People’s Leasing & Finance PLC

Annual Report 2019/20

Risk management

- Download Center

Overview

In a context where operating environment is volatile and unpredictable, it is imperative that the Company has a well-defined risk management framework to manage risks and optimise the shareholder value by minimising the effects of down-side risks and determining the best trade-off between risk and return.

The nature of the business model of the Company exposes it a myriad of risks. People’s Leasing, as a financial institution and lending being its main business activity, Credit Risk is the dominant risk to which the Company is exposed followed by other risks such as operational, market, liquidity and capital adequacy.

The reporting year was tumultuous and stressful for the country’s economy, mainly due to effects caused by Easter attacks, political uncertainty that arose around Presidential Election in November 2019 and inclement weather conditions. COVID-19 pandemic outbreak that was triggered at the latter part of the reporting year exacerbated the negative impact on the economy.

The NBFI industry too was negatively affected by the economic downturn and resulted in decelerated credit growth. The industry’s asset quality continued to deteriorate due to customer defaults. The regulator increased the capital adequacy requirement that should be maintained by the NBFIs. However, due to COVID-19 pandemic outbreak, the CBSL extended the time line by one year to comply with the enhanced minimum capital adequacy requirements.

Risk event	Impact	Company’s responsive strategies/risk mitigation strategies
Depressed economic growth	Decelerated demand for credit due to unfavourable credit environment.	Cautious on granting credit to assets that are highly vulnerable for economic downturns. Focused on growing low risk products.
Easter sunday attacks	Tourism industry was severely affected and the impact was felt across the economy. Weakened the business confidence.	Having assessed the impact based on detailed analyses, the Company accommodated the debt moratorium for tourism and other affected sectors. Continued to grow business on other safer sectors.
Presidential/parliamentary elections	Political uncertainty negatively affected the general business sentiments.	While endeavouring to achieve budgetary targets, focused on internal cost optimisation.
Cancellation of license of finance companies and unethical financial services providers	Loss of customer confidence. Increase in pre-mature withdrawal of deposits.	Focused on building a strong brand value and stakeholder trust.
Cyber-attacks	Interrupt business activities and loss of confidential data.	Built the awareness and shared knowledge of known attacks among the staff. Invested in systems and processes to counter cybersecurity risks.
Country-wide lockdown due to COVID-19 pandemic	Loss of income and livelihoods for a large segment in the society. Increase in non-performing assets and impairment charges.	Six month debt-moratorium accommodated for customers affected. Formulated a short-term action plan to manage risks, credit and liquidity risks in particular.

Risk management framework

Risk governance

The Board of Directors is the apex body which sets the tone for effective risk management in the Company. The three lines of defence model explains how the parties in the governance structure are differentiated according to their specific roles and responsibilities. Each layer of defence has its own distinct role which provides shield to mitigate the onslaught of risk while foreseeing any emerging risks to devise appropriate strategies.

Role of committees

Board level

Board Integrated Risk Management Committee (BIRMC)	Board Audit Committee (BAC)
Chaired by: Independent, Non-Executive Director	Chaired by: Independent, Non-Executive Director
Members: Two Non-Independent, Non-Executive Directors, CEO/GM, two SDGM – Operations, DGM – Risk and Control Regular invitees include; DGM – Marketing, DGM – Recovery and Administration, DGM – Internal Audit, Representative Officers of People’s Leasing Subsidiary Companies	Members: Three Non-Executive Directors Invitees include; Key Management Personnel, External Auditors
Key function: Reviewing overall risk profile of the Company/Group	Key function: Overseeing financial reporting, internal controls and monitoring auditor independence
Meeting frequency: Quarterly	Meeting frequency: Quarterly
Reporting: Minutes of the BIRMC meeting to the Board	Reporting: Minutes of BAC to the Board
Detailed report is given on pages 124 to 126	Detailed report is given on pages 118 and 119

