THIS REPORT FORMS PART OF DBS’ AUDITED FINANCIAL STATEMENTS, EXCEPT FOR SECTIONS MARKED WITH AN ASTERISK.
RISK MANAGEMENT APPROACH
The Group sees strong risk management capabilities as vital to the success of a well-managed bank. The Risk Management Group (RMG) function is the central resource for driving such capabilities in DBS.
The key components of DBS’ risk management approach are: strong risk governance and culture; robust and comprehensive processes to identify, measure, monitor, control and report risks; sound assessments of capital adequacy relative to risks; and a rigorous system of internal control reviews involving internal auditors and other internal control units as well as external auditors.
Under the Group’s risk management framework, the Board of Directors, through the Board Risk Management Committee (BRMC), sets risk appetite, oversees the establishment of robust enterprise-wide risk management policies and processes, and sets risk limits to guide risk-taking within the Group.
The Chief Risk Officer (CRO) has been appointed to oversee the risk management function. The CRO is a member of the Group Executive Committee and has a dual reporting line to the CEO and to the Board which is also responsible for the appointment, remuneration, resignation or dismissal of the CRO. Working closely with the established risk and business committees, the CRO is responsible for the following:
- Management of the risks in the Group including developing and maintaining systems and processes to identify, approve, measure, monitor, control and report risks;
- Engagement of senior management on material matters relating to the various types of risks and development of risk controls and mitigation processes;
- Ensuring the effectiveness of risk management and adherence to the risk appetite established by the Board.
To provide risk oversight, senior management committees are mandated to focus on specific risk areas. These oversight committees are the Risk Executive Committee, the Product Approval Committee, the Group Credit Risk Committee, the Group Market and Liquidity Risk Committee, the Group Credit Policy Committee and the Group Operational Risk Committee. Other committees include Group Capital Committee as well as the Fair Dealing Committee.
The Risk Executive Committee is responsible for the oversight of various risks (including credit, market, liquidity, operational and reputational risks) and overall risk architecture, direction and priorities of the Group. It is also responsible for approval of core risk policies and allocation of risk limits.
DBS RISK CULTURE*
The risk culture in DBS is defined by the tone being set from the top. This is largely incorporated in the Group's defined business strategy, Risk Appetite Statement, accountability, reporting lines, remuneration structure and escalation processes. The combination of these items defines the Group's risk tolerance and ensures the Group stays within that risk tolerance.
Business Strategy: As an Asian commercial bank, the Group has clearly defined the arena to be active in. Therefore banking transactions need to fit the Group's strategic intent. For credit risk, this intent is laid down in the various Target Market and Risk Acceptance Criteria that outline in which areas the Group wishes to be active and what risks deem to be acceptable within those areas. For market risk, the Group has defined mandates for the trading and banking books to ensure the positions stay within the stated intent.
Risk Appetite Statement: The Board has established an overall risk appetite which is supervised by the BRMC. This risk appetite guides Management in the pursuit of the Group’s strategy and business plans. This is encapsulated in a formal risk appetite statement which considers external credit rating, capital adequacy, earnings and value volatility and the various risk types including but not limited to credit risk, country risk, market risk, liquidity risk, operational risk and reputational risk.
Portfolio risk limits for the quantifiable risk types are established through a top down approach and operationalised through a formal framework. Other significant risk aspects are guided by qualitative expression of principles.
Accountability: The Group has three lines of defence where it comes to risk taking where each line of defence has a clear responsibility. Working closely with the support functions, the first line of defence is the front office that has a clear responsibility for risk in terms of identifying risks and reporting on any changes in the risk profile of the clients or positions. As a second line of defence, RMG and other control functions such as Group Compliance have their own responsibility for developing, overseeing and reporting on risk frameworks; in addition, RMG is responsible for identifying individual and portfolio risk, approve transactions and trades and ensure that they are within approved limits and monitor and report on the portfolio, taking into account current and future potential developments through stress testing. Finally Group Audit forms the third line of defence as a completely independent check to ensure adherence to approved policies and procedures.
Reporting Lines: In order to maintain independence, the risk managers report into the RMG, headed by the Group CRO and in the overseas locations, the local risk management head also has a reporting line to the country heads.
Remuneration Structure: As explained in page 64, the Group has a remuneration structure that takes into account its performance against various metrics contained in the balanced scorecard. This would ensure that the level of risk undertaken by the various businesses to achieve the Group's financial results remains prudent and appropriate. In addition RMG, Group Compliance and Group Audit advise the CEO in the bonus process on quantitative and qualitative risk issues in the various units as part of the variable remuneration decision making.
Escalation Process: The Group has in place a significant incident protocol that highlights processes and procedures for incidents according to the level of severity. In this way the Group endeavours that appropriate levels of management are made aware of these incidents and can take action accordingly. In addition a whistleblower process is in place to handle other types of incidents and protect the rights of the whistleblower in question.
