The perception of risk management is fundamentally changing within today’s institutions. It is no longer purely used as a control mechanism but as a critical input in the decision making process. The industry continues to evolve rapidly, posing challenges from emerging technologies and business processes, new financial instruments, the growing scale and scope of financial institutions, and changing regulatory frameworks. Establishments in every industry and country are reminded all too frequently, that they operate in a risky environment. Recent drop in commodity prices, stressed construction and manufacturing activities, natural disasters, data breaches and other cyber threats affecting core operations, vividly illustrate the realities that organizations face, where the effects of such events can suddenly force them into worldwide headlines, creating complex enterprise wide risk events that threaten reputation and profits.
At NDB, we believe that a banking organization needs a good risk governance structure in place. An enterprise-wide approach is appropriate for setting objectives across the organization, implanting an enterprise-wide culture, and ensuring that vital events and threats are being monitored on a regular basis and that ʻRisk Managementʼ remains prominent as a key strategic focus at all times.
As a provider of banking and financial services, risk is at the core of our day-to-day activities. The Bank’s risk philosophy is that risk should be taken in line with the Bank’s risk appetite and it should complement the Bank’s business strategy.
The business of banking naturally entails assuming ʻRisksʼ in all business transactions. As a result, ‘Risk Management’ has gained prominence as a key strategic focus in managing banks effectively in today’s impulsive financial markets. The vision of risk management is to proactively assist the business in delivering superior shareholder value by ensuring an optimal trade-off between risks and rewards whilst upholding strong liquidity and adequate capital positions at all times combined with a robust asset quality. The operating model within the Bank encapsulates this vision and cascades the actions to fulfil same by promoting an organization-wide risk culture. Risk culture within the Bank aptly balances growth and risk, supported by a well-defined risk appetite, comprehensive integrated risk management framework, effective governance structure and appropriate tools to measure and manage risk.
The changing nature of todayʼs business world is increasing the scope and potential impact of the risks faced. The ability of a bank to take strategic initiatives within a predefined and consistent risk framework can be considered as a speciality that can make a difference in the Bank’s drive to ensure secure returns to all stakeholders in todayʼs competitive market scenario. Hence, the Bank has recognized that building its risk management capabilities is a ʻjourneyʼ rather than a destination and is committed to maintaining and continuously improving its risk management framework and capabilities through a number of initiatives including substantial investments in IT, training and development of human resources. The management of risks inherent in the loan portfolio remained a focal point for the Bank in the current year, even as the Bank continued its strategy to expand the loan book to greater levels.
Our risk management capabilities have progressed encouragingly towards best in class and will continue to be strengthened and enhanced to create value and be a competitive advantage to support the Group’s aspirations.
Risk | Mitigants |
Concentration risk arising from equity market activities |
|
Risk of Natural Disasters |
|
Geopolitical events |
|
Interest rate movements |
|
Risk of fraud/Cyber Risk |
|
Financial markets instability |
|
Regulatory changes and compliance |
|
Exchange rate movements |
|
Risk arising from inability to meet maturing deposit liabilities |
|
Risk appetite is defined as the quantum of risk the Bank is willing to assume in different areas of business in achieving its strategic objectives and ensuring maintenance of desired risk profile. Maximum tolerance limits are set annually and reviewed monthly to capture any deviations. The risk appetite framework and risk tolerance limits have been defined by the Board in consultation with the Senior Management of the Bank in line with the Bank’s overall business strategy, providing clear direction to the business units for ongoing operations and risk management.
In the event, the risk appetite threshold has been breached, risk management and business controls are implemented to bring the exposure level back within the accepted range. Risk appetite, thus, translates into operational measures such as limits or qualitative checkpoints for the dimensions of capital, earnings volatility and concentration risk etc.
In order to effectively implement risk appetite, NDB has defined quantitative indicators (e.g. capital adequacy level and risk limits) or qualitatively embedded same in the policies and procedures (e.g. underwriting criteria).
NDB has formulated its risk appetite covering the following categories: Bank Wide Level Risk Category Level, Credit Risk, Market Risk, Operational Risk, Concentration Risk, Liquidity Risk, Interest Rate Risk (in Banking Book) and Compliance Risk.
The Bank’s approach to Risk Management is spelt out in the Integrated Risk Management Framework approved by the Board Sub-Committee for Integrated Risk Management and the Board of Directors. The framework sets out the process of identifying, measuring, monitoring and controlling the different types of risks, the governance structure in place. The main objectives of the framework are:
In addition to the main risks (viz. Credit Risk, Market Risk and Operational Risk) NDB has considered fourteen other risks which are material to it. These additional risk categories include, Liquidity Risk, Interest Rate Risk in the banking book, Underestimation of Credit Risk in Standardized Approach, Residual Credit Risk, Concentration Risk, Compliance Risk, Legal Risk, Strategic Risk, Governance Risk, Cross-border Risk, Settlement Risk, Reputational Risk, Model Risk and Group Risk.
The Bank’s risk management framework is employed at all levels of the organization, and is instrumental in aligning the behaviour of individuals with the overall attitude to assuming and managing risk and ensuring that our risk profile is aligned to our risk appetite. In an attempt to cultivate risk-based decision making by the business lines, Group Risk Management Department plays an active role as a mentor and facilitator by instigating new ways of knowledge transfer, and it is one of the core values of the department’s culture.
The Bank together with its subsidiaries, in the process of financial intermediation are confronted with various kinds of financial and non-financial risks such as credit, interest rate, foreign exchange rate, liquidity, equity price, commodity price, legal, regulatory, reputational, operational, etc. These risks are highly interdependent and events that affect one area of risk can have consequences on a range of other risk categories. Thus, considerable importance is given to improve the ability to identify, measure, monitor and control the overall level of risks undertaken.
Aggregating the risks of Group Companies remains a challenge due to their diverse business models and risk profiles. The Group Companies are engaged in investment banking, capital market activities, unit trust management and property management activities. However, the Bank believes the ‘Group Risk’ is greatly mitigated as:
Each Group Company remains responsible for the management of risks, including associated controls and ongoing monitoring processes. Risks identified by Group companies are reported to Group Risk Management Department on a monthly basis through appropriate risk indicators (using a Risk Dashboard) and management information for review and escalation. Top risks and associated mitigants are also highlighted.
The main risk categories being reviewed are as follows:
All Group Companies are required to have relevant policies and limits for monitoring purposes and to ensure that risks are within acceptable levels/in-line with its risk appetite. All risk-related policies of the Group Companies are vetted by Group Risk Management Department to ensure compliance with the regulatory requirements and internal policies applicable to the Bank. Hence, allocation of separate capital for Group Risk is not required.
The Bank’s Board of Directors has the overall responsibility for risk management and sets the tone at the top, for an effective management of risks through its risk appetite. In discharging its governance responsibility, it operates through two key committees, namely the Integrated Risk Management Committee (IRMC) and the Board Audit Committee (BAC) which have been formed in compliance with the CBSL Direction No. 11 of 2007 on Corporate Governance. The Bank believes in combining the specialized knowledge of the business units and risk professionals in forming sub-committees for the management of risks.
The Bank’s Risk Management Division is independent of the business units. It monitors and reports directly to the Integrated Risk Management Committee and the CEO. Several units within the Risk Division contribute to the management of risk and co-ordinate across the business functions to guarantee risk management is impeccably integrated into the Bank’s corporate culture.
The strategy of the Bank is ensuring sustained profitability through good and bad times. The need of the economy is resilient banks which create shareholder value. BASEL regulations have been introduced worldwide to ensure resilience of the individual banks as well as the banking system as a whole.
The Bank is fully compliant with the BASEL II regulatory requirements.
The Bank has already embarked on its journey towards advanced approaches of minimum capital computation under Pillar I in order to optimize on capital allocation. Thinking ahead, the Bank is in the process of automating its capital computation process in terms of Credit and Market Risks. This pioneering strategic move will help the Bank to optimize usage of shareholder capital, which will be critical in the next few years for all banks. The automation of manual process will ensure accuracy and better conformance to guidelines.
Credit Risk – The Bank is currently using the Standardized Approach for capital computation for Credit Risk. With the intention of moving to Internal Rating Based Approaches, the Bank has rolled out rating models with the assistance of CRISIL Risk and Infrastructure Solutions Ltd., India. The system supports the Probability of Default (PD) and Loss Given Default (LGD) computations.
