mBank-OcenaRN-2021-12-31-en

Assessment of the Supervisory Board of mBank S.A. on the situation of the company on a consolidated basis, including the assessment of the internal control system and the risk management system

When issuing its comprehensive opinion on the situation of the Group, the Supervisory Board considers a number of aspects, such as financial standing of the Group, its ability to successfully compete on the market, efficiency of the internal control system, risk management system, compliance and internal audit system, and growth prospects.

mBank Group closed 2021 with a loss, despite posting the highest income in its history. The Group’s total income reached PLN 6.1 billion in 2021, which represents an increase by 4.2% from 2020. Net interest income grew by 2.4% year on year and net fee and commission income increased by 25.3%. The rise in operating costs of the Group in 2021 was slower than the growth in income, both in nominal and percentage terms. High profitability and strict cost discipline enabled the Group to bring the cost/income ratio to 40.2% compared with 41.1% in 2020.

Loss allowances for expected credit losses fell. The cost of credit risk reached 76 basis points in 2021, down from 119 basis points in 2020. At the same time, the share of non-performing loans shrank to 3.9% at the end of 2021 from 4.8% a year before. The cost of legal risk related to foreign currency loans was a major drag on the Group’s 2021 financial results.

The lack of the expected resolution of the Supreme Court set back the prospect of a settlement of the key legal issues surrounding foreign currency mortgage loans. A vast majority of rulings issued in 2021 in cases relating to foreign currency mortgage loans were unfavourable to banks. Simultaneously, the number of new lawsuits filed by borrowers rose. The issue of foreign currency mortgage loans in the context of legal risk was discussed in detail at every meeting of the Supervisory Board.

In December 2021 mBank started a pilot settlement programme under which it offers CHF borrowers to convert their debt into PLN and cancel it partially.

Bearing in mind the aforesaid circumstances and trends, in 2021 the Group set aside a PLN 2,758.1 million provision for legal risk connected with foreign currency loans, of which PLN 1,009.8 million is a provision for the potential costs of a voluntary settlement program with CHF borrowers.

Consequently, mBank Group closed 2021 with a net loss of PLN 1,178.8 million compared with a net profit of PLN 103.8 million a year before.

Despite the 2021 loss, the Group’s capital position is strong. Capital ratios remain high, with the Total Capital Ratio of the Group at 16.6% and the Common Equity Tier 1 ratio at 14.2% at the end of 2021. At the same time, the liquidity position of the Group is robust, while its funding profile diversified. In September 2021 mBank placed the first issue of green non-preferred senior bonds counted as eligible liabilities for the purpose of meeting the MREL, which will become effective on a fully loaded basis from 2024.

The Supervisory Board is of the opinion that the provision for legal risk related to foreign currency loans set up in 2021 will act as a stabilising factor and will enable safe operation of the Group in the future.

Capital adequacy ratios well above the supervisory minima set for the Group, safe liquidity profile, a buffer in the form or legal risk provisions, high ability to generate income, and effective cost management prove the Group’s sufficient resilience to potential macroeconomic shocks and consequences of materialisation of legal risks posed by mortgage loans.

It is worth stressing that the core business of the Group, understood as mBank Group without the “Foreign currency mortgage loans” segment, posted a net profit of PLN 1,602.7 million, delivering a return on equity of 11.9%.

In 2021 the scale of the Group’s operations grew substantially. Assets stood at PLN 199.5 billion as at December 31, 2021, which represents an increase by 11.6% from 2020. The volume of gross loans rose by 8.0% and amounts due to clients up by 16.1% year on year. The Group strengthened its market shares in the strategic areas of operations. Last year the Group supported clients facing liquidity problems, continued to digitalise and automate processes, expanded the range of services offered in remote channels, developed e-commerce solutions, and promoted products supporting sustainable development.