TOP AND EMERGING RISKS*
In recognising top and emerging risks, the Group looks at both its major existing risk as well as new emerging risk.
As an Asian commercial bank with exposures across major Asian markets, the Group, in addition to global macro economic risk, is exposed to both country transfer risk and liquidity risk in its major markets.
Country Risk: DBS has a stated strategy to be a regional bank in Asia. Consequently the Group has large concentrations in a limited number of countries and those countries are correlated as well. Therefore a country risk event in the countries to which the Group has large exposures could have a major impact. This risk is mitigated by setting limits for the maximum exposure in each country. In addition the potential loss given transfer event is monitored on the basis of how the exposure is divided between short term and long term, trade and non-trade as well as wrong way risk. Based on the macro economic outlook, the country risk limits and exposures will be adjusted in order to stay within the Group's risk appetite.
Liquidity Risk: The Group is very liquid in its home currency (Singapore Dollar – SGD), given that it has a more than 50% market share of SGD sticky savings deposits and a SGD loan to deposit ratio of below 70%. Demand for non-SGD loans on the other hand, is mostly in US Dollar (USD). The Group converts its surplus SGD funds to USD for on-lending by way of swaps, that can have a shorter maturity than the USD loans. This exposes the Group to liquidity gapping risk, because it requires that its counterparties continue to be willing to roll-over their swaps with the Group. This liquidity risk is mitigated by setting a maximum limit on the gapping risk based on what should be available to the Group in the swap market. In addition the Group has undertaken actions to increase the size of its direct USD funding by more actively seeking funds from the wholesale deposit market, by improving the USD cash management services and by issuing Euro Commercial Paper and Medium Term Notes.
Financial Crime and Information Security: Fraud continues to be a risk for financial institutions particularly as criminals embrace the use of technology. The Group takes this threat seriously and has implemented a broad range of controls to identify and mitigate risk to customers and business. Traditional fraud such as card skimming and online fraud continue to present a risk for financial institutions globally. These risks are being mitigated in the main through the implementation of Europay, Mastercard and Visa (EMV) technology for card payments and multi factor authentication for online payments along with increased level of transaction monitoring. Physical security enhancements at point-of-sale terminals and self service banking facilities are also acting as a deterrent to skimming attacks.
Regulators globally continue to focus on anti-money laundering and counter-terrorism financing to safeguard the financial system. Singapore recently designated tax evasion as a predicate offence to money laundering placing greater onus on financial institutions to understand the source of customer monies. The Hong Kong Monetary Authority implemented the Anti- Money Laundering and Counter-Terrorist (Financial Institutions) Ordinance placing obligations on financial institutions operating in that jurisdiction.
The Group takes the issue of financial system integrity most seriously and has robust policies and procedures in place to ensure use of the bank's facilities only for legitimate purposes. Systems are in place to detect suspicious transactions and report such transactions to the appropriate authorities.
Regulatory Developments: The global regulatory landscape is evolving continuously. The Group remains vigilant in tracking international and domestic regulatory developments to ensure that it stays on top of these developments. New requirements are promptly disseminated to the respective action parties and, where applicable, embedded into the Group's processes and systems. Standards of compliance behaviour expected of all staff are reinforced through training sessions, briefings and other means of communication and dissemination. In addition, individuals who perform certain activities may be required to fulfil specific training and examination criteria.
The Group also recognises the importance on proactive engagement with regulators. Towards this end, the Group strives to build and maintain positive relationships with regulators that have oversight responsibilities in the locations where it operates.
The Group is concerned about increased regulatory initiatives around ring-fencing capital and liquidity in addition to the increased capital requirements. Both these developments will make the cost of capital higher and will result in less efficiency in freely deploying surplus capital and liquidity. At the end this cost will have to be borne by society at large and will result in downward pressure on economic activity on a global scale.
The RMG function is organised in different units responsible for credit risk, market and liquidity risk and operational risk.
Credit risk is the risk of loss resulting from the failure of borrowers or counterparties to meet their debt or contractual obligations. Exposure to credit risks arises from lending, sales and trading as well as derivative activities. Lending exposures are typically represented by the notional value or principal amount of on-balance sheet financial instruments. Financial guarantees and standby letters of credit, which represent undertakings that the Group will make payments in the event that a customer cannot meet its obligations to third parties, carry the same credit risk as loans even though they are of contingent nature. Documentary and commercial letters of credit, which are undertakings by the Group on behalf of a customer, are usually collateralised by the underlying shipments of goods to which they relate and therefore exhibit different risk characteristics from direct lending. Commitments to extend credit include unused portions of loan commitments, guarantees or letters of credit. The majority of unused commitments are contingent upon customers observing or meeting certain credit terms and conditions.
