Risk Management
Overview
Taking risks is inherent in any bank’s strategic plan. The Bank’s risk philosophy is that the risk should be taken in line with the Bank’s risk appetite and it should fit in with the Bank’s business strategy, assist the decision making process and enhance management effectiveness.
Risk management continues to be a key area of focus providing the framework for a stable foundation of the Bank. In the changing environment the structures, tools and techniques are also aligned to effectively identify, measure and manage the risks.
The objectives of the risk management framework are:
- To establish common principles and standards to identify, measure, evaluate, monitor and manage significant risks to the Bank on a forward looking basis.
- Define Bank’s risk appetite and align Bank’s portfolios and business strategy accordingly.
- Provide a shared framework and language to improve awareness of risk management processes.
- To provide clear accountability and responsibility for risk management.
- Optimize risk return decisions.
- Maintain Bank’s capital adequacy and strong liquidity position.
- Further strengthen governance, controls and accountability across the organization.
In addition to the main risks i.e. credit, market and operational risks, the Bank has considered nine other risks which are material to it. The decision is based on directions given by the Central Bank of Sri Lanka (CBSL) and self-assessment of most important risk categories which need a separate mention from an ICAAP perspective. These risk categories include, liquidity risk, interest rate risk in the banking book, Underestimation of Credit Risk in Standardized Approach, Residual Credit Risk, Concentration Risk, Compliance Risk, Legal Risk, Strategic Risk and Reputational Risk.
The Bank promotes a strong risk management culture supported by a robust risk governance structure. We believe that in an organization everyone is a risk manager and organizations need dynamic risk officers to direct and embed a culture of risk management across
the organization.
As part of our regular risk and cross-risk analysis, sensitivities of the key portfolio risks are reviewed through a bottom-up risk assessment and through a top-down macro economic and regulatory scenario analysis. These approaches allow us to capture risks that have an impact across our risk inventories and business divisions or those that are relevant only to specific portfolios.
The year 2013 has continued to see increased regulation in the financial services industry. We are also focused on ensuring that we act proactively to identify potential macro economic and regulatory changes and assess the possible impact on our business model
or processes.
Details of risk management initiatives undertaken during the year and planned for the next three years are summarized below:
| 2013 | 2014 and beyond |
| Internal Capital Adequacy Assessment Process (ICAAP) completed and document submitted to Central Bank in January 2013 | Continue improvements for prudential capital management |
| Implementation of an Obligor and Facility Rating and scoring model | Collection of data to migrate to Internal risk-based approach for Credit Risk |
| Implementation of a Market Risk Model to facilitate Value at Risk calculations | Migrate to Market Risk Internal Models Approach |
| Calculation of Operational Risk Capital based on Basic Indicator Approach (BIA) and The Standardized Approach (TSA) | Migrate completely to TSA approach for Operational Risk |
| Adoption of Pillar III market disclosure requirements under Basel II | Improvements to the disclosures made |
| Conglomerate Risk Identification - Discussions with group companies to build a risk registry | Based on the library of risks to carryout detailed probability/impact analysis |
| Improve on the existing Risk Dashboards for the Bank as well as Group Companies and reporting to the Board sub-committees for Integrated Risk Management as well as the Board of Directors |
Regular review of monitoring & control functions of Bank/Group companies |
Uncertainties and Risk Management
We balance risk and return taking account of changing conditions through the economic cycle, and monitor economic trends in our markets very closely. We also continuously review the suitability of our risk policies and controls.
Rapid economic development and change of business in both local and global economies provide opportunities but at the same time is a challenging task under risky economic environment. A sound and accurate risk management process is an essential part of our business norm to deliver superior shareholder value by accomplishing an appropriate degree of trade-off between risk and return.
The world economy is coming out of a difficult period and uncertainty remains. The sovereign debt crisis in the Eurozone continues and, although acute risks have been addressed by ongoing policy initiatives, there is still need for substantial new structural reforms. The US will likely continue to be held back by fiscal challenges unless political compromises are made, though economic fundamentals are improving. Larger and more domestically driven economies such as India, Indonesia and China are expected to be more resilient than more open economies such as Singapore, Hong Kong and South Korea.
Changes in exchange rate affect, among other things, the value of our assets and liabilities denominated in foreign currencies, as well as our earnings in foreign currency. Sharp movements in currency can also impact trade flows and wealth of clients, both of which could have an impact on our performance. We monitor exchange rate movements closely and adjust our exposures accordingly. Under certain circumstances, we may take the decision to hedge our foreign exchange exposures in order to protect our capital ratios from the effects of changes in exchange rates and exposures are closely monitored against the internally set prudential foreign exchange risk limits. The effect of exchange rate movements on the capital adequacy ratio is mitigated to the extent there are proportionate movements in risk weighted assets.
We are in the business of taking selected risks to generate shareholder value, and we seek to contain and mitigate these risks to ensure they remain within our risk appetite and are adequately compensated.
The risk indicators/uncertainties that may arise in the future and our initiatives to manage them are set out below;
| Risk | Risk Level | Description | Mitigants |
| Regulatory changes and compliance | Low | The nature and impact of future changes in economic policies, laws and regulations are not predictable and may run counter to our strategic interests. These changes could also affect the volatility and liquidity of financial markets and more generally the way we conduct business and manage capital and liquidity.
Although we seek to comply with all applicable laws and regulations, we may be subject to regulatory actions and investigations across our subsidiaries, the outcome of which is generally difficult to predict and could be material to the Group. |
We review key regulatory developments in order to anticipate changes and their potential impact on our performance. We respond both unilaterally and through our participation in industry groups to consultation papers and discussions initiated by regulators. The focus of these activities is to develop the framework for a stable and sustainable financial sector and economy. Internal Capital Adequacy Assessment Process (ICAAP) to analyse/assess our capital requirements under stressed scenarios to maintain stability. |
| Financial markets instability | Moderate | Financial markets volatility or a sudden dislocation could affect our performance, through its impact on the mark-to-market valuations of assets in our available-for-sale and trading portfolios or the availability of capital or liquidity.
Financial markets instability also increases the likelihood of default by our corporate customers and financial institution counterparties. |
We assess carefully the financial position of our counterparties and their credit rating (Issuer Default Rating-IDR) according to their systemic importance when setting limits and adjusting our exposure accordingly.
Portfolio valuations are carried out through mark to market exercise and ensure the results are within our pre-defined risk appetite. We maintain robust processes to assess the suitability and appropriateness of products and services we provide to our clients and customers. |
| Exchange rate movements | Low | Changes in exchange rates affect the value of our assets and liabilities denominated in foreign currencies.
Sharp currency movements can also impact trade flows and the wealth of clients, both of which could have an impact on our performance. |
We actively monitor exchange rate movements and adjust our exposure accordingly within our prudential limit framework. Stress tests are being performed to ensure least impact to the P/L on a daily basis.
