The objective of the Risk Management Framework of the Bank is to minimize negative effects that risks can have on the earnings, capital, and liquidity of the Bank. The Bank has been managing risks through active Board and senior management oversight, risk governance structure, policies and procedures, appropriate management information system, comprehensive internal controls and limits, and stress testing. The Bank’s Risk Management Framework has following components:
Active Board and Senior Management Oversight
The Board of Directors (BOD) is ultimately responsible for management of Risk in the Bank. Risk Management Committee of the Board (RMCB), a board level sub-committee is in place for overall risk management in the Bank. In addition to Board level committee, management level committees viz. Operational Risk Management Committee (ORMC), Credit Risk Management Committee (CRMC) and Market Risk Management Committee (MRMC) are also functioning for management of operation risk, credit risk and market risk, respectively. Accordingly, Asset Liability Management Committee (ALCO), Internal Capital Adequacy Assessment Process (ICAAP) Committee, IT Steering Committee, IT Security Committee, IT Strategy Committee, BCP Governance Committee and Good Governance Committee are in function for management of market risk (specifically interest and liquidity risk), capital assessment, IT related issues, development and implementation of Information Security, oversight on IT activities of the Bank, overseeing the various aspects of Business Continuity Planning and monitoring the status of good governance in the Bank respectively.
The Chief Risk & Compliance Officer (CRCO) independently looks after overall risk and compliance of the Bank with solid line reporting to the Risk Management Committee of the Board. Under the Chief Risk and Compliance Officer, Integrated Risk Management Department, Compliance Department, Information Security Department and Treasury Mid-Office take their charges.
Risk Governance Structure
Risk Governance structure of the Bank refers to the structure, rules, processes, and mechanisms by which the decisions about risks are taken and implemented. The Bank has a separate and independent Risk Governance Structure as:
Policies and Procedures
The Bank has various policies and procedures set for managing various risks the Bank faces. All material risk policies and manuals are reviewed and approved by the Board of the Directors of the Bank annually to reflect changes in our business and regulations, law, corporate governance, and industry best practice. The adequacy and effectiveness of the policies are deliberated in the Board meeting. This helps us to ensure that we continue to meet our responsibilities to our customers, shareholders, and regulators. Policies of the Bank are reviewed by Integrated Risk Management Department, Legal Department, and Internal Audit Department for value addition/efficacy testing before putting up to management level and Board level committees.
Risk Management Procedure comprises steps for identification, assessment, monitoring/controlling, measurement, reporting and mitigation of various risks. The Bank has laid down various mechanisms like Credit Risk Assessment of credit exposures, Operational Risk Meeting at branches and province offices, Key Risk Indicators, Loss Data Report for carrying out the risk management process of the Bank.
Appropriate Management Information System
In view of the growing information requirements of the regulators, departments and operational units, MIS in the Bank are being constantly assessed, upgraded, and fine-tuned. All Branches of the Bank are networked on Core Banking Solution (CBS). The system regularly generates separate reports for Branches / Controllers to analyze various risks faced by the Operating Units.
Comprehensive Internal Controls and Limits
Board of Directors (BoD) of the Bank ensures proper internal control mechanism through organizational structure, line of authority, policies, procedures, risk appetite and delegation of official powers etc. The Central Management Committee (CENMAC) is in place in the Bank as an executive level apex body to take enterprise-level decisions. The Committee is primarily responsible for ensuring implementation of decisions, compliance with applicable statutes, regulations, internal policies & guidelines, and ethical standards at/by respective business units/groups. Similarly, ACB (Audit Committee of the Board) deliberates on the adequacy of internal control mechanism and instructs the management on remediation of short comings, if any. The Bank has adopted three lines of defence mechanism for better internal control:
First Line of Defence is the primary role of the Business Groups and Support Groups to identify, assess and manage the various risks pertaining to their business or area of operation. The model assumes that controls in this first line are granular and based on individual transactions as staff are involved in daily processes and familiar with the workflow and possible control weakness. Therefore, it is easier for them to implement controls that target more granular processes and detect weaknesses early on.
Second line of Defence comprises independent risk management and compliance functions such as Compliance Department, Integrated Risk Management Department, Information Security Department and Treasury Mid-Office, whose key duties are to monitor and report risk-related practices and information, and to oversee all types of compliance issues. The second line of defence defines preventive and detective control requirements and ensures that such requirements are embedded in the policies and procedures of the first line.
Third Line of Defence is the Internal Audit Department that would ascertain the effectiveness of the Bank’s risk management processes, measurement systems and to verify and ensure the compliance with the Basel/NRB/RBI Guidelines. The third line of defence performs independent periodic review of the first two lines of defence, provides assurance and informs the first two lines of strengths and potential weaknesses. It also carries out diverse types of audits covering different facets of the Bank’s activities
The Second and the Third line of defence are independent from business budget, and report directly to the Board/Board level committees.
Product Development and Vetting Committee (PDVC) assesses the risk in new products/services prior to the launch of such products/services and mitigation measures are adopted accordingly.
Stress Testing Practices
Stress testing is considered as a key and integral component of risk management by the Bank. The stress testing is performed to assess the impact of severe economic downturn on financial position & capital. It covers the assessment of material risk (i.e., Credit Risk, Market Risk, Operational Risks, Interest Rate Risk in Banking Book, and Liquidity Risks) as realized by the senior management and the Bank’s Board as well as guided by the regulatory requirement of Nepal Rastra Bank.
The most significant risks which could impact the delivery of our long-term strategic objectives and our response are detailed below:
|Key Mitigating Actions
The risk that customers and/or other counterparties whom we have either lent money to or entered into a financial contract with, fail to meet their financial obligations, resulting in loss to the Bank. Adverse changes in the economic and market environment we operate in or the credit quality and/or behavior of our customers and counterparties could reduce the value of our assets and potentially increase our write downs and allowances for impairment losses, adversely impacting profitability.
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events. We face significant operational risks which may result in financial loss, disruption of services to customers, and damage to our reputation. These include the availability, resilience and security of our core IT systems and the potential for failings in our customer processes.
Market risk the risk that our capital or earnings profile is affected by adverse market rates, in particular, changes in interest rates, foreign exchange rate, equity and commodity prices.