SANASA Development Bank PLC

Integrated Annual Report 2023

Risk Management and Corporate Governance

Risk Management

Approach to Risk Management

SDB comprehend the importance of risk management across every aspect of our business operations and has taken a proactive approach to establish risk controls to minimise the risks that can impact Bank’s continued growth. In this regard, we have implemented an Integrated Risk Management Framework clearly defining our governance structure, policies, processes, and procedures that are in place to manage risks that impact our profitability and financial standing. This framework continues to serve the Bank in foreseeing the potential risks thereby taking appropriate measures to evade risks in the current volatile macroeconomic backdrop.

The Board of Directors hold the responsibility for managing risks guiding in formulating policies and setting the risk parameters. The Board of Directors have delegated the oversight of the risk management to the Board Integrated Risk Management Committee (BIRMC) which comprises of Independent and Non-Executive Directors.

The Executive Integrated Risk Management Committee (EIRMC) holds the responsibility for implementing the risk management framework and reviews the Bank’s credit, market, liquidity, and operational risk indicators as well as its internal capital adequacy levels. The Chief Risk Officer reports to the EIRMC and the BIRMC.

The Banks’ Risk Management Framework (IRMF) consists of all the elements set out by the Bank to attain the general objectives of risk management which comprises of;

Integrated Risk Management Framework is setting the ground rules for the Risk Management Framework, including, without limitation, risk governance, Risk Appetite guidelines, definition of the risk management processes, as well as Risk Management policy documentation and reporting guidelines. The IRMF is also catering for risk categories not captured by risk specific policies. All the other components of the RMF shall be developed consistently with the principles set out in the IRMF.
Risk Governance lays down the main roles and responsibilities, including levels of authority and reporting lines, of all key stakeholders involved in Risk Management. The Governance elements of the RMF are documented under IRMF (see next section)
Risk Appetite, Strategy and ICAAP defines the risk strategy of that the Bank in terms of risks the Bank wishes to assume, clear boundaries for each material risk type, integration of risk planning with business planning through ICAAP. Detailed description of governance, processes, methodologies pertaining to Risk Appetite and ICAAP shall be documented in dedicated policies.
Specific Risk Management Policies and Processes are defined for credit, market & ALM risks, operational risk, and ESG risk following principles set out in the IRMF. All these policies are standalone documents that govern specific segments of the RMF.
Risk Management Infrastructure consists of all the resources deployed by the Bank to carry out the provisions set out in the risk management policies and procedures, including without limitation, people, systems, data, models and methodologies.
Day to day Risk Management Activities are the risk policies and procedures in action carried out by all relevant stakeholders.

The Bank has put in place the following policies in supporting risk management;

Integrated Risk Management Policy
Credit Risk Management Policy
Operational Risk Policy
Asset & Liability Management Policy
Investment Policy
IT Security Policy
Compliance Policy

Risk Environment in 2022

While risk exposures shown above are to a great degree controllable by the Bank, there are external factors, the outcomes of which, the Bank is unable to influence. Given the environment in which a bank operates, economic conditions in the country, government policy, regulatory changes and climate change are some of those aspects which can have an effect on the Bank’s profitability and ability to comply with laws and regulations.

The financial year under review was confronted with heightened macroeconomic uncertainties that resulted in economic contraction recording a negative growth rate. The shortage of foreign exchange and the intensifying economic crisis contributed to the economic contraction leading to a contraction of all key sectors including power outages, fuel shortages, lack of raw material, and increasing cost of production and price hikes in both the local and international markets. The instability of the political environment during the early to mid-part of the year stemming from public demonstrations, changes in the political leadership and government had knock-on effects on the banking industry as a whole.

In this milieu, we remain alert to different risks affecting our operations and developed an overall risk profile for the Bank. Based on the risk profile, we continued to improve our risk management framework and practices to consolidate its ability to abate such downside risks while capitalising on growth opportunities. During the period, a key risk concern remained the risks associated with potential credit portfolio stress in the context of moratorium phaseout for COVID-impacted borrowers. The increased digitisation of our banking systems and processes had increased the potential risk of IT and Cyber security risks.