Market Risk – The Bank uses The Standardized Approach for capital computation for Market Risk. The Bank has already rolled out its VaR models and is ready to move to advanced approach of capital computation for Market Risk on receipt of guidelines from the regulator.
Operational Risk – The Bank is currently using the Basic Indicator Approach for operational risk capital computation. The Bank has also started parallel computation of capital requirements as per The Standardized Approach (TSA) as well as Alternative Standardized Approach (ASA) and planning to move to ASA during 2016.
Capital helps protect individual banks from insolvency, thereby promoting safety and soundness in the overall banking system. Minimum regulatory capital requirements under Pillar 1 establish a threshold below which a sound bank’s regulatory capital must not fall. The Pillar 2 (Supervisory Review Process – SRP) requires banks to implement an internal process, called the Internal Capital Adequacy Assessment Process (ICAAP), for assessing their capital adequacy in relation to their risk profiles as well as a strategy for maintaining their capital levels. The Pillar 2 also requires the supervisory authorities to subject all banks to an Evaluation Process/Supervisory Review Process (SRP), and to initiate such supervisory measures on that basis, as might be considered necessary. NDB has in place an ICAAP and has adhered to same from January 2013. ICAAP process has strengthened the risk management practices and capital planning process.
Bank has in place a comprehensive Stress Testing Policy and Framework in line with the regulatory guidelines as well as international best practices. The policy describes the purpose of stress testing and governance structure and the methodology for formulating stress tests whilst the framework specifies in detail the Stress Testing programme including the tolerance limits and remedial action.
Stress testing is the process of determining the change to a portfolio due to the occurrence of extreme realistic events. Management reviews the outcomes of the stress tests and where necessary determines, appropriate mitigating actions such as reviewing and changing risk appetite in order to manage the risks identified by potential stresses.
Item | Amount LKR. million |
Regulatory Capital | |
Core Capital | 20,018 |
Capital Base | 29,614 |
Calculation of Risk-weighted Amount | |
|
207,510 |
|
10,161 |
|
17,491 |
Calculation of Capital Adequacy Ratios (%) | |
|
8.51 |
|
12.59 |
The Bank has implemented stress tests to measure the resilience of its lending portfolio to adverse movements by applying low, moderate and high impact shocks on hypothetical scenarios.
The details of credit risk stress testing are given below:
Scenario 1 | Scenario 2 | Scenario 3 | |
1. An increase in the NPLs in the loan book | 5% Increase | 10% Increase | 20% Increase |
Revised CAR % | 12.5 | 12.4 | 12.2 |
2. A negative shift in NPL categories on the Bank’s credit portfolio | 50% Increase | 80% Increase | 100% Increase |
Revised CAR % | 12.5 | 12.4 | 12.4 |
3. Fall in FSV of mortgaged collateral in credit portfolio | 10% Decline | 20% Decline | 40% Decline |
Revised CAR % | 12.6 | 12.6 | 12.6 |
4. Default of Large Borrowers | Default of Top Borrower | Default of Top 2 Borrowers | Default of Top 3 Borrowers |
Revised CAR % | 12.0 | 11.6 | 11.4 |
5. Default by the Largest Group | Default by Top member of the Group | Default by Top 2 members of the Group | Default by all members of the Group |
Revised CAR % | 12.2 | 12.2 | 12.2 |
Losses beyond the confidence level are not captured by certain models, which therefore gives no indication of the size of unexpected losses in these situations. This is complemented by regular stress testing of market risk exposures to highlight the potential risk that may arise from extreme market events that are rare but plausible.
Stress testing is an integral part of the market risk management framework and considers both historical market events and forward-looking scenarios, to give early warning signals to align the business and take appropriate action in a proactive manner. A consistent stress testing methodology is applied to trading and non-trading books. The stress testing methodology assumes that scope for management action would be limited during a stress event, reflecting the decrease in market liquidity that often occurs. Stress scenarios are regularly updated to reflect changes in risk profile and economic events. Regular stress test scenarios are applied to interest rates, liquidity ratios, exchange rates, commodity prices and equity prices. Ad hoc scenarios are also prepared reflecting specific market conditions and for particular concentrations of risk that arise within the businesses.
Bank’s net foreign currency position is tested on a daily basis under four stress scenarios giving shocks of 5%, 10%, 15% and an extreme shock of 25% to the exchange rate to arrive at the maximum loss scenarios the Bank is exposed to and is monitored against the limits set.
Limit is set at the minimum level of shock (Scenario 1) as an early warning where the Bank will take action to ensure that it does not surpass the first level of shock and reach worst case scenarios.
Bank’s Foreign Currency DBU Net Open Position and Stress Test Results as at 31 December 2015
As at 31 December 2015 | Net Position USD/LKR |
Scenario 1 USD/LKR |
Scenario 2 USD/LKR |
Scenario 3 USD/LKR |
Scenario 4 USD/LKR |
Magnitude of Shock (Adverse) | – | 5% | 10% | 15% | 25% |
Spot Rate Movement | 144.00 | 136.80 | 129.60 | 122.40 | 108.00 |
Net Open Position – DBU, Profit/(Loss) (LKR) | 600,067 | (4,320,480) | (8,640,959) | (12,961,439) | (21,602,398) |
The stress results of the Bank’s overnight Net Open Position is managed well within the risk limit and monitored on a daily basis.
Liquidity stress testing is carried out under three different scenarios which covers Bank specific and System specific conditions, where different magnitudes of shocks are given to liability portfolios to ensure that the Bank’s assets are sufficient to meet the liquidity stresses. The results are monitored against the limit and the minimum level of result (at 3%) will be considered as the management action point.
The Bank managed to maintain a healthy Liquid Assets Ratio well above the internal limit which is more stringent than the regulatory limit.
% | |
Bank’s Liquid Assets Ratio (DBU) as at 31 December 2015 | 22.24 |
Bank’s Liquid Assets Ratio (FCBU) as at 31 December 2015 | 24.91 |
Stress Testing on Liquid Assets Ratio
Scenario No. | Stress Scenarios | Magnitude of Shocks on Liquid Assets Ratio | ||
3% | 5% | 10% | ||
Revised LAR after Relevant Shocks | ||||
1 DBU | Adverse Impact on MM & Institutional Borrowings/Drop in Market Liquidity (Market Specific) (%) | 21.65 | 21.25 | 20.24 |
1 FCBU | Adverse Impact on MM & Institutional Borrowings/Drop in Market Liquidity (%) | 24.59 | 24.37 | 23.82 |
2 DBU | Run Down on CASA & Time Deposits (%) | 20.63 | 19.52 | 16.61 |
2 FCBU | Run Down on CASA & Time Deposits (%) | 23.71 | 22.89 | 20.75 |
3 DBU | Impact on Total Liquid Liabilities (%) | 20.02 | 18.46 | 14.30 |
3 FCBU | Impact on Total Liquid Liabilities (%) | 23.38 | 22.32 | 19.53 |
The Bank conducts stress tests for operational risk by computing the Operational Risk Value at Risk (Op VaR).Op VaR is calculated at Bank level based on 445 loss data points collected as at 31 December 2015, considering whole Bank as a single Operational Risk Category-ORC which includes two broad steps:
The Bank uses Monte-Carlo simulation to generate aggregated distributions (by combining frequency and severity distribution) of operational losses for given loss data (with 99.9% confidence interval and 110,000 simulation runs). The Op VaR calculated as at 31 December 2015 was LKR 23.89 million.
The Op VaR under stressed conditions in LKR million is as follows:
5% | 10% | 15% |
25.09 | 26.28 | 27.48 |
The above figures are significantly lower than the operational risk capital allocated under the Basic Indicator Approach (BIA). Hence no additional capital is required under stressed conditions.
When the Bank calculates its operational risk capital requirement under the BIA, the average of 15% of the annual gross income over the preceding three years are considered. If the annual gross income is negative or zero it will be excluded from both the numerator and denominator when calculating the average capital charge. The Bank also performs BIA based Stress Testing on the assumption that the Operational Risk Losses assumed to have direct relationship with the gross income of the Bank considering three levels of shocks ranging from mild shock of 1% to severe shock of 3%. The stressed Op Risk capital considering a severe shock was LKR 349 million as at 31 December 2015.
