Risk management has evolved over time from being relatively simple to complex in nature. Today, Banks need to plan on managing ‘known unknowns’ risks and prepare for the ‘unknown unknowns’ risks. ‘Known unknowns’ are the risks one is aware of whilst ‘unknown unknowns’ are unexpected or unforeseeable conditions, which pose a potentially greater risk simply because they cannot be anticipated based on past experience or investigation. Therefore, robust risk management frameworks built on sound risk principles are essential for resilience and to ensure that the interests of all stakeholders are safeguarded not only from ‘known unknowns’ but also from ‘unknown unknowns’.

Integrated Risk Management Framework

The Bank’s risk management is underpinned by a comprehensive, Integrated Risk Management Framework, which is constantly evolving and enhancing to remain relevant and most effective. The framework, which is approved by the Board, spells out the Bank’s approach to Risk Management. The framework sets out the process of identifying, measuring, monitoring and controlling the different types of risks and the risk governance structure in place. The main objectives of the framework are;

To establish common principles, standards for management and control of all risks and to inform behaviour across the Bank
Provide a shared framework and language to improve awareness of risk management processes among all stakeholders
To provide clear accountability and responsibility for risk management
To ensure consistency throughout the Bank in risk management
Define the Bank’s risk appetite and align the Bank’s portfolios and business strategy accordingly
Optimize risk return decisions
Maintain the Bank’s capital adequacy and liquidity position
Further strengthen governance, controls and accountability across the organization

In addition to the main risks (viz. Credit risk, Market risk and Operational risk), the Bank has considered several other risks which are material to it. These additional risks categories include, Liquidity risk, Interest rate risk in the banking book, Underestimation of Credit risk in Standardized Approach, Residual Credit risk, Concentration risk, Compliance risk, Legal risk, Strategic risk, Governance risk, Cross border risk, Settlement risk, Reputational risk, Model risk and Group risk.

The Bank's risk management framework is employed at all levels of the organization and is instrumental in aligning the behaviour of individuals with the overall attitude to assuming and managing risk and ensuring that the Bank’s risk profile is aligned to its risk appetite.

Risk Management at the Bank is underpinned by a set of key principles which serves as the foundation of the Bank’s risk management framework.

Risk Appetite & Strategy

Risk Appetite is defined as the quantum of risk the Bank is willing to assume in different areas of business in achieving its strategic objectives and ensuring maintenance of desired risk profile. The Risk Appetite framework and Risk Tolerance limits have been defined by the Board in consultation with the Senior Management of the Bank in-line with the Bank’s overall business strategy, providing clear direction to the business units for ongoing operations and risk management. The Risk Appetite framework and Risk Tolerance limits are reviewed and adjusted by the Board when required, based on developments in the operating environment.

In the event the risk appetite threshold has been breached, risk management and business controls are implemented to bring the exposure level back within the accepted range. Risk appetite, therefore, translates into operational measures such as limits or qualitative checkpoints for the dimensions of capital, earnings volatility and concentration risk etc. In order to effectively implement Risk appetite, the Bank has defined quantitative indicators (e.g., capital adequacy level and risk limits) or qualitatively embedded same in the policies and procedures (e.g., underwriting criteria).

Capital Management

Capital helps protect individual banks from insolvency, thereby promoting safety and soundness in the overall banking system. The Bank’s approach to capital management is driven by strategic objectives and guided by the BASEL principles.

BASEL II Framework

The Bank is fully compliant with BASEL II regulatory requirements. Details of compliance under each pillar are discussed below.

Pillar I –
Minimum Capital Requirement

The objective of minimum capital requirements under Pillar I of the BASEL II framework is to ensure that banks hold sufficient capital for Credit, Market and Operational Risks. The Bank is currently using the Standardized Approach for minimum capital computation for Credit Risk, the Standardized Measurement Approach for minimum capital computation for Market Risk and Basic Indicator Approach for minimum capital computation for Operational Risk. The Bank continues to maintain capital well above the minimum requirement set by the Central Bank of Sri Lanka. The Bank automated its minimum capital computation process in terms of Credit and Market Risks during the year. The automation of manual process will ensure accuracy and better conformance to guidelines.

Credit Risk – With the intention of moving to Internal Rating Based approaches, the Bank rolled out rating models with the assistance of CRISIL Risk and Infrastructure Solutions Ltd. India in 2014. The Bank is awaiting issuance of guidelines on advanced approaches of capital computation under Credit Risk.

Market Risk – The Bank has already rolled out its VaR models and will consider moving to advanced
approach of capital computation for Market Risk on receipt of guidelines from the regulator.

Operational Risk – The Bank had been computing capital requirements in parallel according to The Standardized Approach (TSA) and Alternative Standardized Approach (ASA). The Bank forwarded a formal application to the Central Bank of Sri Lanka, requesting to grant approval to move to ASA after analyzing both advance approaches (TSA & ASA) in considering the cost saving against the currently used Basic Indicator Approach (BIA).

Pillar II –
Supervisory Review Process

Minimum regulatory capital requirements under Pillar I, establish a threshold which a sound bank’s regulatory capital must not fall below. The Pillar II (Supervisory Review Process – SRP) requires banks to implement an internal process, called the Internal Capital Adequacy Assessment Process (ICAAP), for assessing capital adequacy in relation to the risk profiles as well as a strategy for maintaining capital levels. The Pillar II also requires the supervisory authorities to subject all banks to an evaluation process/Supervisory Review Process and to initiate such supervisory measures on that basis, as might be considered necessary. Bank has in place an ICAAP and has adhered to same from January 2013. The ICAAP process has strengthened the risk management practices and capital planning process.

The Bank has in place, a comprehensive Stress Testing Policy and Framework which is in line with the regulatory guidelines as well as international best practices. The policy describes the purpose of stress testing and governance structure and the methodology for formulating stress tests, whilst the framework specifies in detail the Stress Testing program including the stress tests, frequencies, assumptions, tolerance limits and remedial action.

Stress tests are conducted at various frequencies in-line with the Board approved framework and details of those are reported to Board. The outcome of stress testing process is monitored carefully and remedial actions taken in case of breaches. Further stress testing is used by the Bank as a tool to supplement other risk management approaches.

The details of Stress Tests carried out by the Bank as at 31 December 2016 are given below:

Stand-alone Stress Tests

Credit Risk

Impact of increase in the Non-Performing Assets (NPAs)

Impact of change in Impairment

Credit Concentration Risk

Impact of default of Large Borrowers

Impact of default by the largest Group

Impact of default in specific sector/region

Interest Rate Risk

Stress testing on Interest rate risk in the trading book (Debt Securities)

Stress testing on Interest rate risk in the banking book

Exchange Rate Risk

Impact of exchange rate movements on the Bank-s Net Open position

Impact of exchange rate movements on Domestic Banking Unit (DBU) Net Open position

Equity Price Risk

Bank did not hold equity portfolio in the trading book as at date

Liquidity Risk

Market Specific - Adverse impact on Money Market/Institutional Borrowings - DBU

Market Specific - Adverse impact on Money Market/Institutional Borrowings - Foreign Currency Banking Unit (FCBU)

Bank Specific - Run down on Current and Savings Accounts (CASA)/Time deposits - DBU

Bank Specific - Run down on CASA/Time deposits - FCBU

Market/Bank Specific - Adverse impact on total liquid liabilities - DBU

Market/Bank Specific - Adverse impact on total liquid liabilities - FCBU

Impact of large deposits run off on liquidity

Impact of a deposit run off scenario on capital

Multi Factor Stress Testing

Combined Stress test

Pillar III – Disclosures

The Bank provides quantitative and qualitative disclosures in-line with the Central Bank of Sri Lanka guidelines to provide a meaningful picture of the extent and nature of various risks that the Bank is exposed to and the efficiency of the Banks’ risk management practices.

BASEL III Framework

BASEL III is the new global regulatory standard on managing capital and liquidity of banks.

With the introduction of BASEL III, the capital requirements of banks have increased with an aim to raise the quality, quantity, consistency and transparency of capital base and improve the loss absorbing capacity. The Bank has commenced parallel computations of capital according to BASEL III requirements, based on the guidelines and is confident of meeting requirements when the requirements comes into force from 1 July 2017.

The Bank computes the Liquidity Coverage Ratio (LCR) as prescribed by the regulator and is well within the regulatory limits. LCR is one of the Basel Committee's key reforms to strengthen global liquidity regulations with the goal of promoting a more resilient banking sector.

Governance and Oversight

The Bank’s Board of Directors has the overall responsibility for risk management and sets the tone at the top for the effective management of risks through its risk appetite. In discharging its governance responsibility, it operates through two key committees, namely the Integrated Risk Management Committee (IRMC) and the Board Audit Committee (BAC) which have been formed in compliance with the CBSL Direction No. 11 of 2007 on Corporate Governance.

Governance Model

The governance model aims to place accountability and ownership, whilst facilitating an appropriate level of independence and segregation of duties. The structure is premised on the three lines of defence and defines the lines of authority, roles and responsibilities to efficiently manage risk across the Bank.

Group Risk Management

The Bank’s Risk Management Division is independent of the business units and reports directly to the Integrated Risk Management Committee. Each unit within the Risk Division, contributes to the management of risk and co-ordinates
across the business functions to guarantee that risk management is impeccably integrated into the Bank’s corporate culture.

