ABC ISLAMIC BANK

RISK MANAGEMENT POLICY MANUAL

TABLE OF CONTENTS

S. No. Title Page

No.

Section I
INTRODUCTION

1. Purpose 5
2. Responsibility for implementation 5
3. Custody and access 5
4. Maintenance and updation 6

Section II
RISK MANAGEMENT

1. Risk 7
2. Definitions of risk categories 7
3. Risk management process 10

Section III
BANK-WIDE RISK MANAGEMENT FRAMEWORK

1. Bank-wide Risk Management Framework 13

2. Risk recognition and assessment 14

Section IV
BANK-WIDE STRATEGY

1. Bank-wide Strategy 15
2. Review of business plans by the Risk Management Group 17

Section V
RISK MANAGEMENT STRUCTURE

1. Risk management structure 18

S. No. Title Page
No.

Section VI
RISK MANAGEMENT POLICIES FOR CREDIT OPERATIONS

1. Introduction 24
2. Credit strategy 24
3. Credit risk committee 25
4. Risk appetite for credit operations 26
5. Risk limits 26
6. Internal risk rating framework 27
7. Monitoring of risk in credit operations 29
8. Risk management information systems 31

Section VII
RISK MANAGEMENT POLICIES FOR TREASURY OPERATIONS

1. Introduction 33
2. Strategy for treasury operations 33
3. Asset and liability committee 34
4. Risk appetite for treasury operations 34
5. Eligible instruments and risk limits 34
6. Foreign exchange operations 36
7. Money market operations 38
8. Tolerance limits 39
9. Risk management controls by the middle office 40
10. Risk management information system 42

Section VIII
GENERAL POLICIES FOR OPERATIONAL RISK MANAGEMENT

1. Introduction 48
2. Broad categories of operational risk 48
S. No. Title Page
No.
3. Operational risk inventory 49
4. Operational loss database 51
5. Risk management information systems 53
6. Contingency planning 54

Section IX
COUNTRY RISK

1. Country risk 56

Section X
DEFINITIONS OF KEY TERMINOLOGIES

1. Definitions of key terminologies 57

1. PURPOSE

1.1 “Banking is about managing risk and return”, a simple statement, the achievement of which continues
to present a major challenge to all the banking institutions. Success in the banking business is thus
dependent on how well an institution manages its risks. The main goal is not to eliminate risk, but rather
to be proactive in assessing and managing risks to an organisation’s strategic advantage.

1.2 As ABC Islamic Bank (the Bank) embarks on a plan for business diversification and growth amidst
increasing competitiveness in the banking industry, the importance of effective risk management in the
Bank is more than ever before. To this end, the Bank should have a comprehensive Risk Management
Framework comprising of an effective risk management strategy, risk management structure and a policy
framework for an appropriate risk management process and infrastructure.

1.3 The purpose of this manual is to assist the Bank’s Board of Directors (here-in-after referred to as the
Board) and its senior management in formalising and improving the risk management environment and
in implementing a Bank-wide Risk Management Framework by describing the risk management
policies. These policies cover, in general, the organisation and scope of risk management function and, in
particular, the functions of the Risk Management Group and the relevant committees of the Board and
senior management.

1.4 Hence, this manual is meant to provide strategic guidelines for the risk management process in the Bank
and, accordingly, the policies contained in this manual shall be strictly complied with while carrying out
risk assessments and establishing the related risk limits, target returns and permissible activities.

2. RESPONSIBILITY FOR IMPLEMENTATION

2.1 The Board or the Risk Management Committee authorised by the Board in this regard shall have the
overall responsibility for implementation of this manual. The risk management policies contained in this
manual are to be followed by all the relevant officials and committees and the Board as identified herein.

2.2 In case of any position given in the manual becoming vacant, authorities associated with the relevant
position shall automatically escalate to the next higher authority in line, unless a temporary authority has
been granted and authorised by the competent authority in this respect.

3. CUSTODY AND ACCESS

3.1 This manual shall remain in the permanent custody of all members of the Board, Risk Management
Committee and the Management Committee.

3.2 Copies of the manual must not be provided to any external party without the prior written approval of
the Group Head Risk Management. However, access to this manual shall not be restricted for such
 external parties who are entitled to such access in accordance with the provisions of any law for the time
being in force.

4. MAINTENANCE AND UPDATION

4.1 The basic responsibility for maintenance and updation of this manual resides with the Group Head Risk
Management. The review and updation of this manual shall be an ongoing process to ensure continuous
alignment of the framework with the Bank-wide strategy and the internal and external dynamics in which
the Bank operates. Such factors may include the developments, changes and trends in risk management
whether required by local regulations, particularly relating to implementation of Basel II or by other
generally accepted risk management practices within the banking industry.

4.2 The Risk Management Group shall formally initiate any modifications to this manual. Proposals for
amendments can also be made by the Board, Risk Management Committee, Management Committee,
Credit Risk Committee, ALCO, any other Committee of the Board, President/ Chief Executive Officer or
any other senior management officials including the Group/ Divisional Heads. However, such
propositions shall be evaluated by the Group Head Risk Management prior to initiating the updation
process. The Management Committee shall provide feedback on any proposed modifications in this
manual while the Risk Management Committee shall review them considering the opinion of the Group
Head Risk Management and the feedback of the Management Committee prior to approval by the Board.

4.3 The Risk Management Committee shall be authorised to allow approval of any proposed changes in this
manual and its implementation only in cases where the changes do not require any material amendments
to the Bank-wide strategy and are required to be affected promptly. However, any such changes shall be
subject to subsequent ratification by the Board.

4.4 As a policy, this manual, in its entirety, shall be reviewed on a periodic basis and atleast annually and
updated, if required.
1. RISK

1.1 Risk is defined as an influence on the achievement of a business objective. It may also be referred to as a
possibility that the outcome of an action or event could bring adverse impacts resulting in direct losses of
earnings/capital or imposition of constraints on the Bank’s ability to meet its business objectives. Risks
may therefore hinder the Bank’s ability to continue its ongoing business as planned or to take benefit of
opportunities to enhance stakeholder value.

2. DEFINITIONS OF RISK CATEGORIES

2.1 The Bank is exposed to various types of risks particularly including credit, market,
liquidity, operational, regulatory and reputation risks. Following are the definitions of
such risk categories:

2.2 Credit risk

It is the risk that a customer or counterparty may not settle an obligation for full value,
either when due or at any time thereafter. This risk arises from the potential that a
customer or counterparty is either unwilling to perform an obligation or its ability to
perform such an obligation is impaired resulting in an economic loss to the Bank.

Credit risk also gives rise to opportunity costs, transaction costs and expenses
associated with a non-performing asset over and above the accounting loss. FDIBL
needs to manage credit risks inherent in its financing and investment portfolios
relating to default, downgrading and concentration. Credit risk includes the risk
arising in the settlement and clearing transaction.

The following premises relate to the sound processes of credit risk management in
FDIBL.
o The role of FDIBL can embrace those of financiers, suppliers, Mudarib and
Musharakah partners. FDIBL concern itself with the risk of a counter party’s
failure to meet their obligations in terms of receiving deferred payment and
making or taking delivery of an asset. A failure could relate to a delay or
default in payment, or in delivery of the subject matter of Salam or Parallel
Istisna entailing a potential loss of income and even capital for FDIBL.
o Due to the unique characteristics of each financing instrument, such as the
non-binding nature of some contracts, the commencement stage involving
credit risk varies. Therefore, credit risk shall be assessed separately for each
 financing instrument to facilitate appropriate internal controls and risk
management systems.
o FDIBL will consider other types of risks that give rise to credit risk. For
example, during the contract life, the risk inherent in a Murabahah contract is
transformed from market risk to credit risk. In another example, the invested
capital in a Mudarabah or Mushrakah contract will be transformed to debt in
case of proven negligence or misconduct of the Mudaribor the Musharakah’s
managing partner.
o In case of default, some jurisdictions may prohibit FDIBL from imposing any
penalty except in the case of deliberate procrastination, thus increasing the
probability of default. In most jurisdictions, FDIBL is prohibited from using
the amount of any penalty for its own benefit; it must donate any such amount
to charity. This may increase the cost of default.

The following are the important sub-categories of credit risk:

2.2.1 Counterparty risk

Counterparty risk is simply defined as the risk that a Bank’s counterparty will fail to
perform during the life of the transaction. The failure in most instances will be due to
financial deterioration or collapse, although failure may also be due to wilful default.

2.2.2 Credit concentration risk

It is the risk that inadequate diversification of the Bank’s credit portfolio in terms of
industries, regions, or number of counterparties may result in significant losses e.g. in
case of an industry crisis.

2.2.3 Principal / profit risk

It is the risk that the Bank will fail to recover principal and/or profit on the due date for payment.
2.2.4 Collateral risk

It is the risk that the Bank may be exposed to loss on collateralised credit facilities if it fails to perfect its
security interest or otherwise to control the collateral. Irrespective of the Bank’s effective control over the
collateral, it may decline in value exposing the Bank to loss.

2.2.5 Issuer / position / specific risk

It is the risk arising from holding the counterparty’s financing securities e.g. financial difficulties of an
issuer (or market movements) may cause a temporary or permanent impairment in the value of the
Bank’s position in the issuer’s securities.

2.3 Currency risk / foreign exchange risk

Currency risk/ foreign exchange risk is the current or prospective risk to earnings and
capital arising from adverse movements in currency exchange rates. It refers to the
impact of adverse movements in currency exchange rates on the value of open foreign
currency positions.

2.4 Market risk

Marker risk is defined as the risk of losses in on-and off-balance sheet positions
arising from movements in market prices i.e. fluctuations in values in tradable,
marketable, or leaseable assets (including Sukuk) and in off-balance sheet individual
portfolios (for example restricted investment accounts). The risks relate to the current
and future volatility of market values of specific assets (for example, the commodity
price of Salam asset, the market value of a Sukuk, the market value of Murabahah
assets purchased to be delivered over a specific period) and of foreign exchange rates.

In operating Ijarah, a lessor is exposed to market risk on the residual value of the
leased assets at the term of the lease or if the lessee terminates the lease earlier (by
defaulting), during the contract. FDIBL may expose to market risk on the carrying
value of the leased asset (as collateral) in the event that the lessee defaults on the
lease obligations.

In Salam, FDIBL is exposed to commodity price fluctuations on a long position after

entering into a contract and while holding the subject matter until it is disposed of.
In the case of parallel Salam, there is also the risk that a failure of delivery of the
subject matter would leave the FDIBL exposed to commodity price risk as a result of
 the need to purchase a similar asset in the spot market in order to honour the parallel
Salam contract.

When FDIBL are involved in buying assets that are not actively traded with the
intention of selling them, it is important to analyse and assess the factors attributable
to changes in liquidity of the markets in which the assets are traded and which give
rise to greater market risk. Assets traded in illiquid markets may not be realisable at
prices quoted in other more active markets.

FDIBL may also be exposed to foreign exchange fluctuations arising from general FX
spot rate changes in both cross-border transactions and the resultant forign currency
receivables and payables. These exposures may be hedged using Shariah compliant
methods.

The market risk is further divided into various sub-categories, which are defined as
follows:

2.4.1 Rate of Return risk

FDIBL are exposed to rate of return risk in the context of its overall balance sheet
exposures. An increase in benchmark rates may result in IAHs’ having expectations
of a higher rate of return. Rate of return risk differs from interest rate risk in that
FDIBL are concerned with the result of its investment activities at the end of the
investment-holding period. Such results cannot be pre-determined exactly.

A consequence of rate of return risk may be displaces commercial risk. FDIBL may
be under market pressure to pay a return that exceeds the rate that has been earned
on assets financed by IAH when the return on assets is under-performing as
compared with competitors’ rates. FDIBL may decide to waive its rights to part or its
entire Mudarib share of profits in order to satisfy and retain its fund providers and
dissuade them from withdrawing its funds. Displaced commercial risk derives from
competitive pressures on FDIBL to waive its rights to part or all of its Mudarib
investors (fund providers).

2.4.2 Price risk

 It is the risk of loss arising from adverse changes in market prices, foreign exchange
rates, and equity and commodity prices and from movements in market prices of
investments.

2.4.3 Market liquidity risk

It is the risk that a particular position cannot, or cannot easily, be unwound or offset at
or near the previous market price because of inadequate market depth or because of
disruptions in the market and may result in loss to the Bank.