Key Highlights during 2022

We increased the frequency of the BIRMC meetings and had monthly meetings commencing from mid of the year under review to have more focused and proactive risk monitoring and management in light of increased uncertainty in the macro economy.
We expanded the Capital Adequacy Assessment Process with additional safeguards and additional calculation methods to strengthen risk management stress testing.
In light of the elevated risks and lower risk appetite in the market, we set up appropriate credit portfolio strategies including more prudent underwriting standards with more focus on net positive risk segments and products.
We setup a dedicated Remedial and Rehabilitation unit to support the revival of stressed borrowers due to the macroeconomic factors. In this light we have further streamlined the credit portfolio monitoring with dedicated officers assigned to remedial actions in the branch network with more attention and focus on the rehabilitation and revival of the borrowers.
We initiated a review and revalidation of the impairment models in line with the expected credit stresses and took on additional impairments through management
Strengthening of the application and behavioural risk scoring methodologies
We were more prudent in managing the banks liquidity profile while carrying sufficient liquidity buffers and positions to safeguard the bank with the market liquidity was tight. We gave more priority in retaining and growing the deposits within reasonable cost.
Instituted the Environment, Social and Governance (ESG) risk concerns into our risk framework considering the increased investor deliberation of ESG risks and our response to them.
We continue to implement appropriate strategies to handle operational risk and IT and Cyber security incidents.

Risk Governance

SDB's risk governance structure is based on the three lines of defence model that separate risk oversight. All material risks as defined in the IRMF shall be based on the principle of three lines of defence:

1st line of Defence: Branches, Business and Support Units shall be the primary risk owners and risk takers being responsible to manage risk exposures on a day-to-day basis through controls embedded at business process level or specialized back office functions.
2nd Line of Defence: The Risk Management Division as an independent function headed by the CRO. The CRO has direct access to the BIRMC without impediment and reporting functionally to the BIRMC and administratively to the CEO. Compliance is the other independent function headed by the Compliance Officer and with similar reporting line of CRO. One of the key roles of the Risk Management Division under the 2nd line of defence is to ensure that the 1st line adequately applies and complies with risk and control policies and standards and to provide independent oversight of the risk profile of the Bank. On the other hand, the function of the Compliance is to ensure that the 1st line is conducting the respective operations in accordance with industry laws and regulations, internal policies and best practices.
3rd line of Defence: Specific to Risk Management, the Internal Audit Department is responsible to assess compliance and adherence to Risk Management Policies and Procedures on an ongoing basis and provide an independent assurance of the robustness of the Risk Management framework, processes and methodologies.

Risk Culture

We have inculcated a risk awareness culture across the organisation continually carrying out training programs for the same. The staff were trained on early detection of credit quality deterioration, operational risk reporting and data capture functions that consist of several mandatory trainings for all employees. In addition, a risk reporting process at multiple levels in the organisation lends weight to its importance in the functions of the Bank.

Risk Appetite

Risk appetite refers to the amount of risk the Bank is willing to take in achieving its strategic objectives and ensuring the maintenance of the desired risk profile. Hence, we have established the risk appetite of the Bank through a clear set of indicators, with limits and triggers, relating to the key risks the Bank is exposed to. These guidelines are reviewed and updated regularly by the Board of Directors in keeping with the evolving developments, strategic objectives, and the corporate plan for the year.

		Limit	Dec22
	Credit Risk
1	Single Borrower Limit	10%	5.03%
2	Group Borrower Limit	15%	3.85%
	Liquidity and Solvency
3	Liquid asset ratio	>20%	23.51%
4	Liquidity Coverage Ratio	>100%	191.22%
5	Net Stable Funding Ratio	>100%	241.61%
6	Capital Adequacy Ratio Operational Risk	>12.5%	15.37%
7	Operational Losses	<0.25%	Nil
8	Fraud Cases		Nil

Risk Reporting

We regularly report those factors relating to the exposures we have identified by sending reports to the Board of Directors, the relevant department heads, EIRMC and the BIRMC by the Chief Risk Officer.