Low exposure to the un-hedged positions given internal policy and strengthened supervision by the regulators on minimizing open foreign currency positions. We assess the impact of exchange rate movements on our counter parties business and impact on meeting debt obligations. |
| Risk of adverse movements in interest rates | Moderate | The risk of potential losses due to changes in the fixed income security portfolios. | The duration of the bond portfolios are being monitored regularly to assess sensitivity of portfolios to interest rate changes. The impact of the Trading portfolio is minimal due to bank holding Treasury Bills and Bonds with short-term maturities. Available-for-Sale (AFS) portfolio of Bills and Bonds are managed within the pre defined risk parameters. |
| Geopolitical events | Moderate | We face a risk that geopolitical tensions or segments in our footprint could impact trade flows, our customers’ ability to pay, and our ability to manage capital. | We actively monitor the situations that could have an impact and conduct regular stress tests of the impact of such events on our portfolios, which inform assessments of risks and any need to take mitigating action. |
| Risk of fraud | Moderate | The risk of fraud and other criminal activities is growing as criminals become more sophisticated and as they take advantage of the increasing use of technology in society. | We have a broad range of measures in place to monitor and mitigate this risk.
Controls are embedded in our policies and procedures across a wide range of the Group’s activities, such as origination, recruitment, physical and information security. |
| Risk of Natural Disasters | Moderate | Natural disasters can have an impact on the performance of the customers’ operations and the ability to meet debt obligations.
It can also have an impact on the Bank’s operations and inability to continue business from current location. |
In such situations on natural disasters (both local and overseas), stress tests are carried out to assess impact of such events on portfolio and appropriate action taken to mitigate the risk.
Formalize and tested Business Continuity Plan is in place and able to switch over to the Disaster Recovery Site. |
| Active Share market operations | Moderate | This leads to frequent changes in share ownership and hence affects Group structuring which could have an impact on credit concentrations and complying with regulations. | Closely monitor share market movements.
Internal policies on single/group borrower limits are more stringent than regulatory requirements. |
| Risk arising from inability to meet maturing deposit liabilities | Low | The Bank’s liquidity position can affect the ability to meet liability requirements as they fall due
Low liquidity in the markets may result in unexpected stresses to the bank. |
The Bank monitors number of prudential liquidity ratios as per CBSL risk directions which are discussed at ALCO, IRMC. Credit committees. Adherence to the Liquid Asset Ratio (LAR) above the statutory requirement.
The Bank was least dependant on the short-term inter-bank borrowing during the year and the liquidity position is further strengthened with the planned debenture issue which took place in December 2013. |
Capital Management
Currently, the Bank is applying the Standardized Approach for Credit Risk and Market Risk and Basic Indicator Approach for Operational Risk in computing the minimum capital requirements.
Credit Risk is the largest contributor in the overall risk exposure of the Bank and bears the highest risk related capital charge. The Bank at present possesses a quality portfolio and moving into advanced approaches of capital computation for credit risk would facilitate minimizing the capital requirements. This requires sophisticated systems and methodologies for quantifying and monitoring of risk. The Bank has taken steps to invest in a Credit and Market Risk Management solution, the implementation of which is in progress.
Internal Capital Adequacy Assessment Process (ICAAP)
ICAAP is part of Pillar II of Basel II framework, which focuses on bridging the gap between the Regulatory Capital and Economic Capital Requirements of the Bank. ICAAP captures all material risks such as - Liquidity Risk, Interest Rate Risk in the Banking Book, Underestimation of Credit Risk in Standardized Approach, Residual Credit Risk, Concentration Risk, Compliance Risk, Legal Risk, Strategic Risk and Reputational Risk which are not covered under Pillar I.
ICAAP Framework
Capital helps protect individual banks from insolvency, thereby promoting safety and soundness in the overall banking system. Minimum regulatory capital requirements under Pillar 1 establish a threshold below which a sound bank’s regulatory capital must not fall. The Pillar 2 (Supervisory Review Process - SRP) requires banks to implement an internal process, called the Internal Capital Adequacy Assessment Process (ICAAP), for assessing their capital adequacy in relation to their risk profiles as well as a strategy for maintaining their capital levels. The Pillar 2 also requires the supervisory authorities to subject all banks to an evaluation process/Supervisory Review Process (SRP), and to initiate such supervisory measures on that basis, as might be considered necessary.
The ICAAP would be in addition to a bank’s calculation of regulatory capital requirements. It is in operation in the Bank with effect from January 2013. Bank’s ICAAP process strengthens the risk management practices and capital planning process.
Capital Adequacy Ratio of the Bank after Consideration of Pillar II Risks and Stress Testing
| Types of Risk | Regulatory Capital - Pillar I LKR mn |
Stressed Capital LKR mn |
Internal Capital (Pillar + Pillar II Stressed Capital LKR mn |
| Credit Risk | 13,391.14 | 697.91 | 14,089.05 |
| Market Risk | 538.19 | 829.52 | 1,367.70 |
| Operational Risk | 1,303.76 | 260.75 | 1,564.51 |
| Liquidity Risk | – | 638.21 | 638.21 |
| Interest Rate Risk in Banking Book | – | 92.01 | 92.01 |
| Credit Concentration Risk | – | – | – |
| Reputation Risk | – | – | – |
| Strategic Risk | – | – | – |
| Settlement Risk | – | – | – |
| Residual Credit Risk | – | – | – |
| Total Capital Requirement | 15,233.08 | 2,518.40 | 17,751.48 |
| Equivalent RWA | 152,330.85 | – | 177,514.82 |
| Eligible Capital | 27,219.56 | – | 27,219.56 |
| Capital Adequacy Ratio | 17.87% | – | 15.33% |
BASEL III
This is the new global regulatory standard on managing capital and liquidity of banks. BASEL III stresses that it is critical that banks’ risk exposures are backed by a high quality capital base and there is greater focus on common equity, the highest quality component of a bank’s capital. Further, BASEL III also stresses that a strong liquidity base is of equal importance.
The CBSL is yet to issue guidelines on BASEL III framework and this would entail further improvements to the existing risk management structures and practices in the banking sector. However, the Bank is confident of meeting the additional capital requirements as specified in the standards.
Integrated Risk Management at the Bank
NDB believes in a strong risk governance structure as the foundation for its successful risk management framework. The Bank’s overall risk governance model is based on the concept of three lines of defence whereby the business lines, risk management and audit functions are carried out independently of one another.
Risk Governance
The Bank’s Board of Directors has the overall responsibility for risk management and sets the tone at the top for an effective management of risks through its risk appetite. In discharging its governance responsibility, it operates through two key committees, namely the Integrated Risk Management Committee (IRMC) and the Board Audit Committee (BAC) which have been formed in compliance with the CBSL Direction 11 of 2007 on Corporate Governance.