2.5 Liquidity risk

It is the risk of loss arising from changes in the Bank’s ability to sell or dispose of an
asset. It may also be termed as a potential for loss to the Bank arising from either its
inability to meet obligations or to fund increases in assets as they fall due without
incurring unacceptable cost or losses.

There are two major types of funds providers: (a) current accounts holders; and (b)
unrestricted IAH. These account holders require a degree of liquidity to be
maintained by the FDIBL to meet its requirements for withdrawals. Subject to
contractual conditions, restricted IAH (while not fund providers) may also give rise
to liquidity management considerations, in so far as FDIBL may need to replace
funds withdrawn by an investor pending realisation of the related assets.

As Current Account Holders do not participate in the profits of the FDIBL’s business
activities, a sound repayment capacity is required to meet fully cash withdrawal
requests as and when they arise.

FDIBL may rely heavily on funds provided by current account holders. Repayment
by the FDIBL of the principal amounts deposited by current account holders is
guaranteed without any rights to share in profits, as the current account holders do
not share in the risks of the FDIBL.

Unrestricted IAH are investors who participate in the uncertainties of FDIBLs’

business; therefore, they share in profits and bear losses arising from investment
made on its behalf, to the extent of its share. Apart from general withdrawal needs,
 the withdrawals made by IAH may be the result of (a) lower than expected or
acceptable rates of return; (b) concerns about the financial conditions of the FDIBL;
and (c) non-compliance by the FDIBL with Shariah rules and principles in various
contracts and activities.

2.6 Operational risk

FDIBL shall consider the full range of material operational risks affecting its
operations, including the risk of loss resulting from inadequate or failed internal
processes, people and systems or from external events. FDIBL shall also incorporate
possible causes of loss resulting from Shariah non-compliance and the failure in its
fiduciary responsibilities.

FDIBL is exposed to risks relating to Shariah non-compliance and risks associated

with the FDIBL’ fiduciary responsibilities towards different fund providers. These
Risks expose FDIBL to fund providers’ withdrawals’, loss of income or voiding of
contracts leading to a diminished reputation or the limitation of business
opportunity.

Shariah non-compliance risk is the risk that arises from FDIBL’s failure to comply
with the Shariah rules and principles determined by the Shariah Board of FDIBL.

Shariah Compliance is critical to FDIBLs’ operations and such compliance

requirements must permeate throughout the organisation and its products and
activities. As a majority of the fund providers use Shariah compliant banking
services as a matter of principle, its perception regarding FDIBLs’ compliance with
Shariah rules and principles is of great importance to its sustainability. In this
regard, Shariah compliance is considered as falling within a higher priority category
in relation to other identified risks. If FDIBLs’ does not comply with Shariah rules
and principles, its transactions must be cancelled and income generated from them
shall be considered as illegitimate.

Fiduciary risk is the risk that arises from FDIBLs’ failure to perform in accordance
with explicit and implicit standards applicable to its fiduciary responsibilities. As a
result of losses in investments, FDIBL may become insolvent and therefore unable to
(a) meet the demands of current account holders for repayment of its funds; and (b)
 safeguard the interests of its IAH. FDIBL may fail to act with due care when
managing investments resulting in the risk of possible forgone profits to IAH.

2.6.1 Operational failure risk or internal operational risk

It arises from the potential for failure in the course of operating the business. The Bank
uses people, processes and technology to achieve business plans and any one of these
factors may experience a failure of some kind.

2.6.2 Operational strategic risk or external operational risk

It arises from environmental factors such as a new competitor which changes the
business paradigm, a major political and regulatory regime change and other factors,
which are outside the control of the Bank. The external factors include political,
taxation, regulatory, societal and competitive pressures etc.

2.7 Regulatory risk

It is the risk of loss arising from failure to comply with regulatory or legal requirements
or a sudden change in the relevant jurisdiction in which the Bank operates.

2.8 Reputation risk

Reputation risk is the current and prospective impact on earnings and capital arising
from negative public opinion. This affects the Bank’s ability to establish new
relationships or services or continue servicing existing relationships. This risk may
expose the Bank to litigation, financial loss, or a decline in its customer base.
Reputation risk exposure is present throughout the Bank and includes the responsibility
to exercise an abundance of caution in dealing with its customers and the community.
Negative publicity about the FDIBL’s business practices, particularly relating to
Shariah non-compliance in its products and services, could have an impact upon its
market position, profitability and liquidity.

2.9 Country risk

 Country risk broadly refers to the possibility that economic and political conditions, or
an event in a foreign country, could adversely impact the Bank’s exposure in that
country.

2.10 Equity Investment Risk

Equity Investment Risk may be broadly defined as the risk arising from entering into
a partnership for the purpose of undertaking or participating in a particular
financing or general business activity as described in the contract, and in which the
provider of finance shares in the business risk.

The characteristics of such equity investments include considerations as to the

quality of the partner, underlying business activities and ongoing operational
matters. By nature, this type of equity investment is exposed to a confluence of risk
associated with Mudarib or Musharakah partner, business activity and operations.

In evaluating the risk of an investment using the profit sharing instruments of

Mudarabah or Musharakah, the risk profiles of potential partners (Mudarib or
Musharkah partner) are crucial considerations for the undertaking of due diligence.
Such due diligence is essential to the fulfillment of FDIBLs’ fiduciary
responsibilities as an investor of IAH funds on a profit-sharing and loss-bearing
basis (Mudarabah) or a profit and loss sharing basis (Musharakah). These risk
profiles include the past record of the management team and quality of the business
plan of, and human resources involved in, the proposed Mudarabah or Musharakah
activity.

Factors relating to the legal and regulatory environment affect equity investment
performance, and need to be considered in the risk evaluation. These factors include
policies pertaining to tariffs, quotas, taxation or subsidies and any sudden policy
changes affecting the quality and viability of an investment.

FDIBL is exposed to the risks attaching to a lack of reliable information on which to

base its investment appraisals, such as an inadequate financial control system. The
mitigation of these risks may require the investor to take an active role in monitoring
the investment, or the use of specific risk mitigating structures.
 Although timely allocation of profit can be agreed upfront, FDIBL should be
prepared for delays and variations in cash flow patterns and possible difficulties in
executing a successful exit strategy.

The risks arising from the use of profit sharing instruments for financing purposes
do not include credit risk in the conventional sense, but share a crucial characteristic
of credit risk because of the risk of capital impairment.

3. RISK MANAGEMENT PROCESS

3.1 Risk management is a structured and disciplined process which is materialised through the effective and
efficient implementation of risk management policies that align strategy, processes, people, technology
and knowledge for evaluating and managing the uncertainties that an organisation faces as it creates
value.
3.2 Objectives of risk management

Risk management involves setting the best course of action under uncertainty by identifying, assessing,
understanding, acting on and communicating risk issues. The following are the objectives of risk
management:

ƒ Individuals who take or manage risks clearly understand them in order to protect
the Bank from avoidable risks;
ƒ Bank’s risk exposure is maintained within the risk appetite of the stakeholders as
defined by the Board;
ƒ Risk-taking decisions are in line with the corporate goals, mission and the Bank-
wide strategy set by the Board and allow the Bank to undertake more productive
risk-taking activities or restrict high risk/ low return activities;
ƒ Business decisions optimise the risk-return trade-off;
ƒ Risk-taking decisions are explicit and clear;
ƒ Sufficient capital is always available as a buffer to absorb risk;
ƒ Risk management approach remains aligned with the regulatory requirements and
the framework; and
ƒ Shareholder value is enhanced.
3.3 Risk management process

The architecture of the risk management process is briefly explained as follows:

Visio
Polic

Identificatio

Monitorin Risk Management Prioritisati

Risks are monitored Risks are assessed for
continuously to ensure that validity and prioritisation.
they are logged, reviewed, Selected risks are assigned
owned and effectively a sponsor for mitigation
mitigated
Mitigation
Mitigation strategies are
developed for targeted
risks and executed based
on its prioritisation

Organisational
Reporting lines Communications
Structure

Human Resource Management Performance

Mechanism Education Evaluation

The following are the salient features of the risk management process necessary to ensure that the objectives
explained in paragraph above 3.2 above are met:

ƒ Determining strategic direction and the required level of capital

It ensures that the Bank maintains a formal strategy which regulates its business activities and defines
the required level of capital, as required by the Central Bank, sufficient to absorb business losses.
ƒ Prioritising business activities based on a risk-return tradeoff

It involves prioritisation of business activities and determination of the extent to which risk
exposures may be borne by the Bank. The prioritisation is reflected in the Bank’s business strategy
while the extent to which risk may be borne is measured by defining limits for maximum exposures
for each of the business activities.
ƒ Delineating risk management within each business activity

The process further delineates risk management within each business activity by defining:

- Additional risk limits for various types of portfolios within each activity; and
- Risk rating framework which reflects the Bank’s view of the risk profile of an exposure or a
portfolio.

ƒ Monitoring operations against predefined standards

Monitoring of operations is carried out through a review process which indicates:

- Status of compliance with predefined standards;

- Potential hindrances to achievement of strategic goals and objectives; and
- Possible opportunities for enhancement in stakeholder value even if these are not identified in
the business strategy.

ƒ Ensuring continuous alignment of strategy

In addition to a continuous monitoring of business activities, the risk management process requires
continuous alignment of the strategy so that it achieves its ultimate objective of optimising resources
while simultaneously maintaining the most desired risk-return portfolio.
1. BANK-WIDE RISK MANAGEMENT FRAMEWORK

1.1 The Board, its relevant committees and the senior management shall be responsible to formulate and
implement a comprehensive Bank-wide Risk Management Framework comprising of a Bank-wide
strategy, risk management structure and a policy framework setting out policies with respect to the risk
management process and the necessary infrastructure required to implement the framework.

1.2 The Risk management framework shall, at all times, comply with the local regulations, particularly
relating to implementation of Basel II or other generally accepted risk management practices within the
banking industry after taking into account the size and nature of the Bank’s operations. This framework
should be reviewed on a periodic basis and atleast annually.

1.3 Following are various components of the Risk Management Framework and its essential features:

Strategy

ƒ Objectives
ƒ Culture
ƒ Risk appetite /
tolerance
ƒ Capital allocation

Organisational
Structure
Infrastructure ƒ
ƒ Management
ƒ Methodology Committees
ƒ Technology / ƒ Reporting lines
Systems ƒ Roles and
responsibilities
ƒ Skills/ experience

Policies

ƒ Risk identification
ƒ Limit setting
ƒ Risk monitoring
ƒ Issue escalation
ƒ Management
Information Systems
1.4 It should be ensured that sufficient training and knowledge are imparted generally to the members of the
Board and particularly to the members of the Risk Management Committee so as to enable them to
understand the sphere of its responsibilities and the actions to be taken under various situations.

1.5 Risk management policies relating to each component of the framework have been mentioned in sections
VI to VIII of this manual while general policies relating to risk recognition and assessment have been set
out in the paragraphs 2.1 to 2.2 below.

2. RISK RECOGNITION AND ASSESSMENT

2.1 The concerned Group/ Divisions shall be responsible for risk recognition and assessment in its respective
areas of operation. As part of risk assessment process, they should ensure that not only the relevant risks
are identified but its implications are considered and bases provided for managing the risks. They should
also ensure that effective controls are in place to mitigate each of the identified risks considering its
impact and likelihood and such controls are reviewed on a regular basis to appropriately address any
new or previously uncontrolled risk.

2.2 The results of the risk recognition and assessment exercise, as mentioned above, shall be vetted by the
Risk Management Group and reviewed by the Risk Management Committee on a periodic basis and
atleast annually. They shall also meet atleast on a quarterly basis to discuss the key business risks
identified as a result of such exercise.
1. BANK-WIDE STRATEGY

1.1 The risk management strategies should be duly incorporated in the Bank-wide strategy to be developed
with the input of the concerned Group/Divisional Heads and senior management committees. This
strategy should be reviewed by the Management Committee and the Risk Management Committee and
approved by the Board.

1.2 The above-mentioned strategy shall be reviewed periodically (at least annually) in order to initiate any
changes required to ensure continuous alignment of the strategy with the internal and external dynamics
within which the Bank operates.

1.3 The Bank-wide strategy shall clearly spell out the business and risk management strategies for credit,
treasury, deposits, international trade, other significant operations of the Bank and the functions
supporting the banking activity and shall, as a minimum, include the following:

ƒ Strategic direction

The business strategy shall entail the Bank’s strategic roadmap towards its corporate
vision, which it aims to achieve by developing and implementing business plans for
all areas of its operations. The strategic direction shall also provide a manifestation
of the Bank’s corporate goals with respect to the following:

- Return on equity;
- Capital adequacy ratio; and
- Credit rating.

