DFCC Bank PLC (‘Bank’) adopts a comprehensive and well-structured mechanism for assessing, quantifying and managing risk exposures which are material and relevant for its operations within a well-defined risk framework. The articulated set of limits explains the risk appetite of the Bank for all material and relevant risk categories and the risk capital position. Risk management is integrated with strategic, business and financial planning and customer/client transactions, so that business and risk management goals and responsibilities are aligned across the organisation. Risk is managed in a systematic manner by focusing on a group basis as well as managing risk across the enterprise, individual business units, products, services, transactions and across all geographic locations.
Credit risk amounts to the highest quantum of quantifiable risk faced by the Bank based on the currently effective quantification techniques. DFCC Bank PLC’s credit risk accounted for 91% of risk-weighted assets. Additionally, the Bank takes necessary measures to proactively manage operational and market risk as very important risk categories. Operational risk incidents may be with high frequency but low impact or with low frequency but high impact all of which warrant being closely monitored and managed prudently.
The following broad risk categories are in focus:
The Bank’s general policies for risk management are outlined as follows:
DFCC Bank PLC advocates strong risk governance applied pragmatically and consistently with a strong emphasis on the concept of ‘Three Lines of Defence’. The governance structure encompasses accountability, responsibility, independence, reporting, communication and transparency, both internally and with our relevant external stakeholders.
The First Line of Defence involves the supervision and monitoring of risk management practices by the business managers, corporate management and executive committees while discharging their responsibilities and accountability for day-to-day management of business operations. Independent risk monitoring, validation, policy review and compliance by the IRMD, the compliance function and periodic monitoring and oversight by the Board Integrated Risk Management Committee (BIRMC) constitute the Second Line of Defence. The Third Line of Defence is provided by the independent check and quality assurance of the internal and external audit functions.
The Bank exhibits an established risk management culture with effective risk management approaches, systems and controls. Policy manuals, internal controls, segregation of duties, clearly demarcated authority limits and internal audit form a part of key risk management tools. The Group Chief Risk Officer (CRO), who is an Executive Vice President functions with direct access to the BIRMC.
The Concept of ‘Three Lines of Defence’ for Integrated Risk Management Function of DFCC Bank PLC
A set of structured policies and frameworks approved by the BIRMC and the Board forms a key part of the risk governance structure. Integrated Risk Management Framework stipulates, in a broader aspect, the policies, guidelines and organisational structure for the management of overall risk exposures of the Bank in an integrated approach. This framework defines risk integration and the aggregation approaches for different risk categories. In addition, separate policy frameworks detail the practices for management of key specific risk categories such as credit risk, market risk, credit concentration risk, liquidity risk and operational risk. These policy frameworks are reviewed annually and communicated across the Bank.
Respective staff members are required to adhere to the specifications of these frameworks when conducting business transactions.
Risk appetite of the Bank has been defined in the Overall Risk Limits System. It consists of risk limits arising from regulatory requirements, borrowing covenants and internal limits for prudential purposes. The Limits System forms a key part of the risk indicators and covers key risk areas such as credit, interest rate, liquidity, operational, foreign exchange, concentration and risk capital position amongst others. Lending limits cover the industry sectors and geographical regions as part of the prudential internal limits. These limits are monitored monthly and quarterly on a ‘Traffic Light’ system. These risk appetite limits are reviewed at least annually in line with the risk management capacities, business opportunities, business strategy of the Bank and regulatory specifications. Industry sector limits for the lending portfolio considers the inherent diversification within the sub-sectors and the borrowers within broader sectors.
The BIRMC is a Board sub-committee, which oversees the risk management function and the provisions of Basel II and III implementation as required by the Regulator from time to time in line with Board-approved policies and strategies. The Central Bank has already implemented the liquidity standards (Liquidity Coverage Ratio) under Basel III while the minimum capital requirements including the Capital Conservation Buffer have been implemented on a phased in basis starting from 2017 up to 2019.
The BIRMC functions under the responsibilities set out in the Board-approved Charter for the BIRMC, which incorporates corporate governance requirements for Licensed Commercial Banks issued by the Central Bank of Sri Lanka (CBSL). BIRMC sets the policies for bank-wide risk management including credit risk, market risk, operational risk and liquidity risk. In addition to the Board representatives, the BIRMC consists of the CEO and CRO as members. Further, Heads representing Credit, Finance, Treasury, Information Technology and Operations attend the meeting as invitees. A summary of the responsibilities and functions of the BIRMC is given in the Report on the Board Integrated Risk Management Committee on Committee Reports section of this Annual Report.