The Bank believes in combining the specialized knowledge of the business units and risk professionals in forming sub committees for the management of risks.
| Committee | Key Objectives | Represented by |
| Integrated Risk Management Committee (IRMC) | Review the Bank’s risk management policies, regulatory framework and compliance. IRMC also reviews the Bank’s risk profile against the agreed risk appetite, business continuity and disaster recovery plans. | Three members of the Board of Directors, CEO, CRO, CFO, Heads of Operational and Market Risks |
| Board Audit Committee (BAC) | Ensuring the Bank’s compliance to its internal and external regulatory guidelines. | Five members of the Board of Directors, CEO and Heads of relevant Business Units. |
| Assets and Liabilities Committee (ALCO) | Reviews all Market and Liquidity related exposures on a monthly basis and decisions are made to facilitate the business requirements and make investment/policy decisions. | CEO, COO, CFO,CRO, Heads of Business Units and Treasury |
| Credit and Market Risk Policy Committee | Review the Bank’s risk policy framework, overall performance and the potential risks faced by specific lines of business and support functions. |
CEO, COO, CRO and the Heads of Business Units, Treasury and representatives of the Group Risk Management |
| Operational Risk Policy Committee | Monitor and ensure that appropriate operational risk management frameworks are in place, adhering to the policies of the Bank.
Provide a forum for the discussion and management of all spects of operational risks and control lapses identified through the risk reporting process ensuring all significant issues raised in internal audits and regulatory reviews are resolved satisfactorily within agreed timescales while outstanding action points are tracked.
Ensure that there is full compliance of the local regulations and rules and raising awareness of new trends and developments in operational risk management techniques, and for the migration of best practices from the industry/market.
|
CEO, COO, CRO, CFO, Heads of Business Units, Treasury, Finance, Audit, IT and representatives of the Group Risk and Operational Risk Management teams. |
| Four Executive Credit Committees | Pre-clearance of large credits, approvals in line with delegated authority.
Reviewing portfolio and watch listed clients. Review status of NPLs. Review impairment. |
COO, CRO, Heads of Business Units and Senior officers of Business Units and Risk Management |
The Bank’s Risk Management Division is independent of the business units it monitors and reports directly to the Integrated Risk Management Committee and the CEO. Several units within the Risk Management Division contribute to the management of risk and co-ordinates across the business functions to ensure risk management is seamlessly integrated into the Bank’s corporate culture.
Our proactive approach towards risk identification and mitigation has given us the ability to absorb shocks arising from financial and economic stress scenarios and be more resilient and competitive in the market.
The Bank thrives on innovation to deliver new products which would cater to the growing and evolving needs of our customers. Risk management is a key aspect of product development and all new products are supported by product programmes which are reviewed and approved by all stakeholders including the Compliance Unit prior to the product launch. These product programmes are reviewed independently by internal audit and are subject to annual review.
Group Risk Management
The group companies are guided by the best practices of the Group Risk Management Division of the Bank. Each group company has developed and follows its own risk management framework and policies to manage and mitigate the exposures to different types of risks within their respective businesses.
The Key Risk Indicators/Key Performance Indicators of the Group companies are monitored and reported to Board sub-committee on Integrated Risk Management on a monthly/quarterly basis for their review. Further, the Bank’s Group Risk Management Team is a party to the approval process of credits, pre-clearance of product papers/ underwriting standards of specific companies.
Credit Risk
Credit risk is the risk of financial loss if a customer or counterparty fails to meet a payment obligation under a contract. It arises principally from on-balance sheet financial products such as loans, overdrafts, trade finance and leasing business, and also from off-balance sheet products such as letters of credit, bid and performance bonds, documents against acceptance, guarantees etc. This represent the Bank’s contingent commitments on behalf of its customers which also creates varying levels of credit risk. Credit risk generates the largest regulatory capital requirement of the risks we incur. Deterioration of counter-party credit quality and/or market volatility can lead to potential credit risk losses for the Bank.
Credit Risk Management at the Bank
The Bank manages the credit risk in the entire portfolio as well as individual credits or transactions with a view to minimize the
Non-Performing Loans and also to manage any concentrations as well as to maximize returns.
Credit risk management reviews and manages the credit process from origination to collection. The Bank has a well-defined credit policy approved by the Board of Directors. It defines the
- credit culture of the Bank
- target markets for lending
- credit granting process
- acceptable risk parameters
- remedial and recovery actions
The Bank uses the following principles/methods to manage credit risk across the Bank:
The Bank uses the following principles/methods to manage credit risk across the Bank;
- Structured and standardized credit approval process. – depending on the nature of the project/product standardized formats have been designed and evaluations are carried out by competent staff. There are clear guidelines set to ensure that credit is extended only to suitable and well-identified customers and
- never where there is any doubt as to their ethical standards and record,
- where the source of repayment is unknown or speculative nor where the purpose/destination of funds is undisclosed,
- never to take a credit risk where ability of the customer to meet obligations is based on the most optimistic forecast of events.
Risk considerations shall have priority over business and profit considerations;
- Delegation of Authority - Final authority and responsibility for all activities that expose the Bank to credit risk rests with the Board of Directors and the Board of Directors has delegated approval authority to the CEO, with authority to re-delegate limits to the Executive Credit Committees and the Business Lines. All approval limits are name specific and are based on the individual experience, facility type, collateral in order to ensure accountability and mitigate any judgmental errors. There are four Executive Credit Committees representing the four Business Lines and these committees comprise senior officers of business units as well as Risk Department. The delegated authority limits are reviewed periodically and the Bank follows the ‘four-eyes principle’ (i.e., minimum of two officers signing a credit proposal). Lending decisions are based on detailed credit evaluation carried out by Relationship Managers and reviewed/approved by designated approving authority/risk management.
- Internal Risk Ratings of Obligors - The credit portfolio of the Bank is risk-rated using an internally-developed system that takes into account quantitative as well as qualitative factors. The rating scale ranges from Triple A to B4 and the ratings of every obligor is reviewed at least annually or more frequently if required. This rating system is used as a guide for account monitoring, provisioning/collective impairment, granting delegated authority and pricing.
- A post sanction review and monitoring mechanism is in place to ensure quality of credit is not compromised. Any deteriorating credits with emphasis on internal and external early warning signals are identified and such accounts are ‘Watch Listed’. The Watch Listed clients are monitored closely with quarterly reports submitted to the Executive Credit Committee. Further, based on the Watch Lists the Bank assesses the portfolio at risk in the event, such accounts deteriorates further. Non-performing assets are identified at an early stage, enabling management to take action as appropriate.