Management level

Asset and Liability Management Committee (ALCO)	Executive Integrated Risk Management Committee (EIRMC) (formerly Integrated Risk Management Operating Committee)
Chaired by: CEO/GM	Chaired by: DGM – Risk and Control
Members: Two SDGM-Operations, DGM – Risk and Control, DGM – Recoveries and Administration, DGM – Marketing, CM – FD and Savings, CM – Finance, Head of Treasury	Members: Members of Corporate management, CMs – Operations, SM – Operation, Risk owners of functional areas
Key function: Reviewing treasury, asset and liability functions of the Company	Key function: Reviewing credit related risks and operational risks
Meeting frequency: Regular meetings on a monthly basis. However, special meetings are conducted if an urgent need arises	Meeting frequency: Quarterly
Reporting: Minutes of meetings to the Board and a report of meeting highlights on a quarterly basis to the BIRMC	Reporting: Recommendations to the CEO/GM Minutes of meetings to the BIRMC

Risk culture

Building a sound risk culture in an organisation is a continuous process. People’s Leasing is committed to foster a sound risk culture where all employees are aware of risks and making informed risk decisions. The Company’s risk culture encompasses the risk governance structure, risk appetite framework, policy framework, risk management and internal control framework. The Risk and Control Department (RCD) provides appropriate training/awareness to the employees, credit officers in particular to educate them of the risks.

Policy framework

The Board of Directors bears the ultimate responsibility for establishing strong policy framework in the Company. During the reporting year, the Company policies were reviewed and the required amendments thereon in line with the operational environment and regulatory requirements were proposed to the Board for approval. The Board approved these policy amendments for immediate adoption. New policies were also formulated for identified risk areas and adopted the same upon the approval of the Board.

Policies reviewed and updated in 2019/20

Credit policy
Policy on valuation on inspection of immovable properties
Policy on outsourcing of business operations
Property acquisition and disposal policy
People’s Leasing whistleblower policy
Policy for engagement of external auditors to provide
non-audit services
Policy on writing-off of financial accommodations
Treasury policies and procedures
Investment policy on liquid assets
All ict policies including policies on information security, disaster recovery, cybersecurity etc.

New Policies formulated in 2019/20

Dividend Policy
Policy on Post Disbursement review
Pricing Policy

Risk appetite

The Board is responsible for setting the risk appetite for the business and the implementation thereof comes under the purview of the Management. The risk appetite is determined on the level of risk that the Company is willing to accept in reaching for its business objectives and quantifiably expressed through risk tolerance limits.

The performance against risk tolerance limits is monitored through the Risk Dash-board report submitted to the BIRMC on a quarterly basis. The BIRMC is responsible for reviewing the Risk Tolerance Limits at least annually in line with the changes in strategic objectives, operating environment, regulatory requirements and capital plans. In June 2020, the BIRMC reviewed the Risk Tolerance Statement and the Board adopted the same on the recommendation of the BIRMC.

Risk category	Risk indicator	Unit	Maximum risk tolerance limit	Position as at 31 March 2019	Position as at 31 March 2020
Credit risk	Non-performing ratio (gross)	%	< 5	3.91	7.62
	Three months overdue ratio (gross)	%	<10	7.57	20.34
	Profit and loss charge ratio (on profit)	%	<20	28.02	58.61
Credit concentration risk	Single/group borrower limit		As per CBSL	Complied	Complied
	HHI score	Points	<0.40	0.21	0.22
Liquidity risk	Liquid assets ratio	%	>100	108.90	110.59
	Maturity mismatch ratio (up to one year)	%	>-45	-20.04	-21.94
	Facilities granted from stable sources	%	<150	114.96	105.29
	Liquid assets to short-term liability ratio	%	>30	78.19	203.57
	Maximum single depositor concentration	%	<5	4.33	4.20
	Exposure to bulk deposits (over Rs. 50 million)	%	<20	21.89	24.17
Market risk	Interest rate sensitivity	%	<6	0.37	0.29
	Repricing gap ratio (up to three months)	%	>-20	-7.43	4.13
Operational risk	Frauds detected (value as a percentage of operational expenses) – FY 2019/20	%	<0.5	Nil	Nil
	Unsatisfactory audits (as a percentage of total audit reviews) – FY 2019/20	%	<15	Nil	8.70
	Cost to income ratio	%	<50	37.81	36.53
	Staff turnover ratio (Annual)	%	<15	11.15	9.18
Regulatory risk	Capital adequacy ratio
	– Tier I capital ratio	%	>6	14.36	15.12
	– Total capital ratio	%	>12.5	15.20	15.99
	Capital funds ratio	%	>12.5	32.39	28.33
Strategic risk	Return on equity ratio	%	>15	15.88	10.00
	Return on assets ratio	%	>3.5	3.95	2.64
	Net interest margin	%	>7.5	9.70	9.68
	Gearing ratio	Times	<7	4.75	4.38

