Download PDF
Download PDF

Management Discussion And Analysis

6.0. Risk Management

6.1. The Main Theme for 2013

Strong risk management remained a top strategic priority at Bank Audi in 2013 amid a challenging external environment. Over the last year, we have accompanied our business’ growth in our Turkish subsidiary, Odeabank, to ensure we maintain the same high standards of risk management we have set for ourselves across the Group. With close monitoring of the loan portfolio, as well as the constant enhancement of its risk management framework and its alignment with that of the Group, we thrived in making the rapid expansion a safe and successful one.

We also took the necessary precautions to protect our assets in our entities operating in unstable political and economic environments. As of today, our exposure to the Syrian markets does not constitute any threat to the Group’s financial strength. With enough provisions taken to account for any possible loss, we were able to confidently face any challenge while being safe and sustainable.

In addition, we maintained our position in the Egyptian market and continued the development of the Bank’s franchise. Our asset quality proved to be resilient to the instability of the current environment in Egypt.

As for the Lebanese operations, we maintained our strong internal controls while persistently looking for ways to enhance our risk management practice. We preserved our good asset quality by reinforcing our existing corporate and SME relationships, while ensuring optimal risk-reward balance.

6.2. Making Bank Audi Safer

Bank Audi has continuously aimed at putting the customer at the heart of all that it does and continuously thrives to bring about the most current risk management best practices.

We constantly search for ways to make Bank Audi safer through:

Protecting Stakeholders and Customers’ Interest

In line with its commitment to constantly protect the interest of its stakeholders and customers and to maintain a high quality of service with minimum disruption, Bank Audi has completed the establishment of a world-class Business Continuity and Disaster Recovery site and implemented several initiatives to enhance its cyber security posture.

A strong Business Continuity Plan

The Bank has developed and implemented a Business Continuity Plan based on international standards to anticipate a variety of probable disaster scenarios. Several Business Continuity Plan testings were conducted over the past year. These tests were concluded successfully by a full operational test that included all branches and critical head office departments. The objective of these tests was to ensure that critical business operations are resumed within a tolerable timeframe based on business requirements. In addition, necessary provisions were taken by the Bank to keep this plan abreast of changes pertaining to people, processes and technology.

A Strong Security Posture

The Bank is constantly reinforcing the security of its information systems to address evolving threats and vulnerabilities. Accordingly, advanced security solutions were acquired and implemented during the past year, along with a comprehensive Security Information and Event Management (SIEM) tool. In addition, security awareness trainings are conducted to all staff on a continuous basis in order to reduce the risk of human error, theft, fraud or misuse of information resources.

Setting the Risk Appetite and Limits

The risk appetite, which is set on an annual basis, is meant to provide the boundaries within which business lines operate. The setting of the risk appetite at Bank Audi is a result of a formal dialogue between Group Risk, business lines, Senior Management and the Board Group Risk Committee. The risk appetite, which is approved by the Board of Directors, is expressed in both qualitative and quantitative statements. The latter include a set of metrics covering risk appetite or targets, tolerances and limits.

The Bank maintains constant communication of the risk appetite to business lines and monitors the risk profile to ensure that it always remains within the Board of Directors’ approved limits.

The general principles of the Bank’s risk appetite and limits are the following:
  • 1. The Bank does not engage in banking transactions and activities it does not have a full understanding of, specifically in terms of the risk that such transactions or activities are likely to generate.
  • 2. Risk monitoring and control is a key component of our risk management framework. Therefore, the Bank does not engage in risk-generating activities and products that it cannot fully monitor and control.
  • 3. The Bank places great importance and priority on maintaining a robust liquidity profile. As part of this strategy, the Bank endeavours to ensure that its funding base is mainly sourced from a stable and well diversified deposit base. Therefore, in general, the Bank does not normally solicit wholesale market funding for its ordinary banking activities. However, in the event that this situation changes in the future, a proper policy framework will be put in place to ensure that the impact of such strategy is well understood and monitored, through adequate limits and controls.
  • 4. Senior Management will carefully assess and weigh the risk versus rewards for all business proposals that potentially create significant risk concentration (be it in products, sectors, markets or countries). Final approval for such proposals will only be granted for reasons deemed to be of high importance for the Bank. When doing so, Senior Management will ensure that such concentration risk is adequately mitigated and controlled.
  • 5. The Bank upholds the highest standards of ethics and professional competence when providing banking services to its clients and engaging with counterparts. Therefore, no products or services or other types of banking transactions will be contracted if deemed unsuitable to the clients or if they can potentially raise financial or reputational risk for the Bank.
  • 6. The Bank gives the highest importance to the full and complete implementation of all laws and regulations governing its activities. To achieve this, the Bank will conduct regular due diligence exercises and establish adequate controls to ensure that strict adherence to laws and regulations is maintained at all times.
  • 7. The Bank has a very low risk appetite for name lending.
  • 8. The Bank has a low risk appetite for holding for its own account volatile financial instruments that can generate undesirable earnings fluctuations.