CREDIT RISK GOVERNANCE AND ORGANISATION
The oversight committee for credit risk is the Group Credit Risk Committee. This committee serves as an executive forum for discussion on credit trends and all aspects of credit risk management, including the identification, measurement, monitoring, mitigation and control processes. It also provides oversight of credit risk committees that are established in the key markets in which the Group operates. This structure ensures that key credit management decisions are effectively cascaded to the appropriate country, business and functional units.
CREDIT RISK MANAGEMENT FRAMEWORK AND CREDIT POLICIES
The Credit Risk Management Framework, approved by the BRMC, defines credit risk and the scope of its application; establishes the dimensions of credit risk; and provides a consistent Group-wide framework for managing credit risk across the Group.
An enterprise-wide Core Credit Risk Policy sets forth the principles by which the Group conducts its credit risk management activities. The policy ensures consistency in credit risk underwriting across the Group, and provides guidance in the formulation of business-specific and/or location-specific credit policies. The Core Credit Risk Policy is considered and approved by the Risk Executive Committee based on recommendations from Group Credit Policy Committee. The business-specific and/or location-specific credit policies are established to provide greater details on the implementation of the credit principles within the Core Credit Risk Policy and are adapted to reflect different credit environments and portfolio risk profiles.
Senior management sets the overall direction and policy for managing credit risk at the enterprise level. In so doing, it directs the risk appetite and underwriting activities for various countries, industries and counterparties taking into account factors such as prevailing business and economic conditions.
Retail exposures comprise mainly residential mortgages, credit cards, auto loans and other unsecured loans. Retail exposures are typically managed on a portfolio basis and assessed based on credit scoring models supplemented by risk acceptance criteria.
Wholesale exposures comprise sovereign, bank, corporate, corporate small business, specialised lending and securitisation exposures. Wholesale exposures are assessed using approved credit models, and reviewed and analysed by experienced credit risk managers taking into consideration the relevant credit risk factors. Credit extensions are proposed by the business unit and are approved by the credit risk function based on the business strategies determined by senior management.
TRADED PRODUCTS AND SECURITIES
Counterparty risk that may arise from traded products and securities is viewed similarly to loan exposures and included under the Group’s overall lending limits to counterparties. Issuer Default Risk that may arise from traded products and securities are generally measured based on Jump-to-default computations.
The Group actively monitors and manages its exposure to counterparties in over-the-counter (OTC) derivative trades to protect its balance sheet in the event of counterparty default. Counterparty risk exposures which may be materially and adversely affected by market risk events are identified, reviewed and acted upon by management and highlighted to the appropriate risk committees. In addition, the Group takes into account any strong relationship between the creditworthiness of a counterparty and the expected future replacement value of a relevant transaction (so called wrong way risk) during the risk onboarding process. The current exposure method is used for calculating the Group’s net credit exposure and regulatory capital for counterparty exposures, using the mark-to-market exposures with an appropriate add-on factor for potential future exposures.
INTERNAL CREDIT RISK MODELS*
The Group adopts rating systems for the different asset classes under Internal Ratings Based Approach (IRBA). There is a robust governance process for the development, independent validation and approval of a credit risk model. Credit risk models developed are validated by an independent risk unit in the Group to ensure they are fit for purpose. The models are placed through a rigorous review process prior to endorsement by the Group Credit Risk Committee and the Risk Executive Committee and have to be approved by the BRMC before use.
To ensure the adequacy and robustness of these rating systems on an ongoing basis, RMG – Credit Portfolio Analytics conducts performance monitoring on these rating systems and reports the results to the Group Credit Risk Committee, the Risk Executive Committee and the BRMC on a periodic basis. This process will highlight any material deterioration in the credit risk systems for management attention. In addition, an independent risk unit, RMG – Model Validation, conducts formal validation annually for each of the rating systems. The validation processes are also subject to an independent review by Group Audit.
The internal credit risk ratings produced by credit rating models are used to calculate the IRBA capital requirements. In addition, the ratings from the credit models are used as the basis to support the underwriting of credit, monitor the performance of the portfolios and determine business strategies.
The Group applies the supervisory Loss Given Default (LGD) estimate provided by the Monetary Authority of Singapore (MAS) for its Foundation IRBA portfolios. These supervisory LGD estimates are used in the computation of risk weights and regulatory capital calculations. For its Advanced IRBA portfolios, the LGD is estimated using internal models, and used in capital calculations and risk return assessments.
Exposure or Exposure at Default (EAD) is the sum of the on-balance sheet amount and/or credit equivalent of the off-balance sheet amount (multiplied by a credit conversion factor) determined in accordance with MAS Notice 637.
Retail Exposure Models
Retail portfolios are categorised into asset classes under the Advanced IRBA, namely residential mortgages, qualifying revolving retail exposures and other retail exposures, including vehicle loans extended to individuals.