BASEL III is the new global regulatory standard on managing capital and liquidity of banks. With the introduction of Basel III the capital requirements of banks will increase with an aim to raise the quality, quantity, consistency and transparency of capital base and improve the loss absorbing capacity. The Bank is already in compliance with Basel III requirements on capital and liquidity coverage.
Optimal risk reward pay-off and maximization of returns are key focuses of our credit risk management endeavours
Credit risk is the risk of financial loss if a customer or counterparty to a financial instrument fails to meet a payment obligation under a contract. It arises principally from direct lending, trade finance and leasing business and also from off-balance sheet products such as letters of credit and guarantees. Credit risk generates the largest regulatory capital requirement of the risks we incur. The Bank manages the credit risk in the entire portfolio as well as individual credits or transactions.
In the current regulatory context, it has become necessary to make a clear distinction between pre credit review/approval and post credit review functions in the Bank. Earlier, both functions were combined within the Group Risk Management department. An independent pre credit review division was established to further strengthen the pre-approval process and make it independent from post credit review function in the Bank.
Further a loan Review team was formed within the Group Risk Management Department to carry out Loan Review Mechanism (LRM) as prescribed by the regulator.
The objectives of LRM are:
The Loan Review function operates independently, reporting to the IRMC of the Bank. Its responsibilities extend to providing rational, objective and professional comments, observations for remedial action to be considered for implementation by line management.
A Loan reviewer’s responsibilities also extends to reviewing the adequacy of action taken in respect to recommendations made in credit review reports.
At NDB credit risk management is considered to be a value addition activity rather than being confined only to a regulatory compliance function.
The Bank has a well-defined credit policy approved by the Board of Directors. It defines the
Depending on the nature of the project/product standardized formats have been designed and evaluations are carried out by competent staff. There are clear guidelines set to ensure that
Final authority and responsibility for all activities that expose the Bank to credit risk rests with the Board of Directors and the Board of Directors has delegated approval authority to the CEO to re-delegate limits to the Credit Committees and the Business Lines. All approval limits are name specific and are based on individual experience, facility type and collateral in order to ensure accountability and mitigate any judgmental errors.
The credit portfolio of the Bank is risk-rated using an internally developed system that takes into account quantitative as well as qualitative factors. The rating scale ranges from Triple A to B4 and the ratings of every obligor is reviewed at least annually or more frequently if required. This rating system is used as a guide for account monitoring, CBSL provisioning and pricing.
The Bank has rolled out the new Internal Risk Rating system which runs on sophisticated work flow based software and hosts obligor risk rating, facility risk rating and retail score cards to suit the diverse client portfolios of the Bank. This move facilitates accurate quantification of expected loss of Bank’s portfolio and also complies with Central Bank Direction No. 07 of 2011 on Integrated Risk Management.
The Bank has deployed varying models to gauge the default risk associated with Large Corporate, Mid Corporate, SME and Non-Banking Financial Institutes. All these models are structured in a manner incorporating both quantitative and qualitative parameters to reflect the underlying probabilities of default.
The risk rating model implemented facilitates both obligor and facility rating. Whilst obligor rating will indicate the expected probability of default (PD), the facility rating indicates the expected loss given default (LGD). Expected probability of default takes into account the characteristics of the obligor assessed via industry, business, management and financial risk silos, whilst facility rating takes into account the type of the facility, nature of the collateral and realisability as well. Using the expected probability of default and the loss given default calculated via obligor rating and facility rating models the system facilitates arriving at an expected loss for a specific credit.
The Bank deploys custom made scorecards to underwrite consumer assets. These scorecards were developed using Bank’s own data and re-weighted to align them for more recent economic conditions. Such scorecards take into account the customer demographics, together with credit worthiness of individuals and disposable income in deciding the level of accommodation of credit. In addition to above, the Bank also carries out a pre-screening of employers of salaried employees who seek consumer credit from the Bank in order to ensure that their level of income generation will not get interrupted in the foreseeable future. In this way, the Bank acts more responsibly as such an approach would negate possibility of overspending by consumers based on uncertain future income.
The Bank also views pricing for risk as fundamental to credit risk management. Thus, steps have been taken to price the credit risk using more scientific methods and blending it with prevailing market sentiments to contain off-market operations. The newly implemented Internal Risk Rating system facilitates calculation of Risk Adjusted Return on Capital (RAROC). This enables the Bank to link capital to expected losses.
Post sanction review and monitoring is carried out to ensure quality of credit is not compromised. Any deteriorating credits with emphasis on internal and external early warning signals are identified and such accounts are ‘Watch Listed’. The Watch Listed clients are monitored closely with quarterly reports submitted to the Credit Committees. Further, based on the Watch Lists, the Bank assesses the Portfolio at Risk in the event, such accounts deteriorate further. Non-performing assets are identified at an early stage, enabling management to take action as appropriate.
The industry and portfolio limits are set by the Board of Directors on the recommendation of the Group Risk Management department. Credit Risk Management, monitors compliance with approved limits. Desired diversification is achieved by setting maximum exposure limits on
Credit portfolio management is an important function within the overall credit risk management function. Need for such critical and objective portfolio management emanates from the need to optimize the benefits associated with diversification. It also helps the Bank to identify and address potential adverse impact of concentration of exposures. 'The Bank has a well-structured portfolio management mechanism which evaluates exposures on the basis of industry concentration, rating quality, internally established prespecified early warning indicators apart from regulator imposed quantitative ceiling on single borrower and aggregate exposure. Based on the feedback from the credit portfolio management, the credit origination criterion is amended prudently to insulate portfolios from further deterioration. The portfolio management team also undertakes, apart from regular portfolio reviews, stress tests and scenario analysis when the external environment, both local and global, undergoes swift changes. Credit portfolio management envisages mitigating credit risks to a great extent by stipulating prudential risk limits on various risk parameters. As such, the Bank has established single borrower limit, limits for related party borrowings and aggregate limit for large exposures as prescribed by the regulators. Moreover, the Bank has also established maximum exposure limits to different industry segments. Such limits are clearly spelt out in the credit policy and the authority for permitting any deviations on an exceptional basis is also clearly documented. The Bank adopts a similar mechanism to assess the risks associated with off-balance sheet exposures. As part of the credit portfolio management and monitoring procedures, the exposures in off-balance sheet products such as FX Forwards, Guarantees and Letters of Credit are treated with utmost care.
KRIs supplement the overall portfolio management system, by providing a view of the credit risk of the portfolio as well as acting as an early warning system. Some of the KRIs monitored and reported to Board Integrated Risk Management Committee are given below:
Portfolio of the Bank Industry portfolio | To assess the trends in comparison with industry and measure performance against budgets/Risk Appetite |
Market Share | |
NPL of the Bank Industry NPLs | |
NPL Ratio of the Bank Industry Average NPL Ratio | |
Provision Cover - % – Bank Industry | |
Open Loan Position | |
ROE % | |
TIER I % | To assess compliance with Regulatory limits and the Bank’s Risk Appetite |
TIER I & II % |
The Bank adopts various mechanisms to mitigate the credit risk of the loan book
It is the Bank’s policy to be on a pari passu status with other lenders. A decision to the contrary may be acceptable only where a non-pari passu position is accepted due to unavailability of security as a result of the Bank being a late entrant to the relationship and is supported by strong financial position of the entity financed. Facilities under Product Programmes are governed by guidelines given in such individual programmes.
In instances where facilities are granted without collateral, the Bank ensures that its position will not be subordinated to other creditors’ interests. In such instances, the Bank generally requires either a negative pledge agreement, not to encumber any assets without permission of the Bank or a pari passu clause, whereby the debtor will treat the Bank equally with respect to collateral with all current and future lenders.
The Bank has a panel of valuers who have been selected, based on the criteria set out by the Central Bank of Sri Lanka. The Bank ensures that the valuations are carried out and reviewed as following:
No value is considered if valuations are not in-line with the time frames set out as per the CBSL guidelines.
A credit risk provision for loan impairment is established if there is objective evidence that the Bank will be unable to collect all amounts due on loans and receivables according to the original contractual terms.