- Prudential Limits - The industry and portfolio limits are set by the Board of Directors on the recommendation of the Risk Department. Credit Risk Management monitors compliance with approved limits. Desired diversification is achieved by setting maximum exposure limits on substantial exposure, industry/economic sector limits, single/group obligor limits, prudential group exposure limit.
- Stress Testing - specific forward looking scenarios are generated to analyze how the Bank’s capital adequacy would be affected by adverse changes in the operating environment. The Bank’s Stress Testing framework is embedded in the ICAAP document which has been approved by the Board of Directors and a number of variables relevant to management of credit risk are included in Stress Testing.
- Risk Appetite - limits and tolerances under normal and also stressed conditions have been formulated to ensure that risks stay within an acceptable range even during adverse conditions. These limits will be reviewed by the Board on an annual basis and actual performance against limits are reviewed by the members of the IRMC on a monthly basis.
| Credit Risk | |
| Non-Performing Loans (NPLs) Ratio | Maximum NPL ratio to be 3.5% of Gross Lending Portfolio |
| Target Internal Rating of Retail Exposures | Minimum 75% Portfolio rated ‘A’ or above as per the Internal Rating |
| Target Internal Rating of Corporate and SME Portfolio | Minimum 45% Portfolio rated ‘A’ or above as per the Internal Rating |
| Concentration Risk | |
| Top 20 Borrowers | Exposure to top 20 borrowers will not exceed 35% of Gross Lending Portfolio |
| Substantial Exposures Limit | Total Exposures of clients with exposures exceeding 15% of capital base not to exceed 500% of Bank’s Capital Base |
| Top 20 Depositors | Reliance on top 20 depositors will not exceed 25% of the Total Deposits |
Asset Quality
Risk management works closely with the Bank’s business units at every stage of the credit process, from facility origination to approval to collections, adding value as appropriate and developing the proposal in terms of risks, mitigants and returns.
The Bank’s strong credit risk management practices and the factors that impact credit risk are reflected in the following pictorial representations.
Market Risk
The vast majority of our businesses are subject to market risk, defined as the potential for change in the market value of our trading and investing positions. Risk can arise from adverse changes in interest rates, credit spreads, foreign exchange rates, equity prices, commodity prices and other relevant parameters, such as market volatility and market implied default probabilities.
Market risks can be distinguished between three substantially different types of risk.
- Trading market risk arises primarily through the market making activities. This involves taking positions in debt, equity, foreign exchange, other securities and commodities as well as in the equivalent derivatives.
- Traded default risk arising from the defaults and rating migrations relating to trading instruments.
- Non-trading market risk arises from market movements, primarily outside the activities of our trading units, in our banking book and from off-balance sheet items. This includes interest rate risk, credit spread risk, investment risk and foreign exchange risk as well as market risk arising from modelling of client deposits as well as savings and loan products.
Market Risk Management at the Bank
The primary objective of our Market risk management, a part of our independent Risk Function, is to ensure that our business units optimize the risk-reward relationship and do not expose the Bank to unacceptable losses outside of our risk appetite. To achieve this objective, Market risk management works closely together with the risk takers.
Market risk management at the Bank is designed and established to ensure oversight of all market risks, including trading market risk, traded default risk and non-trading market risk, effective decision making and timely escalation to senior management.
Market Risk Management defines and implements a framework to systematically identify, assess, monitor and report our market risk and support management and mitigation. Market risk managers identify existing and potential future Market risks through active portfolio analysis and engagement with the business areas.
Market Risk Measurement and Assessment
Market risk management aims to accurately measure all types of market risks by a comprehensive set of risk metrics reflecting economic and regulatory requirements.
In accordance with economic and regulatory requirements, we measure market and related risks by using key risk metrics such as:
- Metrics for Market Risk Standardized Approach
- Three types of stress tests: Portfolio stress testing, business level stress testing and event risk scenarios
- Market risk economic capital, including traded default risk
- Sensitivities
- Market value/notional (concentration risk)
- Duration analysis
- FX risk monitoring metrics
These measures are viewed as complementary to each other and in aggregate define the Market Risk Framework, by which all businesses can be measured and monitored.
Market Risk Monitoring
Our primary instrument to manage trading market risk is the application of our limit framework. The Board supported by Asset Liability Management Committee (ALCO) and Market Risk Management, sets the risk limits based on anticipated business plans and risk appetite.
The Bank’s comprehensive risk management framework covers the market, liquidity, asset and liability risks and proactively manages the exposures against the pre-defined risk parameters. Prudential internal limits have been defined for liquidity risks, price risks, exchange risks and asset/liability risks for close monitoring of exposures. All exposure limits are linked to the Bank’s capital base to ensure adequate and efficient capital allocation/planning. These limits are subject to annual review and are approved by the Board.
As an additional and complementary tool for managing certain portfolios or risk types, Market risk management performs risk analysis and stress testing. Limits are also set on sensitivity and concentration/liquidity, portfolio stress tests, business-level stress testing and event risk scenarios.
The market risk limits set by market risk management are monitored on a daily, weekly and monthly basis. Where limits are exceeded, Market risk management is responsible for identifying and escalating those excesses to the senior management on a timely basis.
Stress Testing
Losses beyond the confidence level are not captured by certain models, which therefore gives no indication of the size of unexpected losses in these situations. This is complemented by regular stress testing of market risk exposures to highlight the potential risk that may arise from extreme market events that are rare but plausible.
Stress testing is an integral part of the market risk management framework and considers both historical market events and
forward-looking scenarios. A consistent stress testing methodology is applied to trading and non-trading books. The stress testing methodology assumes that scope for management action would be limited during a stress event, reflecting the decrease in market liquidity that often occurs. Stress scenarios are regularly updated to reflect changes in risk profile and economic events. ALCO considers the results of stress tests as part of its supervision of risk appetite. Regular stress test scenarios are applied to interest rates, liquidity ratios, exchange rates, commodity prices and equity prices. Ad hoc scenarios are also prepared reflecting specific market conditions and for particular concentrations of risk that arise within the businesses.
Foreign Currency Net Open Position Stress Test Results as at 31 December 2013
The Bank’s net foreign currency position is tested on a daily basis under four stressed scenarios giving adverse shocks of 5%, 10%, 15% and 25% to the exchange rate to arrive at the maximum loss scenarios the Bank is exposed and is monitored against the limits set. Stress tests on liquidity are being carried out to ensure liquidity under stressed scenarios.