Managing Principal Risks at People’s Leasing

Credit Risk

Credit risk relates to the financial losses that may arise in the event that the counter-party to a financial transaction fails to discharge his/her obligations. It may lead to suspension of interest recognition on loans granted, classification of loans into non-performing category, impairment charges, loss of principal and interest and write-offs of non-performing facilities and losses arising from disposal of repossessed assets, all adversely impacting profitability of the Company. At People’s Leasing, the credit risk may arise on leases, loans and other lending products such as margin trading, factoring, gold loans etc. which in effect account for over 85% of total assets.

Reflecting the trend experienced across the industry, the Company’s asset quality continued to deteriorate during the reporting year mainly due to its financed assets being vulnerable to the lackluster economic performance of the country. Early in financial year 2019-20, Tourism sector was negatively affected followed by the Easter Sunday Terror Attacks and the Company, in line with the Government instructions, accommodated debt moratorium and other reliefs to tourism and other affected sectors.

During Pre-COVID period, the Company focused on growing lending products which are less vulnerable for economic downturns and products with low credit risks.

The RCD introduced a mechanism of computing credit competency scores on an individual credit officer basis to assign credit authority limits. Credit competency scores were computed based on selected credit quality criteria. With a view to improve the scrutiny level for property-based loans, credit approvals for property based loans were centralised and grantings were done with higher level of scrutiny.

Improving knowledge on credit assessment was one of the top priorities during the period under review. The RCD conducted on-going training for marketing staff to improve their knowledge on credit assessment and evaluation.

RCD conducts Post-Disbursement Review on active facilities on a regular basis. While the Post-Disbursement Review cannot reverse a decision to lend, it may where appropriate, facilitate taking any corrective measures to remedy any defects. Facts revealed from the review are swiftly communicated to respective credit officers involved from low authority to high authority level and a summary report of findings of the reviews is also submitted quarterly to the EIRMC. During the year under review, with a view to standardise the exercise of the Post-Disbursement Review, a Policy was formulated defining objectives, scope, roles and responsibilities and reporting lines etc.

The Company adopted internal Loan-to-Value (LTV) Ratios, below the LTV ratios specified by the CBSL for identified high risk assets and grantings therefor were done selectively and with a higher level of scrutiny.

In February 2020, the Credit Policy of the Company was reviewed and updated to be reflective of the operating environment and regulatory requirements.

COVID-19 pandemic outbreak triggered in the country in mid-March 2020 caused unprecedented changes locally. Non-performing advances were substantially increased only in the month of March 2020. The CBSL issued a direction on six month debt moratorium to provide relief to the customers who are affected from COVID-19 outbreak. To assess the impact due to COVID-19 pandemic outbreak, the Company’s existing lending portfolio
was categorised from low to high impact.

Potential impact	Description
High	Customers expecting a structural shift in the business and undergoing elevated credit risk
Medium	Customers expected to experience prolonged stress more than 1 year
Low	Customers who can bounce back within short term
No impact	Customers not affected by the pandemic

Currently, the Company is in the process of finalising the debt moratorium applications forwarded by the customers. The Company continued to perform its recovery procedures for identified segments of customers who are not affected or least affected from COVID-19 outbreak. The real impact in terms of non-performing advances and impairment is yet to be assessed upon the finalisation of debt moratorium requests.