Management Committees such as the Credit Committee (CC), Asset and Liability Management Committee (ALCO), Operational Risk Management Committee (ORMC), Special Loan Review Committee (SLRC) and Impairment Assessment Committee (IAC) are included in the organisational structure for integrated risk management function. The responsibilities and tasks of these committees are stipulated in the Board approved charters and Terms of Reference (TOR) and the membership of each committee is defined to bring an optimal balance between business and risk management.
The Integrated Risk Management Department (IRMD) is responsible for measuring and monitoring risk at operational levels on an ongoing basis to ensure compliance with the parameters set out by the Board/BIRMC and other executive committees for carrying out the overall risk management function in the Bank. It consists of separate units such as Risk Policy and Modelling, Credit Risk Management and Quality Assurance, Market Risk Monitoring, Operational Risk Management, Risk Quantification, Information Systems Security Risk Monitoring and Treasury Middle Office. IRMD is involved with product or business strategy development or entering into new business lines and gives input from the initial design stage through to the task/process from a risk management perspective.
Several significant initiatives were undertaken focusing continuously on regulatory developments and reassessing the Bank’s existing risk management policies, guidelines and practices for necessary improvements. In addition to these regulatory specifications, changes in business strategy, industry factors and international best practices were also considered in the improvement process. The following are the key initiatives during the period under review which led to further improvements in the overall integrated risk management function:
Prudential risk limits were reviewed in order to reflect the current risk appetite of the Bank setting new limits wherever necessary. The Bank set new milestones to improve the Advances to Deposits Ratio and CASA Ratio, and targets were set in order to maintain adequate Liquid Asset Ratios.
All the Board approved risk management frameworks, charters and TORs were reviewed during the period especially considering the changes in new regulations and the Bank’s business model.
Periodic validation of the credit rating models was carried out for better discriminatory power, while new scorecards were introduced for retail lending. As part of establishing an independent model validation process, the Bank has engaged the services of a foreign risk management consultancy firm to obtain an independent validation for its corporate banking and leasing rating models. This task was completed during the year and certain recommended improvements have been incorporated for the corporate rating model. Additionally, development of new models are in progress for new business areas the Bank intends to focus more on such as credit cards. A two dimensional scorecard catering to all types of personal financial services was developed during the year, which will replace the standalone models previously used.
The risk reporting process was improved during the period as per the requirements stated in ICAAP framework and the ICAAP document and process was formulated for the amalgamated bank. This involved assessing the required capital level for the Bank covering all types of risks under a certain stress level, forecasting of future capital levels and setting up of appropriate capital targets for the future. Based on the recommendations of the ICAAP process, the Bank issued a subordinated debt in November 2016, which will be eligible for Tier II capital and would also facilitate future planned lending growth and expansion without having undue pressure on total capital.
Treasury Middle Office (TMO) which is functionally segregated from the Treasury Department, directly reports to the Group CRO and monitors the Treasury-related market risk limits. The TMO uses a dashboard that facilitates the timely reporting of Treasury market positions independently to the Management. During the period, the dashboard was further improved to provide timely and more comprehensive information, including information on Government security portfolios, stress testing results and limit positions.
Commencing from 2014 and continuing in 2015, interest margins came under pressure with the sharp drop in the market rates, where lending rates dropped faster than the deposit rates. Scenario analysis and simulations by the ALM unit to assess the expected behaviour of interest margins enabled ALCO to take proactive measures to manage the erosion of margins. Looking at the trends in the market rates, ALCO proactively changed the pricing methods from fixed basis to variable basis, thus enhancing the net interest margins of the Bank in 2016. DFCC Bank PLC, being net asset sensitive to interest rate changes was able to improve the interest margins from mid 2015, with the increase in the market rates.
IRMD continued to calculate loss ratios for key lending products using historical recovery data in support of impairment assessment under IFRS. IRMD continued to support the pawning business of the Bank through timely studies, research and providing necessary market information to the business. IRMD was actively engaged in arriving at advance rates and interest rates for pawning products while managing the market and credit risk aspects.