Limit is set at the minimum level of shock (Scenario 1) as an early warning where the Bank will take action to ensure that it does not surpass the first level of shock and reach worse case scenarios.
| Net Position* | Scenario 1 | Scenario 2 | Scenario 3 | Scenario 4 | |
| Magnitude of shock (adverse) | 5% | 10% | 15% | 25% | |
| Spot rate movement | 130.75 | 124.21 | 117.68 | 111.14 | 98.06 |
| Position loss/profit | *993,482 | (6,494,886) | (12,989,773) | (19,484,659) | (32,474,432) |
* The stress results of the Bank’s over-night Net Open Position is managed well within the risk limit and monitored on a daily basis.
Liquidity Stress Test Results as at 31 December 2013
| Stress Testing for Liquidity Risk - December 2013 | ||||
| Banks average Liquid Assets Ratio for the month - 27.33% | ||||
| Stress testing on Liquid Asset Ratio | ||||
| Magnitude of Shocks on Liquid Asset Ratio | ||||
| 5% | 10% | 15% | ||
| Scenario No. | Stress Scenarios | Revised LAR after relevant shocks | ||
| 1 | Adverse impact on MM & Institutional Borrowings/drop in market liquidity | 26.83 | 26.32 | 25.80 |
| 2 | Run down on CASA & Time Deposits | 24.45 | 21.32 | 17.92 |
| 3 | Impact on total liquid liabilities | 23.90 | 20.13 | 15.96 |
The Bank managed to maintain a healthy Liquid Asset Ratio well above the regulatory limit of 20% on a daily basis throughout the year and the stress results are being evaluated on a regular basis.
Sensitivity Analysis
Daily sensitivity analysis is carried out on major foreign currency Net Open Positions (NOP) giving positive and negative shocks to the spot rates to determine the impact of the profit or loss to the banks (P/L account). The Bank’s Statement of Financial Position too is subject to sensitivity analysis based on the duration of its interest sensitive assets and liabilities which is carefully managed within the set limit.
Exchange Rate Sensitivity of Major Foreign Currency Net Open Positions as at 31 December 2013.
| LKR Depreciate | LKR Appreciate | |||||||
| Spot Rate Shocks | -5.0% | -2.5% | -1.0% | Spot Rate | 1.0% | 2.5% | 5.0% | |
| Currency | Net Open Position | |||||||
| USD | 1,986,680 | 12,987,921 | 6,493,961 | 2,597,584 | 130.75 | (2,597,584) | (6,493,961) | (12,987,921) |
| GBP | (152,739) | (1,650,827) | (825,413) | (330,165) | 216.16 | 330,165 | 825,413 | 1,650,827 |
| EUR | (121,075) | (1,089,284) | (544,642) | (217,857) | 179.93 | 217,587 | 544,642 | 1,089,284 |
| JPY | 4,101,956 | 254,470 | 127,235 | 50,894 | 1.24 | (50,894) | (127,235) | (254,470) |
| AUD | (587,659) | (3,400,014) | (1,700,007) | (680,003) | 115.71 | 680,003 | 1,700,007 | 3,400,014 |
| Total | 7,102,266 | 3,551,133 | 1,420,453 | (1,420,453) | (3,551,133) | (7,102,266) | ||
The possible impact of exchange rate movements on the major NOP of major foreign currency positions is monitored to evaluate the impact on the P/L and ensure it is within acceptable levels.
Interest Rate Sensitivity of the Balance Sheet as at 31 December 2013
Modified Duration and Price Sensitivity of Assets and Liabilities
| As at 31 December 2013 | Duration | Total Balance LKR mn |
Price Sensitivity DEC |
| Assets: | |||
| Overdrafts - LKR | 2.88 | 17,392 | 500.92 |
| Margin Trading | 2.88 | 194 | 5.59 |
| Credit Cards | 2.88 | 97 | 2.79 |
| Short-Term Loans | 0.10 | 22,662 | 22.77 |
| Project Loans Fixed | 1.47 | 15,332 | 226.00 |
| Refinance Loans | 1.36 | 628 | 8.55 |
| Securitization Loans | 0.03 | 6,127 | 2.07 |
| Post-Import Finance - LKR | 0.11 | 9,685 | 10.84 |
| Packing Credit - LKR | 0.07 | 46 | 0.03 |
| Fixed Retail Loans | 1.17 | 1,536 | 17.91 |
| Fixed DM Loan | 1.70 | 7,298 | 124.31 |
| Raththaran Loans | 0.39 | 26 | 0.10 |
| Vishmitha/Cash Back | 1.58 | 829 | 13.12 |
| Fixed Housing Loans | 2.87 | 4,487 | 128.58 |
| Variable DM Loans | 0.07 | 3,120 | 2.09 |
| Staff Loans | 1.90 | 1,470 | 27.93 |
| Pawning | 0.17 | 1,978 | 3.31 |
| AF Lease | 1.17 | 6,623 | 77.53 |
| Hire Purchase | 1.35 | 1,612 | 21.70 |
| Investments in Treasury Bills | 0.35 | 5,850 | 20.26 |
| Investments in Treasury Bonds | 0.99 | 10,490 | 103.47 |
| Investments in T Bills Trading | 0.44 | 5,842 | 25.44 |
| Investments in T Bonds Trading | 4.01 | 9,160 | 367.32 |
| Reverse Repos | 0.02 | 4,918 | 0.93 |
| Total assets | 1,713.55 | ||
| Liabilities | |||
| Demand Deposits | 1.39 | 10,134 | 141.06 |
| Savings Deposits | 3.26 | 14,417 | 470.16 |
| Call Deposits | 3.18 | 955 | 30.41 |
| Margin Deposits | 3.36 | 463 | 15.55 |
| Term Deposits | 0.35 | 72,159 | 252.56 |
| Repurchase Agreements | 0.12 | 11,650 | 10.04 |
| Borrowings LKR | 0.01 | 500 | 0.05 |
| Credit Lines Fixed | 1.32 | 6,134 | 80.97 |
| Debentures | 5.00 | 10,400 | 520.00 |
| Other Liabilities | 2.65 | 10,595 | 280.77 |
| Total Liabilities | 1,805.56 | ||
| Price Sensitivity | 92.01 | ||
| Limit | 150 |
Modified Duration - measurement of the portfolio to a 1% change in interest rates.
Price Sensitivity - Sum of value change in each portfolio due to a 1% change in interest rates.
The price sensitivity of the Statement of Financial Position was managed within the pre-defined risk parameters whilst maximizing the market potential on interest sensitive assets and liabilities.
Mark to Market Exercise
Trading portfolios of Securities (Treasury Bills/Bonds), Equity and Foreign Currency Options are subject to mark to market exercise on a daily basis and are monitored against the set stop loss limits. Prompt management action is taken where necessary ensuring minimum loss situations to the portfolios.
Liquidity Risk
Liquidity risk arises due to unmatched maturities of assets and liabilities, that hinders honouring commitments as and when they fall due or will have to do so at an excessive cost. Thus the overall funding strategy takes into consideration both timing and size of business and investment together with the various sources of funding.