Credit granting process

Activity	Description	Improvement measures taken in 2019/20
Credit appraisal	Credit proposals are originated at the branch level and evaluated in line with the credit policy and the operational guidelines issued from time to time by the Corporate Management.	RCD conducted credit trainings to enhance knowledge on credit assessments and evaluations.
Credit risk treatment	Cash flows will be considered as the primary source of repayment. As a secondary recourse, collateral in the form of movable property, immovable property, trade debtors or personal guarantees are obtained. Valuations on collateral where applicable are obtained from professional valuers. Second opinions are also obtained wherever possible. Responsible officers of branches are required to carry out inspections on vehicles and properties.	Increased the scrutiny level for property based loans. In respect of property valuation, the CBSL issued a direction revising the eligibility criteria of valuation officers and other requirements. People’s Leasing’s Policy on Valuation of Immovable Properties amended in line with the same and adopted upon the Board Approval.
Credit approval	Credit approvals are in line with the delegated authority. Authority is delegated by the Board to CEO/GM, SDGMs – Operations and selected officers progressively at lower levels of the Company’s credit organisation down to the level of Branch Manager. RCD independently evaluates the Credit proposals forwarded above prescribed limit and provides recommendations thereon to next authority levels.	RCD initiated an exercise of calculating individual credit scores based on the asset quality criteria and Credit Authority limits were aligned thereon.
Credit disbursement	All disbursements of approved facilities are released by the payment unit at Head Office upon the confirmations by the Documentation, RMV and the Supplier Payment Units.	Initiated automation of processes replacing manual activities to improve the operational efficiency.
Credit risk monitoring and review	Credit Risk monitoring is carried out on an on-going basis by the RCD and findings thereof are reported to CEO/GM and EIRMC for their recommendations and action. The RCD reviews the Credit KRIs on a monthly basis and communicates any negative trends identified to the Corporate Management for their immediate attention and action. Quarterly, the RCD submits the Risk Dash-board report that details the status and trends of lending portfolio to the BIRMC for their review and recommendations.	RCD is responsible for coordinating the EIRMC and BIRMC meetings. RCD prepared and forwarded committee papers comprise of detailed risk analyses for those committees’ consideration and deliberation. Commenced monitoring the infectious portfolio based on the facilities granted during last 12 months.

Credit recovery

The Company has a dedicated Recoveries Department headed by a DGM and two centralised units namely special recovery and legal recovery units operating thereunder. The Company’s credit recovery is coupled with a continuous review process at the branch level and Head Office level. Recovery officers at the branches are geared to monitor the collection of rentals and identify post-disbursement recovery issues. Special recovery and legal recovery units at the Head Office further facilitate recovery action for the identified non-performing facilities. Legal action is initiated for non-performing facilities above 6-9 months.

Market risk

Market risk is the potential risk that the value or earnings of a company may decline due to exposure to market driven factors. Under this risk, there are four (04) sub categories affecting the Company’s operations – interest rate risk, commodity price risk, equity investment risk and exchange rate risk which are discussed below:

Market risk category	Description	Risk exposure to the Company
Interest rate risk	This is the volatility in the value of interest rate sensitive products and the susceptibility of the future income and expense levels to the changes in the market interest rates	High
Commodity price risk	Uncertainties of future market values and on the future income due to the fluctuation in the prices of commodities	Low
Equity investment risk	Possible losses arising as a result of volatility and adverse movement in equity prices	Negligible
Foreign exchange risk	Foreign exchange risk relates to the losses from adverse exchange rate movements	Negligible

Interest rate risk

The Company is mainly exposed to Interest Rate Risk as the majority of its assets and liabilities are interest rate sensitive. Treasury and ALCO play key roles in managing interest rate risk. The Treasury regularly monitors the interest rate environment and the movement of key interest rate indices such as the Average Weighted Prime Lending Rate (AWPLR) and rates of Government securities (Treasury Bill Rates) and a comprehensive report thereof is provided to the ALCO to make decisions on deposit rates and lending rates to maintain desired margins.

The ALCO monthly reviews the Interest Re-pricing Gap Analysis prepared based on Interest Sensitive Assets and Interest Sensitive Liabilities into various time buckets according to maturity
(if they are fixed rates) or time remaining to their next re-pricing (if they are floating rates). Sensitivity Analysis is also performed to assess the impact on Net Interest Income for a 1% change in interest rate. During the period under review, the ALCO set limits for each time bucket in Interest Rates Re-pricing Gap Analysis and for Interest Rate Sensitivity Analysis to assess and monitor the risk exposures effectively.

Key market risk indicators such as interest rate sensitivity and re-pricing gap ratios were also reviewed by the BIRMC quarterly against pre-defined risk tolerance levels. Stress testing is performed quarterly to test the impact on the net interest margin and the profits under various stressed scenarios of interest rate movements and the same is reviewed by the BIRMC.

Interest rate repricing analysis is presented on pages 280 and 281.

