Top and emerging risks

The Board and senior management drive a robust process to identify and monitor our top and emerging risks.

In 2021, credit risk continued to be the top risk we focused on. We closely monitored our customers exiting from Covid-19 debt relief programmes or operating in vulnerable industries such as hospitality and aviation. No material adverse impact for any specific customer segments was identified. The global economy grew but at an uneven pace across countries due to differing vaccination rates and supply chain disruptions arising from the pandemic resurgence. Amid these uncertainties, our portfolios remained resilient and our specific allowances came in lower at SGD 499 million.

Apart from credit risk, our market and liquidity risks continued to be managed well during the year. In relation to our overall business, we also looked at (i) new business risks, (ii) technology risks, (iii) environmental, social and governance (ESG) risks, (iv) financial crime risks, (v) data governance risks and (vi) cyber security and data protection.

Credit risk and portfolio management

The credit risk in our institutional banking portfolio continued to be manageable. A majority of loan moratoriums in Singapore ended during the year, with low delinquency rates observed. In Hong Kong, while loan moratoriums have been extended into 2022, credit loss is expected to be minimal given the low extension take-up rate. Our loans under moratorium declined from SGD 5 billion at the beginning of 2021 to less than SGD 0.5 billion by the end of 2021.

Portfolio reviews were conducted against the backdrop of the global chip shortage and energy crunch. The global chip shortage situation was partially mitigated by chip users moving from ‘just-in-time’ to stockpile inventory system as well as adjusting their product mix to focus on higher margin products. Many of the energy players were also assessed to be able to pass on the higher energy costs to their customers. While there were no immediate concerns, we continued to monitor the potential downstream impact.

From a location perspective, our exposures to Singapore, Hong Kong and China constituted more than 80% of our Institutional Banking portfolio, and we were proactive in managing our risks.

Headwinds were observed as China launched regulatory crackdowns on its technology sector. A number of Chinese real estate developers also experienced liquidity crunches or defaulted on their debt. While the equity prices of Chinese technology players declined significantly, the major technology players’ underlying business models remained viable with strong cashflow generation capability. Our Chinese technology and real estate portfolios were assessed to be stable as our exposures were mainly to larger and investment-grade names, with the remaining exposure generally well-secured.

In Indonesia and India, the resurgence of Covid-19 cases due to the Omicron strain resulted in restrictions in activities. Our portfolio primarily comprised lending to large corporates and remained resilient.

Our overall consumer credit quality remained healthy. Residential mortgages in our consumer banking business are primarily in Singapore and Hong Kong, the majority of which are for owner occupation. Overall, our mortgages are mostly well-secured with relatively low loan-to-value ratios. Unsecured consumer credit loans constituted less than 2% of the bank’s total loan exposure.

Looking ahead, US-China tensions and the uneven economic recovery across the world are also likely to persist. Given the challenges, we will continue to exercise prudence in our client selection and credit underwriting criteria.

Besides actively managing our portfolio risks, we enhanced our internal risk management tools to improve the quality of our risk management capabilities. We concluded our multi-year credit architecture programme journey which put in place a robust credit risk data infrastructure and workflow management system across the Group, underpinned by modern technology architecture to support our Institutional Banking business. We also developed credit underwriting models that enabled the start of our consumer finance business in China as well as pre-emptive lending models to further entrench our digital bank leadership in Singapore. On the risk monitoring front, we rolled out early alert models to address specific credit risks arising from Covid-19 relief programmes and introduced tools to automate and identify specific portfolio risks arising from emerging macro risks.

New business risks

During the year, DBS launched Partior (blockchain-based cross-border clearing and settlement provider) and Climate Impact X (carbon exchange), in addition to the DBS Digital Exchange (DDEx) set up in 2020. A risk management and governance framework was put in place to oversee our new businesses. An accountable executive is also identified for each major new business to ensure clarity of accountability and responsibility. Material risks are identified at inception of each business and the appropriate risk committees updated. Where we are the majority shareholder, the risks are reviewed as part of the bank’s risk governance framework.