Effective liquidity risk management is essential to maintain the confidence of depositors and counterparties as well as to ensure that the Bank’s core businesses continue to generate revenue, even under adverse conditions.
Liquidity Risk Management at the Bank
The objective of our liquidity framework is to ensure that all anticipated funding commitments can be met when due and allow us to withstand liquidity stresses whilst maintaining our business profile. It is designed to be adaptable to changing business models, market and regulations.
The Bank maintains well-articulated liquidity risk management policies and procedures, which drive the level of liquidity risk exposures and determine the business size and maturities which ensure that it has at all times sufficient liquidity to meet its financial obligations at a fair market price.
We also monitor key liquidity metrics on a regular basis, both on local currency and foreign currency Statements of Financial Position and prudential limits are set to better manage the liquidity profile of the Bank.
Our principle mechanism for implementation of the liquidity policy is to maintain the Bank’s liquid assets to liabilities ratio above the regulatory defined ratio of 20%. Our internally set prudential liquidity limits/ ratios would give us early warnings of any areas of concern. The Bank has maintained a healthy Liquid Asset Ratio throughout the year.
Advances to Deposits Ratio
This is defined as the ratio of total loans and advances to customers relative to deposits available which has been maintained within the set parameters.
Medium-Term Funding (MTF) Ratio
Healthy MTF ratio throughout the year represents the stable funds available for the Bank to fund the long-term assets of the Statement of Financial Position.
Net Loans to Total Assets Ratio
The consistency in the Net Loans to Total Assets Ratio of the Bank reflect that the Bank has maintained the share of loans & advances in total asset base focusing mainly on Loans and Advances.
Liquid Assets to Short-Term Liabilities
The Statutory Liquid Asset ratio has been maintained above the regulatory requirement at all times. Hence the Liquid Assets to Short term liabilities (< one year) would definitely result a higher ratio than the statutory level. The Bank maintained this ratio at a prudent level whilst meeting the commitments on a daily basis.
Purchased Funds to Total Assets
The Bank has maintained the Purchased Funds to total assets ratio below 20 % throughout the year. The ratio has increased in relation to the expansion of the Asset base during the year.
Commitments to Total Loans
With the expansion of the Statement of Financial Position the Bank’s total loan portfolio has increased during the year. As a result, the Commitments & the Commitments to total Loans ratio was also at an increasing trend.
Through the deposit concentration policy requirements we ensure that the Bank is not relying on a limited number of depositors or funding sources. The Top 20 depositors’ account for only 17.2% of the total deposit portfolio whilst the Top 10 depositors account 11.80% as at end December 2013 which reflects the granularity of our deposit base.
The liquidity position of the Bank further strengthened in 2013 with the planned debenture issue and inflows of customer deposits during the year. Our Advances to Deposit Ratio (ADR) improved considerably compared to the previous year with the aggressive deposit mobilization campaigns. During 2013 customer deposits grew by 20.5%. Our stable funding ratio which reflects the measure of advances to core funding recorded a ratio of 78% as at 31 December 2013 reflecting the strong liquidity profile of the Statement of Financial Position. The Bank will continue to focus on liability generation, which will be a necessary pre-condition for significant asset growth.
A satisfactory trade-off between liquidity and profitability is maintained by categorizing liquidity shortfalls in the Statement of Financial Position into suitable time buckets, placing exposure limits on each time bucket to monitor the liquidity mismatch gaps. These limits correspond to the liquidity available to the Bank through various fund providers, at an agreed level of confidence.
We have carefully assessed and revised our Statement of Financial Position maturity mismatch limits in order to optimise market opportunities which are being effectively managed by our Asset Liability Management Desk (ALM desk) which was set up in 2013 within the finance function. Separate gap limits are set for the local currency and foreign currency Statement of Financial Position based on the size and the nature of the Bank’s Statement of Financial Position.
The Bank is equipped with a comprehensive Liquidity Contingency Funding Plan (LCFP) linked to the Business Continuity Plan, which is in line with the regulatory guidelines. The LCFP clearly defines the responsibilities of the Liquidity Management Team and ensures the business continuity through close monitoring of the Bank’s liquidity position against the pre-defined liquidity risk trigger points. Trigger points have been defined taking into consideration the Bank’s specific and systemic triggers which would cause a liquidity crisis. Action Plans are set out under each level of liquidity crisis (Mild, Moderate, Severe) with responsibilities assigned to a Liquidity Management Team nominated from all areas of business to ensure that all stakeholders of the Bank are safeguarded. We have also entered in to a reciprocal liquidity funding agreement with identified counterpart banks to ensure stability.
Segregation of Duties
Clear segregation of duties has been established between different business units ensuring prudent control and monitoring mechanisms. The Treasury Front Office reports to the CEO and Treasury Back Office reports to Head of Operations. The Market Risk Management Unit reports directly to the CRO who is a member of Bank’s Assets and Liabilities Committee (ALCO). All senior level staff attached to the Market Risk Management Unit, Treasury Front Office and Treasury Back Office have obtained the internationally recognised ACI qualification offered by the Financial Markets Association, as required by the CBSL directives and are competent in their job profile.
The Assets and Liabilities Committee (ALCO), comprising of senior management staff from the Treasury, Risk-Management and the Finance Departments and all business units of the Bank together with the Market Risk Management Unit is responsible for the supervision and management of market risks. The ALCO meets on a monthly basis and whenever circumstances demand. Its main responsibilities are:
- to decide on the required maturity profile and mix of incremental assets and liabilities;
- to monitor the structure and composition of the Bank’s assets and liabilities and decide on product pricing for deposits and advances;
- to articulate the interest rate view of the Bank and decide on future business strategy;
- to review and articulate funding policy;
- to decide the transfer pricing policy of the Bank;
- to evaluate risks involved in launching new products
ALCO is the governing body for the market risk, liquidity risk and asset liability risk management and the implementation of the Bank’s risk management policies, procedures and systems is delegated to the Head of Market Risk Management who reports to the Chief Risk Officer. Market and liquidity risks are addressed at ALCO on a monthly basis and at the Board Integrated Risk Management Committee level on a quarterly basis.
The market risk management in the Bank is evolving vary fast and there is greater emphasis on strengthening systems and people with adequate training and system support.
Market and Liquidity Risk Reporting
Risk reporting creates transparency on the risk profile and facilitates the understanding of the core market/liquidity risk drivers to all levels of the organization. The Board, Senior Management and the Risk Management Committees receive regular reporting, as well as ad hoc reporting as required, on market risk, liquidity risk, regulatory capital and stress testing. Senior risk committees receive risk information at a number of frequencies, including weekly, monthly or quarterly.
