

Bis and then the corresponding integration is presented to December.

Table 9H

Sep 18 Dic 18

Tier 1 Capital 94,661 94,035

Preferential shares 34,765 35,053

Retained profits 55,864 50,451

Other profit elements 36,409 40,116

Goodwill 1,735- 1,735-

Other intangibles 5,571- 6,227-

Investments in related companies 26,729- 25,403-

Investments in subordinated debt instruments 241- 262-

Other regulatory adjustments 7,444- 7,768-

Capitalization instruments CET 1 9,344 9,809

Tier 2 Capital 24,448 27,419

Capitalization instruments 24,448 27,419

Reserves - -

Capital Neto 119,109 121,454

Total weighted assets by credit risk 743,422 762,644

Tier 1 capital to risk-weighted assets 12.73% 12.33%

Capital Ratio (ICAP) 16.02% 15.93%

Regulatory Capital

millions of pesos

Concept

Page 102: Risk Management Annual Report 2017 - Santander México · 2. Introduction 2.1 The Scope 2.2 Risk Policy Framework in Banco Santander (Mexico) 3. Integral Risk Management ... From

101

Risk Management Annual Report 2018

Banco Santander México

The following table can be seen quantitative information corresponding to the distribution of capital requirements by type of risk, as well as the evolution of each of the previous quarter to the current:

Table 9I

Capital Requirements - Market Risk

Capital Requirements - Credit Risk Capital Requirements - Operational Risk

10,930

14,280

Sep18 Dic18

44,764

42,690

Sep18 Dic18

3,779

4,042

Sep18 Dic18

Market Risk24%

Credit Risk67%

Operational Risk9%

Dic 18 61,011

Dic 18