Broadening the Stress Testing Scope

Stress testing is used by Bank Audi to measure the Bank’s vulnerability to exceptional but plausible events. Bank Audi has formalised stress testing within a Board of Director-approved document and conducts regular stress testing for material risks to which it is exposed and resulting from both on and off-balance sheet transactions.

The selection of stress testing scenarios is the result of the discussion between Group Risk, Group Finance and business lines, in consultation with the Group Research department. The results are reported to the Group Executive Committee, Board Group Risk Committee and Board of Directors depending on the materiality and relevance of the stress test at hand.

The Bank has undergone stress tests outside the framework of regulatory requirements to include all relevant risk disciplines, as well as stress testing at the portfolio, transaction and individual level, enabling the Bank to move towards more complex models and more structured approaches to stress testing.

Adopting Close Risk Monitoring

We strive to make sure all material and relevant risks are closely monitored through the enhancement of our MIS capabilities, portfolio reviews, risk assessments, as well as regular reporting from entities supported by regular entity visits.

Promoting a Strong Risk Culture

The Group Risk Principles

Bank Audi has defined the following key guiding principles that underpin its approach to risk management, which include:
  • The Risk function aims at preserving the Bank’s financial strength by ensuring that risks and rewards are properly balanced and by minimising the impact of undesirable events on capital and profits.
  • Bank Audi’s risk management responsibilities follow a three-line of defence structure: the first being business lines, the second being Risk and Compliance, and the third being Internal Audit and External Auditors.
  • Risks are properly disclosed to various internal and external stakeholders in a transparent, systematic, structured, timely and accurate manner, in order to allow various stakeholders to make prompt and informed decisions.
  • The Risk function is independent from business lines and decision makers, yet supports them in making informed choices and distinguishing among alternative courses of action.

The Risk Training Program

We have successfully set up a Risk Training Academy which achieved the implementation of a risk training program during 2013. Core risk courses were developed and delivered both in-house and through trainings delivered by subject matter experts. Courses are open to attendees from all departments within the Bank in order to promote a strong risk culture across the functions. Not including off-site training, the Risk Training academy has delivered in 2013 a total of 18 courses equivalent to 54 training hours to more than 740 attendees.

Enhancing the Risk-rating System for Corporate and Commercial

Bank Audi deployed its new Project Finance Model in 2013, accompanied by a training to relevant stakeholders from various entities. The purpose of this model is to accurately rate and rank-order Project Finance obligors. It complements the existing credit-rating models such as the revamped Corporate Model, SME with and without Financials.

Continuously Enhancing our Methodologies

Bank Audi has taken a strategic decision to move toward advanced approaches in risk management, which require both competent quantitative skills and adequate analytical tools. The Bank has made several efforts to strengthen the framework around model validation by adopting best practices for the development, calibration, validation and maintenance of various risk-related models. Such models will not only allow a better quantification of risk, but also support the business in its decision-making process.

Developing Return on Risk-adjusted Capital (RORAC) by Business Line

A revised approach to risk-adjusted performance measurement has been implemented in line with international best practice, taking into account a full assessment of the RORAC by business line to ensure proper risk-reward balance.

Submitting the Internal Capital Adequacy Assessment Process (ICAAP) at Entity Level

The Bank has begun conducting the Internal Capital Adequacy Assessment Process at entity level with the first entities being Bank Audi Jordan and Bank Audi Egypt. The decisions to undergo the exercise in line with best practices were part of both an internal initiative and a regulatory requirement.

6.3. Priorities for 2014

The Bank, in its continuous effort to be the leader in risk management, is always looking for ways to improve the way it looks at risk. Our priorities for 2014 are as follows:
  • Maintain and strengthen the Group’s risk culture.
  • Continuously improve the quality of our data.
  • Continue to enhance the rating system.
  • Widen the scope of utilisation of the Return on Capital measures to include more businesses and entities to ensure proper risk-reward balance.
  • Continue with training efforts and widen the scope of participants to include entities.
  • Strengthen our risk and finance infrastructure.