The strategic direction shall very clearly lay down the prioritised lines of businesses
as well as the restricted business activities giving due consideration to the following
factors in each type of activity carried out by the Bank:

- The level of risks and compensating returns; and

- The economic, social, political and the legislative environment.

In this respect, assistance shall primarily be sought from both the qualitative and
quantitative analysis on the Bank’s resources and capabilities and the risk-return
profile of each type of business activity planned by the Bank.
ƒ External and internal challenges to the Bank’s strategic direction

The Bank-wide strategy shall mention the external and internal challenges to the
strategic direction of the Bank and the actions planned to counter such challenges.
These challenges may include:

- Potential or existing economic downturn;

- Competition from other financial institutions;
- Funding constraints; and
- Capacity development constraints etc.

ƒ Bank-wide risk appetite / acceptable levels of risk

The business strategy shall also provide the Bank-wide risk appetite in the form of
capital required to assume the risks in accordance with the strategic direction of the
Bank. It shall be based on the following significant factors:

- Capital requirements according to the required capital adequacy ratio as set out
in the strategic direction of the Bank (in no case being less than the minimum
capital adequacy ratio prescribed by the Central Bank) to maintain a capital
cushion for safeguard against unexpected losses;
- Expected return on equity envisaged under the strategic direction;
- Dividend payout policy of the Bank;
- The capacity for and significant constraints in raising capital; and
- Capability and adequacy of resources and infrastructure to manage the level of
risk appetite/ acceptable levels of risk and the capacity for internal growth.

The Bank-wide risk appetite i.e the capital available with the Bank shall be
adequately assigned for the following and should, at the minimum, comply with the
minimum capital requirements prescribed by the Central Bank from time to time:

- Credit risk,
- Market risk; and
- Operational risk.
 In making such capital assignment, the Board should also ensure that the allocation
represents the most optimum utilization of capital and is made considering the
following aspects:

ƒ Bank-wide strategy;
ƒ Bank-wide risk appetite;
ƒ Earnings target;
ƒ Extent of risk in various operations;
ƒ Ability and adequacy of resources and infrastructure to manage the level of risk
appetite; and
ƒ Requirements of applicable regulations.

ƒ Risk management approach

The Bank-wide strategy shall lay down the risk management approach adopted to
manage the risks and shall also indicate the set of capabilities required for
implementing the approach and the major tasks involved in developing these
capabilities.

2. REVIEW OF BUSINESS PLANS BY THE RISK MANAGEMENT GROUP

2.1 The Risk Management Group shall form an aggregated view on the implementation of risk management
components of the Bank-wide strategy by ensuring that the results of business plans, risk exposures and
target returns as reflected in the budgets:

- Are in accordance with such components of the Bank-wide strategy; and

- Adequately address all the existing and potential risks.

2.2 Any modifications suggested by the Risk Management Group in the business plans and the budgets shall
be reviewed by the authorities proposing such plans and budgets and the revised plans and budgets,
together with the comments/ feedback of the Risk Management Group, shall then be submitted to the
competent authorities for review and approval.
1. RISK MANAGEMENT STRUCTURE

1.1 The Bank’s risk management approach shall at all times be underpinned by an appropriate risk
management structure. This structure shall be represented by three lines of defence in order to ensure
that the risks are managed effectively on an entity level:

Risk Management Structure- Three lines of Defence

Board of Directors
First line of Second line of Third line of
defence defence defence
Risk
Business Management Audit
Units Committee
Committee
t of the Board
R
e Management
Committee Audit & Risk
Assets
ALCO
Review
1. Risk Management Group Division
2. Compliance Division

1. Transaction/ Portfolio based Risk Review for

review
2. Review of deviation of
activities from standards
1. Strategic risk management
independent
2. Risk policy setting
assurance
3. Risk oversight
1.2 The following is the organisational chart of the Bank with respect to the risk management structure
describing the relationships and reporting responsibilities:

Risk Management Structure

Board of Directors

Audit
Committee of Risk Management
the Board Committee

Management
President/ ALCO
Committee
Chief Executive
Officer

Compliance Group/
Division Risk Management Divisional Heads
Group
Audit & Risk
Assets
Review
Middle
Division
Office

1.3 Risk management functions of the Board

i
The Board is ultimately responsible for any financial loss or reductions in shareholder value suffered by
the Bank. Therefore, it is the duty of the Board to recognise all the risks to which the Bank is exposed and
to ensure that the required culture, practices and systems are in place to address such risks.

The Board shall mainly be responsible for the following risk management activities:

ƒ Formulation and maintenance of a Bank-wide Risk Management Framework;

ƒ Establishing a Bank-wide strategy incorporating the risk management strategy;
ƒ Defining the overall risk appetite of the Bank and maintaining adequate capital for
carrying out business activities under various business lines and products;
ƒ Defining the risk management policies;
 ƒ Ensuring implementation of the risk management framework and maintaining
adequate and capable infrastructure to support the framework;
ƒ Reviewing exceptions reported by the Risk Management Committee involving
deviations of activities and operations from established standards that are
significant on a Bank-wide level; and
ƒ Reviewing regularly any significant risk issues to determine its impact on the Bank’s
strategy and ensuring alignment of the strategy to address the existing or potential
risks.

1.4 Risk Management Committee

1.4.1 Constitution

The Risk Management Committee shall be a Board level Committee with atleast two members from the
Board together with the President/ Chief Executive Officer, Group Head Financial Control and Group
Head Risk Management as members while the Secretary to the Board will also act as the Secretary to this
Committee. The concerned Group/ Divisional Heads will participate in this Committee as and when
matters pertaining to its areas are included in the agenda of the meeting.

1.4.2 Meetings

The Committee shall meet atleast on a quarterly basis while urgent approvals can be sought via
circulation. The quorum of the meeting will be four (4) members including any two directors and two
Group Heads or President/ Chief Executive Officer.

1.4.3 Key functions

The Risk Management Committee shall ensure a continuous formal oversight of the risks embedded in
the Bank’s operations and shall assist the Board in determining the strategic direction of the Bank by
providing them the risk perspective. The Committee shall mainly be responsible for the following
activities:

ƒ Reviewing the Bank-wide strategy and ensuring that it is prepared in accordance

with the policies contained in this manual;
ƒ Ensuring that a proper system is installed which provides all the required
information pertaining to efficient and timely identification, control and reporting of
risk including development of an effective MIS for risk management;
ƒ Ensuring that the resources allocated for risk management are adequate given the
size, nature and volume of the business;
 ƒ Monitoring of Bank’s progress towards Basel II and approving any capital
expenditure relating to implementation of risk management systems including
expenditure required as a result of the Bank’s drive towards Basel II certification;
ƒ Reviewing and monitoring the Bank’s overall risk appetite and the associated risk
limits and its adequacy for carrying out business activities under various business
units and products;
ƒ Ratifying tolerable deviations to the risk limits and the risk management policies as
authorised by the Credit Risk Committee after considering the comments of the Risk
Management Group;
ƒ Recommending risk management policies for approval by the Board and reviewing
proposed modifications therein;
ƒ Reviewing various Risk Management Information System Reports prepared by the
Risk Management Group. The Committee shall also consider the comments of the
relevant senior management official/ committee while reviewing such exception/
MIS reports;
ƒ Reviewing the key risk exposures to the Bank and communicating the
planned/executed corrective actions to the Board;
ƒ Formulating an overall view of the adequacy of the Bank’s capital and its optimum
allocation to various business activities with a risk weighted perspective; and
ƒ Reviewing robustness of financial models and the effectiveness of all systems, if any,
used to quantify risks.

1.4.4 General

The Committee may also constitute different sub-committees to facilitate in the areas of credit and
operational risk respectively.

1.5 Functions of the Risk Management Group

1.5.1 For an effective implementation of the risk management framework, the senior management shall ensure
that a dedicated Risk Management Group operates within the Bank. This Group shall be responsible to
perform the risk strategy and oversight functions, as set out in this manual, or to be assigned from time to
time for ensuring compliance with the local regulations particularly relating to implementation of Basel II
or other generally accepted risk management practices within the banking industry.

1.5.2 The Risk Management Group shall play a pivotal role in monitoring the risks associated with all the
activities of the Bank. The Group shall be headed by a designated Group Head reporting administratively
to the President/Chief Executive Officer and functionally to the Risk Management Committee and shall
 be involved in strategic planning and monitoring of risk taking actions of the senior management. The
role of the risk manager shall be both as a strategic partner to the business units advising them on risk
issues and on the best ways to identify and manage these issues as well as a risk controller setting
parameters for risk activities and reviewing compliance with these parameters in order to ensure that the
Bank does not incur any undue risk without adequate return.
1.5.3 The Risk Management Group shall designate separate personnel to cater to the following significant areas
and each of them shall report to the Group Head Risk Management:

ƒ Risk Management Policy

ƒ Credit risk management
ƒ Market risk management
ƒ Operational risk management
ƒ Country risk management
ƒ Equity Investment Risk Management

1.5.4 The Risk Management Group shall be generally responsible for the following major risk management
activities:

ƒ Acting as the principal coordinator in Basel II implementation as required by the

Central Bank and facilitating in the performance of following key Basel II activities:

• Diagnostic Project covering data, system and process gap analyses and
preparation of Gap Analysis Report for both Standardized and Foundation IRB
Approaches
• Development of Project implementation plan
• Selection, purchase, development and/ or validation (where applicable) of the
following:
– Risk rating templates
– PDs assigned to each score in the template
– IT models for scoring and PD calculation
– Risk management and other softwares (including collateral management and data
warehouse)
• Identification of data requirements pertaining to:
– Borrower and exposure: Identification of Basel asset classes and aggregation of exposure
in each class;
– Default drivers (both financial and management quality) and other parameters required
for designing rating templates;
– Collateral: Identification of eligible collaterals and aggregation of exposure secured by
such collaterals – to be used for mitigation under standardized approach (and LGD for
advanced approach)
 – Defaults: Determining PD to be assigned to each score in the template
– Key risk incidents and loss incidents etc.
– Disclosure provisions under Basel II
• Data collection and management to ascertain its availability and integrity
• Review of available data either manual or system generated (including those reported in financial
statements, CENTRAL BANK returns and MIS reports)
• Meetings with IT/ business units to:
– review data fields used in the IT systems for identifying additional data available but not
reported
– understand features available but not currently in use to identify potential data sources
– identify, where possible, tentative timeline for commencement of such use
• Mapping of available data with Basel II requirements to identify gaps
• Capital calculation/ impact analysis

ƒ Developing an Internal Risk Rating Framework in accordance with the requirements

of Basel II and the Risk Management Guidelines issued by the Central Bank and
monitoring use of such framework by the business units
ƒ Identifying and recommending risk analysis tools and techniques as required under
Basel II and the Risk Management Guidelines issued by the Central Bank
ƒ Proposing an effective MIS for efficient and timely identification, control and
reporting of credit, market, liquidity equity investment and operational risks;
ƒ Reviewing the risk limits and its adequacy for carrying out business activities under
various business units and products;
ƒ Providing feedback on the tolerable deviations to the risk limits and the risk
management policies as authorised by the Credit Risk Committee/ALCO;
ƒ Recommending risk management policies in accordance with the Risk Management
Guidelines issued by the Central Bank for review by the Risk Management
Committee;
ƒ Reviewing operational policies/ manuals and product policy manuals and ensuring
that such policies/ manuals are in accordance with the risk management policies
and appropriately address all the key risks embedded in the related processes/
products;
ƒ Generating various Risk Management Information System Reports for review by the
Credit Risk Committee and the Risk Management Committee; and
ƒ Reviewing the key risk exposures to the Bank and communicating the
planned/executed corrective actions to the Risk Management Committee.
1.5.5 The detailed functions of the Risk Management Group, particularly in relation to credit and treasury
operations and generally pertaining to the operational risk in the Bank have been set out in the following
sections of this manual.
1. INTRODUCTION

1.1 Credit operations are advances/ financing exposed to various risks most notably credit risk, interest rate
risk and operational risk. For the Bank, financing/ advances are the largest and most obvious source of
credit risk; however, credit risk could stem from activities both on and off balance sheet. Besides, credit
risk does not occur in isolation. For instance, the same source that results in credit risk for the Bank may
also expose it to the market risk. Similarly, a bad portfolio may result in liquidity problem.