Objective evidence that a loan is impaired, includes observable data that comes to the attention of the Bank about the following loss events:
The Bank determines the allowances appropriate for each individually significant loan or receivable on an individual basis, if there is any objective evidence of a loss based on the above. Items considered when determining allowance amounts include
An allowance for loans and receivables is reported as a reduction of the carrying amount of a loan on the balance sheet. Additions to provisions for loan impairment are made through impairment losses on loans and receivables in the income statement.
The Bank assesses whether objective evidence of impairment exists for loans that are considered individually significant, i.e. all loans above LKR 100 million and collectively for loans that are not considered individually significant.
If there is objective evidence that an impairment loss on loans and receivables carried at amortized cost has been incurred, the amount of the loss is measured as the difference between the loans’ carrying amount and the present value of estimated future cash flows discounted at
The estimation of the recoverable amount of a collateralized exposure reflects the cash flows that may result from Liquidation of Collateral where foreclosure is considered the likely course of action. The time, costs and difficulties involved in obtaining repayment through collateral should be taken into account when determining the recoverable amount.
For the purposes of a collective evaluation of impairment, loans are grouped on the basis of similar credit risk characteristics. Corporate and SME loans are grouped based on product type, economic sector and on days in arrears. Retail Banking loans are grouped, based on product type and number of days in arrears. Those characteristics are relevant to the estimation of historical loss experience for loans. Historical loss experience is adjusted on the basis of Probability of Default and Loss Given Default. The Bank also bases its analyses on economic factors and portfolio factors such as:
The Bank may use the aforementioned factors as appropriate to adjust the impairment allowances. Allowances are evaluated separately at each Reporting date with each portfolio.
The Bank has in place, a detailed impairment policy which was approved by the Board of Directors.
27% of Bank’s portfolio continues to be concentrated in commercial banking term loans. Bank maintained a healthy product wise portfolio composition.
PRODUCT WISE PORTFOLIO COMPOSITION AS AT 31.12.2015
PRODUCT WISE PORTFOLIO COMPOSITION – AVERAGE FOR 2015
The business line wise composition of portfolio changed during the period in-line with the Bank’s long term strategy.
BUSINESS LINE WISE COMPOSITION OF THE PORTFOLIO AS AT 31.12.2015
Bank’s portfolio continues to be concentrated on ‘A’ rated clients, based on the internal rating model used by the Bank and the composition was within the risk appetite of the Bank, set by the Board.
RATED PORTFOLIO COMPOSITION 2015 vs 2014
CONCENTRATION OF COUNTERPARTY EXPOSURES
The Bank maintained a well-diversified portfolio and the portfolio was not over concentrated on a particular sector. The Bank was also in compliance with the minimum lending requirement of 10% to, Agricultural sector, with 11% of portfolio concentrated on same as at 31 December 2015.
SECTOR WISE CONCENTRATION OF THE PORTFOLIO AS AT 31.12.2015
Concentration measured using Herfindahl-Hirschman Index (HHI), also indicated a decline in sector concentration.
CONCENTRATION MEASURED USING HHI
The Bank analyses sector wise NPL ratios and also monitors the concentration of borrowers in lower rating notches for a given sector to identify sector stresses in advance.
SECTOR-WISE RATED PORTFOLIO AS AT 31.12.2015
Based on economic activities, the highest concentration is in Western Province though the branch network is spread throughout the country. Concentration in Western Province declined during the year due to disbursements to infrastructure and power projects funded by the Bank. Bank also funded cross border exposures in Uganda, Bangladesh, Cambodia and Maldives in line with the Bank’s long-term strategy, resulting in further diversification of the portfolio.
GEOGRAPHICAL CONCENTRATION OF THE PORTFOLIO AS AT 31.12.2015
COLLATERAL WISE CONCENTRATION AS AT 31.12.2015
The Bank’s NPL ratio has always been below the industry ratio, reflecting a better quality portfolio than most players in the industry.
The Bank continues to maintain provision covers above the industry.
SECTOR WISE INDIVIDUAL IMPAIRMENT AS AT 31.12.2015
GEOGRAPHY WISE INDIVIDUAL IMPAIRMENT AS AT 31.12.2015
Market risk is the potential loss in both On and Off-balance sheet positions, caused by movements in foreign exchange rates, interest rates, equity and commodity prices. In the ordinary course of business, banks deal in financial products such as deposits, short/long-term loans, borrowings, Debt/Equity Securities and Foreign Exchange transactions, which expose banks to Market Risk at different levels.
The primary objective of Market Risk Management (MRM) is to ensure that Business units of the Bank optimize the risk-reward relationship within the Bank’s predefined risk appetite and avoid exposing the Bank to unacceptable losses.
The activities of Market Risk Management are not directed purely at loss mitigation but also assist towards analyzing the interrelationship of risk, reward and capital. Thus, the focus is on assuring that risks are taken where it is most optimal, given the rewards and capital consumption.
Risk monitoring is guided by a well-defined policy framework and limit structure designed to suit the business model and the balance sheet structure reflecting the risk appetite of the Bank. The Board supported by Integrated Risk Management Committee (IRMC), approves the risk parameters as recommended by the Assets and Liabilities Committee (ALCO) and Market Risk Management to facilitate the business needs.
Bank’s comprehensive risk management framework, covers the Market, Liquidity, Asset and Liability risks and proactively manages the exposures against the predefined risk parameters. Prudential internal limits have been defined for interest rate risk, price risks and exchange rate risks for close monitoring of exposures. All exposure limits are linked to the Bank’s capital base to ensure adequate and efficient capital allocation/planning. These limits are subject to annual review and are monitored on a daily, weekly and monthly basis. Where limits are exceeded, Market Risk Management is responsible for identifying and escalating those excesses to senior management on a timely basis.
Market Risk Management defines and implements a framework to systematically identify, assess, monitor and report our market risk to support management on decision making and risk mitigation. Market risk managers identify existing and potential market risks by engaging with the business areas and through active portfolio analysis.
Our market risk management endeavours are aimed at the twin objectives of loss mitigation and optimizing the risk reward relationship within the bank's predefined risk appetite.
The Key Functions of Market Risk Management include Policy formulation, Risk Measurement methodologies, systems and control, reporting and communication.
ALCO, as the key Management Committee that regularly monitors the Market Risk exposures, initiates appropriate actions to optimize the Risk exposures within the Risk appetite of the Bank. In this regard, key functions carried out by ALCO include:
Market Risk Management aims to accurately measure all types of market risk by a comprehensive set of risk metrics reflecting economic and regulatory requirements.
In accordance with economic and regulatory requirements, we measure, monitor and control Bank’s exposures to market risk, given the size, complexity and risk profile of the Bank.
Key risk metrics:
Indicator | Limit | Position as at 31 December 2015 |
Price Sensitivity of Balance Sheet – P/L impact for a 1% Change in Interest Rate (LKR million) | (500) | 176 |
Mark-to-Market of Debt Trading Portfolio (LKR million) | (60) | (4.64) |
Bank’s Consolidated Net Open Position +/- (USD million) | 13 | 0.47 |
Stress Testing Results on DBU Net Open Position (LKR million) | (175) | (4.32) |
These measures are viewed as complementary to each other and in aggregate define the Market Risk Framework, by which all businesses can be measured and monitored.
Foreign exchange risk is the risk of losses arising through holding of assets and liabilities in foreign currency and due to the movements in foreign exchange rates against the base currency. The Bank is exposed to foreign exchange risk when it’s on and off-balance sheet assets and liabilities are not equal in a given currency or when the timing and certainty of the inflows and outflows differ.
The Bank possesses a Board approved foreign exchange risk management policy and a limit framework to ensure that Bank maintains the Forex exposures within the risk parameters on a day-to-day basis. The policy framework consists of the roles and responsibilities, procedures, risk measurement framework, risk monitoring, reporting and controls taking in to account the rules and regulations and the best practices on the FX market to mitigate foreign exchange risk.
Daily foreign exchange (FX) open positions are monitored to ensure that the Bank is operating within the regulatory limits as well as internal prudential limits on open exposures. Whilst the currency wise positions are being revalued on a daily basis, FX net open position (NOP) is subject to daily stress testing to assess the ability to withstand adverse impacts to the exchange rate variations and is managed within the set parameters. Apart from the regulatory limit, the Bank has set internal prudential Forex position limits consisting of daily Forex turnover limit, Daylight position limit, Forex Gap limits, Swap funding limit and Stop loss limits, to closely monitor and mitigate foreign exchange risk. Exposures are managed within the recommended/applicable limits.