6.4. Credit Risk

Corporate Credit Risk

Corporate Credit Risk is the risk that the Group or any of its subsidiaries will incur a loss as a result of its corporate obligors failing to fulfil the repayment of their contractual obligations.

To mitigate this risk, we continue to strengthen our credit culture by persevering in our independent assessment of all corporate credit deals and transactions, thus preserving a good asset quality well within our Group’s risk appetite.

Undoubtedly, the year 2013 was a challenging one amidst difficult economic and political conditions leading to overall pressure on the financial health of our corporate clients; we nevertheless managed to adhere to the Group set risk appetite, while continuously working on enhancing our risk-reward equilibrium.

As a matter of fact, the consolidated loan portfolio grew by 41%, while maintaining an adequate quality of assets noting, a 64% coverage of our NPL and a net NPL ratio to gross loans standing at 1%. Our penetration strategy in the Turkish market was the main driver behind the growth achieved during 2013. Indeed, Odeabank's portfolio (USD 5.3 billion) ranks second with a 36% stake of the Group’s portfolio. Such growth did contribute significantly to offset the status-quo witnessed at the level of Lebanon’s operations and Egyptian portfolio, as well as the continuous shrinking of the Syrian exposures still placed under high scrutiny given the prevailing situation.

The Group’s robust liquidity and financial agility stemming from a low leverage revealed by the consolidated loan-to-deposit ratio, allow business development to continuously seek to broaden the credit lines of existing clients and/or to expand in new segments to overcome the challenging granting climate and weak growth momentum in few of the markets in which we are already present.

Last but not least, the Group, known for its vigilant risk culture, reveals acceptable returns with respect to regional and international benchmarks and is actually keen to maintain its strong asset quality, as shown by all risk indicators.

Retail Credit Risk

The Bank has focused on enhancing data capturing and structure across the Group, upgrading analytics tools and key performance indicators, and set the platform for development and implementation of scorecards across the group's entities. The Bank concluded the draft Group Retail Policies and Procedures manual which is to set standard governance and lending policies and principles across the geographies we operate in.

Establishing metrics to better predict risk and objectively balance risk and reward was initiated in 2013 and remains a work in progress. Establishing early performance indicators that can accurately predict future losses and determine profitability is the final output sought from the project.

The Bank closed 2013 with solid credit indicators on its retail portfolio. The portfolio has a well diversified product mix, 35% on housing loans, 30% on auto loans, 19% on auto loans, 14% on cards and 1% on other products.

Despite the uncertainties and political instability in many parts of the region, the portfolio has demonstrated resilience with stable indicators.

NPL stood at 2.23% for the year, a 68 bps drop from closing of 2012 mainly driven by high write-offs from BASY’s portfolio and high growth from Odeabank. If the impact of BASY is isolated, NPL stands at 1.82%, decreasing by 39 basis points relative to end-December 2012.

Coverage of NPL stands at 91% at end-December 2013, an increase from 82% in at end-December 2012. If BASY is excluded, the Group would exceed 100% coverage ratio of non-performing loans.

Retail collective provisions as a percentage of the net loan portfolio has declined from 1.68% at end-December 2012 to 1.12% at end-December 2013. This improvement is driven by proactive policy measures to better control risk and aggressive collection strategies leading to lower delinquency provisions. A contributor to the lower provisions is also the strong growth rate emanating from Odeabank which has not matured enough to fully impact delinquency and provisions, although early indicators are positive. Gross loans grew by 18% excluding Odeabank (41% including Odeabank).

6.5. Operational Risk

Operational Risk

Operational risk is the risk of loss arising from system failure, human error, fraud or external events. Operational risk exists in all activities and can materialise in various ways such as errors, frauds or business interruptions that can result in direct and indirect lost income, such as reputational damage.

At Bank Audi, the primary responsibility for the management of operational risk resides in the business. To monitor and control operational risk so as to maintain it within Board-approved risk tolerances, operational risks are assessed on a regular basis by evaluating the effectiveness of the control design against risk scenarios mapped to internal risk registries and implementing corrective actions where needed.

These internal risk registries are mapped to seven standardised categories used for reporting to Management and to the Board of Directors: internal and external fraud, employment practices and workplace safety, clients, products and business practices, damage to physical assets, business disruption and system failures, and execution, delivery and process management. In addition, a system of incident reporting and a set of risk indicators together help confront ex-ante risk assessments to reality and improve controls before a situation develops into lost income exceeding tolerances. In recent years, most of Bank Audi’s operational losses have been caused by external fraud.