Further, a Loan Review unit was formed within the Group's Risk Management department to carry out Loan Review Mechanism (LRM) activities as prescribed by the Central Bank of Sri Lanka. Its responsibilities extend to identifying potential problematic loans/facilities (post approval/granting) and providing rational, objective and professional recommendations for remedial action for implementation by line management.

Credit Review

In the current regulatory context, it has become necessary to make a clear distinction between pre credit review/approval and post credit review functions in the Bank. Earlier both these functions were combined within the Group Risk Management department. An independent pre credit review division was established to strengthen the pre-approval process and make it independent from post credit review function in the Bank.

Risk Culture

A strong risk culture is the fundamental tenet of the Bank’s risk management and serves as the foundation upon which a strong risk management structure is built. Within the Bank, the key characteristics of a strong risk culture are identified as follows:

In the Bank, a compliance culture is instilled where the Board, Senior Management and every employee is committed to adhere to the requirement of relevant laws, rules, regulations and regulatory guidelines. The Bank's commitment is clearly demonstrated through the establishment of strong compliance policies and guidelines to ensure that non-compliance risks are effectively managed. Such measures not only ensure adherence to regulations, but also protect the Bank’s integrity and reputation.

Precautionary Principle

The Bank applies a precautionary principle across the Group with regard to social and environmental sustainability. We take care to be cognizant of social and environmental impacts when conducting all our activities. Before embarking upon new ventures and initiatives we take necessary steps to assess any impacts through adequate risk management processes.

Risk Policies & Processes

Credit Risk

Credit risk is the risk of financial loss, if a customer or counterparty fails to meet a payment obligation under a contract. It arises principally from direct lending, trade finance and leasing business, and also from off-balance sheet products such as Documentary Credits and guarantees. Credit Risk generates the largest regulatory capital requirement of the risks we incur. The Bank manages the Credit Risk in the entire portfolio as well as individual credits or transactions.

Objectives of Credit Risk Management

The objectives of Credit Risk Management are:

Ensure optimal risk-reward pay – off for the Bank and to maximize returns
Maintain the quality of the portfolio by minimizing the non-performing loans and probable losses
Maintain a well-diversified portfolio by prudently managing the risk asset portfolio to ensure that the risk of excessive concentration to any industry, sector or individual customer is minimized.
Ensure that exposures to any industry or customer are determined by the regulatory guidelines, clearly defined internal policies, debt service capability and balance sheet management guidelines
Avoid all situations of conflict of interest and report all insider-related credits to appropriate bodies

1. Credit Policies

The Bank has a well-defined credit policy approved by the Board of Directors. It defines the

Credit culture of the Bank
Specify target markets for lending
Specify prohibited lending which the Bank under no circumstances will entertain due to either the very high risks involved in such proposals and/or its negative social/ethical considerations
Set acceptable risk parameters
Set remedial and recovery actions

2. Structured and standardized credit approval process

Depending on the nature of the project/product, standardized formats have been designed and evaluations are carried out by competent staff. There are clear guidelines set to ensure that;

Credit is extended only to suitable and well-identified customers and never where there is any doubt as to their ethical standards and record, where the source of repayment is unknown or speculative nor where the purpose/destination of funds is undisclosed,
Never to take a credit risk where ability of the customer to meet obligations is based on the most optimistic forecast of events.
Risk considerations shall have priority over business and profit considerations;
Ensure that the primary source of repayment for each credit is from an identifiable cash flow from the counterparty’s normal business operations or other financial arrangements; the realization of security remains a fallback option;
Adopt a pricing mechanism that reflects variation in the risk profile of various exposures to ensure that higher risks are compensated by higher returns;
The financial performance of borrowers is to be continuously monitored and frequently reviewed, as is the manner in which the borrower operates his accounts.

3. Delegation of Authority

Final authority and responsibility for all activities that expose the Bank to credit risk rests with the Board of Directors and the Board of Directors has delegated approval authority to the CEO to re-delegate limits to the Credit Committees and the Business Lines. All approval limits are name specific and are based on the individual experience, facility type and collateral in order to ensure accountability and mitigate any judgmental errors.

There are two Credit Committees representing the Business Lines and these Committees comprise senior officers of Business Lines and the Credit Review Division.
The delegated authority limits are reviewed periodically and the Bank follows the ‘four-eyes principle’
(i.e. minimum of two officers signing a credit proposal).
Lending decisions are based on detailed credit evaluations carried out by Relationship Managers/Credit Officers and reviewed/approved by designated approving authority.

4. Internal Risk Ratings of Obligors

The credit portfolio of the Bank is risk-rated, using an internally-developed system that takes into account quantitative as well as qualitative factors. The rating scale ranges from AAA to B4 and the ratings of every obligor is reviewed at least annually or more frequently if required.

The Bank has rolled out the new Internal Risk Rating system which runs on sophisticated workflow based software and hosts obligor risk rating, facility risk rating and retail score cards to suit the diverse client portfolios of the Bank. This move facilitates accurate quantification of credit risk and also complies with Central Bank's Direction No. 07 of 2011 on Integrated Risk Management.

The Bank has deployed varying models to gauge the default risk associated with Large Corporate, Mid Corporate, SME and Non-Banking Financial Institutes. All these models are structured in a manner incorporating both quantitative and qualitative parameters to reflect the underlying probabilities of default.

The risk rating model implemented facilitates both obligor and facility rating. Whilst obligor rating will indicate the expected probability of default (PD), the facility rating indicates the expected loss given default (LGD). Expected probability of default takes in to account the characteristics of the obligor assessed through industry, business, management and financial risk silos, whilst facility rating takes in to account the type of the facility, nature of the collateral and realisability. Using the expected probability of default and the loss given default calculated through obligor rating and facility rating models, the system facilitates arriving at an expected loss for a specific credit.

Risk Scoring

The Bank deploys custom made scorecards to underwrite consumer assets. These scorecards were developed using Bank’s own data and reweighted to align them for more recent economic conditions. Such scorecards take in to account the customer demographics together with creditworthiness of individuals and disposable income in deciding the level of accommodation of credit. In addition to above, the Bank also carries out a prescreening of employers of salaried employees who seek consumer credit from the Bank in order to ensure that their level of income generation will not get interrupted in the foreseeable future. In this way, the Bank acts more responsibly as such an approach would negate possibility of overspending by consumers based on uncertain future income.

5. Risk Pricing

The Bank also views pricing for risk as fundamental to credit risk management. As such, steps have been taken to price the credit risk using more scientific methods. A risk based pricing model was rolled out across the Bank during the year.

6. Post Sanction Review and Monitoring Mechanism

Post sanction review and monitoring is carried out to ensure quality of credit is not compromised. Any deteriorating credits with emphasis on internal and external early warning signals are identified and such accounts are ‘Watchlisted’. The Watch listed clients are monitored closely with quarterly reports submitted to the Credit Committees. Further, based on the Watchlists, the Bank assesses the Portfolio at Risk, in the event, such accounts deteriorate further. Non-performing assets are identified at an early stage, enabling the Management to take action as appropriate.

7. Prudential Limits

The industry and portfolio limits are set by the Board of Directors on the recommendation of the Group's Risk Management department. Credit Risk Management monitors compliance with approved limits. Desired diversification is achieved by setting maximum exposure limits on

Single/group obligor limits – limits are more stringent than the limits set by the regulator and on a prudential basis, the off-balance sheet items are considered at face value instead of credit equivalent of such exposures
Prudential Group Exposure Limit – considered based on the Bank’s exposure to a Group of Related Parties and is capped at 60% of the Bank’s Capital Base
Substantial Exposure limits – this is in compliance with the Banking Act Direction No. 07 of 2011 on Integrated Risk Management Framework for Licensed Banks and the Bank has introduced a substantial exposure limit of 500% of the capital of the Bank
Industry/economic sector limits – limits are imposed for lending to different sub-sectors in the economy. This is a control mechanism introduced recognizing that during various economic cycles, different sectors of the economy could face difficulties. At present the maximum exposure to a sub-sector is 15% of the Bank’s total exposure.

8. Portfolio Management

Credit portfolio management is an important function within the overall credit risk management function. Need for such critical and objective portfolio management emanates from the need to optimize the benefits associated with diversification. It also helps the Bank to identify and address potential adverse impact of concentration of exposures. The Bank has a well-structured portfolio management mechanism which evaluates exposures on the basis of industry concentration, rating quality, internally established pre-specified early warning indicators, apart from regulator imposed quantitative ceiling on single borrower and aggregate exposure. The Bank’s internal single borrower and Group exposure limits are much stringent than those imposed by regulator. Based on the feedback from the credit portfolio management, the credit origination criterion is amended prudently to insulate portfolios from further deterioration.

The portfolio management team also undertakes, apart from regular portfolio reviews, stress tests and scenario analysis when the external environment, both local and global, undergoes swift changes. Credit portfolio management envisages mitigating credit risks to a great extent by stipulating prudential risk limits on various risk parameters. As such, the Bank has established single borrower limit, limits for related party borrowings and aggregate limit for large exposures as prescribed by the regulators. Moreover, the Bank has also established maximum exposure limits to different industry segments. Such limits are clearly spelt out in the credit policy and the authority for permitting any deviations on an exceptional basis is also clearly documented. The Bank adopts a similar mechanisms to assess the risks associated with off balance sheet exposures. As part of the credit portfolio management and monitoring procedures, the exposures in off balance sheet products such as FX Forwards, Guarantees and Letters of Credit are treated with utmost care.