As part of the risk management practices, the Bank computed the key credit risk quantification parameters such as Probability of Default (PD), Loss Given Default (LGD) and the loss ratios which are defined and recommended under the Basel II and IFRS. The results indicated improvements in the credit risk rating process, rating models, recovery process and the collateral quality in the Bank.
The credit workflow of the Bank was further improved during the year with the absorption of the Quality Assurance Unit under IRMD. The new workflow ensures that every credit proposal except for centrally processed retail loans is evaluated by an independent authority not connected to business lines, being either the Credit Risk Management Unit (CRMU) or the Quality Assurance Unit (QAU) of IRMD, based on the size of the accommodation and the approving authority.
Having duly recognised the global trend on increasing threats on systems and information security, the Bank increased its focus on IT systems security under its operational risk management practices. Staff awareness programmes on operational risk were held across the Bank on a regional basis especially for the newly appointed Operational Risk Co-ordinating Officers (ORCOs) while assigning specific reporting responsibilities to them. The Bank has strengthened the operational risk incident reporting system by implementing an online reporting mechanism through its intranet. The Bank is in the process of developing a model for Risk and Control Self-Assessment and Key Risk Indicators for operational risks across all functions and departments.
A new unit was formed in 2016 under the Integrated Risk Management Department to proactively manage the information security risk of the Bank. The Operational Risk Management Committee oversees the effectiveness of security initiatives and directs the management of information security risks within the Bank.
The objectives of ISS risk management are to be compliant with regulatory and contractual requirements, establish best practices and information security governance across the Bank, align information security risk management with the Bank’s corporate risk management objectives and preserve Confidentiality, Integrity and Availability (CIA) requirements in the organisation’s information assets.
The ISS Risk Unit has taken up the following key responsibilities of the Information Security Management process at DFCC Bank PLC:
The Bank has an established Information Security Management System which provides a systematic approach to managing sensitive company information.
It includes people, processes and information systems by applying a risk management process.
The Bank became certified in ISO/IEC 27001:2013 standards for its IT operations in December 2016. The compliance audit was conducted and accredited by Bureau Veritas in conjunction with UKAS Management Systems.
During the period under review, the Bank’s local currency rating of ‘AA-’ was maintained while Fitch Ratings downgraded the outlook from stable to negative.
The Bank continued to maintain its foreign currency credit rating of B+ (stable outlook) by Fitch Ratings and B (stable outlook) assigned by Standard & Poor’s. The sovereign rating of B+ assigned for the Government of Sri Lanka is the benchmark for the foreign currency rating of other institutions within the country.
Credit risk is the risk of loss to the Bank if a customer or counterparty fails to meet its financial obligations in accordance with agreed terms and conditions. It arises principally from On-Balance Sheet Lending such as loans, leases, trade finance and overdrafts as well as through Off-Balance Sheet products such as guarantees and letters of credit. A deterioration of counterparty credit quality can lead to potential credit-related losses for a bank.Credit risk is the largest component of the quantified risk accounting for 91% of Risk-Weighted Assets of DFCC Bank PLC.
The challenge of credit risk management is to maximise the risk adjusted rate of return by maintaining the credit risk exposure within acceptable levels.
The Bank’s credit policies approved by the Board of Directors define the credit objectives, outlining the credit strategy to be adopted at the Bank. The policies are based on CBSL Direction on integrated risk management, Basel recommendations, business practices and risk appetite of the Bank.
Credit risk management guidelines identify target markets and industry sectors, define risk tolerance limits and recommend control measures to manage concentration risk. Standardised formats and clearly documented processes and procedures ensure uniformity of practices across the Bank.
|Credit Risk Culture||
|Credit Approval Process||
|Credit Risk Management||
|Credit Risk Monitoring and Reporting||
|Credit Risk Mitigation||
Market risk is the possibility of losses arising from changes in the value of a financial instrument as a result of changes in market variables such as interest rates, exchange rates, equity prices and commodity prices. As a financial intermediary, the Bank is exposed primarily to the interest rate risk and as an authorised dealer, the commercial banking business is exposed to exchange rate risk on foreign currency portfolio positions. Market risk could impact the Bank mainly in two ways: viz, Loss of cash flows or loss of economic value. Market risk can be looked at in two dimensions; as traded market risk, which is associated with the trading book and non-traded market risk, which is associated with the banking book.