Within each asset class, exposures are managed on a portfolio basis. Each account is assigned to a risk pool, taking into consideration factors such as borrower characteristics and collateral type. Loss estimates are based on historical default and realised losses within a defined period. The definition of default is applied at the level of a particular facility, rather than at the level of the obligor.
Business-specific credit risk policies and procedures including underwriting criteria, scoring models, approving authorities, frequency of asset quality and business strategy reviews, as well as systems, processes and techniques to monitor portfolio performance against benchmarks are in place. Credit risk models for secured and unsecured portfolios are used to update the risk level of each loan on a monthly basis, reflecting the broad usage of risk models in portfolio quality reviews in accordance with Basel II principles.
Wholesale Exposure Models
Wholesale exposures are assessed under the Foundation IRBA. The risk ratings for the wholesale exposures (other than securitization exposures) have been mapped to likely corresponding external rating equivalents. A description of the rating grades is provided in the table to give a qualitative explanation of the risk benchmarks.
Sovereign exposures are risk rated using internal risk rating models and guidelines in line with IRBA portfolios. Countryspecific macroeconomic risk factors, political risk factors, social risk factors and liquidity risk factors are reviewed objectively in the sovereign rating models to assess the sovereign credit risk in a disciplined and systematic approach.
Bank exposures are assessed using a bank rating model covering various credit risk factors such as capital levels and liquidity, asset quality, earnings, management and market sensitivity. The risk ratings derived are benchmarked against external credit risk ratings to ensure that the internal rating systems are well aligned and appropriately calibrated.
Large corporate credits are assessed using approved models and reviewed by designated credit approvers. Credit factors considered in the risk assessment process include the counterparty’s financial standing and specific non-quantitative factors such as industry risk, access to funding, market standing and management strength.
The counterparty risk rating assigned to smaller business borrowers is primarily based on the counterparty’s financial position and strength.
Credit ratings under the IRBA portfolios are, at a minimum, reviewed on an annual basis unless credit conditions require more frequent assessment. The counterparty risk rating process is reinforced by the facility risk rating system, which considers other exposure risk mitigants, such as collateral and third party guarantees.
A default is considered to have occurred with regard to a particular obligor when either or both of the two following events have taken place:
- Subjective default: Obligor is unlikely to pay its credit obligations in full, without recourse by the Group to actions such as realising security (if held).
- Technical default: Obligor is past due more than 90 days on any credit obligation to the Group.
This is consistent with the guidance provided under MAS Notice 637.
A description of the internal ratings used for the various portfolios is as follows:
Risk Grades Description
|Grade (ACRR)||Description of Rating Grade||Classification||MAS Classification||Equivalent|
|Taking into account the impact of relevant economic, social or geopolitical conditions, capacity to meet its financial commitment is exceptional||Exceptional||Passed||AAA|
|Taking into account the impact of the relevant economic, social or geopolitical conditions, capacity to meet its financial commitment is excellent||Excellent||Passed||AA+, AA, AA-|
|More susceptible to adverse economic, social, geopolitical conditions and other circumstances. Capacity to meet its financial commitment is strong||Strong||Passed||A+, A, A-|
|Adequate protection against adverse economic, social or geopolitical conditions or changing circumstances. More likely to lead to a weakened capacity of the obligor to meet its financial commitment||Good||Passed||BBB+/BBB|
|Relatively worse off than an obligor rated “4B” but exhibits adequate protection parameters||Satisfactory||Passed||BBB-|
|Satisfactory capacity to meet its financial commitment but capacity may become inadequate due to adverse business, financial, economic, social or geopolitical conditions and changing circumstances||Acceptable||Passed||BB+/BB|
|Marginal capacity to meet its financial commitment but capacity may become inadequate or uncertain due to adverse business, financial, economic, social or geopolitical conditions and changing circumstances||Marginal||Passed||BB-|
|Sub-marginal capacity to meet its financial commitment. Adverse business, financial, or economic conditions will likely impair the obligor’s capacity or willingness to meet its financial commitment||Sub-
|Low capacity to meet its financial commitment. Adverse business, financial, or economic conditions will likely impair the obligor’s capacity or willingness to meet its financial commitment||Special
|Vulnerable to non-payment and is dependent upon favourable business, financial, and economic conditions for the obligor to meet its financial commitment. Likely to have little capacity to meet its financial commitment under adverse conditions||Sub-
Grade 10 and Above
|An obligor rated ’10’ and above is in default (as defined under Basel II)||Default||Sub-Standard
Specialised Lending Exposures
Specialised lending IRBA portfolios, consisting of income producing real estate, project finance, object finance, hotel finance and commodities finance, adopt the supervisory slotting criteria specified under Annex 7v of MAS Notice 637. The supervisory slotting criteria guidelines under the supervisory rating categories are used to determine the risk weights to calculate the credit risk-weighted exposures.
The Group is not active in securitisation activities that are motivated by credit risk transfer or other strategic considerations.