Key Risk Indicators (KRIs) supplement the overall portfolio management system, by providing a view of the credit risk of the portfolio as well as acting as an early warning system. Some of the KRIs monitored and reported to Board Integrated Risk Management Committee are given below;

Portfolio of the Bank/Industry portfolio	To assess the trends in comparison with industry and measure performance against budgets/Risk Appetite
Market Share
NPL of the Bank/Industry NPLs
NPL Ratio of the Bank/Industry Average NPL Ratio
Provision Cover - % - Bank/Industry
Open Loan Position
ROE %
Tier I Capital Adequacy Ratio %	To assess compliance with Regulatory limits and the Bank-s Risk Appetite
Tier I & II Capital Adequacy Ratio %

9. Credit Risk Mitigation

The Bank adopts various mechanisms to mitigate the credit risk of the loan book.

Ways out analysis – the primary source is established through a conservative evaluation of whether the borrower's realistic projected cash flows will be sufficient to repay their debts. This is further mitigated by a second way out in the event of unforeseen adverse circumstances and availability of collateral alone, does not make an unacceptable proposal viable. Exemptions on collateral are allowed in the event the borrower demonstrates strong and reliable financial performance.
Documentation of credit transactions with adequate terms, conditions and covenants in a comprehensive and legally enforceable basis.
Obtaining of collateral in-line with the Bank's policy and ensuring it is supported by enforceable documentation. Collateral policy differs from business line to business line, according to the products offered.

The main types of collateral taken by the Bank are

immovable and movable property mortgages,
plant, machinery & equipment
cash deposits,
mortgages on stocks and book debts and Corporate and personal guarantees.

It is the Bank's policy to be on a equal footing status with other lenders in terms of collateral cover. A decision to the contrary may be acceptable only where a non equal footing position is accepted due to unavailability of security as a result of the Bank being a late entrant to the relationship and is supported by strong financial position of the entity financed. Facilities under Product Programmes are governed by guidelines given in such individual programmes.

In instances where facilities are granted without collateral, the Bank ensures that its position will not be subordinated to other creditors’ interests. In such instances, the Bank generally requires either a negative pledge agreement not to encumber any assets without permission of the Bank or a equal footing clause, whereby the debtor will treat the Bank equally with respect to collateral with all current and future lenders.

The Bank has a panel of valuers who have been selected, based on the criteria set out by the Central Bank of Sri Lanka. The Bank ensures that the valuations are carried out and reviewed as following.

Facilities in NPL:
- In respect of credit facilities granted against residential property which is occupied by the borrower for residential purposes – every 4 years
- In respect of credit facilities granted for all other purposes – every 3 years
Performing facilities:
- Watch listed clients with working capital facilities: every three years
- Other Clients with working capital facilities: every five years
- No value is considered if valuations are not in-line with the time frames set out according to the CBSL guidelines.

10. Impairment

The Bank has in place, a detailed impairment policy which, was approved by the Board of Directors. A credit risk provision for loan impairment is established, if there is objective evidence that the Bank will be unable to collect all amounts due on loans and advances, according to the original contractual terms.

Objective evidence that a loan is impaired includes observable data that comes to the attention of the Bank about the following loss events:

Significant financial difficulty of the customer
A breach of contract such as default of payment
Where the Bank grants the customer a concession due to the customer experiencing financial difficulty
It becomes probable that the customer will enter bankruptcy or other financial reorganization
Observable data that suggests that there is a decrease in the estimated future cash flows from the loans, to name a few.

The Bank determines the allowances appropriate for each individually significant loan or advance on an individual basis if there is any objective evidence of a loss based on the above. Items considered when determining allowance amounts include;

The sustainability of the counterparty’s business
plan/cash flows,
Projected receipts and the expected payout should bankruptcy ensue,
The realizable value of collateral and the timing of the expected cash flows.

A provision for loan impairment is reported as a reduction of the carrying amount of a loan on the balance sheet. Additions to provisions for loan impairment are made through impairment losses on loans and advances in the Income Statement.

All exposures are assessed for impairment either individually or collectively. If there is objective evidence of incurred loss individually i.e. for exposures which are considered to be individually significant (exposures above LKR 100 million), the exposure should be measured for an impairment provision. If it is determined that no objective evidence of incurred loss exists for an individually assessed exposure, that exposure should be included in a group of exposures with similar credit risk characteristics that are collectively assessed for impairment.

If there is objective evidence that an impairment loss on loans and receivables carried at amortized cost has been incurred, the amount of the loss is measured as the difference between the loans’ carrying amount and the present value of estimated future cash flows discounted at a) the loan’s original effective interest rate, if the loan bears a fixed interest rate, or b) current effective interest rate, if the loan bears a variable interest rate.

The estimation of the recoverable amount of a collateralized exposure reflects the cash flows that may result from Liquidation of Collateral, where foreclosure is considered the likely course of action. The time, costs and difficulties involved in obtaining repayment through collateral should be taken into account when determining the recoverable amount.

For the purposes of a collective evaluation of impairment, loans are grouped on the basis of similar credit risk characteristics. Corporate and SME loans are grouped based on product type, economic sector and on days in arrears. Retail Banking loans are grouped based on product type and no. of days in arrears. Those characteristics are relevant to the estimation of historical loss experience for loans. Historical loss experience is adjusted on the basis of Probability of Default and Loss Given Default. The Bank also bases its analysis on economic factors and portfolio factors such as:

Macroeconomic Factors such as
- Interest rate stability
- Unemployment rate
- Inflation
- GDP growth rate
- Exchange Rate fluctuation
Portfolio Factors such as
- Rescheduled Loans as a % of total Loans
- Average Age of the portfolio
- Management's judgment on delinquencies of the borrowers
Other Factors such as
- Sovereign ratings assigned to Sri Lanka by Local and international rating agencies
- Global Economic Environment which has direct impact to the Sri Lankan economy
- Borrower’s ratings assigned by Local and international rating agencies

The Bank may use the aforementioned factors as appropriate to adjust the impairment allowances. Allowances are evaluated separately at each reporting date with each portfolio.

Credit Risk Analytics

Product Concentration

22% of Bank’s portfolio was concentrated in term loans.

Business line wise Composition

42% of portfolio was concentrated in Retail Banking and Branch Network.

Rated portfolio Concentration

The Bank’s portfolio continues to be concentrated on ‘A’ rated clients based on the internal rating model used by
the Bank indicating investment grade adequate safety and the composition was within the risk appetite of the Bank set by the Board.

Credit Risk Concentrations

Single Name Concentration

The Bank was in compliance with regulatory limits on Group and Single Borrower concentrations.
The Bank was also in compliance with the internal limits set by the Board on Group and Single Borrower concentrations, which are more stringent than those prescribed by the regulator.
The substantial exposures of the Bank accounted for only 94.6% of the capital base and was well within the internal limit. The top 20 clients accounted for 20% of the portfolio and the concentrations were within the risk appetite set by the Board.
The Bank’s portfolio was not concentrated on a particular client or a Group.

Sector Concentration

The Bank maintained a well-diversified portfolio and the portfolio was not over concentrated on a particular sector. the Bank was also in compliance with the minimum lending requirement of 10% to Agricultural sector with 10.9% of portfolio concentrated on same as at 31 December 2016.

The Sector concentration risk is measured by Bank using Herfindahl-Hirschman Index (HHI). The HHI of the portfolio declined over the years indicating reduction in sector concentration risk.

Geographical Concentration

Based on the economic activity, the highest concentration is in the Western Province though the branch network is spread throughout the country. The Bank also funded some cross border exposures resulting in further diversification of the portfolio.

Collateral Concentration

Clean portion of portfolio declined from 44% to 38% during the year.

Non-Performing Loans

The Bank’s NPL ratio was well within the risk appetite set by the Board.

Provisioning and Impairment

The Bank continues to maintain provision covers above the industry.

Sector wise breakdown of individual impairment is illustrated below

Market Risk

Market risk is the potential loss in both on and Off-balance sheet positions, arising from the movements in foreign exchange rates, interest rates, equity and commodity prices.

Objectives of Market Risk Management

The primary objective of Market Risk Management is to ensure that Business units of the Bank optimize the risk-reward relationship within the Bank’s predefined risk appetite and avoid exposing the Bank to unacceptable losses.

Under a well-defined risk governance structure, the risks are identified, assessed, controlled and reported to ensure that the Bank operates within the allocated risk appetite levels.

Policies

Risk monitoring is guided by a well-defined policy framework and limit structure designed to suit the business model and the balance sheet structure reflecting the risk appetite of the Bank. The Board, supported by Integrated Risk Management Committee (IRMC), approves the risk parameters as recommended by the Assets and Liabilities Committee (ALCO) and Market Risk Management (MRM) to facilitate the business needs.

The risk management policy framework covers the Market, Liquidity, Asset and Liability risk management guidelines on the procedure and techniques for assessing, managing, monitoring and reporting of risks related therein. The policy framework consists of the roles and responsibilities, procedures, risk measurement framework, risk monitoring, reporting and controls taking in to account the rules and regulations and the best industry practices.

Processes

The Key Functions of MRM includes policy formulation, risk measurement methodologies, systems, controls, reporting and communication. This will provide guidance on procedure for Market risk management within the overall risk appetite of the Bank.