The ALCO oversees the management of both the traded and the non-traded market risks. The Treasury manages the foreign exchange risk with permitted hedging mechanisms. Trends in relevant local as well as international markets are analysed and reported by IRMD and the Treasury to ALCO and BIRMC. The market risks are controlled through various limits. These limits are stipulated by the Group’s Investment Policy, Treasury Manual and Overall Limits System of the Bank.
Treasury Middle Office (TMO) is segregated from the Treasury Front Office (TFO) and Treasury Back Office (TBO) and reports to the CRO. The role of the TMO includes the day-to-day operational function of monitoring and controlling risks assumed in the TFO based on clearly defined limits and controls. Being independent of the dealers, the TMO provides an objective view on front office activities and monitors the limits. TMO has the authority to escalate limit excesses as per delegation of authority to the relevant hierarchy. The Treasury information management system maintained by TMO includes a dashboard that facilitates the timely reporting of Treasury market positions independently to management.
The strengthened Treasury and market risk management practices contribute positively to the overall risk rating of the Bank and efficiency in the overall Treasury operations.
TBO which is reporting to the Head of Finance is responsible for accounting, processing settlements and valuations of all Treasury products and transactions. The Treasury transaction related information is independently submitted by TBO to relevant authorities.
Interest rate risk can be termed as the risk of loss in the net interest income (earnings perspective) or the net worth (economic value perspective) due to adverse changes in the market interest rates. The Asset and Liability Management (ALM) Unit routinely assesses the Bank’s asset and liability profile in terms of interest rate risk and the trends in costs and yields are reported to ALCO for necessary realignment in the asset and liability structure and the pricing mechanism. ALM performed a number of scenario analysis and simulations on the effect of interest rate changes to the Bank’s interest income during the year, to facilitate pricing decisions taken at ALCO.
Foreign exchange rate risk can be termed as possibility of adverse impact to the Group’s capital or earnings due to fluctuations in the market exchange rates. This risk arises due to holding of assets or liabilities in foreign currencies. Net Open Position (NOP) on foreign currency indicates the level of net foreign currency exposure that has been assumed by the Bank at a point of time. This figure represents the unhedged position of the Bank in all foreign currencies. The Bank accrues foreign currency exposure through purchase and sale of foreign currency from customers in its commercial banking and international trade business and through borrowings and lendings in foreign currency.
The Bank manages the foreign currency risk using a set of tools which includes limits for net unhedged exposures, hedging through forward contracts and hedging through creating offsetting foreign currency assets or liabilities. TMO monitors the end of the day NOP as calculated by the TBO and the NOP movement in relation to the spot movement. The daily inter-bank foreign currency transactions are monitored for consistency with preset limits and any excesses are reported to the management and to BIRMC.
The unhedged foreign currency exposure of the Bank is closely monitored and necessary steps are taken to hedge in accordance with the market volatilities. In October 2013, the Bank issued its debut foreign currency international bond of USD 100 million with an original maturity of five years. The Bank actively manages the exchange risk arising from a minor part of this transaction where a majority has been hedged with the Central Bank.
DFCC Bank has obtained approval from the Central Bank for its foreign currency borrowings and credit lines as per regulatory requirements. The Bank has commenced planning and evaluating options available for the repayment of the international bond due in 2018.
The Bank’s pawning portfolio amounted to LKR 2,110 million as at 31 December 2016, which was only 0.73% of total assets. The Market Risk Management Unit manages the risk emanating from Gold through constant analysis of the international and local market prices and adjusting the Bank’s preferred Loan to Value (LTV) ratio.
Equity prices risk is the risk of losses in the marked-to-market equity portfolio, due to the decline in the market prices. The direct exposure to the equity price risk by the Bank arises from the trading and available-for-sale equity portfolios. Indirect exposure to equity price risk arises through the margin lending portfolio of the Bank in the event of crystallisation of margin borrowers credit risk. The Investment Committee of the Bank is responsible for managing equity portfolio in line with the policies and the guidelines set out by the Board and the BIRMC. Allocation of limits for equities taken as collateral for loans and margin trading activities of customers and for the Bank’s investment/trading portfolio forms part of the tools for managing the equity portfolio. Rigorous appraisal, proper market timing and close monitoring of the portfolio performance in relation to the market performance facilitate the management of the equity portfolio within the framework of investment strategy and the risk policy.
