The financial year 2020-21 will be recorded as one of the most challenging periods in the history of Sri Lanka and the entire world, due to the sudden emergence of the global Corona Virus pandemic. While exerting unparalleled pressure on all economic and financial systems, the Covid-19 pandemic also presented a unique opportunity to test the effectiveness and responsiveness of the prevalent risk management systems of the country’s banking sector. In this regard, it is encouraging to note that SDB bank’s risk management system has proved its resilience and flexibility by remaining a reliable and resilient mechanism in responding to the dynamic macro risk environment of 2020.

SDB bank has adopted an integrated approach to risk management based on policy frameworks approved by the Board of Directors, governance structures and tools and techniques to identify, measure, mitigate and manage all risk exposures. The Board of Directors has
the ultimate responsibility to provide oversight on managing risk. It formulates policy and sets the risk parameters. The Board Integrated Risk Management Committee (BIRMC) assists the Board of Directors in this regard.

The responsibility for implementing the risk management framework lies with the Executive Integrated Risk Management Committee (EIRMC) who reviews the Bank’s credit, market, liquidity and operational risk indicators as well as its internal capital adequacy levels. The Chief Risk Officer has a triple reporting responsibility to the EIRMC, the Operational Risk Management Committee and the BIRMC.

Approach to risk management

Having recognised the importance of risk management to the effective running of the Bank, the Board of Directors has approved a risk management policy that is designed to help identify, measure, manage and report all material risks. Relevant procedures have been built around these policies which are communicated throughout the Bank to assist business units in the discharge of their duties and in dealing with customers. The Bank adopts the internationally recognised Three Lines of Defence governance model where transparency and accountability are practised through clear segregation of duties.

The First Line of Defence (functions that own and manage risks) comprising finance and other support functions, is involved in identifying, managing, and reporting of risks at all levels. The intention is to manage specific risks at the source as effectively as possible.

The Second Line of Defence (functions that oversee risk and compliance) is the centralised oversight of the First Line of Defence by the risk management and compliance.

The Third Line of Defence (independent assurance) comprises internal and external audits that provide unaffiliated opinions on the strength and effectiveness of controls.

In order to embed a risk awareness culture across the organisation, ongoing training programmes are conducted and various communiques are issued continuously. During the year, several training programmes were conducted to strengthen the operational risk reporting and data capture. Risk consciousness is an integral part of the Bank’s induction programmes and consists of several mandatory training modules for all employees. In addition, a risk reporting process at multiple levels in the organisation, lends weight to its importance in the functions of the Bank.

Risk appetite

The risk appetite of the Bank is articulated through a clear set of indicators, with limits and triggers, relating to the key risks the Bank is exposed to. This set of guidelines is reviewed and updated regularly by the Board of Directors in keeping with the strategic objectives and the corporate plan for the year.

The following are the Bank’s key risk appetite indicators, along with actual performance results for the year.

Risk reporting

An integral part of risk management is regular reporting of those factors relating to the exposures that have been identified. These reports are sent to the Board of Directors, the relevant department heads, Operational Risk Management Committee and the EIRMC by the Chief Risk Officer

Stress testing

The Bank conducts regular stress testing to identify potential impacts that fluctuations in market variables and other risk factors could have on the Bank’s risk profile. Stresses in the Bank’s credit, market, liquidity, are evaluated with reference to capital and earnings positions. The Board Integrated Risk Management Committee (BIRMC) conducts regular reviews of the stress testing outcomes, including the major assumptions that underpin them. The following table shows examples of stress factors that need to be tested to determine their impact on the capital adequacy ratio (CAR), net interest margin (NIM) and profitability.

External drivers of risk

While risk exposures shown above are to a great degree controllable by the Bank, there are external factors, the outcomes of which, the Bank is unable to influence. Given the environment in which a bank operates, economic conditions in the country, government policy, regulatory changes and climate change are some of those aspects which can have an effect on the Bank’s profitability and ability to comply with laws and regulations.

During the year under review, the following external drivers had an impact on the Bank’s overall risk profile.

Macroeconomic conditions

Sri Lanka experienced the largest economic contraction of -16.3%, in the second quarter of 2020, due to the full effect of the COVID-19 containments measures in March-April 2020. A second wave of COVID outbreak in the last quarter of 2020 again derailed economic recovery. Despite interventions by the Central Bank of Sri Lanka (CBSL) and the Government stimulus programmes the CBSL estimates the Sri Lankan economy to have contracted by 3.9% in 2020.

Political environment

The instability of the political environment of 2019 stemming from Presidential elections, was almost entirely corrected in 2020. However, the country could not benefit from this more stable political environment due to the country-wide disruption of economic activities following the COVID-19 pandemic.

Climate change

Sri Lanka was ranked sixth on 2020 Global Climate Risk Index, from number two in 2019. Despite the slight improvement in the ranking the Bank is aware of the high risk of doing business in vulnerable industries and has taken the necessary precautions where needed.