On October 29th, 2021, the Supervisory Board approved the mBank Group Strategy for 2021-2025 entitled From the Icon of Mobility to the Icon of Possibilities. The document encompasses a new ambitious ESG agenda, which is an integral part of the Strategy. The Supervisory Board strongly

believes that the business initiatives and actions planned in the Strategy will be an apt response to the changing market conditions and challenges of the future.

The Bank’s risk management system and internal control system are organised on three independent levels – lines of defence.

The internal control system supports the management of the Bank by contributing to ensuring the effectiveness and efficiency of the Bank’s operations, the reliability of financial reporting, compliance with risk management principles, and the Bank’s compliance with laws and internal regulations.

The internal control system includes:

1. The control function which aims to ensure compliance with control mechanisms relating in particular to risk management in the Bank, which includes positions, groups of people or organisational units responsible for the performance of tasks assigned to this function. The function is carried out in a systematic manner by employees at all organisational levels by means of:

- continuous monitoring, consisting of the examination of selected operations or activities performed at the bank,

- periodic verification, consisting of an examination of selected operations or activities already carried out in order to check the adequacy and effectiveness of the continuous monitoring.

2. The compliance function which is responsible for identifying, assessing, controlling and monitoring the risk of non-compliance of the Bank’s operations with the law, internal regulations and market standards, as well as for presenting reports in this respect. The tasks of the compliance function are performed by the Compliance Department.

3. An independent internal audit function which aims to examine and assess, in an independent and objective manner, the adequacy and effectiveness of the risk management system and the internal control system. The tasks of the independent internal audit function are performed by the Internal Audit Department.

The Audit Committee provides the Supervisory Board with its opinion on the assessment of the internal control system based on information from the Bank’s Management Board on the functioning of the internal control system, reports on the effectiveness of the control function, significant and critical irregularities and the status of recovery plans, reports on compliance risk management, the assessment from an internal audit perspective, as well as the results of audits. The Committee takes into account in its opinion information from the parent company, subsidiaries, the auditor, supervisory institutions (e.g., the Polish Financial Supervision Authority), as well as from other third parties. The Committee assesses the performance of the Compliance Department and the Internal Audit Department on the basis of annual activity reports presented directly by the Directors of the Compliance and Internal Audit Departments.

Based on the information received in 2021, the Supervisory Board did not identify any significant irregularities in the functioning of the internal control system (including the control function, the compliance function, and the internal audit function) and considers that it is adapted to the scope and complexity of the Bank’s activities, organisational structure, and risk management system. As part of the assessment of the internal control system, on the basis of an opinion of the Audit Committee, the Supervisory Board identified the strengths of the system and areas for further improvement. The Supervisory Board assessed that the units responsible for the control function, compliance risk management, and internal audit carried out their tasks in accordance with the internal regulations on a continuous basis, and that the Bank’s Management Board and Audit Committee, as well as the Supervisory Board, received adequate reports and information on the effects of such activities. The independence of the Compliance Department and the Internal Audit Department was ensured as defined in the Rules of the Compliance Department and the Audit Charter, respectively. In performing their duties, employees of those units performed their activities with independence and objectivity, did not execute processes which were subject to their controls, and did not engage in activities which could give rise to a conflict of interest with their duties.

The Directors of the Compliance Department and the Internal Audit Department took measures on an on-going basis to ensure that adequate human resources and the necessary financial resources were available to systematically improve the qualifications, experience and skills of the staff of those units.

The Group’s risk management system is based on the concept of three lines of defence.

The Bank has in place risk committees for each business line: the Retail Banking Risk Committee, the Corporate and Investment Banking Risk Committee, and the Financial Markets Risk Committee, which define the risk management principles and determine the risk appetite of the business line. Risks are also an important focus of the work of other committees in the Bank chaired by members of the Management Board.

The Bank has in place methodologies and processes where risks are identified and assessed to determine their potential impact on current and future operations. The comprehensive risk management structure is complemented by a consistent system for monitoring and reporting risk