Composition of the Board Integrated Risk Management Committee (BIRMC)

The Board Integrated Risk Management Committee (BIRMC) appointed by the Board of Directors, presently consists of three Non-Executive Directors. N Vasantha Kumar, an Independent Director is the Chairman of the Committee, with W R H Fernando and P A Jayatunga as members. Ms V J Senaratne and Ms L K A H Fernando functioned as members until 5 July 2024 and 26 November 2024 respectively.

In line with the Rule 6.5 (b) of the Banking Act Direction No. 05 of 2024 on Corporate Governance, N H T I Perera, Chief Executive Officer and K S Jayasuriya, Chief Risk Officer who functioned as members of the Committee stepped down on 26 November 2024.

Chief Risk Officer (CRO) functions as the Secretary to the Committee. The Chief Executive Officer (CEO), Deputy Chief Executive Officer (DCEO) and key management personnel overseeing broad risk categories, including Chief Compliance Officer (CCO), Chief Operating Officer (COO) and Head of Treasury attend the meetings by invitation.

The Committee’s composition meets the requirements of the above mentioned rule which is effective from 1 January 2025.

The membership of the BIRMC as of 31 December 2024 was as follows:

N Vasantha Kumar – Chairperson of the Committee/Independent Non-Executive Director
W R H Fernando – Independent Non-Executive Director
P A Jayatunga – Non-Independent Non-Executive Director

Charter and the Responsibilities of the BIRMC

The approved Charter for the BIRMC stipulates authority, structure, responsibilities, and tasks of the BIRMC. As per its Charter, the primary responsibilities of the BIRMC are to review and ensure

• Integrity and adequacy of the risk management function of the Bank.
• Awareness of a risk based culture and the achievement of a balance between risk minimisation and reward for risks accepted.
• Adequacy of the Bank’s capital and its allocation.
• Risk exposures and risk profiles of DFCC Bank are within acceptable parameters and to make recommendations to the Board of Directors on any action required.
• Adequacy and effectiveness of the Management Committees through a set of defined tools.
• Availability of a comprehensive and updated set of risk policies and guidelines covering overall operations of the Bank.
• The compliance of the Group’s operations with relevant laws, regulations, and standards including the adherence to the CBSL Direction on Corporate Governance.

The process through which the BIRMC discharges its responsibilities is detailed in the Risk Management Section of this Annual Report.

BIRMC Meetings

In accordance with its Charter, the BIRMC is required to meet every two months. During 2024, DFCC Bank held six BIRMC meetings, with member attendance detailed on page 136 of the Annual Report. The Committee continued to review policy frameworks, risk management strategies, the Bank’s risk capital position and key risk indicators, ensuring that the risk exposures of both the Bank and the Group were effectively managed. Throughout the financial year, the Committee successfully undertook the following key initiatives:

• Reviewed and approved the Internal Capital Adequacy Assessment Process (ICAAP) of DFCC Bank, a regulatory requirement in effect since January 2014. BIRMC will continue to monitor and recommend future capital requirements aligned with Bank’s growth targets for the next few years.
• In managing compliance risk, the Committee reviewed compliance risk indicators across different risk scales, identifying specific focus areas based on the potential impact and probability of occurrence.
• Risk controls and monitoring tools were further enhanced through periodic revisions to the Bank’s overall risk limits system. New advisory limits were introduced as trigger limits where necessary.
• All existing risk policies and practices were reviewed by the Committee in line with the Bank’s specific requirements, industry dynamics, and regulatory specifications and approved the necessary amendments to further strengthen the risk management processes in the Bank.
• The annual review of effectiveness and adequacy of the Management Committees were conducted by the BIRMC during the first quarter of 2024. The review results were shared with the respective Committees for necessary improvements.
• Reviewed and implemented the CBSL recommendations based on the examination report requirements in relation to the integrated risk management function ofthe Bank.
• In response to the increasing threats to systems and information security, the Committee heightened its focus on reviewing the adequacy of security measures while closely monitoring action plans and the implementation of new initiatives to further strengthen the Bank’s information security framework.
• The Committee assessed the effectiveness of the business continuity and disaster recovery plans as part of its ongoing risk management process. This evaluation focused on ensuring that the Bank is prepared to respond effectively to any disruptions, whether from operational, technological, or external events, that could impact critical business functions.

The Committee placed greater emphasis on reviewing elevated risk levels in the operating environment arising from macroeconomic volatility. The Committee focused particularly on market risk aspects, assessing the potential impact of fluctuations in market conditions on the Bank’s portfolio.

The committee reviewed the adequacy of risk mitigation measures and evaluated stress testing results in the context of prevailing conditions. Based on its findings, the Committee recommended necessary risk mitigation measures to enhance the bank’s resilience against market fluctuations, ensuring a proactive approach to safeguarding financial stability.

Reporting

The proceedings of the BIRMC meetings are reported to the Board through submission of the meeting minutes. Other specific matters are submitted separately for information of the Board on a monthly basis. The recommendations made by the BIRMC during the year under review were duly approved by the Board.

N Vasantha Kumar
Chairman
Board Integrated Risk Management Committee

19 February 2025