SANASA Development Bank has adopted an integrated approach to risk management based on policy frameworks approved by the Board of Directors, governance structures and tools and techniques to identify, measure, mitigate and manage all risk exposures.
The Board of Directors has the ultimate responsibility to manage risk. It formulates policy and sets the risk parameters. The Board Integrated Risk Management Committee (BIRMC) assists the Board of Directors in this regard.
The responsibility for implementing the risk management framework lies with the Executive Integrated Risk Management Committee (EIRMC) who reviews the Bank’s credit, market, liquidity and operational risk indicators as well as its internal capital adequacy levels.
The Chief Risk Officer has a triple reporting responsibility to the EIRMC, the Operational Risk Management Committee and the BIRMC.
Having recognised the importance of risk management to the effective running of the Bank, the Board of Directors has developed a risk management policy that is designed to help identify, measure, manage and report all material risks.
Relevant procedures have been built around these policies which are communicated throughout the Bank to assist business units in the discharge of their duties and in dealing with customers.
The Bank adopts the internationally recognised Three Lines of Defence governance model where transparency and accountability are practised through clear segregation of duties.
The First Line of Defence (functions that own and manage risks) consists of identifying, managing, and reporting of risks at all levels. The intention is to manage specific risks at the source as effectively as possible.
The Second Line of Defence (functions that oversee risk) is the centralised oversight of the First Line of Defence by the risk management, compliance, finance and other support functions.
The Third Line of Defence (independent assurance) comprises internal and external audits that provide unaffiliated opinions on the strength and effectiveness of controls.
In order to embed a risk awareness culture across the organisation, ongoing training programmes are conducted and various communiques are issued continuously. During the year several training programmes were conducted to strengthen the operational risk reporting and data capture. Risk consciousness is an integral part of the Bank’s induction programmes and consists of several mandatory training modules for all employees. In addition, a risk reporting process at multiple levels in the organisation, lends weight to its importance in the functions of the Bank.
The risk appetite of the Bank is articulated through a clear set of indicators, with limits and triggers, relating to the key risks the Bank is exposed to. This set of guidelines is reviewed and updated regularly by the Board of Directors in keeping with the strategic objectives and the corporate plan for the year.
The following are the Bank’s key risk appetite indicators, along with actual performance results for the year.
Key Risk Indicators | As at 31 December % |
Internal Limit |
Credit risk | ||
Gross non-performing loans ratio | 4.4 | <4.0 |
Top twenty exposures/ Total loans | 4.1 | <10.0 |
Market risk | ||
Earnings at risk ratio | -1.8 | (+/-) 15.0 |
Economic value of equity ratio | -1.1 | (+/-) 2.0 |
Liquidity | ||
SLAR | 21.7 | >20.0 |
LCR | 123.8 | >100.0 |
An integral part of risk management is regular reporting of those factors relating to the exposures that have been identified. These reports are sent to the Board of Directors, the relevant department heads, Operational Risk Management Committee and the EIRMC by the Chief Risk Officer.
Risk exposure | Risk reports |
Credit risk | Number of NPL value by sector, geography and product relative to the provision coverage |
Market risk | Impact of rate shifts on the Bank’s economic value of equity and the earnings Trading book value and return against limits |
Liquidity risk | Liquidity allocation Cash flow forecasts Analysis of regulatory and internal cash flow maturities Stressed cash flow analysis |
Operational risk | Summary of operational loss events by business unit |
Strategic and reputational risk | Key budgetary ratios Scorecard based questionnaires to assess reputation risk across the Bank |
The Bank conducts regular stress testing to identify potential impacts that fluctuations in market variables and other risk factors could have on the Bank’s risk profile. Stresses in the Bank’s credit, market, liquidity, are evaluated with reference to capital and earnings positions.
The Board Integrated Risk Management Committee (BIRMC) conducts regular reviews of the stress testing outcomes, including the major assumptions that underpin them.
The following table shows examples of stress factors that need to be tested to determine their impact on the capital adequacy ratio (CAR), net interest margin (NIM) and profitability.
Credit risk | Concentration risk | Interest rate risk | Liquidity risk | |
Stress scenario | Increase in NPL ratio Shifts in NPL categories |
Increase in HHI (Herfindahl-Hirschman index) values across lending counterparties and sector | Movement in interest rates | Liquidity stress scenarios |
While risk exposures shown above are to a great degree controllable by the Bank, there are external factors, the outcomes of which, the Bank is unable to influence. Given the environment in which a bank operates, economic conditions in the country, government policy, regulatory changes and climate change are some of those aspects which can have an effect on the Bank’s profitability and ability to comply with laws and regulations.
During the year under review, the following external drivers had an impact on the Bank’s overall risk profile.