Policy Formulation – Policy formulation/renewal are carried out considering the regulatory guidelines, best practice in the market and material changes in MRM/Limit monitoring process.
Risk Measurement methodologies – Limits are assessed and recommended to ALCO/Board approval. All limits in force will be independently monitored by the MRM Unit on predefined time bands.
Systems and controls – Support in implementation of management reporting systems to accurately reflect the risks taken by the Bank. Develop, implement and review the controls that enforce the adherence to established risk limits.
Risk Reporting and Communication – MRM risk activities are identified and monitored on a timely manner against the risk parameters and where necessary the exposures are reported for senior management/Board for necessary action. The reports circulated at a number of frequencies – daily, weekly, monthly or quarterly basis are as follows.
- Daily market risk Report on foreign exchange/Debt securities to Treasury, Finance, CEO and GRM
- Limit exception report to Treasury and GRM
- Monthly market risk reports on foreign exchange, commodity and debt securities.
- Quarterly Market risk reports to Credit and Market Risk Policy Committee (CMRPC) and IRMC
- Quarterly risk assessment report to the Board

ALCO, as the key Management Committee that regularly monitors the Market Risk exposures, initiates appropriate actions to optimize the risk exposures within the risk appetite of the Bank. In this regard, key functions carried out by ALCO includes;

Review and recommend MRM/ALM policies, limits and guidelines for IRMC/Board approval
Management of the balance sheet and the risks associated with it
Setting key balance sheet ratios/targets
Planning strategies for funding, buffer investments, hedging and trading etc.
Setting internal investment policies
Approve investments
Setting pricing policies (internal transfer and external products)
Evaluation of risks involved in launching new products

The implementation of the Bank’s risk management policies, procedures and systems are delegated to the Head of MRM who reports to the Vice-President Group Risk Management. Market and liquidity risks are addressed at ALCO on a monthly basis and at the Board IRMC level on a monthly/quarterly basis.

Analytics

MRM Unit uses a range of techniques to measure the risk exposures arising from Treasury/general banking activities. In accordance with the economic and regulatory requirements, we measure, monitor and control the Bank’s exposures to market risk, given the size, complexity and risk profile of the Bank.

Prudential internal limits have been defined for Exchange rate risk, Interest rate risk and Price risk for close monitoring of exposures. The exposure limits are linked to the Bank’s capital base/balance sheet size/profitability as appropriate to ensure adequate and efficient capital allocation and planning.

Foreign Exchange Risk

Foreign exchange risk is the risk of losses arising through holding of assets and liabilities in foreign currency and due to the movements in foreign exchange rates against the base currency. The Bank is exposed to foreign exchange risk when its on and off balance sheet assets and liabilities are not equal in a given currency or when the timing and certainty of the inflows and outflows differ.

Bank monitors the daily foreign exchange (FX) open positions to ensure that the Bank is operating within the regulatory limit on net open position. Apart from the regulatory limit, the Bank has set internal prudential Forex limits consisting of daily Forex turnover limit, daylight position limit, Forex Gap limits, stress testing limits, sensitivity analysis, Swap funding limit and Stop loss limits to closely monitor and mitigate foreign exchange risk.

The below table shows the Bank’s consolidated foreign exchange position and the exposure held against the Bank’s capital base which is managed well within the regulatory limit of 30%.

		Foreign Exchange Position		DBU & FCBU	As at 31.12.2016	-000
Currency	AL Position	Spot Position	Forward Position	Overall Exposure in Respective Foreign Currency	Absolute Positions in USD equivalent	Absolute Exposure in LKR
US Dollars	55,281	440	(49,876)	5,844	5,844	875,472
Pound Sterling	(21,664)	-	21,626	(39)	48	7,152
Euro	(16,372)	(500)	16,883	12	12	1,867
Japanese Yen	11,918	-	(13,265)	(1,347)	12	1,729
Australian Dollar	(21,376)	-	21,409	33	24	3,625
Canadian Dollar	31	-	-	31	23	3,417
Other currencies	(7,792)	-	8,252	460	134	20,114
Total exposure					6,097	913,376
Total capital Base according to the audited Financial Statements as at 31.12.2016						31,153,003
Total exposure as a percentage of total capital Base						2.93%

Stress testing on DBU net open position –

As at 31 December 2016					USD/LKR
	Net Position	Scenario 1	Scenario 2	Scenario 3	Scenario 4
Magnitude of shock (adverse)		5%	10%	15%	25%
Spot rate movement	150.00	142.50	135.00	127.50	112.50
Net open position - DBU, Profit/loss (LKR)	6,138,595	(46,039,464)	(92,078,928)	(138,118,391)	(230,197,319)

Sensitivity Analysis

Daily sensitivity analysis is carried out on major foreign currency Net Open Position (NOP), giving positive and negative shocks to the spot rates to determine the impact of exchange rate movements by way of profit or loss to the Bank’s income statement.

Exchange rate sensitivity of Major Foreign Currency Net Open Positions as at 31 December 2016

Spot Rate Shocks			LKR depreciate				LKR appreciate
Currency	Net Open Position	-5%	-2.5%	-1%	Spot Rate	1%	2.50%	5%
USD	5,844,273	43,832,049	21,916,025	8,766,410	150.00	(8,766,410)	(21,916,025)	(43,832,049)
GBP	(38,875)	(360,151)	(180,076)	(72,030)	185.29	72,030	180,076	360,151
EUR	11,841	93,404	46,702	18,681	157.77	(18,681)	(46,702)	(93,404)
JPY	(1,347,181)	(86,492)	(43,246)	(17,298)	1.28	17,298	43,246	86,492
AUD	33,466	181,102	90,551	36,220	108.23	(36,220)	(90,551)	(181,102)
Total		43,659,913	21,829,956	8,731,983		(8,731,983)	(21,829,956)	(43,659,913)

Interest Rate Risk (IRR)

Interest Rate Risk (IRR) is the exposure of an institution's financial condition to adverse movements in interest rates. Changes in interest rates also affect the underlying value of the banking institution's assets, liabilities and off-balance sheet instruments, as the present value of future cash flows (in some cases, the cash flows themselves) change when interest rates change.

In order to manage the IRR, the Bank has separated the balance sheet into trading and banking books. While the assets in the trading book (held for trading) are held primarily for generating profit through short-term differences in prices/yields, the banking book (available-for-sale: AFS, held-to-maturity and loans and receivables) comprises assets and liabilities, which are contracted basically for steady income generation and are generally held till maturity. Accordingly while the price risk is the prime concern of banks in the trading book, earnings or economic value changes are the main focuses of the banking book.

The Bank’s trading portfolio mainly comprises securities (Treasury Bills/Bonds) and is monitored daily against the portfolio size limit, duration limit, maturity mismatch limit and mark to market limits. Portfolios are subject to VaR (Value at Risk) and PV 01 analysis to analyse the impact on fluctuations in interest rates which are being closely monitored to take advantage of the market movements.

Interest Rate Risk in Trading Book

Key Indicators	Limit	Position as at 31.12.2016
Mark to market of debt trading portfolio	(LKR 60 million)	(LKR 4.37 million)
Duration of debt securities - HFT	2 Years	0.3
Duration of debt securities - AFS	5 Years	1.55

Trends in duration analysis

VaR - (at 99%) as at 31.12.2016	LKR million
Debt securities - HFT	0.28
Debt securities - AFS	25.33
Forex trading	4.37

*Historical approach , 1 day holding period

The interest rate risk in the banking book is measured and managed through price sensitivity/duration/NII, Variance analysis and the interest rate gap analysis.

Interest Rate Sensitivity of the Balance Sheet as at 31 December 2016

The Bank monitors the interest rate sensitivity of assets and liabilities using the re-pricing gap report. (Disclosure Note No. 56.2.(C) of page number 391).

The price sensitivity of the Balance Sheet was managed within the risk parameters whilst maximizing the market potential on interest sensitive assets and liabilities.

Interest Rate Risk in Banking Book

Key Indicators	Limit LKR million	Position as at 31.12.2016 LKR million
Price sensitivity of balance sheet (P/L impact for a 1% change in interest rate)	(1,000)	704

Equity Risk

The equity price risk arises due to adverse movement in the value of the individual stock price or of the corresponding equity index. Bank does not engage in equity trading at present but the investments held in the AFS portfolio are subject to mark to market valuation.

	Held-for-Trading LKR -000	Available-for-Sale LKR -000
	Impact on Income Statement	Impact on OCI
Shock of 15% on equity price	-	207,276

Commodity Risk

Commodity price risk arises due to volatilities in the commodity exposure of the Bank. The Bank’s exposure to the Gold Buffer stock of the underlying product ‘Raththaran Ithurum’ is negligible when compared to the Bank’s balance sheet size. However, a mark to market calculation is being performed to assess the impact on Income Statement with the price movement.

Counterparty Risk

When undertaking foreign exchange dealing and trading with interbank counterparties and corporates, two general types of risks arise:

Pre-Settlement Risk – Refers to the counterpart becoming insolvent prior to the settlement date of transaction. The exposure comes by way of banks’ inability to find an alternate party to deal on same rates (interest or exchange) due to market changes.
Settlement Risk – Relates to the event where the counterpart to the deal is unable to honour settlement obligations (either in local currency or foreign currency) to the bank after having taken possession of funds paid by the Bank in settlement.

The Bank sets individual counterpart limits to mitigate such risks. These limits are set through critically assessing the financial standing, Balance Sheet size and other risk parameters of such counterparts.

Liquidity Risk

Liquidity risk is the risk that the Bank is unable to meet its financial obligations in a timely manner without incurring unacceptable losses. Financial obligations include liabilities to depositors, payments due under derivative contracts, settlement of securities borrowings and repurchase transactions, lending and investment commitments.