Risk Exposure	Risk Reports
Credit Risk	Stage wise, PaR Models and DPD wise portfolio analysis on Products, Geography, and Sectors
Market Risk	Impact on interest rate shifts on Bank’s Economic Value of Equity and Net Interest Income Approaches
Liquidity Risk	Asset & Liability and Liquidity Risk validation via - Stock Approach, Maturity Gap Analysis - Static approach and Maturity Gap Analysis - Behavioural/Dynamic approach
Operational Risk	Assessment of operational loss events, Key Risk Indicators and RCSA process reporting
Strategic and Reputational Risk	Reporting of actual against forecasted performances, monitoring and update of reputational risk scenarios bank is exposed to. Scorecard based questionnaire assessments
IT and Cyber Security Risk	Updates on the existing security levels of the bank, regular monitoring outcomes and way forward
ESG Risk	Validation of the adherence to the Environmental and Social Due Diligence requirements on transaction and portfolio levels.

Risk Profiling

We establish our key risks through a review process that analyses the risks encountered by SDB, in relation to our strategy and longterm aspirations, reputation and delivery of business plans, in the context of the external and internal environment. Internal risks are managed systematically on a proactive basis while external risks are monitored on an ongoing basis to assess potential impacts on our operations.

Stress Testing

The Bank conducts regular stress testing to identify potential impacts of the fluctuations in market variables and other risk factors could have on the Bank’s risk profile. Stresses in the Bank’s credit, market, and liquidity are evaluated with reference to capital and earnings positions. The Board Integrated Risk Management Committee (BIRMC) conducts regular reviews of the stress testing outcomes, including the major assumptions that underpin them.

Risk Exposure	Stress Scenario
Credit Risk	Increased Shifts in Staging and the respective provisioning, decrease in collateral values,
Credit Concentration Risk	Increase in HHI under stress – Name, Product and Sector Concentrations
Interest Rate Risk	Immediate impact of changes in interest rates on Bank’s earnings through changes in its Net Interest Income (NII)-using the EVE and EAR methodologies
Liquidity Risk	Impact on the liquidity and profitability ascertained via stress testing on Withdrawal of higher % of the deposits, Rollover of loans/ deferment of loan repayment, Increase in funding cost at stressed situations
Forex Risk	Change in the value of Foreign exchange in adverse direction
Overall Credit Quality Deterioration	Increase in Staging along with Credit Concentration Risk - HHI
Financial Crisis	Multifactor stress considering all the above stress scenarios

Credit Risk

The Bank’s core business model requires the extension of credit to individuals and businesses to enable them to fund their occupations and other personal needs. Credit risk relates to the potential losses that can arise when customers are unable to discharge their obligations for the repayment of loans and advances taken by them.

Risk response: The Board Credit Committee is charged with the responsibility of implementing the Bank’s credit risk management framework. A Board-approved Credit Risk Management policy outlines the responsibilities, tools and techniques for credit risk identification, measurement, mitigation and management. Other key aspects of the Bank’s credit policy include pre-credit sanctioning criteria, delegated approval authority, due diligence, collateral management and post-credit monitoring. The framework is reviewed and updated regularly based on evolving best practices as well as emerging risks and opportunities.