The Bank’s underlying business model requires the extension of credit to individuals and businesses to enable them to fund their occupations and other personal needs. Credit risk relates to the potential losses that can arise when customers are unable to discharge their obligations for the repayment of loans and advances taken by them.
SDB bank has in place the Board Credit Committee which is charged with the responsibility of implementing the Bank’s credit risk management framework. A Board approved Credit Risk Management policy outlines the responsibilities, tools and techniques for credit risk identification, measurement, mitigation and management. Key aspects, amongst others, of the Bank’s credit policy include pre-credit sanctioning criteria, delegated approval authority, due diligence, collateral management and post-credit monitoring. The framework is reviewed and updated regularly based on evolving best practices as well as emerging risks and opportunities.
Concentration risk is the potential for a loss in value of the loan portfolio when an individual or group of exposures move together in an unfavourable direction. The implication of concentration risk is that it can generate such a significant loss when recovery is unlikely. The exposures can be geographical or sector wise. The goal of credit risk management is to maximise a bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters.
Market risk refers to the risk of losses in the Bank’s trading book due to changes in equity prices, interest rates, credit spreads, foreign-exchange rates, commodity prices, and other indicators whose values are set in a public market.
The Bank’s main market risk exposure relates to interest rate risk. Fluctuations in interest rates affect the cost of funds and consequently the Bank’s profitability.
The Assets and Liabilities Committee (ALCO) is responsible for monitoring the Bank’s market risk exposure. It reviews the impact of interest rate risk on the banking book as well as net interest margin, funding mismatches and the cumulative rate sensitive gap. The Committee also undertakes stress tests on the net interest margin (NIM) and the equity, under different interest rate scenarios.
A comprehensive set of policies is in place to govern all aspects of market risk. These policies are reviewed and updated regularly in view of emerging market risks.
Equity risk relates to potential losses in earnings resulting from adverse fluctuations of the share prices. SDB bank did not have any investments in shares and consequently this does not pose a risk.
Liquidity risk relates to the possibility that the Bank will be unable to meet its financial obligations by settling them in cash or being able to convert a security or hard asset to cash without a loss of capital and/or income in the process.
The ALCO is responsible for managing the Bank’s liquidity risk. The Committee regularly reviews the Bank’s cash flow positions, projections, funding capabilities and pricing decisions to ensure internal targets and regulatory liquidity requirements are met.
During the year, the Bank maintained its liquidity ratios well within the internal limits and above regulatory minimums specified by the Central Bank of Sri Lanka (CBSL).
An analysis of the funding profile of the Bank, shows that the deposits are distributed amongst a range of customers and other sources where a few do not control a large percentage of the total.
The Bank also has in place a Contingency Plan to bridge any unexpected liquidity shortfalls. In the event of liquidity stress, Treasury is able to borrow 80% against Treasury Securities as repo borrowings through Bank approved primary dealers.
Operational risk is the potential loss resulting from inadequate or failed internal processes, people and systems or from external events.
The Operational Risk Management Unit (ORMU) is responsible for administering the evaluation, to defined operational risk parameters, of all key business units on their exposure. This is a mechanism that enables business units to identify and assess their own risks and introduce measures to improve risk control. The Bank also maintains an Operational Risk Loss Data Base in line with Basel guidelines. Processes are also in place to capture all operational loss events which are then categorised in accordance with the guidelines.
“Legal risk is the risk of financial or reputational loss that can result from lack of awareness or misunderstanding of, ambiguity in, or reckless indifference to, the way law and regulation apply to your business, its relationships, processes, products and services.” – Whalley, M. 2016.
All legal documents executed on behalf of the Bank are vetted by the Legal Department of the Bank. Services of external lawyers are obtained whenever required. Internal processes described in previous sections, relating to compliance with regulatory provisions, are in place to mitigate potential losses and harm to the Organisation.
Strategic risk relates to the possibility that the strategic direction the Bank is taking does not lead to the desired outcome or results in losses. This may be due to external or internal factors which are responded to inadequately or ineffectively.
SDB bank in formulating its medium-term strategic plan has put in place performance indicators and set milestones in terms of achieving the required outcomes. The Board of Directors plays an active role through adopting relevant policies, monitoring progress through a number of reporting formats and helping the Bank maintain its focus on the end goals.
The Internal Capital Adequacy Assessment Process (ICAAP) which complies with Basel requirements, outlines the process for assessing overall capital adequacy in relation to the Bank’s risk profile. The implementation of this framework ensures that the Bank possesses sufficient capital to cover its material risk exposures.
Regulatory requirement % |
2019 % |
|
Tier 1 | 8.50 | 9.43 |
Total Capital | 12.50 | 14.80 |