Post amalgamation with Lakshmi Vilas Bank (LVB) in 2020, we strengthened the risk organisation at LVB and folded it in to the overall DBS India Limited (DBIL) risk framework and oversight. The integration of LVB’s operating systems and network into DBIL is well underway and will be completed by Q3 2022.

Technology risks

Our technology risk management framework is an integral part of the bank’s overall risk management approach. The framework is based on a three-pronged approach of risk evaluation, response and governance. As part of risk evaluation, we identify and analyse the risks, define the risk metrics and monitor the issues, risk events and key risk indicators. Responses are made through risk-based decisions taking into account risk control and mitigation measures. Updates on our technology risk profiles are provided regularly to the various risk committees.

In November 2021, we encountered a two-day digital disruption in Singapore. In relation to this incident, management initiated remedial measures to improve the resilience of our services and incident response, with due consideration given to regulatory requirements and expectations.

Environmental, social and governance (ESG) risks

Assessment of ESG risks is embedded into our credit underwriting process with emphasis on climate risk, and is an integral part of our overall credit risk assessment framework. In 2021, we strengthened the criteria for underwriting transactions with adverse ESG considerations.

We have in place a Group Sustainability Council which oversees sustainability matters, and in 2021, a Climate Steering Committee was established to further strengthen the bank’s climate risk management, focusing on governance, client engagement, climate risk policy and underwriting, stress testing and disclosure. We also recently established a Board Sustainability Committee to provide greater governance and oversight into climate-related risks and opportunities, as well as our broader ESG efforts.

Financial crime risks

The financial crime risk mitigation programme had been enhanced over the years by leveraging technology and data analytics. An array of artificial intelligence and machine learning capabilities is used to supplement rules-based engines to conduct surveillance at different levels such as transaction, customer, and country levels. Customer due diligence was further refined with dynamic analytical reviews based on changes in static data or transactional behaviour. We continued to focus on public-private sector collaboration, actively participating in initiatives between financial institutions and law enforcement agencies.

Digital scams in Singapore are becoming more sophisticated and widespread at the national level, with relentless attempts by scammers seeking to exploit unsuspecting victims. We have implemented multi-pronged measures to strengthen fraud prevention and recovery measures including real-time blocking capabilities, loss recovery and customer communication/ education. We are also collaborating with national agencies to protect our customers.

Data governance risks

We recognise that responsible practices around data governance are key for customer and stakeholder trust. Our data governance framework was developed along the following three prisms: (a) a baseline prism encompassing data security, data quality, and legal and regulatory compliance, (b) an ethical prism – PURE (Purposeful, Unsurprising, Respectful and Explainable) – for the responsible use of data, and (c) a model governance prism, covering regulated and artificial intelligence models and their performance over time.

Cyber security and data protection

Cyber security risk is an evolving risk as the bank and our customers establish remote workings as the new working norm in the face of the pandemic. We continued to invest in our cyber defence capabilities to secure internal assets from emerging cyber threats, and strengthen our ability to detect and respond to the threat actors’ modus operandi. We stayed vigilant as we broadened our ecosystem partnerships, vendor support, and service provider engagements. Cyber security experts were engaged to validate our control environment against cyber threats and third-party risks. We believe our people are an integral part of our cyber defence, and we stepped up our efforts to raise the security awareness of our staff on the prevailing cyber threats and scams.

Operational risks amidst Covid-19 disruptions

We continued to proactively manage the operational risks which arose from the new or modified processes during the pandemic and as we moved towards a hybrid work arrangement. Risk identification and assessment processes were put in place to identify risks and assess adequacy and sustainability of controls in the new/ modified processes so as to ensure the risks were adequately mitigated. We also continued to work with our material outsourced service providers to ensure service delivery was not adversely impacted.