1.2 For the purposes of this section, credit operations shall include all types of funded and non-funded
facilities provided to the Bank’s customers.

1.3 The objective of this section is to set out general policies for management of risks in credit operations so
that any risk issues are effectively addressed by the Bank. Some of the operational risks in credit are
general and are not directly linked to the credit activities. Such risks shall be managed in accordance with
the general policies for operational risk management given in section VIII: ’General Policies for
Operational Risk Management’.

2 CREDIT STRATEGY

2.1 The credit strategy shall spell out the Bank’s strategic plan to grant credit and shall be a part of the
Bank-wide strategy.

2.2 Components of the credit strategy

Following are the essential components of this strategy:

ƒ Bank’s strategic plan to grant credit based on various products, economic sectors/client segments,
geographical locations, currencies and maturities etc;
ƒ Target markets within each financing segment giving due consideration to:
- Risks specific to and critical success factors in each target market;
- Preferred level of diversification/concentration in each target market; and
- Specific short-term and long-term business opportunities in each target market.
ƒ Risk optimisation strategy:
- Higher yields and higher capital cover to mitigate higher risks; and
- Minimum risk acceptance criteria and exclusion markets within each lending
segment considering the Bank-wide strategy.
ƒ Pricing strategy;
ƒ Collateralisation strategy;
ƒ Joint financing strategy;
ƒ Effect of credit strategy on the credit, market, liquidity, and operational risks;
ƒ Business constraints relating to implementation of credit strategy; and
 ƒ Infrastructure required for implementing the credit strategy.

2.3 Essential features of the credit strategy

The credit strategy shall be aligned with the Bank-wide strategy and must ensure the
following:

ƒ Cyclic aspect of economy are taken into account together with the resulting shifts in composition and
quality of credit portfolio;
ƒ Credit quality is not compromised against business development without rationale; and
ƒ Process and management are geared towards avoiding losses but at the same time efficiency is
maintained both in terms of response time and market needs and most importantly adequate return
is earned on the assets employed.

3. CREDIT RISK COMMITTEE

3.1 To facilitate the Risk Management Committee in matters relating to credit risk, a sub-
committee named as Credit Risk Committee shall be constituted. The Credit Risk
Committee shall comprise of Group Head Risk Management and Group Heads
involved in Credit Operations. The Credit Risk Committee shall meet atleast on a
quarterly basis and shall be responsible for the following:

ƒ Monitoring, in consultation with the Risk Management Committee, the implementation of credit risk
policy/strategy as approved by the Board and ensuring that the credit risk levels remain within the
scope established by Board;
ƒ Reviewing the standards for presentation of credit proposals, rating standards and benchmarks
atleast on an annual basis;
ƒ Reviewing credit approving powers, standards for advances/ financing collaterals, portfolio
management, risk concentration, risk monitoring, credit quality evaluation, pricing of advances,
provisioning and regulatory/ legal compliance etc.;
ƒ Recommending to the Risk Management Committee, credit policy together with exposure limits and
methodologies for early warning system so as to prevent credit deterioration;
ƒ Ensuring that a proper system is installed which provides all the required information pertaining to
efficient and timely identification, control and reporting of credit risk including development of an
effective MIS for credit risk management;
ƒ Assessing the position of Bank’s risk weighted assets for credit in line with the application of the
standardized approach for computation of capital requirement in the Bank;
ƒ Reviewing plans for applications of IRB approach for credit risk prepared by the Risk Management
Group for onward submission to the Risk Management Committee;
 ƒ Reviewing and monitoring the Bank’s credit risk appetite and the associated risk
limits and its adequacy for carrying out business activities under various business
units and products;
ƒ Authorising tolerable deviations to the risk limits and the risk management policies
after considering the comments of the Risk Management Group;
ƒ Recommending credit risk management policies for review by the Risk Management
Committee and reviewing proposed modifications therein;
ƒ Reviewing various Risk Management Information System Reports prepared by the
Risk Management Group; and
ƒ Evaluating the credit risk involved in launching of new products.

4. RISK APPETITE FOR CREDIT OPERATIONS

4.1 In order to limit the risk which may arise out of the Bank’s credit portfolio, a risk appetite in the form of
minimum capital requirement shall be assigned to credit operations. It must be ensured that the
aggregate amount of sanctioned facilities does not exceed this appetite at any time.

5. RISK LIMITS

5.1 Risk limits shall be expressed as the maximum aggregate amount of exposure which the Bank can
assume in various client-segments and products, economic sectors, maturity, country, any single party or
a group etc. These limits shall represent the aggregate amount of finance which can be sanctioned in each
of the above categories.

5.1.1 The Credit Risk Committee shall, in consultation with the business units and after considering the
applicable regulations, propose risk limits or initiate any changes therein based on a periodic (at least
annual) review of these limits or at the proposal of any senior management official or committee. The
Risk Management Committee shall review and the Board shall approve these limits or any changes
therein. Following types of risk limits shall be established within the Bank:

ƒ Client segments and product wise limits;

ƒ Economic sector wise limits;
ƒ Maturity wise risk limits;
ƒ Country wise risk limits;
ƒ Single party and group exposure limits.

5.1.2 The above-mentioned limits shall be assigned considering the applicable regulations particularly the
instructions and regulations issued by Central Bank from time to time. The minimum margin
requirements shall also be determined by the Board from time to time and these shall be within the
permissible parameters set out by the Central Bank.
5.2 Transactions resulting in excess over limit and/or deviation from risk management policies

The Credit Risk Committee shall approve any transaction resulting in excess over limit
and/or deviation from the risk management policies after considering the justification
provided by the concerned Group and the comments of the Risk Management Group.
Risk Management Committee shall subsequently ratify transactions where justifications
are found plausible while others shall be forwarded to the Board to decide the
appropriate course of action.

The Credit Risk Committee shall, on the recommendation of the Risk Management
Group, determine a threshold for reporting of limit excesses or deviations from risk
management policies while the Risk Management Committee shall review and the
Board shall approve this threshold. All limit excesses beyond the approved threshold
shall be communicated to the Board for subsequent ratification.

5.3 Pre-fact validation of credit proposals by the Credit Risk Committee

Credit proposals over a defined threshold shall be validated by the Credit Risk Committee prior to the
sanctioning of the credit by the appropriate authorities to ensure that exposures are not taken without
rationale.

5.4 General requirements

While validating the proposed limits, the Risk Management Group, in consultation with
the respective Groups, shall ensure the following:

ƒ Limits are generally binding and are not driven by customer demands;
ƒ Stress testing is performed and its results are considered in the overall limit setting
process;
ƒ Results of stress testing take into account the economic cycles, rate of return and
other market movements and liquidity conditions; and
ƒ Limits also recognise and reflect the risk associated with the near-term liquidation of
positions in the event of customer defaults and are calculated over multiple time
horizons to factor any unsecured exposure in a liquidation scenario.

6. INTERNAL RISK RATING FRAMEWORK

6.1 The term “rating system” comprises all of the methods, processes, controls, and data
collection and IT systems that support the assessment of credit risk, the assignment of
internal risk ratings, and the quantification of default and loss estimates.

6.2 Internal Risk Rating Framework represents a scientific approach to assigning risk
ratings to the exposure based on an assessment of the customer’s credit worthiness and
the terms of the transaction, as the case may be, through the use of standard risk rating
templates/score cards. This Framework shall, at all times, comply with the applicable
regulations particularly relating to implementation of Basel II or other generally
accepted risk management practices within the banking industry.

6.3 Design

The Risk Management Group shall, in coordination with the respective Groups, design
or initiate any change in the framework based on a regular (at least annual) review
while the Credit Risk Committee shall review and the Risk Management Committee
shall approve the framework or any changes therein.

6.4 Essential features

The framework designed by the Risk Management Group shall, as a minimum:

ƒ commensurate with the size, nature and complexity of the business;

ƒ well structured for differentiating degrees of credit risk in different credit exposures;
ƒ adhere to the principle that the rating and risk estimation systems and processes
provide for a meaningful assessment of obligor and transaction characteristics; a
meaningful differentiation of risk; and reasonably accurate and consistent
quantitative estimates of risk. Further, the systems and processes must be consistent
with the internal use of such estimates;
ƒ possesses flexibility to accommodate:
- present and future risk profile of the Bank; and
- anticipated level of diversification and sophistication in financing activities.

6.5 Risk rating templates/ score cards

 Standard risk rating templates or score cards shall be used as part of the framework to
assign risk ratings to the customers. The score cards shall encompass all categories of
borrowers i.e. Corporate, Commercial, Retail etc. and designed to address all significant
risk factors relating to the customer or the individual transaction/facility, as the case
may be.

6.6 Standard risk gradations

Risk gradations represent abbreviation of the overall risk profile of the potential
exposure based on analysis of the risk factors.

While designing the risk rating templates/score cards, the Risk Management Group
shall assign, based on his judgment and in consultation with the concerned Groups,
relevant weights to each of the risk factors included in the risk rating template/score
card and shall aggregate these weights to determine various ranges to be used for rating
of customers. The Group shall then define standard risk gradations applicable to each of
these ranges for application on an exposure or facility.

7. MONITORING OF RISK IN CREDIT OPERATIONS

7.1 For effective monitoring of risks in credit operations, reviews shall be carried out atleast on an annual
basis, however, more frequent reviews should be conducted for new accounts where the Bank may not be
familiar with the obligor, and for classified or adverse rated accounts that have higher probability of
default. Reviews shall be carried out by the following:

ƒ Credit Management Division– Day to day/transaction based reviews;

ƒ Risk Management Group and Credit Risk Committee– Portfolio/exception based
reviews.

7.2 Credit Management Division

The Credit Management Division shall be a back office function to support and control
extension and maintenance of credit and shall be independent of the credit origination
function. This Division shall monitor the credit quality on a day-to-day basis and assess
compliance with the risk limits and prescribed operational policies and procedures on a
transaction level.
ƒ Routine review of credit transactions and exposures

The following aspects shall be covered during the routine review of the credit
transactions and exposures:

- Different financing/ advances as per facility terms;

- Collateral coverage relative to the customer’s current condition;
- Compliance of regulatory and internal limits;
- Compliance of financing/ advances covenants; and
- Financing/ advances classifications.

ƒ Periodic credit monitoring updates and progress reports by relationship officers

Periodic (at least monthly) credit monitoring updates and progress reports by personnel
maintaining client relationships shall be submitted to the Divisional Head Credit
Management for review and corrective actions. These reports shall be subsequently
reviewed by the Group Head Risk Management.

ƒ Watch List

Watch List is a summary of significant exposures with contractual payment

delinquencies and/or other early warning indicators. The Divisional Head Credit
Management shall prepare this report on a periodic basis (at least quarterly) and
implement corrective actions. He shall classify exposures with deteriorating quality as
problem credit and recommend these to be managed by a designated remedial function.
 ƒ Risk rating downgrades

The Credit Management Division shall regularly (at least quarterly) review risk ratings
of exposures on Watch List. It shall propose and the concerned Group Head shall
validate downgrades resulting in financing/ advances classifications in the ratings
previously approved by the credit sanctioning officials.

Changes in credit risk ratings of exposures may occur due to the following factors:

- Changes in ownership / control / legal structure;

- Material deterioration in the customer’s financial and trading performance;
- Diversification of activities;
- Declining profitability;
- Breach of the Bank’s terms and conditions;
- Security shortfalls;
- Delay in payment of mark-up / principal; and
- Incomplete security documentation.

7.3 Risk Management Group

The Risk Management Group shall act as a risk oversight body and shall regularly (at
least quarterly) analyse the quality of the overall credit portfolio. This Group shall
primarily assess compliance with the risk limits and risk management policies on a
portfolio level but shall also identify/review the significant exceptions on a transaction
level.

ƒ Transaction level review

Review in respect of single party and group exposure shall be carried out on a
reasonable sample of population. The Risk Management Group shall identify any
exception, recommend including customers on the Watch List or downgrading them in
terms of the customers’ risk rating and suggest any additional provision for the loss of
financing/ advances.

ƒ Portfolio based review

 The Risk Management Group shall review the credit exposure by various categories for
which risk limits have been assigned on a portfolio basis and shall ensure compliance
with the assigned limits. In addition, the function shall also carry out a review of the
overall exposure by risk ratings.

ƒ Exception based review

The Risk Management Group shall periodically (at least quarterly) receive copies of the
Watch List together with a summary of rating downgrades and the status of problem
credits and shall evaluate the reasonableness of measures taken to address or mitigate
the related risks.