Effective liquidity risk management is essential to maintain the confidence of depositors and counterparties as well as to ensure that the Bank’s core businesses continue to generate revenue, even under stressed conditions.

Objective of Liquidity Risk Management

The objective of our liquidity framework is to ensure that all anticipated funding commitments can be met when due and allow us to withstand liquidity stresses whilst maintaining our business profile. It is designed to be adaptable to changing business models, market and regulations. The Bank continues to focus on liability generation, which will be a necessary precondition for significant asset growth.

Policy Framework

The Bank maintains well-articulated liquidity risk management policies and procedures, which drives the level of liquidity risk exposures and determine the business size and maturities which ensure that it has at all times sufficient liquidity to meet its financial obligations at a fair market price.

Also, the Bank monitors key liquidity metrics on a regular basis, both on local currency and foreign currency Balance Sheets and prudential limits are set to better manage the liquidity profile of the Bank.

Process

The responsibility for the liquidity risk management of the Bank rests with the ALCO. Bank’s Treasury/ALM units are responsible for executing the day-to-day liquidity management of the Bank within the parameters set by ALCO. Key liquidity measures are managed and monitored on a daily, weekly or monthly basis to ensure that the Bank meets the regulatory (liquid asset ratio, statutory reserve requirement and liquidity coverage ratio) as well as the internal limits whilst meeting the customer demands without incurring unacceptable losses.

In this context, the list of reports circulated by MRM Unit includes;

Daily report on open exposure risk limits to Treasury and GRM
Limit exception report to Treasury and ALCO
Weekly/Monthly Liquidity Risk Report on internal/external liquidity trends/analysis and stress test results to ALCO and IRMC
Monthly ALM Reports to ALCO
Quarterly ALM and Liquidity Reports to CMRPC and IRMC
Quarterly Risk Assessment Report to the Board.

The Bank is equipped with a comprehensive Liquidity Contingency Funding Plan (LCFP) linked to the Business Continuity Plan, which is in line with the regulatory guidelines. The LCFP clearly defines the responsibilities of the Liquidity Management Team, liquidity risk trigger points and the action plans to be exercised to ensure that all stakeholders of the Bank are safeguarded. We have also entered into reciprocal liquidity funding agreements with identified counterpart banks to ensure stability.

Liquidity Risk Analytics

Liquidity measurement could be measured through stock approach or flow approach. Under the stock approach liquidity is measured in terms of key ratios which portray the liquidity stored in the Balance Sheet. In the flow approach a statement of maturities of assets and liabilities is prepared placing all cash flows in time bands according to the residual time to maturity. Separate gap limits are set for the local currency and foreign currency maturity mismatch reports based on the size and the nature of the Bank’s Balance Sheet.

Bank uses several internal prudential measures to manage its liquidity position, whilst meeting the regulatory limit. Certain limits are set for key liquidity measures, above the regulatory limit to give early warning signals of tightening liquidity positions of the Bank. Factors such as shrinking market liquidity, exposure to interbank market movement on loans and advances will be regularly monitored to identify any impending liquidity strain on the Bank.

Statutory Liquid Asset Ratio (LAR)

As at 31 December	2016	2015
Domestic banking unit (%)	21.50	22.24
Foreign currency banking unit (%)	22.93	24.91

Key Risk Indicators (KRI)

Selected KRIs are highlighted below which provide a view of the liquidity risk indicators where regulatory/internal limits are set and monitored at predefined intervals, which provides early warning signals on the liquidity position of the Bank.

Key Indicators	Limit	Position as at 31.12.2016
Statutory liquid asset ratio % - DBU	20	21.50
Statutory liquid asset ratio % - FCBU	20	22.93
Advances to deposits ratio %	111	104.70
Medium term funding ratio %	110	74.20
Commitment limit - LKR billion	118	110.84
Liquidity coverage ratio (LCR) % - LKR currency	70	142.53
Liquidity coverage ratio (LCR) % - all currency	70	125.63

Ratios Under Stock Approach

Flow Approach

A Statement of Maturities of Assets and Liabilities (MAL) is prepared by the Bank placing all cash inflows and outflows in the time bands according to the residual time to maturity and non-maturity items as per CBSL recommended and the Bank specific behavioural assumptions.

Maturity Gap Analysis of Local Currency denominated Assets and Liabilities

The gap analysis of local currency denominated assets and liabilities provide the cash flow mismatches which assist in managing the local currency liquidity obligations in a prudential manner.

Maturity Gap Analysis for Local Currency denominated Assets and liabilities – As at 31.12.2016

	Up to 1 Month LKR -000	1-3 Months LKR -000	3-6 Months LKR -000	6-12 Months LKR -000	1-3 Years LKR -000	3-5 Years LKR -000	Over 5Years LKR -000	Total LKR -000
Total assets	48,590,439	20,797,190	16,616,131	26,844,211	61,598,993	36,968,679	40,480,672	251,896,314
Total liabilities	60,773,390	42,457,656	23,946,619	31,246,367	18,033,023	19,486,047	55,953,148	251,896,249
Net liquidity period gap	(12,182,952)	(21,660,466)	(7,330,487)	(4,402,155)	43,565,970	17,482,631	(15,472,476)	65

Maturity Gap Analysis of Foreign Currency denominated Assets and Liabilities

The gap analysis of foreign currency denominated assets and liabilities provide the cash flow obligations which assist in managing the foreign exchange liquidity in a prudential manner.

Maturity Gap Analysis for Foreign Currency denominated Assets and Liabilities – As at 31.12.2016

	Up to 1 Month USD -000	1-3 Months USD -000	3-6 Months USD -000	6-12 Months USD -000	1-3 Years USD -000	3-5 Years USD -000	Over 5 Years USD -000	Total USD -000
Total assets	154,120	95,796	41,247	3,723	116,060	73,703	64,163	548,812
Total liabilities	55,761	86,136	70,690	193,265	44,789	44,642	53,530	548,812
Net liquidity period gap	98,360	9,660	(29,444)	(189,541)	71,271	29,061	10,633	0

Funding Diversification by Product

The Bank’s funding diversification depicts the optimum level of sources of funds by primarily depending on customer deposits whilst maintaining the sensitivity towards the top depositors.

Operational Risk

Objectives of Operational Risk Management

As banks have become competitive and the business lines are competing to capture and retain their customer base, it is important that operations departments focus on managing operational risks to manage the Bank's risk profiles.

Operational risk is managed in a Group-wide consistent framework that enables to determine the Bank’s/Group's operational risk profile.

Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. It includes legal risk but excludes strategic and reputational risk.

The objectives of the development and implementation of operational risk are to –

reduce losses from operational failure and in particular avoid potentially large or catastrophic risk losses;
provide early warning signals of deterioration in the Bank’s internal control system;
raise awareness of operational risk in the Bank from top to bottom through the implementation of an enterprise-wide operational risk approach; and ensure better control over operations.

Risk Policy and Strategy

The Board is responsible for ensuring that senior management takes steps to identify measure, monitor and control all risks encountered by the Bank according to the laid down policies/operational risk framework.

The Bank’s policy on treating operational risk and the risk framework are approved by the Board of Directors and reviewed annually.

Risk Identification

Risks that have the potential to impact the Bank are identified through analysis of internal factors, such as key control lapses and external factors such as environmental threats.

Upon detection of any risk event which triggers a possible business impact, it should be addressed as early as possible. Few of the key risk monitoring that is carried out by the Bank is based on:

Failure of internal controls resulting in customer claims
Breaches of Key Risk Indicators
E.g. system downtime, staff turnover External losses
Change of business environment
Changes in regulatory requirements
Internal/external audit findings due to process lapses
New product development/project launches
Scenario analysis

Risk Assessment

Once identified, the potential impact of the risks to the Bank is quantified using the operational risk grading matrix. Risks are assigned risk grades (Very High, High, Moderate and Low) based on the assessment of the likelihood and impact to the Bank.

The operational risk function assesses the risk exposure both in qualitative and quantitative terms.

Risk Reporting

To enhance senior management awareness of operational risk, periodic reports are prepared detailing out the risks faced by the Bank. Timely escalation mechanisms are set up with predefined thresholds that define how the issue could be escalated through the chain of command.

Staff at all levels is accountable for directing and controlling the operational risks in his/her area of responsibility. All risk events are discussed at Business Operational Risk Sounding Board (BORSB) along with the business line VP after proper root cause analysis to avoid repetition.

Business Operational Risk Sounding Board

Business Operational Risk Sounding Boards (BORSB) have been set up
at key business functions and support function levels to discuss operational risk matters on a monthly basis encompassing responsibilities such as –

Provide a forum for the identification, assessment, mitigation and subsequent monitoring of business level operational risk trends and issues.
Ensure that there is full compliance with internal policies and relevant regulations, as well as the Bank’s Operational Risk Management Framework.
Promote and sustain a high level of operational risk management discipline culture within the business or support function.
Review the business or support functions operational risks and ensure appropriate ownership, actions for closure within the agreed target date and progress for all risks.
Review outstanding/overdue audit findings.

The unresolved risks or risks that require attention is brought to senior management notice at Operational Risk Policy Committee meeting which is scheduled once in every two months.

Risk Management and Monitoring

All risks must have mitigation plans established to reduce the residual risks to fall within the risk appetite of the Bank. The root cause is identified and actions to mitigate the risks are prioritized based on the criticality of the impact.

