Foreign Exchange Risk
The Bank has established Risk Tolerance Level limits for the Bank’s treasury within the directives and guidelines of Central Bank of Sri Lanka in order to ensure that any adverse exchange rate movements on the results to the Bank due to un-hedged foreign exchange positions are restrained within acceptable parameters. These limits are set at both the aggregate and the individual currency level. The most significant limits in place are.
Individual Foreign Currency Position Limits
Total Closing and Net Closing Position Limits
Individual Dealer Placements Limits and Transaction Limits
Counter party Spot, Forward and Placement Limits
Trading Stop-loss limits
The Bank carries an additional structural foreign exchange exposure as a result of the investment made in its Bangladesh branches. All foreign exchange exposures and related risks are reviewed by the ALCO monthly, which provides additional guidance to the Treasury in managing the risks.
Operational Risk
Operational Risk is the risk of loss arising from fraud, unauthorised activities, errors, omissions, inefficiency, system failure or external events. Operational Risk Management is an integral part of the duties of Senior Management within each business, department and region who are responsible for maintaining an acceptable internal control environment commensurate with the nature of the operations within the framework of our long-standing bank wide policies and procedures, which are regularly updated in response to changing conditions.
Extensive training is provided to ensure that staff are fully aware of their responsibility for complying with the correct operational procedures in order to optimise operational efficiency and individual accountability at all levels of the Bank. When frauds or shortcomings in processes are detected, immediate remedial action is initiated to prevent repetition. Institution wide awareness of such risks is achieved by way of circulars and use of intranet.
The Bank adopts a practice of educating business and functional managers and the Heads of Departments by sharing information relating to industry specific/major fraudulent activities whenever such events come into the limelight which facilitates prevention of recurrence of such events to a greater extent.
The transparency in business activities and stringent controls and policies that are in place ensure adoption of ethical business practices at the Bank.
Some of the Internal Controls which are in place for mitigating Operational Risk are:
Clear management reporting lines, empowerment and accountability.
Appropriate segregation of duties to: (a) prevent any single person being allowed to carry out a process from beginning to end without independent review and (b) prevent conflicts of interest.
‘Four eyes’ principle is established, whereby every key activity is subject to the scrutiny of another suitably skilled and authorised employee.
Regular staff rotation and compulsory availment of annual leave.
Risk mitigation including insurance for potential low frequency high severity losses is obtained where it is available and cost effective.
Continuous review of IT and other processes in response to emerging risks.
Regular reports of exceptional transactions and other risk events are produced by our IT systems and management information system for management investigation.
A Business Continuity Management Steering Committee comprising several members of Corporate and Senior Management ensures that Board approved continuity plans are in place, tested and updated for all business critical operations as per the guidelines laid down by the Central Bank. The plans describe how the Bank would operate in the event of serious disruption. A Business Continuity Management Unit at a location remote from the Head Office is prepared at a moment’s notice to detect and manage incidents. The Bank also has extensive catastrophe protection insurance for significant parts of its operations.
During 2008, the Bank has updated and significantly improved its Anti Money Laundering and Terrorist Financing processes and guidelines in line with recent legislation and best international practices with particular focus on verifying the accuracy and updating identification and other information provided by customers. This ensures that we have and manage sufficient information about each customer to build a profile which ables us to: identify, investigate and if appropriate report any suspicious transactions including electronic fund transfers.
Our Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures and related Anti Money Laundering controls significantly deter, and prevent fraudulent or other unlawful activities. Our Anti Money Laundering Unit maintains a close liaison with the Financial Intelligence Unit of the Central Bank and regularly trains and briefs employees about emerging threats so as to further improve counter measures.
The control environment in each business, department and branch is subject to an independent programme of periodic compliance based inspections. During 2008, the Inspection Department of the Bank carried out 161 inspections in Sri Lanka and 19 inspections in Bangladesh and maintained a programme of off-site surveillance leading to 34 reports on our Bangladesh and 18 reports on our North-Eastern branch operations. Additional assistance from external auditors was commissioned to undertake inspections of 70 branches. A suitably skilled team within the Inspection Department regularly undertakes Information
System Audits to ensure the integrity and proper functioning of all the Bank’s computer systems. Major or high risk observations made during these inspections and corrective action are brought to the attention of the Board Integrated Risk Management Committee.