Notwithstanding the need for a separate or independent oversight, the front office or
credit origination personnel shall be cognizant of the credit risk and shall maintain high
level of credit discipline and standards in pursuit of business opportunities.

7.4 Credit Risk Committee

The Credit Risk Committee shall regularly (at least quarterly) review the rating
downgrades and approve them. It shall also review the Watch List together with a
summary of approved rating downgrades on a periodic basis (at least quarterly), assess
status of related credits and recommend necessary actions to be taken by the relevant
Group including making provisions for the loss of financing/ advances.

8. RISK MANAGEMENT INFORMATION SYSTEMS

8.1 Risk Management Information Systems comprise of the following risk reports prepared by the Divisional
Head the Credit Management as referred to in paragraph 7.2 above and those prepared by the Risk
Management Group:

8.2 MIS prepared by the Divisional Head Credit Management

As mentioned in paragraph 7.2 of this section, the Credit Management Division shall prepare the
following MIS reports for review by the senior management:

ƒ Periodic Credit Monitoring Updates

ƒ Watch List
ƒ Risk rating downgrades
8.3 Report of the Risk Management Group

The Risk Management Group shall prepare periodic (at least quarterly) reports based
on his review of the above-mentioned MIS reports prepared by the Credit Management
Division. This report shall contain the following:

ƒ Customer proposed to be included on the Watch List or downgraded in terms of

risks (only those resulting in financing/ advances classification) and together with
any provision required thereagainst;
ƒ Narrative analyses of the credit exposure by various categories compared with the
respective limits;
ƒ Status of compliance with the assigned limits and the risk management policies,
exceptions noted and proposed action plan identified; and
ƒ Summary of significant balances on the Watch List, significant risk downgrades and
status of problem financing/ advances.

The above report shall be submitted to the Risk Management Committee together with
the comments/ feedback of the Credit Risk Committee or the respective senior
management official. The Risk Management Committee shall analyse the findings and
the appropriateness of the remedial measures and direct any further actions. Significant
risk issues and its actual or potential impact together with the corrective actions
recommended/ taken shall be communicated to the Board.
1 INTRODUCTION

1.1 This section of the manual sets out the policies for management of risk in treasury operations so that any
potential or existing risk issues are assessed, monitored, reviewed and reported effectively and in a
timely manner. Some of the operational risks in treasury are general and are not directly linked to the
treasury activities. Such risks shall be managed in accordance with the general policies for operational
risk management given in section VIII: ‘General Policies for Operational Risk Management’.

2 STRATEGY FOR TREASURY OPERATIONS

2.1 This strategy shall spell out the Bank’s trading and investment plans and shall be a part of the Bank -wide
strategy.

2.2 Components

Following are the essential components of the strategy:

ƒ Permissible treasury operations;

ƒ Target markets within each investment segment giving due consideration to:
- Risks specific to and critical success factors in each target market;
- Preferred level of diversification/concentration in each target market; and
- Specific short-term and long-term investment opportunities in each target
market.
ƒ Risk optimisation strategy:
- Higher yields and higher capital cover to mitigate higher risks; and
- Minimum risk acceptance criteria and exclusion markets within each investment
segment considering the Bank-wide risk strategy.
ƒ Pricing strategy;
ƒ Effect of strategy on the market, liquidity, credit and operational risks;
ƒ Business constraints relating to implementation of the strategy; and
ƒ Infrastructure required for implementing the strategy.

2.3 Essential features

The strategy shall be aligned with the Bank-wide strategy and must ensure the
following:
 ƒ Cyclic aspect of economy are taken into account together with the resulting shifts in
composition and quality of investment portfolio; and
ƒ Process and management are geared towards avoiding losses but at the same time
efficiency is maintained both in terms of response time and market needs and most
importantly adequate return is earned on the assets employed.

3 ASSET AND LIABILITY COMMITTEE

3.1 The ALCO shall be a management’s governing committee on all matters pertaining to balance sheet
arrangement, investment portfolio management, capital management, market risk and related treasury/
trading activities. The committee shall be responsible to perform the following significant risk
management functions:

ƒ The maintenance of the bank’s balance sheet to an optimal level to maximize returns on assets and
equity and target levels for the risk based capital ratios;
ƒ The preservation, enhancement and utilization of cost effective sources of funds, including the Bank’s
own deposit base, to enhance profitability while ensuring availability of funding and minimizing the
reliance on external funding sources;
ƒ Managing the overall liquidity of the Bank;
ƒ Timely identification of sources of market and liquidity risk;
ƒ Pricing of deposits and advances;
ƒ Deciding on the transfer pricing policy of the Bank;
ƒ Deciding on the required maturity profile and the mix of incremental assets and liabilities;
ƒ Controlling foreign exchange, rate of return and equity exposures arising from ongoing banking
activities; and
ƒ Evaluating the market and liquidity risks involved in launching of new products.

4 RISK APPETITE FOR TREASURY OPERATIONS

4.1 In order to limit the risk which may arise out of the Bank’s treasury portfolio, a risk
appetite in the form of the minimum capital requirement shall be allocated to the
treasury operations. It must be ensured that the aggregate amount of exposure does not
exceed this appetite at any time.

5 ELIGIBLE INSTRUMENTS AND RISK LIMITS

5.1 Eligible instruments represent the instruments approved by the Board in which the
Bank can trade or invest and comprise of:
 ƒ Equity securities;
ƒ Risk-free Government securities;
ƒ Corporate financing instruments;

5.2 Categories of instruments

The above-mentioned instruments shall be further categorised as follows:

ƒ Held-for-trading securities
The securities acquired by the Bank with the intention to trade by taking advantage of short term
market/ rate of return movements. Such securities are to be sold within 90 days from the date of its
classification as held for trading under normal circumstances.

ƒ Held-to-maturity securities
These are risk-free government instruments or corporate financing instruments with fixed or
determinable payments and fixed maturity which the Bank has the positive intent and ability to hold
to maturity.

ƒ Available-for-sale securities
These are instruments which are neither held-for-trading nor held-to-maturity.

5.3 Proposed eligible instruments and risk limits

The Capital Markets Group (for equity securities) and Treasury & FX Group (for other
instruments) shall make its propositions with respect to eligible instruments and its risk
limits as mentioned in paragraphs 5.4 and 5.5 below considering the risk and return
emanating from the same. They shall also be authorised to initiate any modifications in
the eligible securities or its limits based on a periodic (at least quarterly) review or at the
proposal of any senior management official or committee.

The Risk Management Group shall validate, the ALCO and the Risk Management
Committee shall review and the Board shall approve these securities and its limits or
any modifications therein.

5.4 Factors to be considered for determining eligible instruments and risk limits
 The propositions shall be made after considering the following factors, wherever
applicable:

ƒ Volatility of the capital and money market;

ƒ Systematic risk embedded in the capital and money market;
ƒ Extent of risk like market, liquidity, credit and operational risks;
ƒ Estimated return from trading or investment;
ƒ Cost of funds required for investment purposes;
ƒ Capability and adequacy of resources and infrastructure to manage the level of risk appetite; and
ƒ Requirements of applicable regulations.

5.5 In addition to the risk limits assigned to each type of eligible security, the Capital Market Group (for
equity securities) and Treasury & FX Group (for all other types of securities) shall propose limits for
treasury activities or initiate any changes therein based on a periodic (at least quarterly) review or at the
proposal of any senior management official or committee. Such limits shall, as a minimum, be of the
following types:

ƒ Single party exposure in equity securities and corporate debt instruments; and
ƒ Minimum expected return on eligible held-for-trading, held-to-maturity and
available-for-sale securities.

The Risk Management Group shall validate, the ALCO and the Risk Management
Committee shall review and the Board shall approve these limits or minimum expected
return and any changes therein.

5.6 Transaction resulting in excess over limits or deviation from risk management
policies

The Treasury & FX Group or the Capital Market Group (as the case may be) shall in consultation with the
Risk Management Group, review and the ALCO shall approve any transaction resulting in excess over
limit and/or deviation from the risk management policies after considering the justification provided by
the said officials and the comments of the Risk Management Group. The Risk Management Committee
shall subsequently ratify transactions where justifications are found plausible while others shall be
forwarded to the Board for deciding the appropriate course of action.

The ALCO shall, in consultation with the Risk Management Group, propose a threshold for reporting of
limit excesses or deviations from risk management policies while the Risk Management Committee shall
review and the Board shall approve this threshold. All limit excesses beyond the approved threshold
shall be communicated to the Board.
6 FOREIGN EXCHANGE OPERATIONS

6.1 In order to avoid an unwarranted risk in foreign exchange activity carried out by the
Bank’s Treasury, the Treasury & FX Group shall make propositions with respect to
various risk management policies as mentioned in paragraphs 6.3 to 6.7 below. They
shall also be authorised to initiate any modifications in these policies and procedures
based on a periodic (at least quarterly) review or at the proposal of any senior
management official or committee.

6.2 The Risk Management Group shall validate, the ALCO and the Risk Management
Committee shall review and the Board shall approve these risk management policies or
any modifications therein.
6.3 Authorised currencies

The Treasury shall only deal in authorised currencies approved by the Board. Hence, all
such currencies must be pre-defined in the light of the applicable foreign exchange
regulations of the Central Bank.

6.4 Open positions

Limits for open positions shall be devised for:

ƒ Each currency in which the Treasury is authorised to deal; and

ƒ The aggregate of all the foreign currency positions.

These limits shall be based on the foreign exchange risk perspective of the Bank as
defined under the trading and investment plans. However, these limits shall in no case
exceed the limits prescribed by the foreign exchange regulations of the Central Bank.

6.5 Authority matrices

Separate authority matrices shall be proposed for dealing in the following types of foreign currency
transactions:

ƒ Spot transactions;
ƒ Forward transactions
ƒ Swap transactions

6.6 Maximum counter-party limits for exposure against foreign currency transactions

In order to manage the counter-party risk, the Treasury & FX Group shall propose the counterparties and
the maximum limit of exposure for each party after carrying out detailed counterparty appraisals which
take into account the following significant factors relating to the proposed counterparties:

ƒ Financial standing and market reputation;

ƒ Short term and long term credit rating;
ƒ Credit rating for counter parties by way of:
a) Credit reports from rating agencies for local parties e.g. PACRA / VIS; and
b) International credit rating agencies for international counter parties e.g. Standards and Poors/
Moody;
ƒ Net worth;
ƒ Market size;
ƒ Product liquidity;
 ƒ BIS – Based Capital Adequacy Ratio; and
ƒ ISO certifications, if any.

In addition to the financial institutions, limits shall also be determined for brokers where they act as
counterparties in foreign exchange transactions.

6.7 Maximum tenor of forward foreign currency transactions

Limits shall be defined for the maximum tenor for which forward foreign currency transactions shall be
allowed. There shall not, in any case, exceed the maximum limit prescribed by the Central Bank.

7 MONEY MARKET OPERATIONS

7.1 The Treasury & FX Group shall propose risk limits and authority matrices as mentioned
in paragraphs 7.2 to 7.5 of this section or initiate any changes therein based on a
periodic (at least quarterly) review or at the proposal of any senior management official
or committee.

The Risk Management Group shall validate, the ALCO and the Risk Management
Committee shall review and the Board shall approve these limits and authority matrices
or any changes therein.

7.2 Maximum limits of exposure in respect of money market lendings and placements

These represent the maximum limits of exposures which can be assumed by the Bank in respect of money
market investment and placements. The following factors shall be considered while proposing these
limits:

ƒ Cash Flow position of the Bank;

ƒ Availability of other sources for deployment of funds;
ƒ Extent of credit, market, liquidity and operational risks;
ƒ Estimated return from the investment;
ƒ Cost of funds required for investment purposes;
ƒ Securities against investment and placements;
ƒ Capability and adequacy of resources and infrastructure to manage the level of risk appetite; and
ƒ Requirements of applicable regulations.

The overall limit so determined shall be divided into limits for various tenors for which such transactions
may be executed.
7.3 Maximum counter-party limits for exposure in money market operations

Counterparties and the maximum limit of exposure for each party shall be proposed after carrying out
detailed appraisal which shall take into account the following significant factors relating to the proposed
counterparties:

ƒ Financial standing and market reputation;

ƒ Short term and long term credit rating;
ƒ Net worth; and
ƒ ISO certifications, if any.

In addition to the financial institutions, limits shall also be determined for brokers where they act as
counterparties in money market transactions.