Liquidity risk is the risk of not having sufficient funds to meet financial obligations in time and in full, at a reasonable cost. Liquidity risk arises from mismatched maturities of assets and liabilities. The Bank has a well set out framework for liquidity risk management and a contingency funding plan. The liquidity risk management process includes regular analysis and monitoring of the liquidity position by ALCO and maintenance of market accessibility. Regular cash flow forecasts, liquidity ratios and maturity gap analysis are used as analytical tools by the ALCO. Any negative mismatches up to the next quarter revealed through cash flow gap statements are matched against cash availability either through incremental deposits or committed lines of credit. Whilst comfortably meeting the regulatory requirements relating to liquidity, for internal monitoring purposes, the Bank takes into consideration the liquidity of each eligible instrument relating to the market at a given point in time as well as undrawn commitments to borrowers when stress testing its liquidity position. The maintenance of a strong credit rating and reputation in the market enables the Bank to access domestic wholesale funds. For short-term liquidity support the Bank also has access to the money market at competitive rates.
The CBSL Direction No. 07 of 2011 specifies that liquidity can be measured through stock or flow approaches. Under the stock approach, liquidity is measured in terms of key ratios which portray the liquidity in the Balance Sheet. Under the flow approach banks should prepare a statement of maturities of assets and liabilities placing all cash inflows and outflows in the time bands according to their residual time to maturity in major currencies. The Bank has adopted both methods in combination to assess liquidity risk. In line with the long-term project financing business, the Bank focuses on long-term funding through dedicated credit lines while its commercial banking business focuses on Current and Savings Accounts (CASA) and Term Deposits as the key source of funding for its lending. The structure and procedures for Asset and Liability Management at the Bank have been clearly set out in the Board approved ALCO Charter, which is reviewed on an annual basis.
The minimum liquidity standards (Liquidity Coverage Ratio) under Basel III was implemented from April 2015. Accordingly, banks were required to maintain an adequate level of unencumbered High Quality Liquid Assets (HQLAs) that can be easily and readily converted into cash to meet their liquidity needs for a 30-calendar day time horizon under a significantly severe liquidity stress scenario. The computations of LCR performed for the Bank indicated that the Bank was comfortably in compliance with the Basel III minimum requirement, shaving sufficient High Quality Liquid Assets well in excess of the minimum requirements specified by the Central Bank. (The minimum requirement is 70% of HQLAs to be maintained over the immediate 30-day net cash outflow for the year 2016.)
Operational risk is defined as the potential risk of loss resulting from inadequate or failed internal processes, people, systems and external events. It covers a wide area ranging from losses arising from fraudulent activities, unauthorised trade or account activities, human errors, omissions, inefficiencies in reporting, technology failures or from external events such as natural disasters, terrorism, theft or even political instability. The objective of the Bank is to manage, control and mitigate operational risk in a cost effective manner consistent with the Bank’s risk appetite. The Bank has ensured an escalated level of rigor in operational risk management approaches for sensitive areas of its operations.
The Operational Risk Management Committee oversees and directs the management of operational risk of the Bank at an operational level with facilitation from the Operational Risk Management Unit of the IRMD. Active representation of the relevant departments and units of the Bank has been ensured in the process of operational risk management through the Operational Risk Co-ordination Officers.
Segregation of duties with demarcated authority limits, internal and external audit, strict monitoring facilitated by the technology platform and back-up facilities for information are the fundamental tools of Operational Risk Management. Audit findings and management responses are forwarded to the Board’s Audit sub-committee for their examination. Effective internal control systems, supervision by the Board, Senior Management and the line managers forms part of ‘First Line of Defence’ for operational risk management at DFCC Bank PLC. The Bank demands high level of technical skills, professionalism and ethical conduct from its staff and these serve as insulators for many operational risk factors.