The Bank has rolled out a special purpose operational risk management tool which allows users to log risk assessments, key risk indicators, incidents, action plans, and follow up on their resolution. This tool is designed to ensure a more efficient group-wide implementation of the operational risk policy. As an additional layer of mitigation against operational events, the Bank purchases comprehensive insurance coverage from highly-rated reinsurers. This coverage is purchased wherever economically feasible and includes coverage against certain types of fraud, and political violence, strikes, riots and terrorism in some countries that experienced unrest in 2013. Notwithstanding its efforts to control operational risks, Bank Audi does incur unexpected operational losses, in particular as the sum of losses incurred below the insurance deductible, losses that are neither insured nor so predictable as to be priced, as well as setbacks to budgeted revenue (lost income). When these happen, they are escalated to the relevant manager or Management committee and followed up for possible recoveries and process improvements. The Bank applies the Basic Indicator approach for the calculation of its capital charge for operational risk, while complying with the qualifying standards of Basel II’s standardised approach (Paragraph 663 of the Basel II Capital Accord). Finally, the operational risk framework is audited yearly, as per regulatory requirements and standard industry practice.

6.6. Liquidity Risk Management

Liquidity risk is the risk that the Group will be unable to meet its payment obligations when they fall due under normal and stress circumstances.

Liquidity risk can manifest in the following two forms:
  • Funding liquidity risk is the risk that the Bank’s financial condition is adversely affected as a result of its inability to meet both expected and unexpected current and future cash flow and collateral needs in a timely and cost efficient manner.
  • Market liquidity risk is the risk that the Bank cannot easily offset or eliminate a position at the market price because of inadequate market depth or market disruption, ultimately leading to loss.

The Bank addresses these risks in two distinct environments:
  • 1. Normal conditions where the Bank must satisfy daily liquidity needs (flows) and the liquidity risk associated with those needs (e.g. in conjunction with expanding product or business mix, settlement, deposit/loan growth, etc.);
  • 2. Stressed conditions where the Bank is facing liquidity strains due to idiosyncratic or systemic conditions and may invoke the Contingency Funding Plan (CFP) as a result.

Liquidity Adequacy

Management considers the Bank’s liquidity position to be strong, based on its liquidity metrics as of December 31, 2013, and believes that the Bank’s funding capacity is sufficient to meet its on and off-balance sheet obligations.

The Bank’s funding strategy is intended to ensure sufficient liquidity and diversity of funding sources to meet actual and contingent liabilities through both normal and stress periods.

The Bank’s primary sources of funding include a stable customers’ deposit base constituting 84% of its funding (liabilities + equity) which was USD 30.7 billion at December 31, 2013, rising from USD 26.4 billion. Nearly 71% of deposits are Retail/Individual Banking accounts, whereas about 28% are corporate/SME. The large Retail/Individual Banking base emphasises the Bank’s reliance on sources of funding that are considered to be the most stable, as evidenced by their treatment under the recent Basel III liquidity standards, entering into effect by January 2015 at 60%. Given that local rules in Lebanon have not been published yet, the Bank’s internal assessment of the LCR reveals healthy levels, well above the final target of 100%, to be adhered to starting 2019.

The Bank’s consolidated short-term liquidity ratios (defined as net current accounts and maturing placements with central banks plus banks and financial institutions relative to maturing deposits over 1-month and 3-month horizons) are at healthy levels. For example, the 1-month ratio is nearly 24%.

The Bank maintains pools of liquid unencumbered securities and short-term placements with highly rated bank counterparts or the Central Bank in the relevant jurisdiction. The Bank also actively monitors the availability of funding across various geographic regions and in various currencies. Its ability to generate funding from a range of sources in a variety of geographic locations and in a range of tenors is intended to enhance financial flexibility and limit funding concentration risk. However, the ability to transfer cash/liquid assets between entities is given thorough consideration. As mentioned later under “Liquidity Management”, the Bank’s liquidity management strategy promotes self-sufficiency of legal entities, most especially across borders.

In addition to the measures already taken in areas with elevated levels or risk, such as Syria, the Bank daily monitors its liquidity position in new markets. The Bank’s fund-raising ability in Turkey has been tested and found reliable in several instances during unsettled periods.