The Group’s investments in securitised assets are accounted for using the principles of Financial Reporting Standards 39. Refer to Note 2.8 to the Financial Statements for the Group’s accounting policies on financial assets.
Where securitised assets are rated by external rating agencies, the Ratings-Based Method is used to calculate the risk weights of the exposures. The Group only accepts ratings from Standard & Poor’s, Moody’s and Fitch for such exposures.
The Group has processes in place to monitor the credit risk of the bank’s securitisation exposures.
Credit Exposures Falling Outside of Internal Credit Risk Models
The Group applies the Standardised Approach (SA) for portfolios which are individually immaterial in terms of both size and risk profile and for transitioning portfolios. These portfolios include:
- IRBA-transitioning retail and wholesale exposures
- IRBA-exempt retail exposures
- IRBA-exempt wholesale exposures
The transitioning retail and wholesale exposures are expected to transit to the Advanced IRBA and Foundation IRBA respectively over the next few years, subject to certification by MAS. In the meantime, the SA has been applied.
The portfolios under the SA are subject to the Group’s overall governance framework and credit risk management practices. Under this framework, the Group continues to monitor the size and risk profile of these portfolios and will look to enhance risk measurement processes should these risk exposures become material.
The Group uses external ratings for credit exposures under the SA, where relevant, and the Group only accepts ratings from Standard & Poor’s, Moody’s and Fitch in such cases. The Group follows the process prescribed in MAS Notice 637 to map the ratings to the relevant risk weights.
CREDIT MONITORING AND CONTROL
Day-to-day monitoring of credit exposures, portfolio performance and the external environment that may have an impact on credit risk profiles is key to the Group's philosophy of effective credit risk management. Risk reporting on credit trends, which may include industry analysis, early warning alerts and key weak credits, is provided to the various credit committees, and key strategies and action plans are formulated and tracked.
Credit control functions ensure that credit risks are being taken and maintained in compliance with Group-wide credit policies and guidelines. These functions ensure proper activation of approved limits, ensure appropriate endorsement of excesses and policy exceptions, and monitor compliance with credit standards and credit covenants established by management and regulators.
An independent credit risk review team conducts regular reviews of credit exposures and judgmental credit risk management processes. It also conducts independent validation of internal credit risk rating processes on an annual basis. These reviews provide senior management with objective and timely assessments of the effectiveness of credit risk management practices and ensure Group-wide policies, internal rating models and guidelines are being adopted consistently across different business units including relevant subsidiaries.
CREDIT RISK MITIGANTS
Where possible, the Group takes collateral as a secondary recourse to the borrower. Collateral includes cash, marketable securities, properties, trade receivables, inventory and equipment and other physical and financial collateral. The Group may also take fixed and floating charges on the assets of borrowers. It has put in place policies to determine the eligibility of collateral for credit risk mitigation, which include requiring specific collaterals to meet minimum operational requirements in order to be considered as effective risk mitigants. Collateral taken for financial market operations is marked to-market on a mutually-agreed period with the respective counterparties.
Collateral taken for commercial banking is revalued periodically ranging from daily to annually, depending on the type of collateral. While real estate properties constitute the largest percentage of collateral assets, the Group generally considers the collateral assets to be diversified.
Other Risk Mitigating Factors
The Group also uses guarantees, credit derivatives and credit insurance as credit risk mitigants. While the Group may accept guarantees from any counterparty, it sets internal thresholds for considering guarantors to be eligible for credit risk mitigation. Credit derivatives are used as credit risk mitigating factors mainly in structured transactions and for financial market operations. Credit insurance is used for risk sharing in various products such as factoring. The Group further manages its credit exposure by entering into master netting arrangements with counterparties where it is appropriate and feasible to do so to mitigate counterparty risk. The credit risk associated with favourable contracts is reduced by a master netting arrangement to the extent that if an event of default occurs, all amounts with the counterparty are settled on a net basis.
The Group may also enter into Credit Support Annexes with counterparties for credit risk reduction and increased competitiveness. These are governed by internal guidelines with respect to the eligibility of various collaterals and the frequency of collateral calls.
As at 31 December 2012, for a one notch downgrade of its Standard & Poor’s Ratings Services and Moody’s Investors Services ratings, the Group would have had to post additional collateral amounting to $216 million and $6 million respectively.
The Group’s risk management processes aim to ensure that an acceptable level of risk diversification is maintained across the Group on an ongoing basis. Limits are established and regularly monitored in respect of country exposures and major industry groups, as well as for single counterparty exposures. Control structures exist to ensure that appropriate limits are in place, exposures are monitored against these limits, and appropriate actions are taken if limits are breached.
Stress testing forms an integral part of the Group’s risk management process. Stress testing enables the bank to assess the impact of credit losses on capital adequacy and establish mitigation actions for possible significant losses arising from credit portfolios. The Group uses stress testing to identify segments which may come under pressure under specific scenarios for the purpose of managing these segments proactively. Stress testing scenarios are run in part to ensure that the Tier 1 capital level can withstand the impact of diverse and increasingly severe scenarios.