The following are other key aspects of the operational risk management process at DFCC Bank PLC:
Reputational risk is the risk of losing public trust or tarnishing of the Bank’s image in the public eye. It could arise from environmental, social, regulatory or operational risk factors. Events that could lead to reputational risk are closely monitored, utilising an early warning system that includes inputs from frontline staff, media reports and internal and external market survey results. Though all policies and standards relating to the conduct of the Bank’s business have been promulgated through internal communication and training, a specific policy was established to take action in case of an event which hinders the reputation. The Bank has zero tolerance for knowingly engaging in any business, activity or association where foreseeable reputational damage has not been considered and mitigated. While there is a level of risk in every aspect of business activity, appropriate consideration of potential harm to the Bank’s good name is a part of all business decisions. The complaint management process and the Whistleblowing process of the Bank include a set of key tools to recognise and manage reputational risk.
Business risk is the risk of deterioration in earnings due to the loss of market share, changes in the cost structure and adverse changes in industry or macroeconomic conditions. The Bank’s medium term-strategic plan and annual business plan form a strategic road map for sustainable growth. Continuous competitor and customer analysis and monitoring of the macroeconomic environment enables the Bank to formulate its strategies for growth and business risk management. Processes such as Planning, ALM, IT and Product Development in collaboration with business functions facilitate the management of business risk through recognition, measurement and implementation of tasks. Business risk relating to customers is assessed in the credit rating process and is priced accordingly.
Legal risk arises from unenforceable transactions in a court of law or the failure to successfully defend legal action instituted against the Bank. Legal risk management commences from prior analysis, and a thorough understanding of, and adherence to related legislation by the staff. Necessary precautions are taken at the design stage of transactions to minimise legal risk exposure.
In the event of a legal risk factor, the legal unit of the Bank takes immediate action to address and mitigate these risks. External legal advice is obtained or Counsel retained when required.
Compliance risk can be termed as the risk of legal or regulatory sanctions, financial losses or damage to the reputation of the Bank as a result of its failure to comply with all applicable laws, regulations, Codes of Conduct and standards of good practice. The Bank ensures that effective compliance policies and procedures are followed and appropriate corrective actions are taken to rectify any breaches of laws, rules and standards as and when identified. A robust compliance culture has been established within the Bank with processes and work flows designed with the required checks and balances to facilitate compliance. The compliance function works closely with the business and operational units to ensure consistent management of compliance risk.
Compliance is a key area of focus during the process of new product development and review. The Head of Compliance submits quarterly reports on the compliance status to BIRMC and the Board, to enable oversight to be exercised with the added safeguard of being subject to internal audit. A culture of compliance permeates all levels of the Bank with regular training and knowledge sharing provided by internal as well as external experts in the area.
In response to international best practices and global standards, Sri Lanka has enacted laws relating to AML and CTF. Further, the Financial Intelligence Unit, under the purview of the Central Bank, has issued rules for the Know Your Customer (KYC) and Customer Due Diligence (CDD) processes, to identify and report suspicious transactions. The Bank has taken necessary measures to implement these regulatory and legislative requirements for AML and CTF. The steps taken in this regard include customer identification and verification, maintenance of records, ascertaining sources of funds, monitoring and maintenance of AML/CTF programmes. The customers of the Bank are subject to appropriate KYC/CDD measures.
The Business Continuity Plan (BCP) of the Bank ensures timely recovery of critical operations that are required to meet stakeholder needs based on identified disruptions categorised into various severity levels. BCP has been designed to minimise risk to human resources and to enable the resumption of critical operations within reasonable time frames with minimum disruption to customer service and payment settlement systems. The DR site, which is located in a suburb of Colombo is prepared in line with the BCP Guidelines issued by the Central Bank and is tested regularly to establish its effectiveness. Training is carried out to ensure that employees are fully aware of their role within the BCP.
The Bank adopts a proactive approach to ensure satisfactory risk capital level throughout its operations. In line with its historical practice and the capital targets, the Bank aims to maintain its risk capital position higher than the regulatory minimum requirements of 5% for Tier I and 10% for Total Capital under Basel II.