DBU NET OPEN POSITION DURING THE YEAR
Currency | AL Position ’000 |
Spot Position ’000 |
Forward Positio n ’000 |
Overall Exposure in Respective Foreign Currency ’000 |
Absolute Positions in USD Equivalent ’000 |
Absolute Exposure in LKR ’000 |
US Dollar | 62,185 | (103) | (60,972) | 1,110 | 1,110 | 159,836 |
Pound Sterling | (12,622) | – | 12,624 | 2 | 3 | 399 |
Euro | (14,540) | – | 14,479 | (60) | 66 | 9,497 |
Japanese Yen | 17,697 | – | (76,184) | (58,487) | 486 | 69,940 |
Australian Dollar | (23,136) | – | 23,128 | (8) | 6 | 816 |
Canadian Dollar | 657 | – | – | 657 | 474 | 68,215 |
Other Currencies | (9,282) | – | 8,868 | (414) | 821 | 118,179 |
Total Exposure | 2,964 | 426,881 | ||||
Total capital funds as per the audited Financial Statements as at 31 December 2015 | 29,613,941 | |||||
Total exposure as a % of total capital funds | 1.44% |
Daily sensitivity analysis is carried out on major foreign currency Net Open Positions (NOP) giving positive and negative shocks to the spot rates to determine the impact of exchange rate movements by way of profit or loss to the Bank’s Income Statement.
Spot Rate Shocks | LKR Depreciate | LKR Appreciate | ||||||
Currency | Net Open Position |
-5% | -2.50% | -1% | Spot rate | 1% | 2.50% | 5% |
USD | 1,109,969 | 7,991,780 | 3,995,890 | 1,598,356 | 144.00 | (1,598,356) | (3,995,890) | (7,991,780) |
GBP | 1,869 | 19,827 | 9,913 | 3,965 | 212.21 | (3,965) | (9,913) | (19,827) |
EUR | (60,350) | (471,700) | (235,850) | (94,340) | 156.32 | 94,340 | 235,850 | 471,700 |
JPY | (58,487,255) | (3,498,579) | (1,749,290) | (699,716) | 1.20 | 699,716 | 1,749,290 | 3,498,579 |
AUD | (7,759) | (40,653) | (20,327) | (8,131) | 104.79 | 8,131 | 20,327 | 40,653 |
Total | 4,000,673 | 2,000,337 | 800,135 | (800,135) | (2,000,337) | (4,000,673) |
Interest Rate Risk (IRR) is the exposure of an institution's financial commitments to adverse movements in interest rates. Changes in interest rates also affect the underlying value of the banking institution's assets, liabilities and Off-Balance Sheet instruments, as the present value of future cash flows (and in some cases, the cash flows themselves) change when interest rates change.
In order to manage the IRR, Bank has positioned the Balance Sheet into trading and banking books. While the assets in the trading book are held primarily for generating profit through short-term differences in prices/yields, the banking book comprises assets and liabilities, which are contracted basically for steady income generation and are generally held till maturity. Thus, while the price risk is the prime concern of banks in the trading book, earnings or economic value changes are the main focus of the banking book.
Bank’s trading portfolio mainly comprises securities (Treasury Bills/Bonds), and is subject to mark to market on a daily basis and is monitored against the set stop loss limits.
The price sensitivity of the Balance Sheet was managed within the risk parameters whilst maximizing the market potential on interest sensitive assets and liabilities.
The maturity gap analysis of interest sensitive assets and liabilities distributed into a number of time bands according to their residual time to maturity is given below:
The Maturity Gap Analysis of Interest Sensitive Assets and Liabilities
Up to 1 Month LKR ’000 |
1 to 3 Months LKR ’000 |
3 to 6 Months LKR ’000 |
6 to 12 Months LKR ’000 |
1 to 3 Years LKR ’000 |
3 to 5 Years LKR ’000 |
Over 5 Years LKR ’000 |
Non-sensitive LKR ’000 |
Total LKR ’000 |
|
Assets | |||||||||
Cash | 2,596,375.00 | – | – | – | – | – | – | – | 2,596,375.00 |
Due from banks | 17,377,025.39 | – | – | – | – | – | – | – | 17,377,025.39 |
Investments – current | 51,745,370.42 | 8,640,000.00 | 6,757,239.34 | 821,980.83 | 1,333,572.31 | 1,714,420.00 | – | 2,104,116.81 | 73,116,699.71 |
Investments – non-performing | – | – | – | – | – | – | – | – | – |
Loans and receivables – current | 57,381,716.64 | 32,930,184.92 | 13,818,478.37 | 13,604,195.91 | 42,438,264.70 | 25,057,247.89 | 22,225,078.31 | – | 207,455,166.73 |
Loans and receivables – non-performing | – | – | – | – | – | – | – | 2,097,205.47 | 2,097,205.47 |
Property, plant & equipment | – | – | – | – | – | – | – | 2,270,236.10 | 2,270,236.10 |
Other assets | – | – | – | – | – | – | – | 3,504,176.84 | 3,504,176.84 |
Total assets | 129,100,487.45 | 41,570,184.92 | 20,575,717.71 | 14,426,176.75 | 43,771,837.01 | 26,771,667.89 | 22,225,078.31 | 9,975,735.22 | 308,416,885.24 |
Liabilities | |||||||||
Capital | – | – | – | – | – | – | – | 22,277,843.39 | 22,277,843.39 |
Deposits | 76,046,426.35 | 45,315,507.35 | 26,460,833.99 | 29,199,765.98 | 2,571,265.37 | 1,344,047.26 | 1,090,328.46 | – | 182,028,174.75 |
Borrowings | 34,725,133.62 | 2,343,840.32 | 2,250,513.35 | 2,304,334.26 | 9,049,044.14 | 26,620,197.29 | 13,759,961.96 | – | 91,053,024.93 |
Other liabilities | 468,246.59 | 946,637.49 | 625,160.12 | 583,215.70 | 245,076.24 | 73,223.71 | – | 10,116,282.81 | 13,057,842.65 |
Total liabilities | 111,239,806.55 | 48,605,985.16 | 29,336,507.46 | 32,087,315.93 | 11,865,385.74 | 28,037,468.26 | 14,850,290.42 | 32,394,126.20 | 308,416,885.72 |
Period Gap | 17,860,680.89 | (7,035,800.25) | (8,760,789.74) | (17,661,139.19) | 31,906,451.26 | (1,265,800.38) | 7,374,787.89 | (22,418,390.98) | – |
The Bank monitors the duration of the fixed income portfolio to ensure that the maximum market potential could be gained and is managed within the internal prudential limits set for trading and AFS portfolios.
WEIGHTED DURATION OF DEBT SECURITIES PORTFOLIO
The Bank assesses the impact due to a PV01 change in the yields for fixed income trading and AFS portfolios on a daily basis. This will convey the sensitivity of the portfolio due to interest rate movement in the market.
PV01 ON TRADING AND AFS PORTFOLIOS
The equity price risk arises due to adverse movement in the value of the individual stock price or of the corresponding equity index. The Bank was insensitive to Equity Risk as the Bank did not hold an active Equity Trading portfolio during the year.
Commodity price risk arises due to volatilities in the commodity exposure of the Bank. The Bank’s exposure to the Gold Buffer Stock of the underlying product ‘Raththaran Ithurum’ is negligible when compared to the Bank’s Balance Sheet size. However, a mark to market calculation is being performed on a monthly basis to assess the impact on Income Statement with the price movement.
Liquidity risk is the risk that the Bank is unable to meet its financial obligations in a timely manner without incurring unacceptable losses. Financial obligations include liabilities to depositors, payments due under derivative contracts, settlement of securities borrowings and repurchase transactions, lending and investment commitments.
Effective liquidity risk management is essential to maintain the confidence of depositors and counterparties as well as to ensure that the Bank’s core businesses continue to generate revenue, even under stressed conditions.
The objective of our liquidity framework is to ensure that all anticipated funding commitments can be met when due and allow us to withstand liquidity stresses whilst maintaining our business profile. It is designed to be adaptable to changing business models, market and regulations.