7.4 Maximum tenor of making investment, placement of funds and receiving placement
of funds from other financial institutions in money market operations

Limits shall be defined for the maximum tenor for which money market investment, placements of
funds by the bank and receiving placement of funds from other financial institutions shall be
allowed.

7.5 Authority matrices

Separate authority matrices shall be proposed for authorisation of investments and placement of
funds by the bank receiving placements from other financial institutions.

8 TOLERANCE LIMITS

8.1 Tolerance limits shall represent the tolerable level of difference between the transaction
rate/yield executed by the Bank’s Treasury and the prevailing market rates. The
Treasury & FX Group shall propose tolerance limits for the following:

ƒ Purchase and sale of equity securities, risk free government securities and corporate financing
instruments;
ƒ Money market investments and placements of funds by the bank and receiving placements from
other financial institutions; and
ƒ Foreign currency transactions.
 The Risk Management Group shall validate, the ALCO and the Risk Management
Committee shall review and the Board shall approve these tolerance limits or any
changes therein.

8.2 Management Action Point (MAP)

A Management Action Point (MAP) is the amount of mark to market losses that, when reached, trigger
the development of an action plan which must be followed. For this purpose, two levels of the amount of
mark to market losses should be defined, representing the reporting and the action phases.

Once the reporting level is reached, the required actions will be reporting of the loss to the Group Head
Treasury and FX and the Group Head Risk Management. Once the action level is reached, a trading
strategy shall be devised by the Treasury & FX Group in consultation with the Risk Management Group.

8.3 Tolerance limits and criteria for behavioural adjustments

The Treasury & FX Group shall propose tolerance limits for any gaps identified through MIS reports
together with the criteria for behavioural adjustments or shall initiate any changes therein based on a
periodic (at least monthly) review or at the proposal of any senior management official or committee. The
Risk Management Group shall validate, the ALCO and the Risk Management Committee shall review
and the Board shall approve these limits and criteria or any changes therein.

The following is a description of the above-mentioned limits and criteria:

ƒ Limits with respect to Gaps for each of the time-bands for both the types of RGRs as mentioned in
paragraphs 10.1.1 and 10.1.2 of this section.
ƒ Criteria for determining behavioural adjustments for each ISA, ISL and off-balance sheet exposure
which may be impacted by behavioural adjustments;
ƒ Limits for the rate of return sensitive ratio as mentioned in paragraph 10.1.4 below;
ƒ Limits for factor sensitivity of each of the time bands for both types of RGRs; and
ƒ Limits for differences between mark-to-market valuations by the middle office and the back office.

9 RISK MANAGEMENT CONTROLS BY THE MIDDLE OFFICE

9.1 The Middle Office shall be independent of the treasury function and shall report to the Group Head Risk
Management. It shall monitor the quality of the treasury portfolio on a day-to-day basis and assess
compliance with the risk limits and the risk management policies and procedures both on transactional as
well as portfolio level.

9.2 Functions of the Middle Office

The Middle Office shall be responsible for carrying out the following functions:
 ƒ Monitoring compliance with all the risk management policies and procedures of the treasury function
as approved by the Board;
ƒ Monitoring the day-to-day dealings of the front office against the pre-determined tolerable limits;
ƒ Monitoring and identifying limit expiries;
ƒ Verification of mark to market rates used for all portfolios monitoring compliance with tolerance
limits as referred to in paragraph 8.1 of this section;
ƒ Preparing independently a ‘Repricing Gap Report’ as referred to in paragraphs 10.1.1 and 10.1.2 of
this section;
ƒ Investigation of significant differences, if any, identified between the following:
- Independently prepared ‘Repricing Gap Report’ and the respective report prepared by the
Financial Control Division.
ƒ Ensuring that the following are reflected in the periodic (at least quarterly) profit and loss account:
- All transactions executed; and
- Current independent market data used with respect to revaluation.
ƒ Credit limit monitoring and excess reporting;
ƒ Dealing room activity monitoring; and
ƒ Preparing forecasts (simulations) showing the effect of various possible changes in market conditions
relating to risk exposures.

9.3 Reporting by the Middle Office

Results of the above-mentioned functions shall be reported to the Group Head Risk Management in the
form of a ‘Risk Management Monitoring Report’ on a periodic basis (at least monthly). The following
information/ exceptions shall be included in these reports together with the proposed actions, wherever
applicable:

ƒ Non-compliance with the risk management policies and procedures approved by the Board;
ƒ Deviations identified in the day-to-day monitoring
ƒ Status of various risk limits specifically mentioning the available limits;
ƒ List of expired limits;
ƒ Results of the investigation of significant differences, if any, identified between the following:
- Independent marking-to-market of treasury operations and the results of the revaluation as per
accounting records; and
- Independently prepared ‘Repricing Gap Report’ and the respective report prepared by the
Financial Control Division.
ƒ Exceptions to the quarterly profit and loss account with respect to:
- Any transactions executed not being reflected in the results; and
- Market data used for revaluation of assets, liabilities and off-balance sheet exposures of the
treasury function.
ƒ Reporting of Management Action Point to the Group Head Risk Management after obtaining the
feedback of the relevant operational personnel; and
ƒ Rate of return simulation exercise.

9.4 Communication of findings to the users and ALCO

 The Group Head Risk Management shall review the findings of the Middle Office and the related
recommendations and shall provide a copy of the report to the Treasury & FX Group for necessary
corrective actions. Any significant findings and recommendations shall also be communicated to the
ALCO.

10 RISK MANAGEMENT INFORMATION SYSTEM

10.1 Market risk

In order to monitor the market risk to which the Bank is exposed, MIS reports shall be prepared, criteria
for behavioral adjustments shall be devised and tolerance limits shall be assigned for gaps identified
through the MIS reports. The following is a description of these reports, limits and criteria:

10.1.1 Repricing Gap Report as per maturity/ repricing exposure

Repricing Gap Report (RGR) summarising all Profit Sensitive Assets (PSA), Profit Sensitive Liabilities
(PSL) and Profit Sensitive Off-balance sheet items categorised in appropriate number of time-bands
according to its maturity or repricing whichever is earlier. The size of the Gap i.e. assets plus the net off-
balance sheet exposure minus liabilities for a given period gives an indication of the Bank’s repricing risk
exposure.

The Financial Control Division shall prepare this RGR on a periodic basis (at least monthly). The Risk
Management Group shall review and the ALCO shall approve this report.

10.1.2 Repricing Gap Report adjusted for behavioral adjustments

The Financial Control Division shall prepare another RGR on a periodic basis (at least monthly) adjusted
for behavioral adjustments and categorised in appropriate number of time-bands. The report shall be
validated by the Risk Management Group and the ALCO shall approve the report.

10.1.3 Rate of return risk sensitivity

Copies of both the above-mentioned RGRs shall be forwarded to the Treasury & FX Group for
monitoring the rate of return risk to which the Bank is exposed. The Group shall periodically (at last
monthly) translate the gaps identified in both types of the RGRs to generate simple indicators of the rate
of return risk sensitivity of earnings to changing profit rates. In this respect the following formula may be
used for estimation:

Gap x Change in profit rate x Time period over which the periodic gap is in effect

The size of the change in profit rate movement used to compute an estimate of the rate of return risk
sensitivity shall be based on the following factors:

ƒ Rate of return view;

ƒ Simulation of potential future profit rate movements; and
 ƒ Judgment of the Bank‘s management.

The findings of the above analysis shall be discussed in the ALCO together with proposed actions to
decide on the future course of action.

10.1.4 Rate of return sensitivity ratio

The Group Head Treasury and FX shall periodically (at least monthly) compute an rate of return
sensitivity ratio on the basis of the results obtained from periodic RGRs to estimate the profit rate risk
exposure. The following formula shall be used to compute the ratio:

Rate of Return Sensitivity Ratio = IS Gap ÷ Bank’s total assets

The computations shall also be discussed in the ALCO together with proposed actions to decide on the
future course of action.

10.1.5 Factor sensitivity of profit rate position

The Treasury & FX Group shall compute the ‘factor sensitivity of profit rate position’ by discounting the
rate of return sensitivity gaps for each of the time-bands as defined in paragraph 10.1.1 using the current
market interest rate and then using the current market interest rate increase or decrease by one basis
point. The difference in the two values, being factor sensitivity is the potential for loss given one basis
point change in the profit rate.

This analysis shall be done on a periodic (at least monthly) basis and the results shall be discussed in the
ALCO together with proposed actions to decide about the future course of action.

10.1.6 Market Risk Strategy

The Treasury & FX Group shall prepare a consolidated view on market risk and a proposed future
strategy (at least monthly) using appropriate method/ models and back tested data. Risk Management
Group shall validate the strategy after considering the findings noted during his review of market risk
exposure as referred in paragraph 10.1.7 below while the ALCO and the Risk Management Committee
shall review and the Board shall approve this strategy.
10.1.7 Report on Market Risk Analysis

The Group Head Risk Management shall, in consultation with the Middle Office, carry out a periodic (at
least quarterly) review of market risk exposure and prepare a ‘Report on Market Risk Analysis’, which
shall be reviewed by ALCO. This report shall include the following:

ƒ Current market conditions;

ƒ Future expectations of the market in which the Bank operates;
ƒ Status of compliance with the risk management policies and procedures and limits based on the ‘Risk
Management Monitoring Reports’ submitted by the Middle Office as referred to in paragraph 9.3 of
this section
ƒ Results of review of RGRs and the rate of return risk sensitivity indicators by the Middle Office; and
ƒ Any other significant findings as mentioned in the reports submitted by Middle Office.

10.1.8 Consolidated Report on Market Risk Analysis

The Risk Management Group shall prepare a periodic (at least quarterly) ‘Consolidated report on
Market Risk Analysis’ after considering the following:

ƒ Bank’s market risk strategy as approved by the Board;

ƒ Strategy for treasury operations and Bank-wide strategy;
ƒ Overall risk appetite; and
ƒ Report on Market Risk Analysis mentioned above.

The Group Head Risk Management shall discuss the report with ALCO and submit the report to the Risk
Management Committee, together with the comments of ALCO. The Risk Management Committee shall
evaluate the findings and the appropriateness of any remedial measures taken/ proposed and direct any
further actions. Significant risk issues and its actual or potential impact together with the corrective
actions recommended/ taken shall be communicated to the Board.

10.2 Liquidity Risk

In order to monitor the liquidity risk to which the Bank is exposed, MIS reports shall be prepared and
tolerance limits shall be assigned for gaps identified through MIS reports. The following is a description
of these reports and limits:

10.2.1 Funds Flow Analysis

Funds Flow Analysis (FFA) estimates all the cash inflows and outflows of the Bank and thus determines
the net deficit or surplus which shall be broken down into appropriate time-bands after considering the
behavior of assets, liabilities and off-balance sheet items included in these time-bands.
 The Financial Control Division shall prepare the FFA on a periodic basis (at least quarterly) after
consulting all the relevant Group Heads. The analysis shall be submitted to the Risk Management Group
for review and shall also be discussed in the ALCO together with proposed actions to decide on the
future course of action.

10.2.2 Tolerance limit

The Treasury & FX Group shall propose or initiate any changes in the tolerance limits with respect to
acceptable net deficit/surplus of cash flows for each of the time-bands as mentioned in paragraph 10.2.1
above. The Risk Management Group shall validate, the ALCO and the Risk Management Committee shall
review and the Board shall approve these limits or any changes therein.

10.2.3 Contingency Funding Plan

The ‘Contingency Funding Plan (CFP)’ is a projection of future cash flows and funding sources of the
Bank under market scenarios including aggressive asset growth or liability erosion. The Treasury & FX
Group shall prepare a CFP on a periodic basis (at least quarterly) for identifying the stress scenarios and
the funding plan for such scenarios. This plan shall be reviewed by the Risk Management Group and the
ALCO and shall be approved by Risk Management Committee. The plan is an ongoing extension of the
ongoing liquidity management and formalizes the aspect of liquidity management by ensuring:

ƒ a reasonable amount of liquid assets are maintained;

ƒ measurement and projection of funding requirements during various scenarios; and
ƒ management of access to funding sources.

The CFP should project the Bank’s funding position during temporary and long-term liquidity changes,
including those caused by liability erosion. The CFP should explicitly identify, quantify, and rank all
sources of funding preference, such as:

ƒ reducing assets;
ƒ modification or increasing liability structure; and
ƒ using other alternatives for controlling balance sheet changes.