Risk monitoring at the Bank is done through operational risk framework:

(a) Focus on operational performance measures such as volume, turnover, delays and errors.

(b) Monitor operational loss directly with an analysis of each occurrence and description of the nature and causes of the loss.

(d) Undertake compliance reviews by the internal audit and the risk management processes separately.

Based on the above, the Management makes decisions on whether to transfer, avoid, accept or mitigate the risks.

Operational Risk Management Process

The Operational Risk Management Unit (ORMU) lies as the second line of defence and is notably responsible for identifying, measuring, managing and monitoring of operational risks in co-operation with the business units and support functions at Group level. The past, current and future environment is assessed using the operational risk tools in order to identify the impact to the Bank.

Analytics

Risk Event Reporting

Self-reporting of losses/risks and incidents is encouraged within the Bank. All self-identified and assessed risks that have been reported to operational risk which have already been addressed and closed will not qualify as an audit exception. This arrangement has supported in resulting in an increase of event reporting over the years.

Key Risk Indicators (KRI)

The function of KRI is to allow the early detection of operational risks before actual failure occurs. It is an early warning indicator of risks and not losses.

Regular KRI monitoring assists business line managers by providing them:

A quantitative, verifiable risk measurement
A regular assessment of the improvements or deteriorations in the risk profile and the prevention environment which requires particular attention or action plan.

Risk and Control Self-Assessment (RCSA)

The annual RCSA exercise is typically undertaken to comply with risk assessments which requires a firm-wide, self-analysis of operational risks. RCSA requires the documentation of risks, identifying the levels of risk (derived from an estimate of frequency and impact), and controls associated with each process conducted by the organization. Controls and mitigants that adequately counteract the risks are introduced thereby minimizing the impact and incidence
of losses.

Business Continuity Management (BCM)

In order to cover the risks arising from crisis and disasters which could threaten the safety of staff, customers, service providers, security of assets, and the continuity of critical banking operations which could tarnish the Bank’s reputation; Bank’s Business Continuity Management (BCM) Policy requires that a full set of up-to-date and exercised plans be in place encompassing a minimum of a Crisis Management Plan (CMP), Business Continuity Plan (BCP) and IT Disaster Recovery Plan (IT DRP) amongst other relevant plans including a Pandemic Plan. This BCM Framework is designed to comply with the requirements of the Central Bank of Sri Lanka and is approved by the Board of Directors.

These plans are drawn upon integrating Enterprise Risk Management (ERM) Framework with effective Business Impact Analysis (BIA) processes and methodologies which anticipate all forms of threats, crisis and disasters that are inherent in the ever changing Business Environment.

Communications, Security and Safety, Emergency Response and Recovery Teams, plans are periodically reviewed and biannual BCP/DR drills are conducted; which is all part of the Bank’s commitment that is showcased undoubtedly within this Business Continuity Management Framework.

The Bank now enjoys an increased recovery capacity at its Disaster Recovery Site, backed by infrastructure to support key services, core systems and critical business processes.

The Governance of Business Continuity Management is steered through the Crisis Management Team comprising Senior Management and co-ordinated by the Bank’s Business Continuity Manager.

Insurance Cover in Operational Risk Management

The Bank has a comprehensive insurance policy as a key measure to mitigate operational risks. This falls within the framework of risk mitigation and control which in turn is an integral component of the Risk Management Framework of the Bank. This Policy will be reviewed and further enhanced on an on-going basis. The Bank has engaged an insurance broker to source terms, evaluate and value add using their expertise.

Description of Coverage

General Risks
Buildings and their contents, including IT equipment are insured at their replacement value. Liability policies are arranged separately which includes Professional Indemnity, Directors and Officers Liability and Public Liability which are covered by respective insurance policies where levels of cover are insured for having assessed the likely exposure of the Bank to such areas of risks.
Theft/Fraud
These risks are included in the “Bankers’ Indemnity Insurance Policy” that insures all the Bank’s financial activities around the country. Fraudulent actions by an employee or by a third party acting on its own or with the aid of an employee with the intent to obtain illicit personal gain or through malice are covered.
Professional Liability
The consequences of any legal action against staff or managers as a result of their professional activity are insured under the Bank’s Professional Indemnity Policy.
Computer Crime
The adverse consequences surfacing while using computer systems and software are covered by the Bank’s Computer Crime Insurance Policy. The policy covers fraudulent input and modification via computer systems, electronic computer programmes, electronic data and media, computer viruses, electronic and tele-facsimile communications, electronic transmissions, electronic securities and voice incinerated transfers.
Operating Losses
Operating losses which are insurable are covered by a spectrum of insurance policies on a system-wide basis. Any residual risks that are not within the purview of these insurance policies are addressed by the Bank’s Business Continuity Plan.

Other Risks

Strategic Risk

Strategic risk is the most fundamental of business risks and at its very basic, can be defined as the current and prospective risk to earnings and viability arising from –

Adverse changes in business environment with respect to the economy, political landscape, regulations, technology, actions of competitors.
Adverse business decisions
Improper implementation of decisions
Lack of responsiveness to changes in the business environment

Strategic risk for a bank can manifest itself through lack of well-defined long-term strategy but more importantly because of failure to appropriately communicate and implement the strategy or due to unforeseen changes in the socio-political, economic or business environment. Drawing of appropriate response plans to tweak the strategy to suit the changes in the business environment is essential to management of strategic risk.

Accordingly, the Bank is currently in the process of reviewing its strategic plan. The strategic plans are drawn at various level of granularity e.g. a branch level strategy will detail the growth targets at branch level whereas a department level strategy will feature the achievement metrics at that level. The implementation of strategy is checked through monthly meetings where variances from the growth targets are analyzed and corrective actions recommended.

The strategic plan is also linked to individual employee performance through a goal-setting process and periodic performance reviews are carried out to motivate employees and create a performance culture to ensure that business goals and objectives are achieved, thus mitigating strategic risk.

Cross-Border Risk

Cross-border risk is the risk that the Bank will be unable to obtain payments from its customers or third parties on their contractual obligations as a result of certain actions taken by foreign governments, mainly relating to convertibility and transferability of foreign currency and geo-Political factors.

Correspondent Banking Unit is responsible for Bank’s cross-border exposures and management of exposure limits. Cross-border assets comprise loans and advances, interest-bearing deposits with other banks, trade and other bills, acceptances, foreign exchange contracts, investment securities and formal commitments where the counterparty is resident in a country other than where the assets are recorded. Cross-border exposure also includes the assets owned by the Bank/Group that are held in a given country.

The Bank has a Board approved policy/limits based on external ratings of countries for routine banking transactions with tenors less than one year. In the event, the Bank decides to make any Long-term investments/lending (tenor over 1 year)
offshore, the Bank undertakes a detailed due diligence covering the following key areas:

Country Ratings
Economic Indicators and Outlook
Political Risk
Exchange Rate Risk (convertibility/transferability)
Banking/Financial sector

The business lines and back offices manage the exposures within these limits and policies. Countries designated as higher risk are subject to increased central monitoring. Cross-border exposure limits are allocated to countries in which the Bank does have an acceptable risk appetite and one-off limits may be allocated based on business needs, with ultimate recourse to the borrower.

Legal Risk

Legal risk is understood more from its consequences, which is incurrence of penalties, fines and sometimes loss of reputation due to the institution being on the other side of law. Legal risk may vary from institution to institution depending on the manner in which it conducts its business and the documentation it follows and is closely related to compliance and regulatory risk.

Legal risk in the Bank can manifest itself through:

Business not being conducted in accordance with applicable laws,
Inadequate legal documentation of securities and collateral accepted for credit risk mitigation,
Legal repercussions of lacuna in documents, forms, advertisements,
Other modes of conduct and communication adopted by the Bank,
Intellectual property not being adequately protected.

Legal risk is managed by the Legal Department and the Legal Department is assisted by third party lawyers as and when necessary to obtain an independent opinion. Specific risks relating to legal risk are reported on a monthly basis to the Board.

Reputational Risk

Reputational risk is the risk of indirect loss (current or prospective) arising from one or multiple stakeholders’ adverse experience while dealing with the institution or which resulted in an adverse perception of the institution. It can also be understood as the potential that negative publicity regarding the Bank’s business practices, whether true or not, will cause a decline in customer base, costly litigation or revenue reduction. The Bank is of the view that reputational risk can be triggered by a risk event in any or all of the above risk categories hitherto described.

Reputational risk management and mitigation aspects are embedded in the Bank’s policies and procedures, training programmes, the Business Continuity Plan and through the Audit and Board Risk Management Committees.

The Bank monitors its reputational risk profile through a set of early warning indicators based on the reputational risk drivers and the factors to the reputational risk scorecard ensure that the overall reputational risk profile remains acceptable. The risk mitigation and control processes for reputational risk are designed to consider appropriate response actions to address the risks identified. A Customer Complaint Handling Process has been established under which the customers have a range of options through which they can forward their grievances to the Bank, by way of letters, using Bank's public help line that is manned on a 24-hour basis, through the Bank web site or social media.

Compliance Risk

Very closely related with reputation and legal/regulatory risk, compliance risk is defined as the risk of legal or regulatory sanctions, material financial loss, or loss to reputation and integrity an institution may suffer as a result of its failure to comply with laws, regulations, rules, related self-regulatory organizational standards and codes of conduct applicable to its business activities. Bank is compliant with all CBSL regulations and thus the compliance risk is minimal.