The liquidity position of the Bank strengthened in 2015 with the inflow from the customer deposits and funding from the Multi National funding agencies, which provides stable and long-term sources of funds, which resulted in an advance to core funding ratio of 106.3% as at 31 December 2015, reflecting a stable liquidity profile of the Balance Sheet. The Bank will continue to focus on liability generation through deposit mobilizaiton, which will be a necessary precondition for significant asset growth.
The Bank maintains well-articulated liquidity risk management policies and procedures, which drive the level of liquidity risk exposures and determine the business size and maturities which ensure that it has at all times sufficient liquidity to meet its financial obligations at a fair market price.
The responsibility for the liquidity risk management of the Bank rests with the ALCO. Bank’s Treasury/ALM units are responsible for executing the day-to-day liquidity management of the Bank within the parameters set by ALCO.
Also the Bank monitors key liquidity metrics on a regular basis, both on local currency and foreign currency Balance Sheets and prudential limits are set to better manage the liquidity profile of the Bank.
Liquidity measurement could be measured through Stock approach or Flow approach. Under the Stock approach liquidity is measured in terms of key ratios which portray the liquidity stored in the Balance Sheet. In the Flow approach a Statement of Maturities of Assets and Liabilities is prepared placing all cash flows in time bands according to the residual time to maturity and maturity profiles built into non-maturity assets and liabilities based on their behavioural paterns.
A satisfactory trade-off between liquidity and profitability is maintained by categorizing liquidity shortfalls in the Balance Sheet into suitable time buckets, placing exposure limits on each time bucket to monitor the liquidity mismatch gaps. These limits correspond to the liquidity available to NDB Bank through various fund providers, at an agreed level of confidence.
We have carefully assessed and revised our Balance Sheet maturity mismatch limits in order to optimize market opportunities which are being effectively managed by our Asset Liability Management Desk. Separate gap limits are set for the local currency and foreign currency Balance Sheets based on the size and the nature of the Bank’s Balance Sheet.
The Bank is equipped with a comprehensive Liquidity Contingency Funding Plan (LCFP) linked to the Business Continuity Plan, which is in line with the regulatory guidelines. The LCFP clearly defines the responsibilities of the Liquidity Management Team and ensures the business continuity through close monitoring of the Bank’s liquidity position against the predefined liquidity risk trigger points. Trigger points have been defined taking into consideration the Bank specific and systemic triggers which would cause a liquidity crisis. Action Plans are set out under each level of liquidity crisis (Mild, Moderate, Severe) with responsibilities assigned to a Liquidity Management Team nominated from all areas of business to ensure that all stakeholders of the Bank are safeguarded. We have also entered into reciprocal liquidity funding agreements with identified counterpart banks to ensure stability.
Our principal mechanism for implementation of the liquidity policy is to maintain the Bank’s liquid assets to liabilities ratio above the regulatory defined ratio of 20%. The internally set prudential liquidity limits/ratios and stress results would give early warnings of tightening liquidity positions of the Bank. The Bank has maintained a healthy Liquid Assets Ratio throughout the year.
As at 31 December | 2015 | 2014 |
Domestic Banking Unit | 22.24 | 23.85 |
Foreign Currency Banking Unit | 24.91 | 25.18 |
This is defined as the ratio of total loans and advances to customers relative to deposits available which has been managed ensuring the liquidity requirements. The increasing trend in customer deposits in line with the advances has proven the positive trend in Balance Sheet growth.
Healthy MTF ratio throughout the year represents the stable funds available for the Bank to fund the long-term assets of the Balance Sheet.
The consistency in the net loans to total assets ratio of the Bank reflects that the Bank has maintained the share of loans and advances in total asset base focusing mainly on loans and advances.
NET LOANS TO TOTAL ASSETS RATIO
The statutory liquid assets ratio has been maintained above the regulatory requirement at all times. Hence the liquid assets to short-term liabilities (less than one year) ratio was also maintained at a prudent level whilst meeting the commitments on a daily basis.
LIQUID ASSETS TO SHORT-TERM LIABILITIES
The Bank has maintained the purchased funds to total assets ratio below 30% throughout the year. The ratio has increased in relation to the expansion of the asset base during the period.
PURCHASED FUNDS TO TOTAL ASSETS RATIO
The Bank’s Balance Sheet expanded during the year with the growth of loan portfolio and the new facilities booked. As a result, the commitments to total loans ratio was also on an increasing trend which is being managed within accepted levels.
COMMITMENTS TO TOTAL LOANS RATIO
Selected KRIs are highlighted below which provide a view of the liquidity risk indicators where regulatory/internal limits are set and monitored on predefined intervals, which provides early warning signals on liquidity position of the Bank.
Indicator | Limit | Position as at 31 December 2015 |
Statutory Liquid Assets Ratio – DBU | 20 | 22.24 |
Statutory Liquid Assets Ratio – FCBU | 20 | 24.91 |
Advances to Deposit Ratio | 111 | 106.3 |
Medium-term Funding Ratio | 110 | 77.2 |
Commitment Limit – LKR billion | 118 | 110.65 |
Liquidity Coverage Ratio (LCR) – LKR Currency | 60 | 427.33 |
Liquidity Coverage Ratio (LCR) – All Currency | 60 | 212.15 |
The gap analysis of foreign currency denominated assets and liabilities provides the cash flow obligations which assist in managing the foreign exchange liquidity in a prudential manner.
Up to 1 Month USD ’000 |
1 to 3 Months USD ’000 |
3 to 6 Months USD ’000 |
6 to 12 Months USD ’000 |
1 to 3 Years USD ’000 |
3 to 5 Years USD ’000 |
Over 5 Years USD ’000 |
Total USD ’000 |
|
Total Assets | 158,138 | 169,683 | 35,761 | 4,098 | 122,019 | 47,357 | 62,378 | 599,434 |
Total Liabilities | 94,844 | 109,014 | 58,542 | 89,583 | 47,813 | 110,883 | 88,755 | 599,434 |
Net Liquidity Period Gap | 63,293 | 60,668 | (22,781) | (85,485) | 74,206 | (63,526) | (26,376) | – |
Clear segregation of duties has been established between different business units ensuring prudent control and monitoring mechanisms. The Treasury Front Office reports to the CEO and the Treasury Back Office reports to Head of Operations. The Market Risk Management Unit reports directly to the CRO who is a member of BIRMC. All senior level staff attached to Market Risk, Treasury Front Office & Treasury Back Office have obtained the internationally recognized ACI qualification offered by the Financial Markets Association, as required by the CBSL directives and are competent in their job profile.
The Assets and Liabilities Committee (ALCO), comprising senior management staff from the Treasury, Risk Management, Finance and all business units of the Bank together with the Market Risk Management unit is responsible for the supervision and management of market and liquidity risks of the Bank.
The ALCO meets on a monthly basis and whenever circumstances demand.
ALCO is the governing body for market risk, liquidity risk and asset liability risk management. The implementation of the Bank’s risk management policies, procedures and systems is delegated to the Head of Market Risk Management who reports to the Chief Risk Officer. Market and liquidity risks are addressed at ALCO on a monthly basis and at the BIRMC level on a monthly/quarterly basis.
Risk reporting creates transparency on the risk profile and facilitates the understanding of the core market/liquidity risk drivers to all levels of the organization. The Board, Senior Management and Risk Management Committees receive regular reporting, as well as ad hoc reporting as required, on market risk, liquidity risk, regulatory capital and stress testing. Senior Risk Committees receive risk information at a number of frequencies, including weekly, monthly or quarterly.
Additionally, Market Risk Management produces daily and weekly market risk specific reports and daily limit excess reports for management review and action. Such reports include:
At ndb managing operational risk is of vital importance to proactively mitigate risks in bank Operations
Banks are exposed to changing environment marked by increasing regulatory requirements, growing consolidation, rising customer expectations, proliferating financial engineering, uprising technological innovation and mounting competition. The external environmental changes expose banks to increase in probability of failure from the operations perspective. Therefore the need for increased focus in managing operational risks is of vital importance, to proactively address issues through warning signals.
Operational risk refers to the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, which also includes legal risk.
At NDB, operational risk is based on a Group-wide consistent framework that enables to determine the Bank’s operational risk profile in comparison to the risk appetite and systematically identify operational risk themes and concentrations to define risk mitigating measures and priorities.