Additionally, market risk management produces daily and weekly market risk specific reports and daily limit excess reports for management review and action. Such reports include -
- Daily Market Risk Report on foreign exchange to Treasury, Finance, CEO and GRM
- Daily Limit Exception Report to Treasury and GRM
- Weekly/Monthly Liquidity Risk Report on internal/external liquidity trends/analysis to ALCO and IRMC
- Monthly market risk reports on Foreign Exchange, Liquidity, Deposit Concentration, Country Exposure Reports to ALCO
- Monthly ALM Reports to ALCO
- Quarterly Market, ALM and Liquidity reports to CMRPC and IRMC
- Quarterly Risk Assessment Report to the Board
Operational Risk
Over the last few years, the Bank has developed processes, management tools and a control infrastructure to enhance the control and management across the Group of the operational risks that are inherent to its various activities. These include, among others, general and specific procedures, permanent supervision, business continuity plans, new product development programmes and designated staff members for the management of operational risk in the business unit and support functions.
The Operational Risk Management Unit
The Operational Risk Management Unit was incorporated within the Group Risk Management in 2009. It works in close co-operation with operational risk staff in the business units and support functions.
The Operational Risk Management Unit is notably responsible for;
- Running the operational risk function
- Devising and implementing the Bank’s operational risk policy in co-operation with the business units and support functions.
- Promoting an operational risk culture throughout the Group.
- Defining at Group level, methods for identifying, measuring, monitoring, reducing and/or transferring operational risk, in
co-operation with the business units and support functions, in order to ensure consistency across the Group. - Maintaining the Bank’s Business Continuity Plan (BCP) and crisis management policy, managing the policy and co-ordinating its implementation.
The Operational Risk Function
In addition to the Operational Risk Management Unit, the operational risk function includes Operational Risk Managers (ORMs) in the business units and support functions, who are under the operational authority of the Bank’s Head of Operational Risk.
ORMs operate in the Bank’s units and are responsible for implementing the Bank’s procedures and guidelines, and for monitoring and managing operational risks, with the support of the staff in the business units and support functions and in close collaboration with the respective Business/Support Function Heads.
Operational Risk Committees have been set up at the Bank level, as well as business levels and support function levels.
Operational Risk Management at the Bank
Since 2009, the Bank has used the Basic Indicator Approach (BIA) as proposed by the Capital Requirements Directive, to measure operational risk.
This approach notably makes it possible to:
- identify the greatest risk exposures, and
- the types of risk that have the greatest impact on the Bank’s risk profile and overall capital requirements;
- enhance the Bank’s operational risk culture and overall management, by introducing a virtuous cycle of risk identification, improved risk management and risk mitigation and reduction.
The Bank holds capital for operational risk, equal to 15% of the positive average annual gross income, over the previous three years.
The Bank’s regulatory capital requirements for operational risks within the scope of BIA (Basic Indicator Approach) requirements are calculated using the above stated formula. The Bank’s capital requirements for operational risks were LKR 1.304 bn at the end of 2013, representing LKR 13.03 bn in risk weighted assets. In accordance with the Regulator’s Guidelines, the Bank has commenced parallel computation of capital in terms of The Standardized Approach (TSA) with effect from December 2011.
Operational Risk Monitoring Process
The frameworks specifically established by the Basel II Regulations (the Capital Requirements Directive and ‘Sound practices for the management and supervision of operational risk) have been implemented, on the basis of existing procedures wherever
possible, to support the ‘virtuous circle’ referred to previously.
They notably include:
- Gathering of internal data on operational risk losses
- Risk and Control Self-Assessment (RCSA) processes
- Key Risk Indicators (KRI)
- Scenario analysis and stress testing
- Business continuity planning and crisis management
The Bank’s classification of operational losses in seven Basel loss event categories is the cornerstone of its risk modelling, ensuring consistency throughout the system and enabling analysis across
the Bank.
Internal Loss Data Collection
Internal loss data has been compiled throughout the Bank since 2010, enabling operational staff to define and implement the appropriate corrective actions (changes to activities or processes, strengthening of controls etc.):
- Build expertise in operational risk management concepts and tools
- Achieve a deeper understanding of their risk areas
- Help foster an operational risk culture throughout the Bank
All losses are recorded, and losses above the value of LKR 100,000 are reported to the Board Integrated Risk Management Committee on a monthly basis and losses over LKR 500,000 are reported to the regulator on a quarterly basis.
Risk and Control Self-Assessment (RCSA)
The purpose of Risk and Control Self-Assessment (RCSA) is to assess the Bank’s exposure to operational risks in order to improve their monitoring. Based on the results of other operational risk management tools/methodologies (internal losses, KRI, etc) risk areas are identified by business units and support functions for their respective fields of expertise, and interviews with key staff.
Its objectives are as follows:
- Identifying and assessing the major operational risks to which each business unit or support function is inherently exposed (the ‘intrinsic’ risks), while disregarding prevention and control systems. Where necessary, risk mapping established by the business units or support functions contribute to the evaluation of intrinsic risks.
- Assessing the quality of major risk prevention and mitigation measures, including their existence and effectiveness in detecting and preventing major risks and/or their capacity to reduce their financial impact.
- Assessing the major risk exposure of each business unit or support function that remains once the risk prevention and mitigation measures are taken into account (the ‘residual’ risk), while disregarding insurance coverage.
- Correcting any deficiencies in risk prevention and mitigation measures and implementing corrective action plans.
- Facilitating and/or supporting the implementation of key risk indicators.
- Adapting the risk insurance strategy, if necessary.
As part of this exercise, major risks of a given scope are described using a double scale of impact and probability.
Key Risk Indicators (KRI)
KRIs supplement the overall operational risk management system, by providing a dynamic view of changes in business line risk profiles as well as a warning system. Regular KRI monitoring assists managers of the entities in their assessment of the Bank’s operational risk exposure obtained from the RCSA, the analysis of internal losses and scenario analysis, by providing them with:
- A quantitative, verifiable risk measurement,
- A regular assessment of the improvements or deteriorations in the risk profile and the control and prevention environment which require particular attention or an action plan.
KRIs that may have a significant impact on the entire bank are reported to the Bank’s senior management and the Board Integrated Risk Management Committee.
Scenario Analysis and Stress Testing
Scenario analysis serves two purposes - informing the Bank about potential significant areas of risk and contributing to the calculation of the capital required to cover operational risks.
For the calculation of capital requirements, the Bank uses stress tests to measure its exposure to potential losses.
Analysis are undertaken for major bank stress scenarios, involving very severe events that cut across business units and support functions, having an external cause in most cases and requiring, if necessary, a Business Continuity Plan (BCP). The scenarios of this type analysed so far have helped to develop the Business Impact Analysis aspects of the BCP.