The Bank has a well laid out Board approved Compliance Charter, which defines the fundamental principles, roles and responsibilities of the compliance function within the organization as well as its relationship with Senior Management, the Board of Directors and the business and operational functions.

Model Risk

Bank has a Board approved risk model validation policy to mitigate model risk of the Bank. Bank commenced third party validation of risk models during the year in line with the approved policy.

Settlement Risk

Settlement risk refers to the risk arising on account of failed trades with counterparty banks in the foreign currency transactions. Settlement risk arises from possible losses when the Bank is in a foreign exchange transaction pays the currency it sold but does not receive the currency it bought. Forward contract settlement failures can arise from counterparty default, operational problems and other factors. Settlement risk exists for any traded product. Currently, the Bank has a procedure for regular monitoring of limit utilization, failed trades and excess monitoring. Settlement risk is currently controlled by way of prudent allocation and monitoring of counterparty limits including Maximum Daily Delivery Risks (MDDR) limits for counterparts.

Governance Risk

Corporate governance is understood as the system by which the Bank is directed and controlled. The Board of Directors is responsible for the governance of the Bank. The responsibilities of the Board include setting out the Bank’s strategic aims, providing leadership to operationalize same, supervising the management of the business and reporting to shareholders on their stewardship.

Bank’s Corporate Governance Framework has been developed with the objective of balancing the attainment of corporate objectives of the Bank whilst at the same time aligning corporate behaviours with the expectations of society and being accountable to its shareholders.

Several policies and codes have been developed and implemented to manage governance risk at the Bank. The Internal Code of Corporate Governance which applies to all Directors and Key Management Personnel of the Bank sets out policies and processes for implementing the Corporate Governance Directions issued by the Monetary Board of the Central Bank of Sri Lanka, the Companies Act No. 07 of 2007 [Banks have been exempted from the Corporate Governance Regulations issued by the Colombo Stock Exchange] and the Best Practices on Corporate Governance issued jointly by The Institute of Chartered Accountants of Sri Lanka and the Securities and Exchange Commission of Sri Lanka. The Bank has in place a Compliance Policy and Code of Conduct governing all employees which outlines standards of professional and ethical conduct that all employees of the Bank are expected to conform to including areas such as general conduct and competence, confidentiality and misuse of material confidential information, managing conflicts of interest situations and insider dealing provisions.

The Bank recognizes the importance of sound management of ‘Governance Risk’. Accordingly, governance risk is managed by the Compliance Department of the Bank.

Summary of activities undertaken for management of ‘Governance Risk’ is as follows:

Annual Declarations obtained
from Directors
Implementation of the Internal Code of Corporate Governance and training Directors in the areas of Governance
Compliance Policy and Code of Conduct which incorporates several policies of the Bank including the Confidentiality Policy, Insider Trading prohibitions, Securities Trading Policy, Gift Policy, Anti-Bribery and Corruption Policy, Information Security Policy, approval from CEO prior to staff taking up any outside position, conflicts of interest provisions etc.
Monitoring of transactions carried out by the Bank with related parties of the Bank in terms of the Bank’s related party transactions policy
Handling complaints of customers of the Bank as per agreed service standards in accordance with the Complaint Handling Procedure
A whistle-blowing Policy
Disclosure Policy
Communications Policy
Document Retention and Destruction Policy, Staff Transaction Policy

This well-laid out framework defines the Board’s collective responsibility for upholding and ensuring the highest standards of corporate governance, ethics and integrity across the Bank.

Group Risk

The Bank together with its subsidiaries, in the process of financial intermediation are confronted with various kinds of financial and non-financial risks such as credit, interest rate, foreign exchange rate, liquidity, equity price, commodity price, legal, regulatory, reputational, operational, etc. These risks are highly interdependent and events that affect one area of risk can have consequences on a range of other risk categories. Thus, considerable importance is given to improve the ability to identify, measure, monitor and control the overall level of risks undertaken.

Aggregating the risks of group companies remains a challenge due to their diverse business models and risk profiles. The group companies are engaged in investment banking, capital market activities, unit trust management and property management activities. However, the Bank believes the ‘Group Risk’ is greatly mitigated as –

NDB’s capital at risk is limited to the amount invested in these companies in the form of equity, at the time the companies were incorporated.
There is representation by NDB’s Directors/Key Management Personnel on the Boards of Directors/Board Audit, Risk and Compliance Committees of its subsidiaries, thereby ensuring full and sufficient knowledge of subsidiaries’ operations and risk profiles.
Due to the governance structure mandated by the laws governing banking and limited liability companies, all inter-company transactions are at arm's length and full disclosure of such transactions is made.
Natural mitigation from the fact that the Bank is the holding company and owns the largest Balance Sheet in
the Group.
NDB Securities Ltd., being licensed stock broker is regulated by the SEC.
Risk Reporting Framework by group companies to Centralized Group Risk Management of NDB/IRMC/Board for review/corrective action.

Each Group Company remains responsible for the management of risks, including associated controls and on going monitoring processes. Risks identified by group companies are reported to Group Risk Management Department on a monthly basis through appropriate risk indicators (using a Risk Dashboard) and management information for review and escalation. Top risks and associated mitigants are also highlighted. The main risk categories being reviewed are as follows:

Investment/Credit Risk
Operational Risk
Market Risk
Liquidity Risk
Interest Rate Risk
Concentration Risk
Regulatory/Compliance Risk
Legal/Reputational Risk
Strategic Risk
Any other risks relevant to the specific line of business of the Group Company

All group companies are required to have relevant policies and limits for monitoring purposes and to ensure that risks are within acceptable levels/in line with risk appetite. All risk related policies of the group companies are vetted by Group Risk Management Department to ensure compliance with the regulatory requirements and internal policies applicable to the Bank. Furthermore, the Operational Risk Management Unit within the Group Risk Management Department conducts Risk and Control Self-Assessments for the group companies and this process facilitates informed decision-making by providing management with an overall view of operational risks within a business process.

Bank's risk management capabilities have progressed encouragingly towards best in class, and will continue to be strengthened and enhanced to create value and be a competitive advantage to support the Group’s aspirations.

Capital adequacy

Capital adequacy Computation

The Bank's capital adequacy ratio is computed based on Basel II – Pillar I requirements. The composition of the capital and risk weights assigned to the On and Off-Balance Sheet assets, are as prescribed by the Central Bank of Sri Lanka.

The Tier I capital of the Bank consists of the stated capital, retained earnings and other reserves after deducting the intangible assets, 50 % of the investments in unconsolidated banking and financial subsidiaries and 50% investments in capital of other banks and financial institutions.

The Tier II capital of the Bank includes CBSL approved subordinated term debts, approved revaluation reserve and the general loan loss provision after deducting 50% of the investments in unconsolidated banking and financial subsidiaries and 50% investments in capital of other banks and financial institutions.

In arriving at the Risk-Weighted Assets (RWA) of the Bank, the Standardised Approach for Credit Risk, Standardised Measurement Method for Market Risk and the Basic Indicator Approach for Operational Risk has been used.

Capital Adequacy Computation of the Bank

	BANK
Capital Base as at 31 December	2016	2015
	LKR -000	LKR -000
Tier I: Core Capital
Capital	1,246,479	1,242,772
Statutory reserve fund	1,246,479	1,242,772
Published retained profits	16,219,170	13,706,561
General and other reserves	5,819,548	5,820,297
Total equity considered for Tier I capital	24,531,676	22,012,402
Deductions - Tier I
Intangible assets	368,083	240,234
50% Investments in unconsolidated banking and financial subsidiaries	943,850	937,984
50% Investments in capital of other banks and financial institutions	815,997	815,997
	2,127,930	1,994,215
Eligible Tier I Capital	22,403,746	20,018,187
Tier II: Supplementary Capital
General loan loss provision	957,043	830,100
Approved revaluation reserve	542,092	542,092
Approved subordinated term debts	9,009,969	9,977,543
	10,509,104	11,349,735
Deductions - Tier II
50% Investments in unconsolidated banking and financial subsidiaries	943,850	937,984
50% Investments in capital of other banks and financial institutions	815,997	815,997
	1,759,847	1,753,981
Eligible Tier II Capital	8,749,257	9,595,754
Capital base (Tier I +Tier II)	31,153,003	29,613,941

	BANK
	Assets for Credit Risk		Risk Weights	Risk Weighted Assets
	2016	2015	%	2016	2015
	LKR -000	LKR -000		LKR -000	LKR -000
Risk weighted on and off-balance sheet exposure
Cash and claims on Central Government and Central Bank of Sri Lanka	58,647,311	35,798,265	0 - 20	21,026	8,092
Claims secured by cash deposits, gold and guarantees	27,339,087	20,280,019	0	-	-
Claims on banks	9,640,933	15,648,215	20 - 150	4,747,626	5,195,269
Claims on financial institutions	18,711,007	25,705,335	50 - 150	10,938,851	14,863,928
Loans secured by residential property	10,544,601	9,055,452	50 - 100	5,866,613	4,527,726
Past due loans	2,640,758	2,146,571	50 - 150	3,660,446	2,328,523
Retail claims and corporate claims	200,783,449	189,008,802	20 - 150	184,402,403	175,243,262
Property, plant and equipment	2,078,569	2,030,002	100	2,078,569	2,030,002
Other assets	2,844,721	3,313,600	100	2,844,721	3,313,600
Total assets considered for credit risk	333,230,436	302,986,261		214,560,255	207,510,402