In order to cover the broad range of operational risks as outlined in the definition of operational risk, our framework applies a number of techniques. These aim to efficiently manage the operational risk in the business and are used to identify, assess and mitigate operational risk.
The Operational Risk Management Unit (ORMU) is notably responsible for:
The Bank has been guided by the Basel II Regulations (Capital Requirements Directive and ‘Sound Practices Principles for the effective management and supervision of operational risk’) in the design and implementation of the broad framework to manage operational risks. This is a comprehensive end-to-end process encompassing risk identification, assessment, reporting, management and control.
While the ORMU functions as the command and control centre in managing operational risks, Operational Risk Managers (ORMs) have also been appointed in the Business and Supporting units under the authority of the Bank’s Head of Operational Risk to ensure accountability. The ORMs operate from the respective business units/support functions, collaborating closely with the Business/Support function Heads and responsible for implementing the Bank’s procedures and guidelines, monitoring and managing operational risks, with the support of the staff.
The Operational Risk Management Unit (ORMU) is established within Group Risk Management Department and works towards the following objectives:
Improved performance measurement by way of improved understanding of its operational risk profile shall enable appropriate allocation of risk and capital to individual lines of business.
Staff at all levels is accountable for directing and controlling the operational risks in his/her area of responsibility. Board of Directors is responsible for the overall risk levels and in ensuring risks are managed appropriately and the management is vested with the required authority to implement the related control framework. The IRMC submits regular operational risk assessments to the Board, seeking its views, concurrence or specific directions.
The Operational Risk Policy Committee is headed by the CEO, which has been set up at Bank level comprising members of The Leadership Team (TLT), which provides a forum for the discussion and management of all aspects of operational risks/losses and control lapses, monitor and ensure that appropriate Operational Risk Management Frameworks are in place, adhering to the Policies of the Bank.
Business Operational Risk Sounding Boards (BORSB) have been set up at key Business functions and Support function levels to discuss operational risk matters encompassing responsibilities such as:
The following criteria are used to rate risks and losses that are being reported through the operational risk management process based on the likelihood and impact:
The likelihood is the chance or the frequency that the potential operational risk event will materialize. The proxy used for likelihood is exactly the frequency of occurrence of a risk event. The recommended criteria for likelihood are:
Very Low or Rare
Low or Unlikely
Medium or Possible
High or Likely
Very High or Almost Certain
Impact on operational risks/events are measured based on five dimensions covering the varied areas of impact the Bank is exposed to ranging from human aspect to financials:
Financial Impact (Expressed in Monetary Figures)
Reputational Impact (Measured in Media Coverage – Bad Press)
Regulatory Impact (Penalty Level or Breach of Guidance)
Human Resources (Staff Level Impacting Service Delivery)
Business Disruption (Measured in Time Out-of-Business)
The Bank presently implements the following frameworks to assist in the management of operational risk:
The RCSA is used for performing operational risk assessments as required by Basel II guidelines. At NDB, the annual RCSA exercise is typically undertaken to comply with regulatory requirements which requires a firm-wide, self-analysis of operational risks. RCSA requires the documentation of risks, identifying the levels of risk (derived from an estimate of frequency and impact), and controls associated with each process conducted by the organization. Controls and mitigants that adequately counteract the risks are introduced thereby minimizing the impact and incidence of losses.
At NDB, to simplify the output and better organize the assessment approach, the exercise is generally conducted at the business-unit level. Each business unit assessment is typically collected and presented as a comprehensive repository of assessed operational risks. Following are the activities.
As part of this exercise, major risks of a given scope are described using a double scale of impact and probability. The Bank identifies the top risks and plot against the following matrix in order to ascertain the residual risks.
KRIs supplement the overall operational risk management system, by providing a dynamic view of changes in business line risk profiles as well as an early warning system to identify potential events that affect the day-to-day business activities and consequently have an impact on the entire Bank.
The KRIs stated below are monitored that may have a significant impact on the entire Bank. These are reported to the Operational Risk Policy Committee once in two months and the Board Integrated Risk Management Committee on a quarterly basis:
System | Core Banking System Downtime |
ATM Downtime | |
Number of cyber attacks | |
HR | Staff turnover |
Number of disciplinary actions | |
Finance | Reconciliations not submitted |
Compliance | Issues raised by external professional bodies |
Policies and procedures- Number not reviewed/renewed | |
Number of regulatory changes which were not implemented | |
Operational Losses | Severity of losses |
Loss Frequency over one month | |
Number of fraud incidents- Internal/ External | |
BCP | Number of BCP tests that are past due |
The Bank has been compiling a database of risk events and loss data reported since 2010 and maintained centrally to supplement the effectiveness of the operational risk management function. It has served to:
Risk event reporting by the Business units and Support functions indicates the inculcating of a strong operational risk culture through the line ORMs well-supported by the respective heads of units.
The operational loss recognition follows a formal approval process defined in the Operational Risk Policy where both Gross and Net losses are recorded in the General Ledger and such losses above the value of LKR 100,000/- are reported to the Board Integrated Risk Management Committee on a monthly basis and losses over LKR 500,000/- are reported to the regulator on a quarterly basis.
The Bank’s classification of operational losses is based on the Basel guidelines of classifying categories thereby ensuring consistency throughout the system and enabling analysis across the Bank.
The Bank’s risk tolerance on operational risk losses is 1% of total operating profits after provisions for the FY 2015. The risk tolerance is applied to three categories:
KORCs provides a snapshot of the processes with a focus on the key operational risks and related controls. The risks are based upon the standard Risk Framework for Operational Risk as approved by the Operational Risk Policy Committee and the Integrated Risk Management Committee (IRMC).
Some of the following elements are highlighted in a KORC:
KORC visits are currently done at branch level based on predefined selection criteria by Operational Risk Co-ordinators. In 2016, this framework will be implemented Bank wide.
Since 2009, the Bank has used the Basic Indicator Approach (BIA) as proposed by the Capital Requirements Directive, to measure operational risk.
The Bank holds capital for operational risk equal to the average over the previous three years of a fifteen percentage of positive annual gross income.
The Bank’s regulatory capital requirements for operational risks within the scope of BIA (Basic Indicator Approach) requirements are calculated using the above stated formula. The Bank’s capital requirement for operational risks was LKR 17.49 billion at the end of 2015.
The Bank has analyzed both The Standardized Approach (TSA) and the Alternate Standardized Approach (ASA) since December 2011 and compared it with the currently used Basic Indicator Approach (BIA) and found that the two advanced approaches result in savings on capital charge for operational risk over and above the BIA approach.
The Operational Risk Management Unit (ORMU) has thus decided to propose a move towards advanced approaches by 2016 with the capital savings in mind.
Under ASA, the operational risk capital requirement/methodology is the same as under TSA, except for the two business lines Retail Banking and Commercial Banking. For these business lines, outstanding amount of loans and advances are multiplied by a fixed factor ‘m’ (0.035) as the exposure indicator which replaces gross income of the two business lines. The capital savings under ASA over TSA depends on the portfolio values of the Bank.
This approach notably makes it possible to:
At NDB we are in the process of evaluating vendor proposals for a comprehensive operational risk management solution for automating the operational risk management framework.
Internal control certification is broadly defined as a process, carried out by the management and other personnel, designed to provide reasonable assurance to the Board regarding the achievement of objectives in the following categories:
Internal control certification exercise is carried out at NDB covering all departments annually to ensure the controls are intact with segregation of duties, clear management reporting lines and adequate operating procedures in order to mitigate operational risks.
The internal control mechanism assists in identifying the risks while ensuring the controls are in place to mitigate the risks encountered by the Bank.
A similar exercise is also carried out for new products and procedures to have a broader understanding of the risks the Bank is exposed to due to external factors and ensuring internal controls are in place to mitigate the risks.
In order to cover the risks arising out of crisis and disasters which could threaten the safety of staff, customers, service providers, the security of assets, the continuity of operations and confidence in the Bank’s reputation, the Bank’s Business Continuity Management Policy requires that a full set of up to date and exercised plans be in place encompassing a minimum of: Crisis Management Plan (CMP), Business Continuity Plan (BCP) and IT Disaster Recovery Plan (IT DRP) amongst other relevant plans including a Pandemic Plan. This Framework is designed to comply with the requirements of the Central Bank of Sri Lanka and is approved by the Board of Directors.