Stress test on NII on the interest rate shock

Impact on NII	2020		2019
Rs. ’000	Increase	Decrease	Increase	Decrease
1%	(52,577)	52,577	(53,540)	53,540
3%	(105,154)	105,154	(160,619)	160,619
5%	(157,732)	157,732	(267,698)	267,698

Commodity price risk

This risk results from exposures to changes in prices and volatilities of individual commodities. The Company is exposed to commodity price risk due to its gold loan product. A dedicated Gold Loan Unit is established centrally to monitor and coordinate operations of gold loan units in the Branch network. RCD monitors the gold price movements daily and assesses the gold price volatility based on Exponentially Weighted Moving Average (EWMV) method as it places greater weight on recent price changes while diminishing the weight on older price changes. The ALCO monthly reviews the gold price movement, price volatility and product performance.

Equity investment risk

This relates to the losses arising from adverse movements in the value of any equity investment held by the Company as a result of volatility in equity prices. Margin Trading Department of the Company regularly monitors the movement in stock market prices, broader economic conditions and political environment which could potentially have impacts on share prices. ALCO monthly reviews the detailed equity investment report to decide on appropriate action to mitigate risks. Board approved stop loss policy is in place to manage equity investment risk exposure. The ALCO decided the appropriate action on equity that exceeds the stop loss limit. The equity portfolio recorded a market value of Rs. 13.5 million as at the year-end, which is insignificant compared to the size of the Company.

Foreign exchange risk

Foreign exchange risk relates to the losses from adverse exchange rate movements during a period in which it has an open position in a currency. It is the Company’s policy to keep no foreign currency in open position. Accordingly, no foreign currency exposure was held in open position during the reporting year.

Liquidity risk

People's Leasing
Credit reating
A+ (lka) by Fitch Ratings Lanka

Liquidity risk may arise due to insufficient financial resources to meet the Company’s obligations as and when they fall due or will have to do so, at an excessive cost. This risk arises from mismatches in the timing of cash flows. Effective management of liquidity is significant to ensure confidence and smooth operations to generate working capital under any circumstance.

As stipulated by the CBSL direction, the Company is required to maintain liquid assets in respect of fixed deposits, savings deposits, and any unsecured borrowings.

The Treasury Department is tasked with executing day-to-day liquidity management within the parameters set by the ALCO. Deposit base is the dominant source of funds while its growth in turn may increase the level of liquidity risk exposure of the Company. Throughout the reporting year, the Company maintained liquid assets above the regulatory requirement. The Company maintains adequate unutilised facilities to honour all cash outflow commitments as and when they fall due to mitigate the liquidity risk. This ensures the availability of liquidity to meet the Company’s obligations and act as a buffer to support any deficiency in liquidity.

The Treasury reports to the ALCO on the management of liquid assets, cash flow forecasts, borrowing maturity analysis for information of the Committee. ALCO monthly reviews liquidity risk indicators such as maturity mismatch analysis, liquid asset ratio and capital adequacy ratios at its meetings. During the reporting year, the ALCO set limits for each time bucket in the maturity analysis to review them effectively at monthly meetings.

Maturity Analysis is presented on page 275.

ALCO also emphasised the requirement of focusing on stable sources of funding in managing the liquidity risk. The Committee further recommended to look for foreign term loans as an alternative source of funding. The ALCO also reports to the Board and recommends appropriate action it deems necessary to limit or mitigate and to manage such risks.

Stress testing is performed and results thereof are reported to the BIRMC on a quarterly basis. During the reporting year, Treasury Department reviewed the existing approved policies on liquidity risk management.

Due to COVID-19 outbreak, the CBSL relaxed regulatory requirement of maintaining liquid assets for LFCs with a view to ease possible stress due to sudden withdrawal of cash by depositors and delay of repayment of loan rentals. Accordingly, liquid asset requirement on time deposits, saving deposits, and unsecured borrowings were reduced to 6%, 10% and 5% respectively. The Company is currently maintaining comfortable level of liquid assets while ensuring it has instant access to funding lines if the need arises.

* Liquid asset ratio: liquid assets available/liquid assets required as per CBSL Direction.