Credit Risk Performance during 2022

Index	Product	Dec 22
		Amortized Cost				Cumulative Impairement				Cover Ratio
		Total	Stage 1	Stage 2	Stage 3	Total	Stage 1	Stage 2	Stage 3	Total%	Stage 1%	Stage 2%	Stage 3%
1	Personal Loans -Floating Rate	25,073.31	22,120.75	800	2,152.48	862.8	199.9	139.03	523.85	3.44%	0.90%	17.38%	24.34%
2	Upahara Loans	24,607.18	24,048.12	137	422.10	90.9	8.2	4.51	78.24	0.37%	0.90%	17.38%	24.34%
1	Personal Loans -Floating Rate	25,073.31	22,120.75	800	2,152.48	862.8	199.9	139.03	523.85	3.44%	0.90%	17.38%	24.34%
1	Personal Loans -Floating Rate	25,073.31	22,120.75	800	2,152.48	862.8	199.9	139.03	523.85	3.44%	0.90%	17.38%	24.34%

Index	Product	Dec-22
		Amortized Cost				Cumulative Impairement				Cover Ratio
		Total	Stage 1	Stage 2	Stage 3	Total	Stage 1	Stage 2	Stage 3	Total %	Stage 1 %	Stage 2 %	Stage 3 %
1	Personal Loans -Floating Rate	25,073.31	2,120.75	800	2,152.48	862.8	199.9	139.03	523.85	3.44%	0.90%	17.38%	24.34%
2	Upahara Loans	24,607.18	24,048.12	137	422.10	90.9	8.2	4.51	78.24	0.37%	0.03%	3.29%	18.54%
3	SME	16,707.17	8,586.64	2,723	5,397.32	2,876.1	373.6	510.97	1,991.55	17.21%	4.35%	18.76%	36.90%
4	Jawaya Loans	13,557.78	12,837.07	219	502.15	96.1	12.6	6.70	76.82	.71%	0.10%	3.06%	15.30%
5	Cash Margin	11,770.37	11,442.45	233	95.01	8.7	8.3	-	0.47	0.07%	0.07%	0.00%	0.49%
6	Lease	8,236.39	4,467.85	2,063	1,705.07	739.3	94.5	151.59	493.23	8.98%	2.11%	7.35%	28.93%
7	Gold Loans	5,820.85	5,597.78	45	178.20	10.5	9.2	0.17	1.13	0.18%	0.16%	0.37%	0.63%
8	Staff Loans	2,046.49	2,038.24	5	3.43	5.1	-	-	5.07	0.25%	0.00%	0.00%	147.81%
9	Housing	3,165.16	1,632.91	572	959.86	597.3	77.3	120.51	399.44	18.87%	4.73%	21.05%	41.61%
10	Cooperative Loans	2,056.44	1,246.04	114	696.24	292.1	14.4	11.21	266.45	14.20%	1.16%	9.82%	38.27%
11	Personal Loans -Fixed Rate	1,476.24	1,234.13	69	173.01	72.2	10.8	10.95	50.44	4.89%	0.87%	15.85%	29.15%
12	Business/Corporate	987.31	885.43	-	101.88	77.9	29.9	-	47.93	7.89%	3.38%	0.00%	47.05%
13	Uththamavi Loans	582.02	561.21	-	20.81	10.9	0.9	-	10.00	1.87%	0.16%	0.00%	48.04%
14	Consumption Purpose Loans	215.50	107.29	40	68.29	58.7	7.0	13.44	38.27	27.22%	6.48%	33.67%	56.04%
15	Group Loans	17.57	0.55	-	17.02	5.9	0.0	-	5.90	33.61%	0.70%	0.00%	34.67%
	Total	116,319.76	96,806.67	7,020.45	12,492.87	5,795.4	837.5	969.08	3,988.78	4.98%	0.87%	13.80%	31.93%

Concentration Risk

Concentration risk is the potential for a loss in value of the loan portfolio when an individual or group of exposures move together in an unfavourable direction. The implication of concentration risk is that it can generate such a significant loss when recovery is unlikely. The exposures can be geographical or sector-wise.

Risk response: The credit risk management of the Bank maximise a Bank’s risk-adjusted rate of return by maintaining credit risk exposure within acceptable parameters. We have set risk concentration limits for which the portfolio balances are monitored. These risk limits takes in to account prudent limits based on product type, geographical distribution, single and group borrower limits. The portfolio performance are reviewed at Board Credit Committee and the BIRMC and appropriate mitigants are proposed.