These plans are drawn upon integrating Enterprise Risk Management (ERM) Framework with effective Business Impact Analysis (BIA) processes and methodologies which anticipate all forms of threats, crisis and disasters that are inherent in the Business Environment.
Communications, Security and Safety, Emergency Response and Recovery Teams plans are periodically reviewed and biannual drills are conducted; all part of the Bank’s commitment that is showcased undoubtedly within this Business Continuity Management Framework. For the first time a virtual disaster scenario was simulated having all required teams in one location.
The Bank now enjoys an increased recovery capacity at its Disaster Recovery Site, backed by infrastructure to support key services, core systems and critical business processes. Bank has also started discussions on maintaining split operations enhancing the disaster recovery capabilities.
The Governance of Business Continuity Management is steered through the Crisis Management Team comprising senior management and co-ordinated by the Bank’s Business Continuity Manager.
The Bank has a comprehensive insurance policy as a key measure to mitigate operational risks. This falls within the framework of risk mitigation and control which in turn is an integral component of the risk management framework of the Bank. This Policy will be reviewed and further enhanced on an ongoing basis. The Bank has engaged an insurance broker to provide expertise in evaluating the policies at the time of renewal for 2016.
Buildings and their contents, including IT equipment, are insured at their replacement value. Liability other than professional liability (i.e. relating to operations, Directors’ vehicles, etc.) is covered by insurance policies.
These risks are included in the “Bankers’ Indemnity Cover” policy that insures all the Bank’s financial activities around the country. Fraudulent actions by an employee or by a third party acting on its own or with the aid of an employee with the intent to obtain illicit personal gain or through malice are covered. The claim on the internal fraud during 2015 was fully-paid by the insurer thereby reducing the loss.
The consequences of any legal action against staff or managers as a result of their professional activity are insured under the Bank’s Bankers Indemnity Policy (BID).
The adverse consequences surfacing while using computer systems and software are covered by the Bank’s BID policy. The policy covers fraudulent input and modification via computer systems, electronic computer programmes, electronic data and media, computer viruses, electronic and telefacsimile communications, electronic transmissions, electronic securities and voice incinerated transfers.
The consequences of any accidental interruptions to activity are insured under a Bank wide policy. This policy supplements the business continuity plans. The amounts insured are designed to cover losses incurred between the time of the event and the implementation of an emergency solution.
Insurance is only one of the measures to offset the consequences of the risks inherent in the Bank’s activity. It complements the risk monitoring policy led by the Bank and also by its internal controls.
The Bank is concerned and committed to ensuring that the outsourced parties continue to uphold and extend the high standard of customer care and service excellence that has become synonymous with NDB. Hence due diligence tests are routinely carried out to assess the performance of these outsourced parties through a sub-committee established to monitor outsourced activities for the Bank. The outsourcing policy was revised by including more standardized forms/questionnaires enhancing the due diligence over service providers.
The Bank having understood the importance of managing the Cyber Risk has deployed the following technical controls to mitigate the risks:
The exposures created due to cyber risks are of many types including but not limited to the following:
The Bank has been exposed to cyber risk with only 02 minor incidents of Denial Service on the corporate website and receipt of a malware email in the past 3-year period. However, this did not lead to any financial losses.
In addition to the above, Bank has subscribed to the services provided by Bank CSIRT where latest threat intelligence to the Banking industry is provided to IT security team of the Bank to take proactive steps to address the potential exposures. The Bank has prepared its IT policies and procedures complying to Baseline Security Standards Guidelines issued by Central Bank of Sri Lanka. The Bank also conducts both internal and external penetration tests by employing external service providers time to time to ensure the systems are resilient to such attacks. Thus far, the tests carried out have not highlighted any serious security concerns.
Hence we do not foresee a need to allocate separate capital for Cyber risks.
Strategic risk is the most fundamental of business risks and at its very basic, can be defined as the current and prospective risk to earnings and viability arising from,
Strategic risk for a bank such as NDB can manifest itself through lack of well-defined long-term strategy but more importantly because of failure to appropriately communicate and implement the strategy or due to unforeseen changes in the socio-political, economic or business environment. Drawing of appropriate response plans to tweak the strategy to suit the changes in the business environment is essential to management of strategic risk.
The Bank has a well-formulated strategic plan, which is articulated by the Board and the corporate management. The strategic plans are drawn at various level of granularity e.g. a branch level strategy will detail the growth targets at branch level whereas a department level strategy will feature the achievement metrics at that level. The implementation of strategy is checked through monthly meetings where variances from the growth targets are analyzed and corrective actions recommended.
The strategic plan is also linked to individual employee performance through a goal setting process and periodic performance reviews are carried out to motivate employees and create a performance culture to ensure that business goals and objectives are achieved, thus mitigating strategic risk.
Legal risk is understood more from its consequences, which is incurrence of penalties, fines and sometimes loss of reputation due to the institution being in non-compliance with regulations. Legal risk may vary from institution to institution depending on the manner in which it conducts its business and the documentation it follows and is closely related to compliance and regulatory risk.
Legal risk in the Bank can manifest itself through -
Legal risk is owned and managed by the Legal Department and the Legal Department is assisted by third party lawyers as and when necessary to obtain an independent opinion. Specific risks relating to legal risk are reported on a monthly basis to the Board.
Compliance risk is defined as the risk of legal or regulatory sanctions, material financial loss, or loss to reputation and integrity an institution may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organizational standards, and codes of conduct applicable to its business activities.
The Bank has a well-laid out Board approved Compliance Charter, which defines the fundamental principles, roles and responsibilities of the compliance function within the organization as well as its relationship with senior management, the Board of Directors and the business and operational functions.
The Bank has a Board approved Risk Model Validation Policy. This sets out process for periodic validation of a Risk Models in order to ensure Model Risk is mitigated.
Settlement risk refers to the risk arising on account of failed trades with counterparty banks in the foreign currency transactions. Settlement risk arises from possible losses when the Bank is in a foreign exchange transaction pays the currency it sold but does not receive the currency it bought. Forward contract settlement failures can arise from counterparty default, operational problems, and other factors. Settlement risk exists for any traded product. Currently, the Bank has a procedure for regular monitoring of limit utilization, failed trades and excess monitoring. Settlement risk is currently controlled by way of prudent allocation and monitoring of counterparty limits including Maximum Daily Delivery Risks (MDDR) limits for counterparts.
Cross border risk is the risk that the Bank will be unable to obtain payment from our customers or third parties on their contractual obligations as a result of certain actions taken by foreign governments, mainly relating to convertibility and transferability of foreign currency.
Cross border assets comprise loans and advances, interest-bearing deposits with other banks, trade and other bills, acceptance, amounts receivable under finance leases, Foreign Exchange contracts, certificates of deposits and other negotiable paper, investment securities and formal commitments where the counterparty is resident in a country other than where the assets are recorded. Cross border exposure also includes the assets owned by the Bank/Group that are held in a given country.
The Bank has a Board approved policy/limits based on country ratings, economic indicators/outlook, political risk and exchange rate risk. Cross border exposure limits are allocated to countries in which NDB does have an acceptable risk appetite and one-off limits may be allocated based on business needs, with ultimate recourse to the borrower.
Reputation risk is risk of indirect loss (current or prospective) arising from one or multiple stakeholders’ adverse experience while dealing with the institution or which resulted in an adverse perception of the institution. It can also be understood as the potential that negative publicity regarding the Bank’s business practices, whether true or not, will cause a decline in customer base, costly litigation or revenue reduction. The Bank is of the view that reputational risk can be triggered by a risk event in any or all of the above risk categories hitherto described.
Reputation risk management and mitigation aspects are embedded in the Bank’s policies and procedures, training programmes, the Business Continuity Plan and through the Audit and Board Risk Management Committees.
The Bank monitors its reputation risk profile through a set of early warning indicators based on the reputation risk drivers and the factors within the reputation risk scorecard to ensure that the overall reputation risk profile remains low. The risk mitigation and control processes for reputation risk at NDB are designed to consider appropriate response actions to address the risks identified. A Customer Complaint Handling Process has been established under which the customers have a range of options through which they can forward their grievances to the Bank.