The Bank does its operational risk stress testing using two approaches -
- Operational Risk Value at Risk (OpVaR) based Stress Testing
This is calculated based on the Bank's Internal Loss Data (ILD); however, OpVaR based capital is less than Operational Risk capital calculated based on BIA approach. Hence, no additional capital is allocated. - BIA-based Stress Testing
Stress scenario considers that 18% of stress has been applied on gross income and while comparing the same with BIA capital, 3% of additional stressed capital is required.
Business Continuity Planning and Crisis Management
In order to cover the risk of a crisis affecting the Bank’s staff, premises and IT systems, the ‘Crisis Management’ team steered by the Bank’s Business Continuity Management Co-ordinator along with the Human Resources Department, aims to prevent health and safety risks, and to define and maintain the crisis system in operating condition.
The Bank also prepares to face all kinds of disasters (loss of operating resources, failures, lack of human resources, etc.) by developing business continuity plans. To do this, it draws on a methodical approach based on international standards and regularly tests its emergency response mechanisms.
Insurance Cover in Operational Risk Management
The Bank has a comprehensive insurance policy as a measure to mitigate risks. This falls within the framework of risk mitigation and control which in turn is an integral component of the risk management framework of the Bank.
Description of Coverage
General Risks
Buildings and their contents, including IT equipment, are insured at their replacement value. Liability other than professional liability
(i.e. relating to operations, Directors, vehicles, etc.) is covered by insurance policies.
Risks Arising from Operations
Insurance is one of the measures to offset the consequences of the risks inherent in the Bank’s activity. It complements the risk monitoring policy led by the Bank and also by its Internal Controls.
Theft/Fraud
These risks are included in the ‘Bankers Indemnity Cover’ policy that insures all the Bank’s financial activities around the country. Fraudulent actions by an employee or by a third party acting on its own or with the aid of an employee with the intent to obtain illicit personal gain or through malice are covered.
Professional Liability
The consequences of any legal action against staff or managers as a result of their professional activity are insured under the Bank’s
BID policy.
Operating Losses
The consequences of any accidental interruptions to activity are insured under a bank-wide policy. This policy supplements the business continuity plans. The amounts insured are designed to cover losses incurred between the time of the event and the implementation of an emergency solution.
Quantitative Data
The majority of the losses caused during the year 2013 mainly due to low Karatage articles pawned at branches which were classified under loss type, - Execution, Delivery and Process Management as per the Basel Guidelines.
Strategic Risk Management
Strategic risk is the possibility of current and prospective impact on earnings or capital arising from adverse business decisions, improper implementation of decisions or lack of responsiveness to industry changes. The Bank manages Strategic Risk in the following manner: A five year Strategic Plan has been formulated by the Corporate Management and the Board. This is updated annually and is used
as the foundation for defining new business goals, budgets and resource planning.
During FY2013, Bank made significant strides in managing strategic risk in a more robust and holistic manner across the Group. Amidst the challenging business landscape and tighter regulatory regime, Risk Management has managed to enhance and embed risk management into the business to drive value creation for the Group.
Taking cognizance of strategic risks, the Bank continues to plan, monitor and respond to internal and external risk factors in an anticipative manner. This is further accomplished through the continuing implementation of the Strategy implementation Tracker
The Strategic Plan is linked to individual employee performance through a goal setting process and periodic performance reviews are carried out to motivate employees and create a performance culture to ensure that business goals and objectives are achieved, thus mitigating strategic risk.
Reputational Risk Management
Reputation Risk arises from the negative effects of public opinion, customer opinion and market reputation, and the damage caused to brands by failing to manage public relations. The Bank has implemented the following to manage reputation risk:
All employees are responsible for day-to-day identification and management of reputational risk. These responsibilities form part of the Bank’s Code of Conduct and are further embedded through values-based performance assessments.
Reputation risk management and mitigation aspects are embedded in the Bank’s policies and procedures, training programmes, the Business Continuity Plan and through the Audit and Board Risk Management Committees. A Customer Complaint Handling Process has been established under which the customers have a range of options through which they can forward their grievances to the Bank, by way of letters, using our public help line that is manned on a 24 hour basis, through the Bank web-site or social media. A senior officer is tasked with coordinating such grievances and handling customer relations. Significant public or customer grievances are submitted for appropriate action by corporate management and review by operational risk committees. In addition to the above, contact details of the country’s financial Ombudsman is displayed at every branch for customers to refer their complaint if it is not resolved to their satisfaction by the Bank.
The Bank has a Whistle Blowing Policy approved by the Board providing a channel for employees to raise issues, if any, on breaches of any law, statutory, regulatory or other ethical concerns shared by them.
Legal Risk
The Bank is subject to a comprehensive range of legal obligations and as a result is exposed to many forms of legal risks, which may arise in a number of ways:
- Business may not be conducted in accordance with applicable laws.
- Contractual obligations may either not be enforceable as intended or may be enforced in an adverse way
- Legal repercussions of lacunae in documents, forms, advertisements and other modes of conduct and communication adopted by the Bank
- Intellectual property may not be adequately protected.
- Liability for damages may be incurred to third parties harmed by conduct of its business.
Legal risk is managed by the Legal Department. The Heads of departments for each business unit is responsible for management and reporting of legal risk. The adequacy and effectiveness of the controls operated in the business units are overseen by the Head of Legal Department. Specific risks relating to legal risk are reported on a monthly basis to the Board.
Compliance Risk
Compliance risk is defined as the risk of legal or regulatory sanctions, material financial loss, or loss to reputation and integrity an institution may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organizational standards, and codes of conduct applicable to its business activities. Thus, it is very closely related with reputation and legal/regulatory risk.
The Bank has a well laid out; Board approved Compliance Charter, which defines the fundamental principles, roles and responsibilities of the compliance function within the organization as well as its relationship with senior management, the Board of Directors and the business and operational functions.
The Charter applies to all Board and staff members of the organization and all its branches. Operationally the Bank has a detailed compliance programme to manage compliance risk in the day-to-day conduct of business in the Bank and has well-defined processes for risk identification, assessment, mitigation and control.
Future Outlook
Given the opportunities presented in the post war era, the Bank has been very aggressive in pursuing business. Emphasis has been given to SME, Retail and Project Finance in support of the development objectives of the country. Risk has facilitated this process by reviewing existing policies and procedures within acceptable risk parameters and strengthening the post-sanction monitoring process.
The credit process will be enhanced to address prevailing challenges, while credit models to be implemented will be subjected to periodic validation for the purpose of obtaining necessary assurances. Portfolio stress tests will be adopted as appropriate, to consider implications of scenarios that may seem relatively unlikely but could pose serious risks to the institution if they crystallize.
The Bank will continue to focus on the growth sectors of the economy through strategic portfolio planning, supported by sound risk identification, measurement, control, monitoring and reporting.