Liquid assets stress test

Immediate withdrawal of deposits

Scenario	1 %	2 %	3 %
Magnitude of shock	10	15	20
Liquid asset ratio*	31.63	(13.64)	(63.54)
Liquid asset ratio* – after adjusting for contingent funds	194.81	157.51	116.38

* Liquid asset ratio: liquid assets available/liquid assets required as per CBSL Direction.

Capital adequacy

In 2018, the CBSL introduced a new capital adequacy framework for the LFCs. The framework requires risk weighted assets to be calculated for credit risk and operational risk based on the Standardised Approach and Basic Indicator Approach respectively, as stipulated by the Basel Committee on Banking Supervision.

Minimum regulatory requirements

Component of capital	01.07.2018	01.07.2019	01.07.2020	01.07.2021
Tier I capital	6.00%	7.00%	8.00%	10.00%
Total capital	10.00%	11.00%	12.00%	14.00%

ALCO reviewed the forecasted capital adequacy requirement for the next three financial years to check the Company’s compliance status to enhanced regulatory requirements. The Company is in a comfortable position and forecasted ratios are above the minimum regulatory requirement. This is monthly reviewed by the ALCO at its meetings.

The Company’s Scrip Dividend issue in July 2019 resulted in increasing the capital of the Company. The Company comfortably maintained its capital adequacy above the regulatory requirement throughout the year.

Considering the COVID-19 situation and its effects, the CBSL decided to relax measures on minimum capital adequacy requirements for LFCs. Accordingly, capital enhancement requirement due on 1 July 2020 and 1 July 2021 will be deferred for a further period of one year until 1 July 2021 and 1 July 2022 respectively.

Also, the CBSL provided one year extension to comply with minimum core capital requirements. Accordingly, time line of 1 January 2020 and 1 January 2021 already set for the enhancement of capital up to Rs. 2 billion and Rs. 2.5 billion will be extended until 31 December 2020 and
31 December 2021, respectively. However, this requirement will not have any implications on People’s Leasing, as the Company’s Capital is well above this.

Operational risk

Operational risk arises due to inadequate and inappropriate internal processes, systems and people or from external events. It is inherent in all business activities and the Company’s objective is to manage risks in a cost-effective manner. For the effective identification and management of risk, the sub categories of operational risk have been identified such as fraud risk, ICT-related risk and HR-related risk which have been described in detail below:

The Company manages operational risk through clearly established policies and procedures, regular risk assessments and control actions. Tools such as Key Risk Indicators (KRIs) and audit findings are used to identify and assess operational risks.

The Company’s operational risk mitigation arrangements include fostering a strong internal control framework, information and system security, insurance coverage, procedures relating to outsourcing of business activities, a comprehensive Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), creating risk awareness culture, operational risk monitoring and reporting.

Internal control framework

The Company has established robust controls with well-defined segregation of duties, policies, and procedures. These internal controls include both manual and application controls and ensure adherence to laid down procedures ensuring segregation of duties. Authority levels have been established to ensure the escalation of operational issues to the higher levels. Authority and approval limits are implemented for all functions of the Company including for payment approval and thus, making employees accountable for their actions. All key functions are subject to the scrutiny of another suitably skilled and authorised employee. The Internal Auditors conduct audits on a regular basis in the areas which are susceptible to the occurrence of fraud.

Information
system security

The Company maintains a well-established IT risk management framework. Comprehensive IT policies for identified risks have been formulated and are updated annually. The Company maintains its IT processes in compliance with the standard ISO 27001:2013 and certification thereof is renewed every 3 years after an audit. A separate Vulnerability Assessment and Penetration Test (VAPT) is also conducted annually in compliance with ISO/IEC 27001:2013 to safeguard against any malicious threat of gaining access to the Company’s computer system and identified any lapses are rectified based on the findings thereof.

Disaster recovery site and other facilities are maintained in compliance with said standards and an audit thereon is carried out by the External Auditors (DNV). Disaster recovery replication is tested twice a day (8.00am – 8.30am) and (3.00pm – 3.30pm) once in every two days.

ICT Department regularly monitors the data link connection and in case of a breakdown, the same is promptly reported to the telecommunication service provider to take appropriate action. IT risk events such as system failures, cyber-attacks, data link breakdowns, status of DR site replication of live data bases are reported to the BIRMC quarterly for their review.