Comprehensive stress tests are conducted to assess the potential impact of various scenarios across a multitude of risk and business dimensions through macro and micro variables. These scenarios vary in impact from mild to severe and are assessed and agreed through formal governance structures. The Stress testing program is deeply rooted in assessing the sensitivity of the portfolio to various risk parameters associated with the IRB Approach.
Stress testing governance spans across the organisation from the Board of Directors to line personnel who actively participate in the running of stress tests. Stress testing scenarios are derived and agreed across a broad spectrum of management and staff with senior management directing the development of scenarios. The stress testing program utilizes internal and external data to generate results – multiple macroeconomic variables are used to assess scenario impact chief among them, real GDP growth, unemployment rate, asset prices and related variables.
NON-PERFORMING LOANS AND IMPAIRMENTS
The Group classifies its credit facilities in accordance with MAS Notice to Banks No. 612, “Credit Files, Grading and Provisioning” issued by the MAS. These guidelines require the Group to categorise its credit portfolios according to its assessment of a borrower’s ability to repay a credit facility from the borrower's normal sources of income. There are five categories of assets as follows:
- Pass grade indicates that the timely repayment of the outstanding credit facilities is not in doubt;
- Special mention grade indicates that the credit facilities exhibit potential weaknesses that, if not corrected in a timely manner, may adversely affect future repayments and warrant close attention by the Group.
Classified or Non-Performing Assets
- Substandard grade indicates that the credit facilities exhibit definable weaknesses either in respect of business, cash flow or financial position of the borrower that may jeopardise repayment on existing terms;
- Doubtful grade indicates that the credit facilities exhibit severe weaknesses such that the prospect of full recovery of the outstanding credit facilities is questionable and the prospect of a loss is high, but the exact amount remains undeterminable;
- Loss grade indicates the amount of recovery is assessed to be insignificant.
The Group may also apply a split classification to any credit facility where appropriate. For instance, when a nonperforming loan is partially secured, the portion covered by the amount realisable from a collateral may be classified as substandard while the unsecured portion of the loan is classified as doubtful or loss, as appropriate.
Restructured Non-Performing Assets
Credit facilities are classified as restructured assets when the Group grants concessions to a borrower because of deterioration in the financial position of the borrower or the inability of the borrower to meet the original repayment schedule. A restructured credit facility is classified into the appropriate non-performing grade depending on the assessment of the financial condition of the borrower and the ability of the borrower to repay based on the restructured terms. Such credit facilities are not returned to the performing status until there are reasonable grounds to conclude that the borrower will be able to service all future principal and interest payments on the credit facility in accordance with the restructured terms. The Group does not give forbearance as a policy but any waiver, indulgence or forbearance will be reviewed based on internal credit assessment on the merits of the case.
When required, the Group will take possession of collateral it holds as securities and will dispose of them as soon as practicable, with the proceeds used to reduce the outstanding indebtedness. Repossessed collateral is classified in the balance sheet as other assets. The amounts of such other assets for 2012 and 2011 were not material.
The principles and approach in the management of transfer risk are set out in the Group’s Country Risk Management Framework. The framework includes an internal country (and sovereign) risk rating system where the assessments are made independent of business decisions. Transfer risk limits are set in accordance to the bank’s risk appetite. Limits for non-strategic countries are set using a model-based approach. Limits for strategic countries may be allowed to exceed model generated limits, after examining country-specific strategic business considerations and the extent of potential loss versus the risk appetite. There are active discussions amongst the senior management and credit management in right-sizing cross-border exposures to take into account not only risks and rewards, but also whether such exposures are in line with the strategic intent of the Group.
Market risk affects the economic values of financial instruments held by the Group, and arises from changes in interest rates, foreign exchange rates, equity prices, commodity prices, credit spreads and changes in the correlations and volatilities of these risk factors.
The Group manages market risk in the course of marketmaking, structuring and packaging treasury products for investors and other clients, as well as to benefit from market opportunities.
MARKET RISK GOVERNANCE AND ORGANISATION
The oversight committee for market risk is the Group Market & Liquidity Risk Committee. This Committee oversees the Group’s market risk management infrastructure (comprising frameworks, policies, risk methodologies, processes and systems), sets market risk limits and provides enterprise-wide oversight of all market risks and their management. RMG Market & Liquidity Risk, comprising risk control, risk analytics, production and reporting teams, is the independent market risk management function that reports to the CRO and is responsible for day-today market risk monitoring, control and analysis.
MARKET RISK FRAMEWORK, POLICIES AND MEASURES
The Group’s market risk framework sets out the overall approach towards market risk management and this is supplemented with policies which articulate the standards relating to limit setting, independent valuation model validation, risk monitoring and valuation.