Market Risk

Market risk refers to the risk of losses in the Bank’s trading book due to changes in equity prices, interest rates, credit spreads, foreign exchange rates, commodity prices, and other indicators whose values are set in a public market.

Interest Rate Risk is the risk exposure relating to interest rate changes in the trading portfolio of Government securities, and other investment securities.

Risk response: The Bank has set limits for trading book exposures and is marked to market and measured against the set limits. The Bank carries only a limited trading book with majority of the investment portfolio is held for maturity (HTM). The bank is aware of the implications on its HTM portfolio in light of potential domestic debt restructurings that could materialize with the IMF bailout package and the resultant activities for debt sustainability initiatives.

Foreign exchange rate risk is the possibility of an adverse impact on the Bank's capital or earnings due to fluctuations in the market exchange rates. This risk arises due to the holding of assets or liabilities in foreign currencies. The Bank holds two-dollardenominated FDs with the Bank of Ceylon. These two deposits have been placed from the proceeds from the Subordinated Term Loan of USD 8 Mn received from the Belgian Investment Company for Developing Countries (BIO) and USD 40 Mn, an unsecured senior term loan received from the United States International

Development Finance Corporation (DFC). To mitigate the foreign currency risk, without converting these into Sri Lankan Rupees (LKR), these two loans are kept as two Fixed deposits, matching the dollar repayment schedule of the lender with Bank of Ceylon. The Bank borrows LKR term loans on the strength of dollar deposits, which is used to finance its loan portfolio growth, which can be repaid from the Bank's LKR collection and all dollar borrowing interest repayments can be serviced from USD fixed deposit interest and capital repayment can be made from USD fixed deposit maturity proceeds. This synthetic hedging structure enables the bank to operate smoothly under more volatile economic conditions. Other than these two foreign currency denominated FDs and borrowings, the Bank does not have any exposure to foreign currency in terms of assets and liabilities as of 31st December 2022.

Liquidity Risk

Liquidity risk relates to the possibility that the Bank is unable to meet its financial obligations by settling them in cash or being able to convert a security or hard asset to cash without a loss of capital and/ or income in the process.

Risk response: The Assets and Liabilities Management Committee (ALCO) is responsible for managing the Bank’s liquidity risk. The Committee regularly reviews the Bank’s cash flow positions, projections, funding capabilities and pricing decisions to ensure internal targets and regulatory liquidity requirements are met.

Liquidity Risk Performance during 2022

	As at 31 December 2022
	Less than 7 days LKR	7-30 days LKR	1-3 months LKR	3-12 months LKR	1-3 years LKR	3-5 years LKR	Over 5 years LKR	Total LKR
Financial assets
Cash and cash equivalents	3,072,845,490	-	-	-	-	-	-	3,072,845,490
Investments	2,057,492,243	4,308,405,542	7,293,004,926	13,083,065,170	9,566,478,649	7,335,248,910	506,996,539	44,150,691,978
Loans and receivables to other customers	2,424,254,345	3,933,917,651	3,665,695,179	21,882,547,043	15,534,016,083	9,465,392,844	63,405,598,322	120,311,421,467
Total financial assets	7,554,592,078	8,242,323,193	10,958,700,105	34,965,612,212	25,100,494,732	16,800,641,754	63,912,594,861	167,534,958,936

Financial liabilities
Due to other customers	2,791,264,156	4,705,099,291	14,150,963,082	58,764,378,004	19,940,652,527	6,460,392,739	3,465,633,803	110,278,383,602
Other borrowings	-	5,289,599,022	3,592,854,813	8,163,146,247	11,773,889,720	4,907,011,731	2,370,250,672	36,096,752,204
Debt securities issued	-	-	-	-	-	-	-	-
Subordinated term debts	-	-	45,148,334	712,025,446	3,934,667,241	-	-	4,691,841,021
Total financial liabilities	2,791,264,156	9,994,698,313	17,788,966,229	67,639,549,697	35,649,209,488	11,367,404,470	5,835,884,475	151,066,976,827

Net financial assets/(liabilities)	4,763,327,922	(1,752,375,119)	(6,830,266,124)	(32,673,937,483)	(10,548,714,755)	5,433,237,284	58,076,710,386	16,467,982,108

Interest Rate Risk

Interest rate risk in the banking book (IRRBB) refers more generally to the current or prospective risk to both Bank’s capital and earnings arising from adverse movements in interest rates, which affect the Banks’ banking book exposures.