The Bank promotes a culture which recognises and rewards prompt identification and reporting of exceptional and emerging risks. During 2008, we have reviewed and improved our whistleblowing procedures as part of our Code of Ethics in order to encourage employee reporting of genuine concerns about malpractices or unethical behaviour, whilst protecting the whistleblower.
The Bank’s Code of Ethics and Whistleblowers culture together with the Bank’s Intranet and training programmes are used to ensure that all Commercial Bank’s employees have a clear understanding of their responsibilities with regard to the Management of Risk assumed by the Bank. Employees are held accountable for their performance through the Bank’s Performance Management System. In particular, employees recommending or approving risk at all levels are held primarily accountable for these decisions.
Capital Resources
Capital Adequacy Ratio (CAR) symbolises the financial strength and stability of a bank. It describes the adequacy of the Bank’s aggregate capital in relation to the risks undertaken, which arises from both on balance sheet assets and off balance sheet transactions (credit risks), its dealing operations (market risk) and from its human activities, technology and natural incidents (operational risks). As a result, it is widely known as a tool which indicates the limit up to which business can be expanded in terms of risk weighted assets of a bank as they too like other commercial institutions constantly explore ways of expanding their operations by acquiring assets, extending delivery channels in addition to mobilising deposits and granting loans. This is because a Bank’s capital is considered as the ‘cushion’ for potential losses, which protects its depositors and other lenders. Consequently, banking regulators in most countries use CAR as a mechanism to protect stakeholders and enhance confidence in the banking system.
Day-to-day operations of a bank lead to expand the size of the balance sheet with the acquisition of assets and creating liabilities. These assets can be in the form of financial and non-financial assets. To supplement the growth in assets, the Bank incurs liabilities to providers of capital, depositors and lending institutions. The CAR recognises the different risk profiles attached to these assets in determining the capital required to ‘cushion’ any potential losses as the composition of the balance sheet of a bank is different to a normal organisation where a major portion of the assets and liabilities comprise of advances and deposits.
Vulnerability of the Banks’ financial stability would affect the systemic importance of the banks to the economy, especially given the financial crisis faced in most parts of the globe. Regulatory capital requirements are therefore necessary to limit operations of banks to prevent overtrading whilst enabling banks to leverage their growth to optimise the return on assets. Therefore maintaining a healthy CAR would ensure a stable and a sound banking industry, which undoubtedly contribute to the growth of the economy.
All Sri Lankan banks adopted Basel II CAR computations from January 2008, in keeping with the international standards of Basel Committee on Banking Regulations and Supervisory Practices. In Sri Lanka, all Licensed Commercial Banks and Licensed Specialised Banks are required to apply the Standardised Approach for Credit Risk, Standardised Measurement Approach for Market Risk and Basic Indicator Approach for Operational Risk, in computing the capital requirements.
Besides that the Central Bank of Sri Lanka (CBSL) has already decided to move to adopting the internal ratings based (IRB) and other advanced approaches beginning 2013. Once the Central Bank is satisfied that the Banks have the appropriate models and risk management systems capacities, permission will be granted for them to proceed with IRB approaches.
The detailed Capital Adequacy Computation of the Group as at December 31, 2008 is given on pages 44 to 45 of this Annual Report.
Asset and Liability Management (ALM) Processes
The Market and Operational Risk of the Bank and the Bank’s capital is managed by the Assets and Liabilities Committee (ALCO) headed by the CEO/MD representing the key business unit heads and Risk Management Department. During the ALCO meetings, the liquidity position, pricing, market, operational, compliance, strategic, investment and product risks of the Bank are reviewed and managed. Normally at least three ALCO meetings are held each month of which one is fully dedicated to Risk Management using a Structured Key Risk Indicator format. These meetings and our monthly Corporate Management Executive Committee meetings ensure suitable management initiatives to mitigate the effects of specific risks where such risks are beyond prudent levels and that counter measures have been adequately evaluated to reduce the probability of recurrence and to reduce the impact should they recur.
The Bank implemented a Matched Term Funds Transfer Pricing (FTP) mechanism during 2008, which transfers Interest Rate Risk and other types of market risk to a Head Office Funding Centre. An ALCO sub committee co-ordinates the management of FTP and makes recommendation to the ALCO on initiatives to improve funding, market risk management, risk based pricing and transfer pricing. This process assists the Bank in ensuring that the various capital, risk, liquidity and pricing issues are well understood by business and functional managers throughout our network and that the various businesses are adequately motivated by the profitability of the various products to drive their business according to the Bank’s Corporate Plan and Budget.