As at 31 December 2016, DFCC Bank PLC maintains a healthy risk capital position of 13.62%. core capital ratio and 17.09% total capital ratio based on the local regulatory guidelines. This demonstrates a cushion of about 8.62% and 7.09%, respectively, for Tier I and total capital over the minimum regulatory requirements
Capital adequacy measures the adequacy of the Bank’s aggregate capital in relation to the risk it assumes. The capital adequacy of the Bank has been computed under the following approaches of Basel II which are currently effective in the local banking industry:
The graph below shows the Bank’s capital allocation and available capital buffer as at 31 December 2016, based on the quantified risk as per the applicable regulatory guidelines. Out of the regulatory risk capital (total capital) available as at 31 December, capital allocation for credit risk is 53.39% of the total capital while the available capital buffer is 41.49%.
|Quantified as per the CBSL Guidelines||31 December 2016||31 December 2015|
|Credit Risk Weighted Assets (LKR million)||194,737||195,094||169,201||169,547|
|Market Risk Weighted Assets (LKR million)||3,169||3,169||1,218||1,218|
|Operational Risk Weighted Assets (LKR million)||15,512||16,252||14,395||14,385|
|Total Risk Weighted Assets (LKR million)||213,418||214,515||184,814||185,150|
|Tier I Capital Adequacy Ratio – Basel II||13.62%||14.60%||14.26%||15.39%|
|Total Capital Adequacy Ratio – Basel II||17.09%||17.47%||14.88%||15.32%|
|CETI Capital Adequacy Ratio – Basel III||13.80%||15.43%|
|Total Tier I Capital Adequacy Ratio – Basel III||13.80%||15.43%|
|Total Capital Adequacy Ratio – Basel III||18.11%||19.72%|
Basel II Capital guidelines will be revoked by CBSL with the implementation of Basel III guidelines by mid 2017.
Further, the Bank develops an ICAAP report which is in compliance with Pillar II of the Basel II framework. It focuses on formulating a mechanism to assess the Bank’s capital requirement covering all relevant risks and stress conditions in a futuristic perspective in line with the level of assumed risk exposures through its business operations. This ICAAP formulates the Bank’s capital targets, capital management objectives and capital augmentation plans. It evaluates the capital adequacy covering both Pillar I and Pillar II risks as well.
The capital forecast performed under the ICAAP process has indicated the ability of the Bank to maintain a comfortable level of capital cushion in the next few years.
Apart from the strong capital position reported On-Balance Sheet, the Group maintains financial flexibility through the stored value in its equity investment portfolio. The unrealised capital gain of the listed equity portfolio is included in the Fair Value Reserve and is currently not taken into consideration in the capital adequacy computation under Basel II based on regulatory specifications.
The Banking Supervision Department of CBSL has taken steps to strengthen the risk management aspects of the licensed banks in Sri Lanka by enforcing certain regulations, specifications, guidelines and recommendations from time to time, which are in line with the Basel II and Basel III recommendations. The following regulatory specifications are particularly important:
The Bank has complied with all the currently applicable risk-related internal requirements in addition to the regulatory requirements as shown in the table below:
|Risk Category||Impact||Key Risk Indicators||Statutory/Internal Limit||Position as at 31 Dec. 2016|
|Integrated Risk Management||An adequate level of capital is required to absorb unexpected losses without affecting the Bank’s stability. (Total capital as a percentage of total risk-weighted assets)||Capital Adequacy Ratio (Core capital as a percentage of total risk-weighted assets)||Regulatory||Complied|
|Capital Adequacy Ratio (Total capital as a percentage of total risk-weighted assets)||Regulatory||Complied|
|Capital Adequacy Ratio (Tier I as a percentage of total risk-weighted assets) (Total capital as a percentage of total risk-weighted assets)||Internal||Complied|
|Concentration/Credit Risk Management||When the credit portfolio is concentrated to a few borrowers or a few groups of borrowers with large exposures, there is a high risk of a substantial loss due to failure of one such borrower.||Single Borrower Limit – Individual (Amount of accommodation granted to any single company, public corporation, firm, association of persons or an individual/capital base)||Regulatory||Complied|
|Single Borrower Limit – Group||Regulatory||Complied|
|Aggregate large accommodation (Sum of the total outstanding amount of accommodation granted to customers whose accommodation exceeds 15% of the capital base/outstanding amount of accommodation granted by the Bank to total customers excluding the Government of Sri Lanka)||Regulatory||Complied|
|Aggregate limits for related parties (Accommodation to related parties as per the CBSL Direction/Regulatory Capital)||Internal||Complied|