Human resource-related risks

The Company ensures it attracts, develops, and retains employees with capabilities and commitment that are required in achieving strategic objectives by rewarding and recognising. The training needs are duly identified and focused training is conducted to create awareness, including high standards of ethics and integrity. All staff members are free to meet their senior managers at any time, in discussing their work-related matters or address their grievances.

The Management takes appropriate measures to rotate staff in an attempt to discourage malpractices. If and when frauds are detected, immediate remedial disciplinary action is taken with zero tolerance standpoint. Employees are encouraged to report on their concerns regarding fraud and mis-conduct through the whistleblower link which is also included in the People’s Leasing intranet whilst the anonymity of the whistleblower is strictly maintained.

People’s Leasing has identified the importance of health and safety concerns of employees as a part of employee-related operational risk. The Company has established required safety measures to minimise work-related injuries. In continuing the Company’s operations as an essential service during the period of lockdown due to COVID-19 outbreak, work from home arrangements were facilitated wherever possible considering the safety of staff members. Through emails and People’s Leasing intranet, staff members were made aware of the safety measures that should be adhered by them in line with the instructions given by the Health Authorities. Safety measures recommended by the Health Authorities were implemented at the work premises to ensure the safety of staff.

Insurance arrangements

People’s Leasing has comprehensive insurance policies to cover risks on property, furniture, and fittings, fixed assets, money, electronic equipment etc. These polices have been timely renewed and are in active status.

Outsourcing

The Company has formulated a detailed policy on outsourcing of business operations in compliance with the directions issued by the CBSL. This policy mainly sets out the identified services for outsourcing, services that cannot be outsourced, selection procedure of outsourcing service providers and roles and responsibilities etc. According to this Policy, any outsourcing arrangement should be approved by the Board. The Compliance Department annually informs the list of outsourcing arrangements to the CBSL.

Business continuity planning

People’s Leasing has a Business Continuity Plan (BCP) developed in consultation with Messrs Somaratna Consultants (Pvt) Ltd. (SCL) in compliance with the professional practices prescribed by the Disaster Recovery Institute International of USA one of the apex organisations in the world on the subject.

BCP includes a set of plans which is required to establish the correct preparedness for a disaster situation and sets out the BCP Management Team (BCPM Team) and their distinct roles and responsibilities.

The BCPM Team consists of members of corporate management, senior managers and BCP coordinators. The team met in early March 2020 prior to lockdown in the country to discuss and decide on the Company-wide preparedness based on scenarios of lockdown due to possible outbreak of COVID-19. The existing BCP was useful to formulate operational plans for the possible scenarios of COVID-19 pandemic outbreak. Main areas of concerns at this meeting were; prioritising the processes, products, and services, work from home arrangements, safety arrangements at work premises and crisis communication.

Review of operational risk

Status of key operational risk indicators is reported quarterly to the BIRMC to review them against risk tolerance limits. Adequacy of internal controls is evaluated through the reviews carried out by the Internal Audit at the Branches and Head Office Departments. Based on the audit reports, RCD identifies operational risk events and a summary report prepared thereon is quarterly submitted to the EIRMC for deliberations and decisions on necessary action.

Compliance and regulatory risks

Compliance risk may arise due to the failure to abide by any laws or regulatory requirements applicable to the Company. The Company’s compliance with internal controls and approved policies in all areas of business operations is regularly monitored by the Compliance Officer and the confirmations on compliance status are obtained from the respective Departments on a quarterly basis. The Compliance Officer regularly assesses the Company’s compliance with laws, regulations, new directions issued, rules and regulatory guidelines applicable for the Company
and the status thereof is reported to the BIRMC quarterly for its review.

The Compliance Officer reviews the changes in regulations and takes necessary action to ensure that the Company is in compliance with the regulatory requirements. A sound regulatory monitoring mechanism is adopted to monitor reporting and compliance with all mandatory reporting requirements, with the intention of establishing a fully-compliant corporate governance and risk mitigating culture. Providing third line of defence, Internal Audit carries out compliance audit annually and the report thereof is submitted to the Board Audit Committee.

The detailed report on compliance function is given on pages 75 to 76.