Credit risk

The Bank’s underlying business model requires the extension of credit to individuals and businesses to enable them to fund their occupations and other personal needs. Credit risk relates to the potential losses that can arise when customers are unable to discharge their obligations for the repayment of loans and advances taken by them.

SDB bank has in place the Board Credit Committee which is charged with the responsibility of implementing the Bank’s credit risk management framework. A Board approved Credit Risk Management policy outlines the responsibilities, tools and techniques for credit risk identification, measurement, mitigation and management. Key aspects, amongst others, of the Bank’s credit policy include pre-credit sanctioning criteria, delegated approval authority, due diligence, collateral management and post-credit monitoring. The framework is reviewed and updated regularly based on evolving best practices as well as emerging risks and opportunities.

Concentration risk

Concentration risk is the potential for a loss in value of the loan portfolio when an individual or group of exposures move together in an unfavourable direction. The implication of concentration risk is that it can generate such a significant loss when recovery is unlikely. The exposures can be geographical or sector wise. The goal of credit risk management is to maximise a bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters

Market risk

Market risk refers to the risk of losses in the Bank’s trading book due to changes in equity prices, interest rates, credit spreads, foreign-exchange rates, commodity prices, and other indicators whose values are set in a public market.

How SDB bank manages market risk

The Bank’s main market risk exposure relates to interest rate changes in the trading portfolio of Government securities. The Bank has set limits for trading book exposures and is marked to market daily and measured against the set limits.

Interest Rate Risk in the Banking Book (IRRBB)

Fluctuations in interest rates affect the yields on the lending book for facilities on floating rates, cost of funds, and consequently the Bank’s profitability. The Assets and Liabilities Management Committee (ALCO) is responsible for monitoring the Bank’s IRRBB exposure. It reviews the impact of interest rate risk on the banking book as well as net interest margin, funding mismatches and the cumulative rate sensitive gap.
The Committee also undertakes stress tests on the net interest margin (NIM) and the equity, under different interest rate scenarios.

A comprehensive set of policies is in place to govern all aspects of market risk. These policies are reviewed and updated regularly in view of emerging market risks.

Equity risk

Equity risk relates to potential losses in earnings resulting from adverse fluctuations of the share prices.

Liquidity risk

Liquidity risk relates to the possibility that the Bank will be unable to meet its financial obligations by settling them in cash or being able to convert a security or hard asset to cash without a loss of capital and/or income in the process. The ALCO is responsible for managing the Bank’s liquidity risk. The Committee regularly reviews the Bank’s cash flow positions, projections, funding capabilities and pricing decisions to ensure internal targets and regulatory liquidity requirements are met.

Liquidity risk performance in 2020

During the year, the Bank maintained its liquidity ratios well within the internal limits and above regulatory minimums specified by the Central Bank of Sri Lanka (CBSL). An analysis of the funding profile of the Bank, shows that the deposits are distributed amongst a range of customers and other sources where a few do not control a large percentage of the total.

The Bank also has in place a Contingency Plan to bridge any unexpected liquidity shortfalls. In the event of liquidity stress, Treasury is able to borrow 80% against Treasury Securities as repo borrowings through Bank approved primary dealers.

Operational risk

Operational risk is the potential loss resulting from inadequate or failed internal processes, people and systems or from external events. The Operational Risk Management Unit (ORMU) is responsible for administering the evaluation, to defined operational risk parameters, of all key business units on their exposure. This is a mechanism that enables business units to identify and assess their own risks and introduce measures to improve risk control. The Bank also maintains an Operational Risk Loss Data Base in line with Basel guidelines. Processes are also in place to capture all operational loss events which are then categorised in accordance with the guidelines.

Legal risk

“Legal risk is the risk of financial or reputational loss that can result from lack of awareness or misunderstanding of, ambiguity in, or reckless indifference to, the way law and regulation apply to your business, its relationships, processes, products and services.” – Whalley, M. 2016.

All legal documents executed on behalf of the Bank are vetted by the Legal Department of the Bank. Services of external lawyers are obtained whenever required. Internal processes described in previous sections, relating to compliance with regulatory provisions, are in place to mitigate potential losses and harm to the Organisation.

Strategic risk

Strategic risk relates to the possibility that the strategic direction the Bank is taking does not lead to the desired outcome or results in losses. This may be due to external or internal factors which are responded to inadequately or ineffectively. SDB bank in formulating its medium-term strategic plan has put in place performance indicators and set milestones in terms of achieving the required outcomes. The Board of Directors plays an active role through adopting relevant policies, monitoring progress through a number of reporting formats and helping the Bank maintain its focus on the end goals.

Capital management

The Internal Capital Adequacy Assessment Process (ICAAP) which complies with Basel requirements, outlines the process for assessing overall capital adequacy in relation to the Bank’s risk profile. The implementation of this framework ensures that the Bank possesses sufficient capital to cover its material risk exposures.