The CFP should include asset side as well as liability side strategies to deal with
liquidity crises. The asset side strategy shall include whether to liquidate surplus money
market assets, when to sell liquid or longer term assets etc. The liability side strategies
shall specify policies such as pricing policy for funding, the dealer who could assist at
the time of liquidity crisis, policy for early redemption request by retail customers and
use of CENTRAL BANK as provider of funds of the funds of the last resort. The CFP
shall also chalk out roles and responsibilities of various individuals at the time of
liquidity crises and the management information system between management, the
ALCO, traders, employees and others.
10.2.4 Report on Liquidity Risk Analysis

The Risk Management Group shall, carry out a periodic (at least monthly) review of liquidity risk
exposure and prepare a ‘Report on Liquidity Risk Analysis’, which shall be reviewed by the ALCO. This
report shall include the following:

ƒ Current market conditions;

ƒ Future expectations of the market in which the Bank operates;
ƒ Bank’s long-term and short-term funding requirements;
ƒ Status of compliance with the risk management policies; and
ƒ Any other significant findings.

10.2.5 Liquidity Risk Strategy

The Treasury & FX Group shall prepare a consolidated view on liquidity risk and a proposed future
strategy (at least quarterly). The Risk Management Group shall validate the strategy after considering the
findings noted during his review of liquidity risk exposure as referred to in paragraph 10.2.4 above while
the ALCO and the Risk Management Committee shall review and the Board shall approve this strategy.
The strategy should enunciate specific policies on particular aspects of liquidity risk management such as:

ƒ Composition of assets and liabilities- the strategy shall outline the mix of assets and liabilities to
maintain liquidity. Liquidity risk management and asset / liability management should be integrated
to avoid steep costs associated with having to rapidly reconfigure the asset liability profile from
maximum profitability to increased liquidity;
ƒ Diversification and stability of liabilities- the Board and senior management should specify guidance
relating to funding sources and ensure that the Bank have a diversified sources of funding day-to-day
liquidity requirements as concentration of funding could lead to an increased risk. To
comprehensively analyze the stability of liabilities / funding sources, the Bank should identify
liabilities that would stay with the Bank under any circumstances, liabilities that run-off gradually if
problem arises, and that run-off immediately at the first sign of problems; and
ƒ Access to inter-bank market – the strategies shall take into account that in crisis situations access to
inter bank market could be difficult as well as costly.

10.2.6 Liquidity ratios and limits

The Bank may use a variety of ratios to quantify liquidity. These ratios shall be used to create limits for
liquidity management. The ratios shall be used regularly and interpreted taking into account qualitative
factors. The ALCO shall have the proper understanding of the construction of the ratio and the range of
alternative information that can be placed in the numerator or denominator, and the scope of conclusions
that can be drawn from the ratios. The following ratios and limits shall be used:
 ƒ Cash flow ratios and limits- These ratios and limits attempt to measure and control the volume of
liabilities maturing during a specified time period;
ƒ Liquidity concentration ratios and limits- Limits shall be expressed as a percentage of liquid assets or
an absolute amounts; and
ƒ Other balance sheet ratios-These shall include ratios such as total financing/ advances/ total
deposits, total financing/advances / total equity capital, placement of the funds with the bank /
total assets which shall be used to monitor current and potential funding levels.

10.2.7 Consolidated Report on Liquidity Risk

The Risk Management Group shall be responsible for submitting a periodic (at least quarterly)
‘Consolidated report on Liquidity Risk Analysis’ after considering the following:

ƒ Bank’s liquidity risk strategy as approved by the ALCO;

ƒ Strategy for treasury operations and Bank-wide strategy;
ƒ Overall risk appetite; and
ƒ Report on Liquidity Risk Analysis mentioned above.

The Group Head Risk Management shall discuss the report with ALCO and submit the report to the Risk
Management Committee, together with the comments of ALCO. The Risk Management Committee shall
evaluate the findings and the appropriateness of any remedial measures taken/ proposed and direct any
further actions. Significant risk issues and its actual or potential impact together with the corrective
actions recommended/ taken shall be communicated to the Board.
1 INTRODUCTION

1.1 Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and
systems or from external events as well as risk of loss resulting from Shariah non-compliance and the
failure in the fiduciary responsibilities. Generally speaking this risk is essentially associated with
operating a business and is not easy to manage as it refers to a range of possible failures in the operation
of the Bank not directly related to market or credit risk. All the business lines of the Bank, whether front
line or support are exposed to a considerable level of operational risk and a continuous assessment of the
internal and external environment is necessary to manage these risks and to supplement any business
and risk strategies.

1.2 The purpose of this section is to set out general policies for management of operational risks to be
followed by all the business units of the Bank as far as these relate to its functions. Other policies directly
relating to risk management in credit and treasury operations have been covered in sections VI: ‘Risk
Management Policies for Credit Operations’ and VII: ‘Risk Management Policies for Treasury
Operations’.

2 BROAD CATEGORIES OF OPERATIONAL RISK

2.1 Operational risk covers a wide area and it is useful to subdivide operational risk into two components,
operational failure risk and operational strategic risk as defined below:

2.1.1 Operational failure risk or internal operational risk

The Bank uses people, processes, technology and the controls implemented to ensure its effective
integration and coherence to achieve business plans and any one of these factors may experience a failure
of some kind. The operational failure risk arises from the potential for failure of these factors in the course
of operating the business.

2.1.2 Operational strategic risk or external operational risk

It arises from environmental factors, such as a new competitor that changes the business paradigm, a
major political and regulatory regime change, and other factors that are outside the control of the Bank.
The external factors include political, taxation, regulation, government, societal etc.
3 OPERATIONAL RISK INVENTORY

3.1 The concerned groups/ divisions shall identify and the Risk Management Group shall compile an
operational risk inventory based on an assessment of the operational risks inherent in all material
products, activities, processes and systems of the Bank and its vulnerability to these risks. The inventory
shall, as a minimum, include risks in the following categories:

3.2 People

People risk losses are associated with alleged violations of employment law and the intentional violation
of internal policies by current or past employees. In some specific cases, the risk extends to people who
are being considered for employment. People risk can be further categorised as follows:

3.2.1 Interpersonal relations

Losses caused by inappropriate interpersonal relationships including discrimination against another

employee or someone who is interviewing for a position within the Bank, loss caused by an employee
harassing another employee or potential employee or intentional violations of an employee’s contract.

3.2.2 Employee misdeeds

Losses knowingly committed by an employee including unauthorized business activity, unauthorised

information disclosure, unauthorised system activity or fraud.

3.3 Process

This category reflects losses incurred because of a deficiency in an existing procedure, or an altogether
lack of a procedure. Losses in this category can be mistakes (i.e. errors) while others arise from not
following existing procedures (i.e. compliance or control breakdown). Process risk can be further
categorised as follows:

3.3.1 Compliance breakdown

Losses caused by failures or omission within the compliance process. Compliance is meant to include
those procedures or requirements that must be followed. Most often, compliance requirements are
associated with regulatory or audit requirements.

3.3.2 Control breakdown

Risks and losses caused by failures or omissions within the control process fall in this category and
generally relate to procedures regarding internal controls. These controls exist in order to manage the
business, and are in addition to the processes described above.

3.4 Systems
 Risks and losses caused by systems/technology (including telecommunications networks). All risks and
losses in this category happen by mistake, and are not intentional. If an intentional event occurs, it should
be placed in “People” (if by employee) or “External” (if by external factors of a third party)

3.5 External

Risks and losses due to business interruption caused by natural or man-made forces. Risks and losses
arising as a direct consequence of a third party’s action should be grouped in this category. The related
risks may arise from any catastrophe, third party relationships, security or system breach or any
supervisory actions. The effects of these risks on work place safety are also an important consideration.

3.6 Impact and likelihood of incidents

The operational risk inventory shall also set out the impact and likelihood of each of the risks mentioned
in the inventory based on the past history of incidents and the timeliness of the required management
action. The following standard terminologies shall be used to assess the impact and likelihood:

Impact of incident and the timeliness of management action required

Timeliness of
Level of risk Definition of levels management Description
action
High The incident is more likely to result in Urgent The management shall immediately
material loss of Bank’s revenue or implement necessary measures to
goodwill or material non-compliance address the weakness identified, by
with the statutory regulations. ensuring compliance with the legal and
Historically, compensating controls are regulatory framework and/ or by
generally not present to reduce the restructuring the organisational
likelihood of any such loss or non- structure or functions
compliance

Moderate The incident is likely or less likely to Prompt The management shall take action
result in a loss of Bank’s revenue or within a reasonable period of time to
goodwill or non-compliance with the address the weakness or procedural
statutory regulations (not being a inefficiency identified or to comply with
material loss or non-compliance). the applicable regulations
However, historically, compensating
controls generally exist to reduce
likelihood of any such loss or non-
compliance

Low The incident is more in the nature of a Timely The management shall analyse its
minor procedural error or irregularity resources and shall consider
rather than a control weakness implementing the recommended
controls with a view to improving
processes

Likelihood of incident
 Likelihood Description

More likely The probability of loss / inefficiency / ineffectiveness is high as the control weakness or non-
compliance with statutory requirements is generally present and is mostly associated with the
current system being followed by the Bank. Historically, compensating controls are generally
not present to reduce the likelihood of any such loss or non-compliance

Likely Probability of loss / inefficiency / ineffectiveness is moderate as the control weakness or non-
compliance with statutory requirements (not being a material loss or non-compliance) is
exception based and is mostly not associated with the current system being followed by the
Bank. Historically, compensating controls generally exist to reduce likelihood of any such loss or
non-compliance

Less likely The control weakness or non-compliance with statutory requirements is one-off and historically,
compensating controls exist to reduce likelihood of any such loss / inefficiency / ineffectiveness
or non-compliance

3.7 Shariah Non-Compliance Risk

FDIBL shall have in place adequate systems and controls, including Shariah Board/
Advisors, to ensure compliance with Shariah rules and principles.

FDIBL shall ensure that it complies at all times with the Shariah rules and principles as
determined by the Shariah Board/ Advisor with respect to its products and activities. This
means that Shariah compliance considerations are taken into account whenever the FDIBL
accept deposits and investments funds, provide finance and carry out investment services
for its customers.

FDIBL shall ensure that its contract documentation complies with Shariah rules and
principles – with regard to formation, termination and elements possibly affecting contract
performance such as fraud, misrepresentation, duress or any other rights and obligations.

FDIBL shall undertake a Shariah compliance review at least annually performed either by
a separate Shariah control department or as part of the existing internal and external audit
function by persons having the required knowledge and expertise for the purpose. The
objective is to ensure that (a) the nature of FDIBLs’ financing and equity investment and
(b) its operations are executed in adherence to the applicable Shariah rules and principles
as per the fatwa, policies and procedures approved by FDIBLs’ Shariah Board.

FDIBL shall keep track of income not recognized arising out of Shariah con-compliance
and assess the probability of similar cases arising in the future. Based on historical reviews
and potential areas of Shariah non-compliance, the FDIBL may assess potential profits that
cannot be recognized as eligible FDIBLs’ profit.
3.8 Fiduciary Risk

FDIBL shall have in place appropriate mechanism to safeguard the interests of all fund
providers. Where IAH funds are commingled with FDIBLs’ own funds, FDIBL shall
 ensure that the bases for assets, revenue, expense and profit allocations are established,
applied and reported in a manner consistent with FDIBLs’ fiduciary responsibilities.

FDIBL shall establish and implement a clear and formal policy for undertaking its
different and potentially conflicting roles in respect of managing different types of
investment accounts. The policy relating to safeguarding the interests of its IAH may
include the following:

ƒ Identification of investing activities that contribute to investment returns and taking

reasonable steps to carry on those activities in accordance with FDIBLs’ fiduciary and
agency duties and to treat all its fund providers appropriately and in accordance with the
terms and conditions of its investment agreements;
ƒ Allocation of assets and profits between the FDIBL and its IAH will be managed and
applied appropriately to IAH having funds invested over different investment period;
ƒ Determination of appropriate reserves at levels that do not discriminate against the right
for better returns of existing IAH; and
ƒ Limiting the risk transmission between current and investment accounts.

FDIBL shall adequately disclose information on a timely basis to its IAH and the markets in
order to provide a reliable basis for assessing its risk policies and investment performance.