The Group’s market risk methodology uses a historical simulation approach to forecast the Group’s potential loss distribution arising from market risk in the trading and banking books. The principal market risk appetite measures for market risk used by the Group are Tail Value-at-Risk (TVaR) and stress loss. The Group also calculates Value-at-Risk (VaR) at 99% confidence level using the same potential loss distribution and holding period used for TVaR.
TVaR captures losses beyond the chosen confidence interval from the potential loss distribution and hence provides additional information to VaR. TVaR is calculated using a one-day time horizon and a 95% confidence interval. The risk factor scenarios are aligned to parameters and market data that are used for valuation. The scenarios are maintained in the risk system and are used to compute TVaR at Group level, and for each business unit and location. The TVaR is supplemented by risk control measures, such as sensitivities to risk factors as well as loss triggers for management action.
VaR on the other hand facilitates backtesting and comparability at the industry level. Regular backtesting of daily profit and loss against the VaR forecast is carried out for the trading book as a whole and at the subportfolio level.
Although both VaR and TVaR provide valuable insights, no statistical measure can capture all aspects of market risk. Historical simulation VaR and TVaR are based on the assumption that historical rate and price movements are good predictors of the future. To supplement VaR and TVaR, regular stress testing is carried out using a combination of historical and hypothetical scenarios, to monitor the Group’s vulnerability to unexpected and extreme shocks.
TRADING BOOK AND BANKING BOOK
The trading book definition is based on the firm’s investment intent. Issuer risk in trading book is governed by credit spread sensitivity of one basis point shift (CSPVO1) and Jump-to-default measurements.
The Group also manages banking book interest rate risk arising from mismatches in the interest rate profile of assets, liabilities and capital instruments (and associated hedges), including basis risk arising from different interest rate benchmarks, interest rate re-pricing risk, yield curve risks and embedded optionality. Behavioural assumptions are applied in managing the interest rate risk of banking book deposits with indeterminate maturities.
Funding liquidity risk (or liquidity risk) is the risk arising from an inability to meet obligations when they become due. The Group’s liquidity obligations arise from withdrawals of deposits, repayments of borrowed funds at maturity, and commitments to extend credit and support working capital needs. The Group seeks to manage its liquidity in a manner that ensures that its liquidity obligations would continue to be honoured under normal as well as adverse circumstances.
LIQUIDITY RISK GOVERNANCE AND ORGANISATION
The oversight committee for liquidity risk is the Group Market & Liquidity Risk Committee. This committee oversees the Group’s liquidity risk management infrastructure (comprising frameworks, policies, risk methodologies, processes and systems), sets liquidity risk limits and provides enterprise-wide oversight of all liquidity risks and their management. RMG Market & Liquidity Risk, comprising risk control, risk analytics, production and reporting teams, is the independent liquidity risk management function that reports to the CRO and is responsible for day-to-day liquidity risk monitoring, control and analysis.
LIQUIDITY RISK FRAMEWORK, POLICIES AND MEASURES
In practice, the Group employs a range of strategies to manage its liquidity. These include maintaining an adequate counterbalancing capacity (comprising liquid assets, the capacity to borrow from the money markets as well as forms of managerial interventions that improve liquidity) to address potential cashflow shortfalls, maintaining diversified sources of liquidity, and having robust internal control processes. In the event of a potential or actual crisis, the Group has in place a set of liquidity contingency and recovery plans to ensure that decisive actions are taken to ensure the Group maintains adequate liquidity.
The primary measure used to manage liquidity within the appetite defined by the Board is the maturity mismatch analysis. The analysis is performed on a regular basis under normal and adverse scenarios, and assesses the adequacy of the counterbalancing capacity to fund or mitigate any cashflow shortfalls that may occur as forecasted in the cashflow movements across successive time bands. To ensure that liquidity is managed in line with the risk appetite statement, core parameters underpinning the performance of the analysis, such as the types of scenarios, the survival period and the minimum level of liquid assets, are pre-specified for monitoring and control at the Group. Any occurrences of forecasted shortfalls that cannot be covered by the counterbalancing capacity would be escalated to the relevant internal risk committees for deliberation and actions.
To complement the maturity mismatch analysis in its objective to manage liquidity within the risk appetite statement, liquidity risk control measures, such as liquidity-related ratios and balance sheet analysis, are performed for more granular monitoring and control over the liquidity profile of the Group and across locations.
Operational risk is the risk of loss resulting from inadequate or failed internal processes, people or systems, or from external events, including legal risk, but does not include strategic or reputational risk which are managed separately under other governance processes. Examples of operational risk include processing errors, fraudulent acts, inappropriate behaviour of staff, vendors’ misperformance, system failure and natural disasters. Operational risk is inherent in most of the Group’s businesses and activities.
