31.1 Risk Management Introduction
Risk is inherent in the Group’s activities but it is managed through a process of ongoing identification, measurement and monitoring, subject to risk limits and other controls. This process of risk management is critical to the Group’s continuing profitability and each individual within the Group is accountable for the risk exposures relating to his or her responsibilities. The Group is exposed to credit risk, liquidity risk and market risk, the latter being subdivided into trading and non-trading risks. It is also subject to operational risks.
(a) Risk management structure
In line with the best practice followed in world class financial institutions the overall risk management responsibility lies with the Board of Directors of the Group, under which there is a Board Investment and Credit Committee (BICC) comprising of six board members and the Group Chief Risk Officer who take responsibility for identifying and controlling the risks.
(i) Board of Directors
The overall risk management responsibility lies with the Board of Directors of the Group. It provides the direction, strategy and oversight of all the activities through various committees.
(ii) Audit Committee
The Audit Committee comprises three members who are also part of the Board of Directors of the Group. The Audit Committee has the overall responsibility of assessing the internal audit findings, directing implementation of audit recommendations and overseeing the internal audit activities undertaken within the internal control environment and regulatory compliance framework of the Group. Duties and responsibilities of the Audit Committee are governed by a formally approved Audit Committee Charter which is in line with best practice and control governance.
(iii) Asset Liability Committee
The asset liability management process is an act of planning, acquiring, and directing the flow of funds through an organization. The ultimate objective of this process is to generate adequate and stable earnings and to steadily build an organization’s equity over time, while taking measured business risks. The Group has a well-defined asset liability management policy duly describing the objective, role and function of the Asset Liability Committee, which is the body within the Group that holds the responsibility to make strategic decisions to manage balance sheet related risks. The Asset Liability Committee, consisting of the Group’s senior management, meets at least once a month.
(iv) Investment and Credit Committee (ICC)
All major business proposals of clients are approved through the ICC. The ICC is a sub-committee of the Board of Directors. The approval process and the authorities vested with the ICC members are well defined in a credit policy manual. The policy manual enumerates various procedures to be followed by relationship managers in bringing relationships to the Group. Various aspects of the credit approval process have been defined in the policy which enables efficient approval of the proposals.
(v) Risk Management Department (RMD)
The RMD is an independent unit reporting to the Group Chief Risk Officer. The RMD is responsible for identifying, measuring, monitoring and controlling the risks arising out of various activities in the Group by the different business units. The process is through partnering with the units in identifying and addressing the risks by setting limits and reporting on the utilization thereof.
The RMD also monitors compliance with the regulatory procedures and anti-money laundering monitoring procedures of the Group.
Group Treasury is responsible for managing the Group’s assets and liabilities and the overall financial structure. It is also primarily responsible for managing the funding and liquidity risks of the Group.
(vii) Internal Audit
Risk management processes throughout the Group are audited annually by the internal audit function that examines both the adequacy of the procedures and the Group’s compliance with the procedures. Internal Audit discusses the results of all assessments with management, and reports its findings and recommendations to the Audit Committee. The Head of Internal Audit has direct reporting lines to the Audit Committee in order to secure independence and objectivity in all audit engagements undertaken within the Group.
(b) Risk measurement and reporting systems
Monitoring and controlling risks is primarily performed based on limits established by the Group. These limits reflect the business strategy and market environment of the Group as well as the level of risk that the Group is willing to accept, with additional emphasis on selected industries. In addition, the Group monitors and measures the overall risk bearing capacity in relation to the aggregate risk exposure across all risk types and activities.
Information compiled from all the businesses is examined and processed in order to analyse, control and identify early risks. This information is presented and explained to the RMD, and the head of each business division. The report includes aggregate credit exposure, limit exceptions and risk profile changes. On a monthly basis detailed reporting of industry, customer and geographic risks takes place. Senior management assesses the appropriateness of the provision for credit losses on a quarterly basis. RMD receives a comprehensive risk report once a quarter, which is designed to provide all the necessary information to assess and conclude on the risks of the Group.
For all levels throughout the Group, specifically tailored risk reports are prepared and distributed in order to ensure that all business divisions have access to extensive, necessary and up-to-date information.
(c) Risk mitigation
As part of its overall risk management, the Group uses certain instruments to manage exposures resulting from changes in interest rates and foreign currencies. The Group actively uses collateral to reduce its credit risks.
(d) Risk concentration
Concentrations of credit risk arise when a number of counter parties are engaged in similar business activities, or activities in the same geographic region, or have similar economic features that would cause their ability to meet contractual obligations to be similarly affected by changes in economic, political or other conditions. Concentrations of credit risk indicate the relative sensitivity of the Group’s performance to developments affecting a particular industry or geographic location.
The Group seeks to manage its credit risk exposure through diversification of lending activities to avoid undue concentrations of risks with individuals or groups of customers in specific industries or businesses.
Details of the composition of the loans, advances and Islamic financing and investing portfolio are provided in notes 5, 6 and 7. Information on credit risk relating to investments is provided in note 32.3.