Legal risk

Legal risk can be defined as the risk of loss due to non-enforceability of contracts or documents due to inaccurately drafted contracts, the absence of written agreements or inadequate agreements. Legal risk is managed by the Legal Department of the Company ensuring that applicable regulations are fully taken into consideration in all relations and contracts with customers. The Legal Department consists of experienced lawyers with the capability of handling legal issues, matters with regard to collateral documentation and execution etc. Required third party consultations are also obtained, whenever required, in order to mitigate any legal risk exposure.

Strategic risk

Strategic risk arises from adverse business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment. People’s Leasing believes that the right strategy selection together with effective execution is a prerequisite in achieving strategic objectives.

Strategic Planning Session is conducted annually to devise strategies to achieve strategic objectives and budgets and action plans decided thereat are documented in the three-year strategic plan and adopted upon the approval of Board of Directors.

The achievement of budgets and action plans is reviewed by the Board at their meetings with management updates thereon. Further, the effectiveness and performance of subsidiaries are also assessed in order to mitigate the strategic risk of diversification.

Reputational risk

Reputational risk is an event or incident that could adversely impact on earnings, assets, and liabilities and brand value. The Company understands risk interdependency as the reputational risk is also driven by a wide range of other risks such as credit, market, and operational risk etc.

Scope for reputational risk has widened with the usage of social media. Reputational risk of the Company is broadly managed through effective management of key risks such as credit, market, and operational risks etc.

As part of the corporate governance process, communication policies, code of conduct, and ethics are also in place and it is expected to be followed by all employees without exception.

The Company also effectively involves in promoting Corporate Social Responsibility (CSR) activities as part of corporate strategy. Ethical business practices and commitment to the local community and the environment are part-and-parcel of the operations. The Company also maintains its media presence including social media platforms to improve its brand visibility through ongoing promotional activities.

The Company has adopted a customer complaints and grievances handling policy and procedures. The central marketing unit at Head Office monitors the customer complaints on a regular basis.

Group risk

Group risk relates to the loss (financial or non-financial) incurred by People’s Leasing through its six subsidiaries. The BIRMC reviews the Group Risk through risk dash-board reports and Risk Indicator reports of subsidiaries. The representatives from each of the subsidiary companies participate at the BIRMC meetings which are held on a quarterly basis.

Company	Relationship	Business operations	Reports submitted to BIRMC	Reporting interval
People’s Insurance PLC (PI)	Subsidiary	Non-life (general) insurance business	Risk Dash-board report and comparison report	Quarterly
People’s Leasing Fleet Management Limited (PLFML)	Wholly-owned subsidiary	Operating leases, Valuation services, Vehicle service facilities, Rent-a-Car unit, Fleet Management unit	Risk Dash-board Report with quarterly comparisons	Quarterly
People’s Micro-commerce Ltd. (PML)	Wholly-owned subsidiary	Providing microfinance facilities to the under privileged, rural and urban population and providing hire purchase facilities	Risk Dash-board report and comparison report	Quarterly
People’s Leasing Property Development Limited (PLPDL)	Wholly-owned subsidiary	Property development	Risk Indicator Report with quarterly comparisons	Quarterly
People’s Leasing Havelock Properties Limited (PLHPL)	Wholly-owned subsidiary	Property development	Risk Indicator Report with quarterly comparisons	Quarterly
Lankan Alliance Finance Limited (LAFL)	Subsidiary	Finance Business in Bangladesh	Risk Dash-board Report and comparison report	Quarterly

Major risk categories

Subsidiary	Credit	Concentration	Market	Liquidity	Operational	Compliance	Strategic	Underwriting
PI
PLFML								–
PML								–
PLPDL								–
PLHPL								–
LAFL								–

Risk profile of each subsidiary is different as they are operating in different industries with different business models. Therefore, risks should be assessed and mitigated separately. People’s Insurance People’s Leasing is the largest subsidiary by size which is regulated by the Insurance Regulatory Commission of Sri Lanka.

CEO of People’s Leasing represents People’s Leasing in the Boards of all subsidiary companies. This ensures full and sufficient knowledge of subsidiaries’ operations and risk profiles. All inter-company transactions are carried out at arms-length. People’s Leasing is the holding company and accounts for the largest balance sheet. i.e. over 90% of the total assets and liabilities of the Group.

People’s Leasing ensures its awareness on changes in the business environment in finance, insurance, microfinance, and property development industries in mitigating the Group risk.