Risk response: The Assets and Liabilities Management Committee (ALCO) is responsible for monitoring the Bank’s IRRBB exposure. It reviews the impact of interest rate risk on the banking book as well as net interest margin, funding mismatches and the cumulative rate-sensitive gap. The Committee also undertakes stress tests on the net interest margin (NIM) and the equity, under different interest rate scenarios. A comprehensive set of policies is in place to govern all aspects of market risk. These policies are reviewed and updated regularly in view of emerging market risks.

	Interest rate sensitivity assets and liabilities as at 31 December 2022
Asset or liability	Carrying Amount LKR	On Demand LKR	1-3 Months LKR	3-12 Months LKR	Over 1 Year LKR	Non interest Sensitive LKR	Total LKR
Asset or liability	Cash and cash equivalents	3,072,845,490	1,545,567,378	-	-	-	1,527,278,112	3,072,845,490
Placements with banks	18,205,195,883	785,512,417	1,335,574,868	2,285,627,733	13,798,480,865	-	18,205,195,883
Financial assets fair value through profit or loss	1,905,738,326	296,448,184	296,448,184	1,312,841,958	-	-	1,905,738,326
Loans and receivables to other customers	110,525,450,192	5,486,917,284	3,163,388,195	18,884,000,882	82,991,143,832	-	110,525,450,192
Debt and other instruments	19,819,735,716	4,021,065,706	4,850,572,850	10,320,191,454	627,905,707	-	19,819,735,716
Interest bearing assets	153,528,965,609	12,135,510,969	9,645,984,097	32,802,662,027	97,417,530,404	1,527,278,112	153,528,965,609

Due to other customers	107,533,001,772	7,204,797,132	13,585,939,041	56,631,430,681	30,110,834,919	-	107,533,001,772
Other borrowings	30,704,547,675	1,183,076,116	2,799,093,353	7,289,428,088	19,432,950,117	-	30,704,547,675
Debt securities issued	-	-	-	-	-	-	-
Subordinated term debts	5,055,590,136	88,479,814	187,894,232	110,652,151	4,668,563,939	-	5,055,590,136
Interest bearing liabilities	143,293,139,583	8,476,353,062	16,572,926,626	64,031,510,920	54,212,348,975	-	143,293,139,583

Interest rate sensitivity gap	10,235,826,023	3,659,157,907	(6,926,942,529)	(31,228,848,892)	43,205,181,429	1,527,278,112	10,235,826,025

Operational Risk

Operational risk is the potential loss resulting from inadequate or failed internal processes, people and systems or from external events.

Risk response:The risk department together with operations units administer the evaluation, to define operational risk parameters, of all key business units on their exposure. This is a mechanism that enables business units to identify and assess their risks and introduce measures to improve risk control. The Bank also maintains an Operational Risk Loss Data Base in line with Basel guidelines. Processes are also in place to capture all operational loss events which are then categorised in accordance with the guidelines.

It Risks

IT risk is the business risk associated with the use, ownership, operation, and adoption of IT within the Bank. IT risks are part of the overall operational risks due to IT-related events such as system interruptions/failures, errors, frauds through system manipulations, cyber-attacks, and obsolescence in applications. With the high adoption of IT-related business models and digital channels, there are heightened risks and emerging risks associated with IT. There are challenges to identifying and quantifying the uncertainty of the likelihood of occurrence and the impact or magnitude of IT-related risk incidents.