The Bank’s governance process is designed to ensure that its liquidity position remains strong at both entity and parent levels. The Asset-Liability Committee (“ALCO”) formulates and oversees the execution of the Bank’s liquidity policy at the level of each entity (which essentially lays down the Bank’s liquidity management strategy). The liquidity risk policy for identifying, measuring, monitoring, and reporting of liquidity risk, and the contingency funding plan are recommended by Risk Management, reviewed by ALCO, approved by the Executive Committee and finally ratified by the Board of Directors. Measurement, monitoring and reporting are performed for the most part by either Treasury or Risk Management, each of whom inform and may escalate to ALCO based on key risk indicators and both regulatory and internal limits.

Treasury is responsible for executing the Bank’s liquidity policy, as well as maintaining the Bank’s liquidity risk profile according to ALCO directives, all within the risk appetite set by the Board of Directors.

The parent Bank’s Treasury and Capital Markets division communicates with entity Treasury departments to ensure adequate liquidity conditions at the group level.

Liquidity Monitoring and Risk Appetite

Monitoring and setting of risk appetite for liquidity occur independently for each entity. Given the Bank’s operating environment, the Bank monitors liquidity adequacy in each currency separately, especially for significant currency positions.

The Bank employs a variety of metrics to monitor and manage liquidity. One set of analyses used by the Bank relates to the timing of liquidity sources versus liquidity uses (e.g., liquidity gap analysis). A second set of analyses focuses on ratios of funding and liquid assets/collateral (e.g., measurements of the Bank’s reliance on short-term unsecured funding as a percentage of total liabilities, as well as analyses of the relationship of short-term unsecured funding to highly-liquid assets, the loans-to-deposits ratio and other balance sheet measures).

The Bank performs liquidity stress tests as part of its liquidity monitoring. The purpose is to ensure sufficient liquidity for the Bank under both idiosyncratic and systemic market stress conditions. They are produced for the parent and major bank subsidiaries.

Liquidity Management

Liquidity management at the parent level takes into account regulatory restrictions that limit the extent to which bank subsidiaries may extend credit to the parent and vice-versa, and to other non-bank subsidiaries. The Bank’s liquidity management strategy promotes self-sufficiency of legal entities, most especially across borders.

Although considered as a source of available liquidity, the Bank does not view borrowing capacity at central bank discount windows in the jurisdictions it operates in as a primary source of funding, but rather as a secondary one. In addition, the Bank holds high-quality, marketable securities available to raise liquidity, such as corporate and sovereign debt securities.

6.7. Market Risk Management

Market risk is defined as the potential loss in both on and off-balance sheet positions resulting from movements in market risk factors, such as foreign exchange rates, interest rates and equity prices.

The Bank maintains low appetite to market risk stemming from changes in equity prices and foreign exchange rates. However, operations in Turkey open revenue-generating opportunities from trading activities in FX and interest rates which the Bank is willing to make use of. Exposure is currently still very low relative to banks in the Turkish market.

The Bank’s main exposure to changes in FX rates at year-end 2013 mainly stems from its structural FX positions resulting from its equity investments in banking subsidiaries in currencies that cannot be hedged against, except for the Turkish Lira where derivatives can be used.


“Interest Rate Risk in the Banking Book” arises out of the Bank’s interest-sensitive asset, liability and derivative positions. The mismatch in the repricing dates of these positions creates interest rate risk for the Bank which is inherent in its banking activities.

The sensitivity of net interest income to major currencies is listed below at the consolidated Group level:


It is important to note that interest rates on assets do not change in tandem with liability rates. The stickiness of customers' deposit rates in Lebanon, an observed phenomenon in the Lebanese market, has been incorporated in the above table. It has been quantified for the Lebanese USD customers’ deposit market whereby a relationship between changes in deposit rates has proven statistically reliable and reflects historical behaviour. For LBP, the estimated relationship is based on relatively recent history, which Management believes is more relevant in the current economic environment. The relationship, along with Senior Management’s view of current market dynamics, is incorporated for customers’ deposits in Lebanese entities only, whereas other entities are calculated on purely contractual terms. It is worth noting that the relationship also incorporates the lag in the response of deposit rate changes to changes in market rates.

The interest rate risk profile of the Bank is within acceptable bounds. The impact of a fall in USD rates (50 bps) as indicated above, constitutes less than 1% of net interest income for the Group. In LBP, the stated rate (100 bps) increase takes away a mild less than 1% of net interest income as well.

Using the same method above, a shock of +3% on TRY interest rate sensitive positions affects net interest income by nearly -4.8%. On a separate note, the Turkish regulator imposes a limit for 5% and 2% shocks on TRY and FX interest sensitive balance sheets of banks in Turkey respectively, to assess the change in the economic value of equity relative to capital. The Bank’s end of year 2013 position was at 12.9%, well within the limit of 20%.