	Principal Amount of Off-Balance Sheet Items		Credit Conversion Factor	Credit Equivalent Off-Balance Sheet Items
	2016	2015	Credit Conversion Factor	2016	2015
	LKR -000	LKR -000	%	LKR -000	LKR -000
Credit equivalent of off-balance sheet items
General guarantees of indebtedness	16,823,830	13,247,956	100	16,823,830	13,247,956
Stand by letters of credit relating to particular transactions	67,410	64,800	50	33,705	32,400
Performance bonds and bid bonds	10,022,804	8,614,302	50	5,011,402	4,307,151
Trade Related acceptances and advance documents endorsed	7,958,256	8,584,926	20	1,591,651	1,716,985
Shipping guarantees	744,055	1,352,796	20	148,811	270,559
Documentary letters of credit	8,338,710	8,067,461	20	1,667,742	1,613,492
Undrawn term loans	10,799,521	6,803,723	0, 20 & 50	5,398,971	3,386,562
Foreign exchange contracts	74,289,101	81,168,189	2, 5 & 8	2,038,616	2,336,935
Undrawn overdrafts and credit lines	12,913,230	14,836,720	0	-	-
Other unutilized facilities	87,123,064	89,009,483	0, 20 & 50	71,937	114,862
Total	229,079,981	231,750,356		32,786,665	27,026,902

	BANK
	2016	2015
	LKR -000	LKR -000
Capital charge for market risk
Capital charge for interest rate risk	611,745	448,997
Capital charge for equity securities and unit trusts	23,038	503,478
Capital charge for foreign exchange and gold	98,554	63,668
Total capital charge for market risk	733,337	1,016,143
Total risk-weighted assets equivalent for market risk	7,333,367	10,161,436
Capital charge for operational risk
Gross income
Year 1	11,901,793	10,842,463
Year 2	12,237,313	11,901,793
Year 3	13,137,571	12,237,313
Average gross income	12,425,559	11,660,523
Total capital charge for operational risk at 15%	1,863,834	1,749,078
Total risk-weighted assets equivalent for operational risk	18,638,339	17,490,784
Total risk-weighted assets	240,531,961	235,162,622
Capital adequacy ratios
Tier I (Required statutory minimum ratio is 5%)	9.31%	8.51%
Tier I & Tier II (Required statutory minimum ratio is 10%)	12.95%	12.59%

Capital Adequacy Computation of the Group

	GROUP
Capital Base as at 31 December	2016	2015
	LKR -000	LKR -000
Tier I: Core capital
Capital	1,246,479	1,162,963
Statutory reserve fund	1,246,479	1,242,772
Published retained profits	21,246,563	19,213,211
General and other reserves	5,819,548	5,886,805
Minority interests	1,066,810	1,011,046
Total equity considered for Tier I capital	30,625,879	28,516,797
Deductions - Tier I
Intangible assets	384,742	274,746
50% investments in the capital of other banks and financial institutions	1,133,190	1,087,623
	1,517,932	1,362,369
Eligible Tier I Capital	29,107,947	27,154,428
Tier II: Supplementary capital
General loan loss provision	957,043	830,100
Approved revaluation reserve	542,092	542,092
Approved subordinated term debt	9,009,969	9,977,543
	10,509,104	11,349,735
Deductions - Tier II
50% investments in the capital of other banks and financial institutions	1,133,190	1,087,623
Eligible Tier II Capital	9,375,914	10,262,112
Capital base (Tier I +Tier II)	38,483,861	37,416,540

	GROUP
	Assets for Credit Risk		Risk Weights	Risk-Weighted Assets
	2016	2015	%	2016	2015
	LKR -000	LKR -000		LKR -000	LKR -000
Risk-weighted on and off-balance sheet exposure
Cash and claims on Central Government and Central Bank of Sri Lanka	58,649,716	35,798,378	0 - 20	21,026	8,092
Claims secured by cash deposits, gold and guarantees	27,339,087	20,280,019	0	-	-
Claims on banks	10,166,189	16,057,734	20 - 150	4,995,479	5,373,130
Claims on financial institutions	19,630,437	27,523,393	20 - 150	11,359,196	16,164,584
Loans secured by residential property	10,544,601	9,055,452	50 - 100	5,866,613	4,527,726
Past due loans	2,640,758	2,146,571	50 - 150	3,660,446	2,328,523
Retail claims and corporate claims	202,589,047	189,654,725	20 - 150	186,048,902	175,373,279
Property, plant and equipment	4,304,255	4,126,881	100	4,304,255	4,126,881
Other assets	2,788,786	3,922,896	100	2,788,786	3,922,896
Total assets considered for credit risk	338,652,876	308,566,049		219,044,703	211,825,111

	Principal Amount of Off-Balance Sheet Items		Credit Conversion Factor	Credit Equivalent Off-Balance Sheet Items
	2016	2015	Credit Conversion Factor	2016	2015
	LKR -000	LKR -000	%	LKR -000	LKR -000
Credit equivalent of off-balance sheet items
General guarantees of indebtedness	16,823,830	12,412,956	100	16,823,830	12,412,956
Stand by letters of credit relating to particular transactions	67,410	64,800	50	33,705	32,400
Performance bonds and bid bonds	10,022,804	8,614,302	50	5,011,402	4,307,151
Trade related acceptances and advance documents endorsed	7,958,256	8,584,926	20	1,591,651	1,716,985
Shipping guarantees	744,055	1,352,796	20	148,811	270,559
Documentary letters of credit	8,338,710	8,067,461	20	1,667,742	1,613,492
Undrawn term loans	10,799,521	6,803,723	0, 20 & 50	5,398,971	3,386,562
Foreign exchange contracts	74,289,101	81,168,189	2, 5 & 8	2,038,616	2,336,935
Undrawn overdrafts and credit lines	12,847,706	14,836,720	0	-	-
Other unutilized facilities	88,098,013	90,685,643	0, 20 & 50	809,412	952,942
Total	229,989,406	232,591,516		33,524,140	27,029,982

	GROUP
	2016	2015
	LKR -000	LKR -000
Capital charge for market risk
Capital charge for interest rate risk	611,745	448,997
Capital charge for equity securities and unit trusts	573,135	899,542
Capital charge for foreign exchange and gold	98,554	63,668
Total capital charge for market risk	1,283,433	1,412,208
Total risk-weighted assets equivalent for market risk	12,834,331	14,122,076
Capital charge for operational risk
Gross income
Year 1	13,588,231	12,001,151
Year 2	13,226,127	13,588,231
Year 3	13,600,034	13,226,127
Average gross income	13,471,464	12,938,503
Total capital charge for operational risk at 15%	2,020,720	1,940,775
Total risk-weighted assets equivalent for operational risk	20,207,196	19,407,755
Total risk-weighted assets	252,086,230	245,354,942
Capital adequacy ratios
Tier I (Required statutory minimum ratio is 5%)	11.55%	11.07%
Tier I & Tier II (Required statutory minimum ratio is 10%)	15.27%	15.25%

RISK MANAGEMENT

Integrated Risk Management Framework

Risk Appetite & Strategy

Capital Management

BASEL II Framework

Pillar I – Minimum Capital Requirement

Pillar II – Supervisory Review Process

Pillar III – Disclosures

BASEL III Framework

Governance and Oversight

Governance Model

Group Risk Management

Credit Review

Risk Culture

Precautionary Principle

Risk Policies & Processes

Credit Risk

Objectives of Credit Risk Management

1. Credit Policies

2. Structured and standardized credit approval process

3. Delegation of Authority

4. Internal Risk Ratings of Obligors

Risk Scoring

5. Risk Pricing

6. Post Sanction Review and Monitoring Mechanism

7. Prudential Limits

8. Portfolio Management

9. Credit Risk Mitigation

10. Impairment

Credit Risk Analytics

Product Concentration

Business line wise Composition

Rated portfolio Concentration

Credit Risk Concentrations

Single Name Concentration

Sector Concentration

Geographical Concentration

Collateral Concentration

Non-Performing Loans

Provisioning and Impairment

Sector wise breakdown of individual impairment is illustrated below

Market Risk

Objectives of Market Risk Management

Policies

Processes

Analytics

Foreign Exchange Risk

Sensitivity Analysis

Interest Rate Risk (IRR)

Interest Rate Risk in Trading Book

Trends in duration analysis

Interest Rate Sensitivity of the Balance Sheet as at 31 December 2016

Interest Rate Risk in Banking Book

Equity Risk

Commodity Risk

Counterparty Risk

Liquidity Risk

Objective of Liquidity Risk Management

Policy Framework

Process

Liquidity Risk Analytics

Statutory Liquid Asset Ratio (LAR)

Key Risk Indicators (KRI)

Ratios Under Stock Approach

Flow Approach

Maturity Gap Analysis of Local Currency denominated Assets and Liabilities

Maturity Gap Analysis for Local Currency denominated Assets and liabilities – As at 31.12.2016

Maturity Gap Analysis of Foreign Currency denominated Assets and Liabilities

Maturity Gap Analysis for Foreign Currency denominated Assets and Liabilities – As at 31.12.2016

Funding Diversification by Product

Operational Risk

Objectives of Operational Risk Management

Risk Policy and Strategy

Risk Identification

Risk Assessment

Risk Reporting

Business Operational Risk Sounding Board

Risk Management and Monitoring

Operational Risk Management Process

Analytics

Pillar I –
Minimum Capital Requirement

Pillar II –
Supervisory Review Process