Risk response:The Bank has developed policies and procedures for the management of IT risks which would be implemented to ensure that the Bank is not exposed to undue risks. IRMD has used the Risk & Control Self-Assessment (RCSA) for IT risk identification and assessment and would continuously track and monitor the potential risk incidents and the control effectiveness. Results of independent audit findings (both internal and external), analysis of information security incidents, external loss data and information are also employed for IT risk identification and assessment purposes. Regular risk reporting is done to the EIRMC and BIRMC on IT-related risks.

Legal Risks

Legal risk is the risk of financial or reputational loss that can result from lack of awareness or misunderstanding of, ambiguity in, or reckless indifference to, the way law and regulation apply to your business, its relationships, processes, products and services.

Risk response:All legal documents executed on behalf of the Bank are vetted by the Legal Department of the Bank. Services of external lawyers are obtained whenever required. Internal processes described in previous sections, relating to compliance with regulatory provisions, are in place to mitigate potential losses and harm to the Bank.

Strategic Risk

Strategic risk relates to the possibility that the strategic direction the Bank is taking does not lead to the desired outcome or results in losses. This may be due to external or internal factors which are responded to inadequately or ineffectively.

Risk response:SDB bank in formulating its medium-term strategic plan has put in place performance indicators and set milestones in terms of achieving the required outcomes. The Board of Directors plays an active role in adopting relevant policies, monitoring progress through several reporting formats and helping the Bank maintain its focus on the end goals.

Reputational Risk

Risk response:Events that could lead to reputational risk are closely monitored, utilising an early warning system that includes inputs from frontline staff, media reports, and internal and external market survey results. Though all policies and standards relating to the conduct of the Bank’s business have been promulgated through internal communication and training, a specific policy was established to take action in case of an event which may affect the reputation. The Bank has zero tolerance for knowingly engaging in any business, activity, or association where foreseeable reputational damage has not been considered and mitigated. While there is a level of risk in every aspect of business activity, appropriate consideration of potential harm to the Bank’s good name is a part of all business decisions.

The complaint management process and the whistle-blowing process of the Bank include a set of key tools to recognize and manage reputational risk. Based on the operational risk incidents, any risks which could lead to reputational damage are presented to the Board and suitable measures are taken by the Bank to mitigate and control such risks.

Compliance Risk

Compliance from a banking perspective can be defined as acting in accordance with a law, rule, regulation or a standard. Basel Committee on Banking Supervision in 2005 defines “compliance risk” as “the risk of legal or regulatory sanctions, material financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with laws, regulations, rules related self-regulatory organisation standards, and Codes of Conduct applicable to its banking activities”.

Risk response:Bank's governing principles on compliance ensure that compliance starts from the top, emphasising standards of honesty and integrity and holding itself to high standards when carrying on business at all times striving to observe the spirit as well as the letter of the law. Further, it sets compliance as an integral part of the Bank’s business activities and part of the culture of the Organisation and at all times will be observing proper standards of market conduct, managing conflicts of interest, treating customers fairly, and ensuring the suitability of customer advice. The Compliance Governance Structure of the Bank has been set up to manage the compliance risk of the Bank independently.

The Compliance Officer independently reports to the Board Integrated Risk Management Committee through which the Board of Directors of the Bank are updated on compliance matters frequently. The Bank’s Board of Directors are responsible for overseeing the management of the Bank’s compliance risk. Accordingly, the Board has delegated its powers to the Board Integrated Risk Management Committee which takes appropriate action to establish a permanent, independent and effective compliance function in the Bank, ensuring that compliance issues are resolved effectively and expeditiously by the Senior Management of the Bank with the assistance of the compliance function and assess the extent to which the Bank is managing its compliance risk effectively. The Bank’s Corporate/ Senior Management is responsible for the effective management of the Bank’s compliance risk and an independent robust compliance culture has been established within the Bank with processes and workflows designed with the required checks and balances to facilitate compliance. The compliance function works closely with the business and operational units to ensure consistent management of compliance risk. The Compliance Policy defines how this key risk is identified, monitored and managed by the Bank in a structured manner. The Bank's culture and the Code of Ethics to play a key role in managing this risk.