4 OPERATIONAL LOSS DATABASE

4.1 Operational loss database summarises significant risk incidents in each risk category with an assessment
of the impact on business and the likelihood of occurrence. The concerned Groups/ Divisions shall
identify the significant risk incidents and report them to the Risk Management Group with a copy
marked to Head of Audit. The Risk Management Group shall maintain the operational loss database and
shall update the risk inventory based on the frequency and impact of the risk incidents included in the
operational loss database.

Considering the impact and the frequency of occurrence of the incidents mentioned in the database, the
Risk Management Group shall modify its own assessment of the impact and likelihood of the risk type
included in the inventory.

4.2 Significant risk incidents

Significant risk incidents are those which represent any unusual activities including any significant
process breaks or any intentional or unintentional breach or override of controls which have resulted in
or which will “reasonably possibly” or probably in the future result in actual or potential financial
exposure or reputation risk to the Bank.

These incidents shall include the following:

ƒ Cash shortages exceeding an amount proposed by the Operations Group, validated by the Risk
Management Group and approved by the Management Committee;
 ƒ Employee thefts, frauds and irregularities;
ƒ Significant activities contrary to the customer’s explicit orders or requests;
ƒ Non-compliance with the regulations resulting in fine, penalty or notice;
ƒ Third party fraud, forgeries and irregularities arising from collusion with external parties or
otherwise;
ƒ Significant loss / damage to the Bank’s physical assets;
ƒ Breaches of work place safety requirements;
ƒ Robbery, theft or other mysterious disappearance of cash or other assets;
ƒ Significant system related errors and / or failures; and
ƒ Significant amounts of any duplicate payments.

4.3 Report of significant incidents

Operational loss database shall be supported by a report of each incident provided by the business units
and containing the following particulars:

ƒ Type and description of incident (link to the risk type);

ƒ Date and, where possible, time when incident occurred;
ƒ Date, and, where possible, time when incident reported;
ƒ Branch/ Division where incident occurred;
ƒ Exposure to incident (in monetary terms in case of financial loss);
ƒ Name and designation of Divisional / Functional Head;
ƒ Action taken, if any;
ƒ Action/ additional measure prescribed if any;
ƒ Adequacy of the counter-measures;
ƒ Status of implementation of action / additional measure;
ƒ Loss recovery actual or potential where not crystallised as yet;
ƒ Net exposure to financial loss; and
ƒ Date of closure of incident, wherever applicable.

4.4 Key Risk Indicators

As part of operational loss database, the Risk Management Group shall, in consultation with the
Operations Group, also identify and maintain a list of appropriate indicators which provide early
warning of an increased risk of future losses. The following are the various types of Key Risk Indicators
(KRIs) to be used by the Bank:

ƒ Rapid growth;
ƒ Introduction of new products;
ƒ Employee turnover;
ƒ Transaction breaks;
ƒ Feeble IT support; and
ƒ Process breaks.
5 RISK MANAGEMENT INFORMATION SYSTEMS

5.1 MIS reports shall be prepared to monitor the operational risk to which the Bank is exposed. The following
is a description of these reports:

5.1.1 Report of key risk incidents and indicators

In addition to the above-mentioned incident reporting, the Risk Management Group shall prepare a
periodic (at least quarterly) report containing the following particulars:

ƒ Summary of risk incidents arising during the period;

ƒ Summarised status of all open incidents;
ƒ Summary of closed incidents together with the close out actions; and
ƒ Summary of key risk indicators and its potential impact on the business.

The report shall also reflect the actual or potential losses from each incident. The Group Head Risk
Management shall discuss this report with the Management Committee and then submit it to the Risk
Management Committee, together with the comments of the Management Committee, which shall
review adequacy of proposed / executed action and direct any alternative action or implementation of
proposed action. Incidents of material impact shall also be communicated to the Board.

6 CONTINGENCY PLANNING

6.1 The Bank shall maintain contingency plans including disaster recovery planning, business continuity
planning, public relations damage control plan and litigation strategy taking into account different types
of scenarios to which the Bank may be exposed. At the time of the preparation of these plans, the
concerned Group/ Divisional Heads shall be consulted in relation to the responsibilities to be assigned to
them.

6.2 Significant aspects of contingency plans

The Risk Management Group shall ensure that the following significant aspects are addressed in the
contingency plans:

ƒ Clear cut policy and budget for the contingencies;

ƒ Key persons’ detailed description of roles / responsibilities;
ƒ Emergency headquarter and designated to be Incharge for dealing with a crisis;
ƒ Location and suitability of operations back up site and availability of necessary facilities for
resumption of critical functions within 24 hours including the relevant Information Technology
infrastructure;
ƒ Emergency plan for accessibility or movement of staff to primary / back up sites;
ƒ Emergency call tree;
ƒ Safety of customers and employees in case of emergency;
ƒ Public relations network directed at customers in case of emergency;
ƒ Succession plans for critical staff and senior management;
 ƒ Priority level of each operation, delegation of authority and arrangements for obtaining additional
staff in case of an emergency;
ƒ For critical business processes, alternative mechanisms for resuming service in the event of
disruption of service of external vendors or other third parties;
ƒ Identification of critical functions, its earliest resumption in case of emergencies, and arrangements
for manual delivery of any technology-based critical service / product;
ƒ Identification of critical documents / data which needs to be regularly backed up and arrangement of
storage of back ups on offsite location or disaster recovery site;
ƒ Ability to restore electronic or physical records;
ƒ Offsite facility at an adequate distance from the impacted operations to minimise the risk that both
primary and back-up records and facilities will be unavailable simultaneously;
ƒ Back-up center or back-up contract with good contractors or banks;
ƒ Security of multiple communication methods;
ƒ Business impact analysis;
ƒ Detailed program for the development, implementation, and maintenance of such plans;
ƒ Identification of organization which will handle the emergency at the main site and at the back up
site;
ƒ Coordination with external parties and maintenance contracts / service level agreements;
ƒ Means of communication with significant parties in case of an emergency;
ƒ Recovery time objectives mentioning the importance of the timely recovery of the key functions of the
Bank;
ƒ Evaluation plans;
ƒ Program for updation, testing and awareness of staff;
ƒ Program for training and awareness of staff; and coordination with external parties and maintenance
contracts / service level agreements;
ƒ Geographic diversity for critical operations and backup facilities;
ƒ Balance required to be maintained between centralisation of operations and mitigation of the
associated concentration risk;
ƒ Target timelines defined for resumption of core business operations and full-fledged functioning of
the Bank; and
ƒ Capacity to deal with the longer-term disruptions and to accommodate normal or increased volume
of transactions.

6.3 Review and testing of plans

The Risk Management Group shall regularly review the plans to ensure that they encompass reasonably
probable events that could impact the Bank and are consistent with the Bank’s current operations and
business strategies. The Risk Management Group shall also test these plans periodically in order to
ensure that the Bank would be able to execute these plans in the likely event of a severe business
disruption.

6.4 Approval of the plans or changes therein

The above-mentioned plans and any changes therein shall be reviewed by the Management Committee
and the Risk Management Committee and approved by the Board.
1 COUNTRY RISK

1.1 Country risk has an overarching effect on the banks’ international activities and should explicitly be taken
into account in the risk assessment of exposures both on and off balance sheet to all public and private
sector foreign domiciled counterparties. Country risk should also be taken into account, where
appropriate, when assessing the credit worthiness of the domestic counterparties.

1.2 Accordingly, keeping in view the necessity of comprehensive guidelines and policy for use and
information of the Treasury and the branches and fulfillment of the requirements of the regulatory
authorities i.e. BSD Circular Number 03 dated May 17, 2004 and other instructions issued by CENTRAL
BANK and the Bank from time to time. The Risk Management Group shall regularly review the sovereign
/ country risk instructions on a regular basis to ensure that these are up to date and facilitate the
management in an effective management of the Bank’s cross border exposure.

1.3 To effectively monitor country risk, the Bank must have a reliable system for capturing and categorizing
the volume and nature of foreign exposures. The reporting system should cover all aspects of the Bank’s
operations, whether conducted through paper transactions or electronically.

1.4 The Treasury and all the branches dealing in foreign trade shall be responsible to monitor its country
exposure in accordance with the guidelines contained in the Bank’s country risk policy and to ensure that
there are no violations.
1 DEFINITIONS OF KEY TERMINOLOGIES

The following terminologies shall have the meanings as specified below for the purposes
of the manual:

1.1 Business unit

Business unit includes the respective group, division or any other function or any
committee of the senior management. These units shall be represented by either the
respective heads or the members of the senior management committees.

1.2 Bank-wide Risk Management Framework

The Bank-wide Framework is the enterprise-wide risk management framework used by

the Bank for management of risk and comprises of all the components or dimensions of
risk management in the Bank i.e. a Bank-wide strategy, risk management structure and a
policy framework setting out policies and procedures with respect to the risk
management process and the necessary structure required to implement the framework.

1.3 Bank-wide strategy

It is the Bank’s strategy clearly spelling out its goals, objectives and the direction to
achieve them in the form of a business strategy, related external and internal challenges,
risk management strategy and the Bank wide risk appetite and its allocation to various
operations to determine risk appetite for these operations.

1.4 Default

It represents the risk that the Bank or any of the third party with whom the Bank deals
may not be able to comply with the mutually agreed terms and conditions and includes
risk of failure of a credit customer or a vendor etc.

1.5 Default probability/ probability of default

It is the probability that the customer will default on its contractual obligations to
perform, thus resulting in an economic loss to the Bank.

1.6 Diversification

Diversification is the practice of investing in various assets to have a low aggregate risk.
This practice is aimed at stabilising returns by ensuring minimisation of specific risks of
individual assets, leaving only the un-diversifiable specific risk.

e-Library | Islamic Banking and Finance Copyrights may be reserved by Author 1

1.7 Gap Reporting

Gap Reporting is a measure of the Bank’s repricing and maturity imbalances by

stratifying its products according to maturity and then aggregating these into predefined
time buckets to arrive at a net gap position for each time bucket.

1.8 Internal Risk Rating Framework

Internal Risk Rating Framework represents a scientific approach to assigning risk ratings
to the exposure based on an assessment of the customer’s credit worthiness and the
terms of the transaction through the use of standard risk rating templates/score cards.

1.9 Mark-to-Market Valuation

This represents a method of valuing financial instruments on the basis of current market
values and rates.

1.10 Predictable/ average/ expected loss

It is the amount the Bank can expect to lose, on average, over the time in which it takes
credit risk. These losses are to be covered by pricing and provisioning and, hence, are not
to be covered by capital.

1.11 Risk appetite

It is the risk that the Bank is in business to take given the context of its corporate goals
and strategic imperatives. It can also be defined as the expression of the types and
amount of risk the Bank is willing to assume to achieve the Bank-wide strategy. Risk
appetite represents a threshold or measurement and is measured by the minimum
amount of capital required to assume risks in accordance with the Bank-wide strategy.

1.12 Risk appetite for credit/ treasury operations

This represents the maximum aggregate amount of exposure which the Bank can assume
in respect of credit/ treasury operations and is determined by translating the capital
based risk appetite to the exposure in credit/ treasury operations.

1.13 Risk limits

These represent the maximum amount of exposure which the Bank can assume in
activities, products, securities, economic sectors or any single party or a group etc., or a
limit of minimum return on any product or security or any other limit for monitoring of
risks as explained in this manual.

e-Library | Islamic Banking and Finance Copyrights may be reserved by Author 2

1.14 Risk management strategy

This is defined as an approach to risk and its management thereof, as well as the set of
capabilities required for implementing such an approach and the major tasks involved in
developing those capabilities.

1.15 Risk Management structure

This is the structure which dictates the high-level organisational structure for managing
risk on an enterprise wide level.

1.16 Standard risk gradations

Risk gradations represent abbreviation of the overall risk profile of an

exposure based on analysis of the risk factors given in the standard risk
rating templates/score cards.

1.17 Stress testing

It is a form of testing to determine the effect of abnormal market moves on

the market value of the Bank’s portfolios.

1.18 Scenario analysis

This represents an analysis employed to capture the impact of various

market moves on combinations of risks. Scenarios are constructed to
identify potential market moves which would produce the most
undesirable results.

1.19 Senior management

Senior management collectively refers to the President/ Chief Executive

Officer, Group Heads and the concerned Divisional Heads.

1.20 Unexpected Loss

It represents the uncertainty in the amount of loss that can occur in a

portfolio value. Capital needs to be held to provide a buffer against
unexpected losses i.e. deviations of losses which exceed average losses.

e-Library | Islamic Banking and Finance Copyrights may be reserved by Author 3