Download PDF
Download PDF
Download PDF



The Group is exposed to various types of risks, some of which are:
  • Credit risk: the risk of default or deterioration in the ability of a borrower to repay a loan.
  • Market risk: the risk of loss in balance sheet and off-balance sheet positions arising from movements in market prices. Movements in market prices include changes in interest rates (including credit spreads), exchange rates and equity prices.
  • Liquidity risk: the risk that the Group cannot meet its financial obligations when they come due in a timely manner and at reasonable cost.
  • Operational risk: the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
  • Other risks faced by the Group include concentration risk, reputation risk, legal risk and business/strategic risk.

Risks are managed through a process of ongoing identification, measurement monitoring, mitigation and control and reporting to relevant stakeholders. The Group ensures that risk and rewards are properly balanced and in line with the risk appetite that is approved by the Board of Directors.


The Board of Directors (the Board) is ultimately responsible for identifying and setting the level of acceptable risks to which the Group is exposed, and as such, defines the risk appetite for the Group. In addition, the Board approves risk policies and procedures. Periodic reporting is made to the Board on existing and emerging risks in the Group. A number of Management committees and departments are also responsible for various levels of risk management, as set out below.


The role of the Board’s Group Risk Committee (BGRC) is to oversee the risk management framework and assess its effectiveness, review and recommend to the Board the Group risk policies and risk appetite, monitor the Group risk profile, review stress tests scenarios and results, and provide access for the Group Chief Risk Officer (CRO) to the Board. The BGRC meets at least every quarter in the presence of the Group CRO.


The mandate of the Group Executive Committee is to support the Board in the implementation of its strategy, to support the Group CEO in the day-to-day management of the Group, and to develop and implement business policies for the Group and issue guidance for the Group within the strategy approved by the Board. The Executive Committee is involved in reviewing and submitting to the Board the risk policies and risk appetite.


The Asset Liability Committee (ALCO) is a Management committee responsible in part for managing market risk exposures, liquidity, funding needs and contingencies. It is the responsibility of this committee to set up strategies for managing market risk and liquidity exposures and ensuring that Treasury implements those strategies so that exposures are managed in a manner consistent with the risk policy and limits approved by the Board.


All risk management processes are independently audited by the Internal Audit department at least annually. This includes the examination of both the adequacy and effectiveness of risk control procedures. Internal Audit discusses the results of its assessments with Management and reports its findings and recommendations to the Board’s Audit Committee.


Risk Management is a function independent from business lines and headed by the Chief Risk Officer. The function has the responsibility to ensure that risks are properly identified, measured, monitored, controlled, and reported to heads of business lines, Senior Management, ALCO, the Board Risk Committee and the Board. In addition, the function works closely with Senior Management to ensure that proper controls are set in order to mitigate risks. The Risk Management function at the Group level has the responsibility of drafting risk policies and principles for adoption at the entity level. In addition, it is in charge of monitoring and aggregating risks across the Group.


The primary drivers behind monitoring and controlling risks are the Risk Appetite and Limits approved by the Board. These limits reflect the business strategy and market environment of the Group, as well as the level of risks that the Group is willing to accept.

Risk Appetite and Limits are formalised in a document which is reviewed by the Executive Committee and the Board Group Risk Committee and approved by the Board. This document comprises qualitative and quantitative statements of risk appetite that include limits by asset quality and concentration.

Information independently compiled from all business lines and risk-taking units is examined and processed in order to identify and measure the risk profile. The results are reported and presented on a regular basis to Management and to the Board.