Bankers to the Nation

Board Subcommittee Reports

Integrated Risk Management Committee Report

Chairman’s Statement

Role of the Committee

The main role and responsibility of the Committee is to assist the Board in fulfilling its oversight responsibilities for all aspects of risk management. In this connection the Committee focuses on and reviews risks such as credit, market, liquidity, operational and strategic risks through appropriate risk indicators and management information.

In addition to the above, the Committee is responsible for reviewing and/or recommending the following which are identified in the Charter of the Integrated Risk Management Committee:

  • Policies, programmes and Management Committee Charters relating to risk management and compliance.
  • Risk limits and policies that establish appetite for credit, market, liquidity, operational and other risks, as recommended by the Chief Risk Officer.
  • Adequacy and effectiveness of all Management Level Committees such as the Credit Committee and Assets and Liability Management Committee to address specific risks and to manage those risks within quantitative and qualitative risk limits as specified by the Committee.
  • Risk management reports on the risk profile of the Bank, as well as current market and regulatory risks and actions undertaken to identify, measure, monitor, and control such risks.
  • Corrective action to mitigate the effects of specific risks in case such risks are beyond the prudent levels decided by the Committee on the basis of the Bank’s policies and regulatory and supervisory requirements.
  • Appropriate actions against the officers responsible for failing to identify specific risks and take prompt corrective action as directed by the Director of Bank Supervision or otherwise.
  • Adequacy and effectiveness of risk identification, measurement, monitoring and mitigation relating to credit, market, liquidity, operational, and compliance risks.

Composition and Quorum

The members of the Committee during the year under review were as follows:

  • Mr Charitha N Wijewardane
    Chairman, Independent Non-Executive Director – served on the Committee until 21 July 2017.
  • Mr Sanjaya Padmaperuma
    Member, Independent Non-Executive Director – served on the Committee until 30 June 2017.
  • Mr H P Ajith Gunawardana
    Member, Independent Non-Executive Director
  • Mr Samantha Rajapaksa
    Chairman, Independent Non-Executive Director – serves on the Committee from 28 September 2017.
  • Mr Sajith R Attygalle
    Member, Non-Independent Non-Executive Ex-Officio Director – serves on the Committee from 28 September 2017.

Permanent management representatives on the Committee –

  • General Manager
  • Chief Risk Officer

Brief profiles of the Directors who are members of this Committee are given in the section on Board of Directors of this Annual Report.

The quorum of the Committee is two members.

The Secretary, Bank of Ceylon/Secretary to the Board functions as the Secretary to the Committee. The Chief Financial Officer and the Chief Internal Auditor are invited to be present at the meetings. Other members of the staff are invited to attend the meetings when the Committee requires their presence.

Meetings and Activities

The Committee met five times during the year under review. The Attendance of Committee Members at each of these meetings is given in the section on Corporate Governance of this Annual Report.

Activities carried out by the Committee during the year under review in discharging its responsibilities are summarised below:

  • Reviewed and/or recommended the following policies based on which the risk profile of the Bank is assessed:
    • Credit Risk Management Policy
    • Market Risk Management Policy
    • Operational Risk Management Policy
    • Stress Testing Policy
    • Anti-Money Laundering/Compliance Policy
    • Liquidity Risk Management Policy
    • Foreign Exchange Risk Management Policy
    • Loan Review Mechanism Policy
    • Credit Portfolio Management Policy
    • Risk Based Approach (RBA) for the prevention of Money Laundering and Combating Financing of Terrorism (CFT)
    • Policy on Prevention of Trade Based Money Laundering and Terrorist Financing (TBML/TF)
    • Policy on Prevention of Money Laundering (ML) and Combating Financing of Terrorism (CFT) for Seychelles Branch
    • Operational Risk Policy for Chennai Branch
    • Prevention of Money Laundering and Combating Terrorist Financing Policy for Chennai Branch
    • Fraud Risk Management Policy 2017
    • Compliance Policy for Seychelles Branch
    • Business Continuity Management Policy (BCMP) (to be in a par with the international guidelines on BCMP, Central Bank of Sri Lanka guidelines, IS Policy and International Standard No. ISO 22301)
  • Reviewed and improved the Terms of Reference of the Integrated Risk Management Committee Charter.
  • The Independent Integrated Risk Management Division of the Bank assessed the risks of the Bank on a monthly basis and summary reports were submitted before the Committee. The Committee reviewed them and submitted its recommendation to the Board immediately through minutes of the meeting and specific recommendations.
  • Risk Appetite and Limit Setting for 2017 was established.
  • Monitored quantitative and qualitative risks which have gone beyond the limits and made the necessary recommendations.
  • Followed-up on the implementation of the Integrated Risk Management software (risk management system for managing credit, operational, and market risks), Asset and Liability Management System, Enterprise Wide Fraud Management Software and Anti Money Laundering Software Solution.
  • Recommended the adoption of the revised Internal Capital Adequacy Assessment Process (ICAAP) for the year 2017.
  • Recommended the adoption of the revised Internal Capital Adequacy Assessment Process (ICAAP) for Chennai Branch.
  • Reviewed the comprehensive Compliance Reports submitted by the Compliance Officer.
  • Improved the Risk Management Dash Board to support the subsidiaries to manage the risk functions better. Also a team from the Risk Management Division has been created to assist subsidiaries in their risk matters.
  • Evaluated and monitored subsidiary Risk Management Dash Boards and made the necessary recommendations to overcome various risks faced by the subsidiaries.
  • Monitored Key Risk Indicators in the Branch network, critical businesses and support divisions.
  • Recommended the adoption of the revised Business Continuity Plan 2017/18.
  • Reviewed the stress testing results on a quarterly basis.
  • Special emphasis was placed on IT Risk and associated Cyber Security and initiated and followed-up on various measures to safeguard the Bank from Cyberattacks. (such as the IT Security Network Infrastructure of the Bank, the Enterprise Immune System etc.)
  • Recommended the appointment of a new Assistant IT Risk Officer which was implemented and presently following up on the appointment of a Chief Information Security Officer to manage IT risk related issues.
  • Monitoring the finalisation process of the new Data Centre.
  • Presently following up on the proposed fully-fledged Disaster Recovery (DR) site.
  • Monitored the progress of the Vulnerability Assessment Report findings and the issues identified during the penetration test carried out.
  • Reviewed the Compliance/Anti-Money Laundering (AML) and Combatting Terrorist Financing (CTF) status of the subsidiaries of Bank of Ceylon.
  • Finalising the Dividend Policy of the Bank.
  • Presently monitoring to ensure that all modules in the core-banking system have been utilised.
  • Following up on the Revised Policy on Prevention of Money Laundering and Combating Financing of Terrorism of Malé Branch which is being revamped to address the recommendations of the Maldives Monetary Authority.
  • Monitored the maintenance of the minimum Capital Adequacy Ratio as per Basel III guidelines for Licensed Commercial Banks in order to ensure compliance with Direction No. 1 of 2016 issued by the Central Bank of Sri Lanka.
  • Followed up on the replacing of outdated applications with new hardware and software applications in the Bank.
  • Adoption of the risk management frameworks for Chennai, Seychelles and Malé Branches.

The Committee reported to the Board by way of minutes giving its recommendations. All minutes of the Committee meetings are tabled and ratified at meetings of the Board and follow-up action is taken on outstanding matters.

Conclusion

The members of the Integrated Risk Management Committee having evaluated its performance for the year 2017 have concluded that its performance is satisfactory and the risk exposures of the Bank are being effectively managed.

The Committee continually reviews the various risks encountered by the Bank and strives to promote a robust risk governance framework, a well-developed and explicit risk management policy covering determination of risk appetite, application of up-to-date methodologies for measuring financial risks, developing in-house expertise and ensuring that risk reporting accurately communicates risk exposures and results of stress tests or scenario analyses, data analytics and peer bank analysis.

The Committee also continues to be vigilant and recognises that its degree of attentiveness has to be further improved to fine tune its risk combat strategy with the advancement of technology, increased vulnerability with macroeconomic shocks and volatility and as banking frauds and cyber crimes begin to pose a greater challenge.

The Committee wishes to thank Mr Charitha N Wijewardena and Mr Sanjaya Padmaperuma who were Chairman and Member respectively of the Committee for their valuable contributions made to the Committee.

On behalf of the Integrated Risk Management Committee,

Samantha Rajapaksa
Chairman

Integrated Risk Management Committee
27 March 2018
Colombo

Close