|Exposure to agriculture sector (As per CBSL Direction)||Regulatory||Complied|
|Exposure to each industry sector (On-Balance Sheet exposure to each industry as a percentage of total Lending Portfolio)||Internal||Complied|
|Exposure to selected regions (On-Balance Sheet exposure to the regions as a percentage of the Total Lending Portfolio)||Internal||Complied|
|Leases Portfolio (On-Balance Sheet exposure to the leasing product as a percentage of Total Lending Portfolio Plus Securities Portfolio)||Internal||Complied|
|Exposure to GOSL||Internal||Complied|
|Maximum expected loss limits for each product line||Internal||Complied|
|Loan and OD – Exposure in BB and below grades||Internal||Complied|
|Loan and OD – Exposure in B and below grades||Internal||Complied|
|Leasing – Exposure in BB and below grades||Internal||Complied|
|Leasing – Exposure in B and below grades||Internal||Complied|
|Target rating-wise PDs and provisions||Internal||Complied|
|Margin trading (Aggregate exposure of margin loans extended/total loans and advances)||Internal||Complied|
|Liquidity Risk Management||If adequate liquidity is not maintained, the Bank will be unable to fund the Bank’s commitments and planned assets growth without incurring costs or losses.||Liquid Asset Ratio for DBU (Average monthly liquid assets/total monthly liabilities)||Regulatory||Complied|
|Liquid Asset Ratio for FCBU||Regulatory||Complied|
|Liquidity Coverage Ratio (All currencies and Rupee only)||Regulatory||Complied|
|Market Risk Management||Forex Net Open Long Position||Regulatory||Complied|
|Forex Net Open Short Position||Regulatory||Complied|
|Limit for counterparty Off-Balance Sheet Market Risk||Internal||Complied|
|Net interbank borrowing exposure||Internal||Complied|
|Limit for settlement risk arising from market risk||Internal||Complied|
|Max holding period for trading portfolio||Internal||Complied|
|Treasury trading securities portfolio||Internal||Complied|
|Investment Risk||Equity exposure – Individual (Equity investment in a private OR public company/Capital funds of the Bank)||Regulatory||Complied|
|Equity exposure – Individual (Equity investment in a private OR public company/Paid-up capital of the Company)||Regulatory||Complied|
|Aggregate equity exposure in public companies (Aggregate amount of equity investments in public companies/capital funds of the Bank)||Regulatory||Complied|
|Aggregate equity exposure in private companies (Aggregate amount of equity investments in private companies/capital funds of the Bank)||Regulatory||Complied|
Aggregate equity exposure in private and public companies
(Total investments in private and public companies/capital funds of the Bank)
|Equity exposure (Equity exposure as a percentage of Total Lending Portfolio plus Securities Portfolio)||Internal||Complied|
|Equity exposure in each sector||Internal||Complied|
|Single equity exposure||Internal||Complied|
|Operational Efficiency||Cost to income ratio (Solo) – Operational Cost/Operational Income||Internal||Complied|
|Operational Risk||Adequately placed policies, processes and systems will ensure and mitigate against excessive risks arising. This will result in the stability of the Bank.||Reputation risk of the Bank and Group (Zero risk appetite)||Internal||Complied|
|Significant regulatory breaches (Zero risk appetite)||Internal||Complied|
|Inability to recover from business disruptions over and above the Recovery Time Objectives (RTO) as defined in the BCP of the Bank (Zero risk appetite)||Internal||Complied|
|Mis-selling of financial products and services (Zero risk appetite)||Internal||Complied|
Failure to undertake risk-based customer due diligence
(Zero risk appetite)
|Internal fraud (Zero tolerance for losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or bank policy, excluding diversity/discrimination events, which involves at least one internal party)||Internal||Complied|
|External fraud (Very low appetite for losses due to act of a type intended to defraud misappropriate property or circumvent laws, by a third party)||Internal||Complied|
|Employee practices and workplace safety (Zero appetite for losses arising from acts inconsistent with employment, health or safety laws or agreements from payment of personal injury claims, or from diversity/discrimination events)||Internal||Complied|
Client products and business practices (Zero risk appetite for losses arising from an unintentional or negligent failure to meet
a professional obligation to specific clients (including fiduciary and suitability requirements) or from the nature or design of a product)
|Damage to physical assets (Very low appetite for loss arising from loss or damage to physical assets from natural disaster or other events)||Internal||Complied|
|Business disruption and systems failures (Very low appetite for business disruptions/system failures for more than 30 minutes during service hours)||Internal||Complied|
|Execution, delivery and process management (Very low appetite for losses from failed transaction processing or process management)||Internal||Complied|