The goal is to keep operational risk at appropriate levels, taking into account the markets the Group operates in, the characteristics of the businesses as well as the competitive and regulatory environment the Group is subject to.
OPERATIONAL RISK GOVERNANCE AND ORGANISATION
The Group's operational risk governance structure includes the three lines of defence; the business/support management, as first line of defence and supported by their unit operational risk managers (UORMs), are primarily responsible for managing operational risk. They are challenged and supported by corporate oversight functions (such as RMG, Group Compliance) as second line of defence. RMG Operational Risk is responsible for the establishment and maintenance of the operational risk management framework and tools as well as monitoring and reporting of relevant operational risk issues to senior management and BRMC. Group Audit, as third line of defence, provides assurance of the effectiveness of the framework including validating and challenging the adequacy and effectiveness of processes and organisational controls.
The Group Operational Risk Committee oversees the Group’s operational risk management infrastructure, including the framework, policies, processes, information, methodologies and systems. The members include RMG Operational Risk and representatives from the key business and support units. The Group Operational Risk Committee also performs regular review of the operational risk profiles of the Group, and endorses and recommends corporate operational risk policies to be approved by senior management.
To enhance the level of accountability, consistency and sustainability in business controls, key business units have established their risk and control forums. Providing regional oversight of all key risks arising in the units’ activities including end-to-end process, the forums focus on the identification, monitoring and resolution of control issues.
OPERATIONAL RISK MANAGEMENT FRAMEWORK, POLICIES AND TOOLS
The Operational Risk Management Framework (the Framework), approved by the BRMC, has been developed with the objective to ensure that operational risks within the Group are identified, monitored, managed and reported in a structured, systematic and consistent manner.
To manage and control operational risk, the Framework encompasses various tools including control self-assessment, operational risk event management and key risk indicators monitoring. Control self-assessment is used by each business or support unit to identify key operational risk and assess the degree of effectiveness of the internal controls. For those control issues identified, the units are responsible to develop action plans and track the timely resolution of these issues. Operational risk events are classified in accordance with Basel standards; such events, including any significant incidents that may impact the Group's reputation, are required to be reported based on certain established thresholds. Key risk indicators with pre-defined escalation triggers are employed to facilitate risk monitoring in a forward looking manner.
The Group has implemented a web-based system that supports multiple operational risk management processes and tools including operational risk event reporting, control selfassessment, key risk indicators, tracking of issues or action plans and operational risk reporting.
A key component of the Framework is a set of Core Operational Risk Standards which provides guidance on the baseline controls to ensure a controlled and sound operating environment. Each new product or service introduced or outsourcing initiative is subject to a risk review and sign-off process where relevant risks are identified and assessed by departments independent of the risk-taking unit proposing the product or service. Variations of existing products or services and outsourcing initiatives are also subject to a similar process.
Compliance risk is viewed as the risk of impairment to the Group’s ability to successfully conduct its business as a result of any failure to comply with or implement any applicable regulatory requirement, industry code or standard of professional conduct. To address compliance risk, the Group strongly believes in the need to inculcate a strong compliance culture in its employees, mindset and DNA, and in its processes and systems. The Group aims to comply with the letter and spirit of the laws, regulatory standards and environment in which it operates.
The Group has a Fraud Management Policy which establishes minimum standards for its businesses and functional units to prevent, detect, investigate and remediate against fraud and related events. This Policy also establishes the components, key roles and the framework of the Fraud Management Programme through which the standards are to be implemented on a unit and geographical level. These standards aim to provide end-to-end management of fraud and related issues for the Group.
The Group Anti Money Laundering and Countering the Financing of Terrorism Policy establishes minimum standards for the business and functional units to mitigate and manage actual and/or potential exposure of the Group to money laundering, terrorist financing, corruption, or other illicit financial activity. The Policy also establishes accountabilities for the protection of the assets and reputation of the Group and the interests of customers and shareholders.
Information Technology (IT) risk is managed in accordance to an IT Risk Management Framework (which covers risk governance, communication, monitoring, assessment, mitigation and acceptance), supported by a set of IT Policies & Standards, Control processes and risk mitigation programs.
Major operational risk mitigation programmes include Business Continuity Management and Global Insurance Programme. A robust crisis management and business continuity management program is in place within the Group to oversee the continuity of essential business services during unforeseen events. Types of incidents being managed include technology incidents having enterprise-wide impact on essential banking services, natural disasters with wide geographical area impact, safety-at-risk incidents e.g. terrorism and other events leading to significant business disruption. Senior management provides an attestation to the BRMC on an annual basis including the state of business continuity readiness, extent of alignment to regulatory guidelines and disclosure of residual risks.
To mitigate losses from specific unexpected and significant event risks, the Group purchases group-wide insurance policies, under the Global Insurance Programme, from third-party insurers. These policies cover fraud and civil liability, property damage and general liability and directors’ and officers’ liability.