Risk Management

Risk Management Framework/Structure Bank’s Risk Governance Structure
Risk Control & Mitigation Methodology Disclosure of Risk Reporting

At Siddhartha Bank, Risk management is an integral part of its internal governance framework. The Bank has always been committed to effective risk management to promote better risk culture at all levels. The management of risk is a critical factor in the execution of the Bank’s strategy. The material risks and uncertainties that the Bank faces throughout its business and portfolios are critical focus areas of the Bank. Given the foregoing and in line with the global recognition of the risk management and control systems, the Bank has developed strategies for managing each risk element to which the Bank is exposed as part of the overall strategy for an evolving and efficient risk management system.

Risk Management Framework / Structure

Annual Integrated Reprot

Risk Management Strategies

  • Monitor the risks inherent in the business activities and ensure their exposures are in line with the Board approved limits, risk appetite, risk limits, and corresponding capital or liquidity needs.
  • Ensure internal control, risk management system, and corporate governance across all levels, functions and activities of the Bank are in place
  • Ensure compliance with central bank regulations, other regulations, and the Bank’s policies, and standard operating procedures at all times
  • Strengthen the risk management framework, and the risk functions and take actions on risk management
  • Guide and support departments through awareness programs/ activities training at different levels for a better understanding of risk management and its implementation.
  • Ensure each unit/department also analyzes, monitors, and escalate risks involved in their areas
  • Review and analyze existing products and new products to be developed from various risk aspects

RISK MANAGEMENT UNITS OF THE BANK:

risk management units of the bank

RISK MANAGEMENT FRAMEWORK

The Bank’s Risk Management Framework (as demonstrated in figure below), articulates holistic agenda for ensuring an effective and inclusive risk control throughout the Bank.

Three Level Structure of Siddhartha Bank

Three Level Structure of Siddhartha Bank

Risk Management Procedure

Risk Appetite and Risk Management Procedure

Component of Risk Management at Siddhartha Bank

Embedding a sound risk management culture has been one of the core objectives of the Bank, which underpins the Bank’s ability to identify, assess, discuss and take actions to address existing and emerging risks. To align with its strategic priorities, good governance and internal control and to remain resilient, the Bank’s risk management framework has covered the following components:

  • Risk Governance
  • Risk Appetite
  • Risk Management Procedure

Risk Governance Framework:

The material risks and uncertainties that the Bank faces throughout its business and portfolios are critical focus areas of the management. Considering the risks inherent in the banking business, the Bank has adopted three lines of defense risk governance model that helps it to comprehensively address risks on an ongoing basis

First line of defense- Risk management by business / support units

Main business functions and support units of the Bank are considered as first line of defense and hold ownership of the risk.
They ensure all the business activities are conducted in a defined control environment and bear full responsibility for the risks that arise in their operations.

Second line of defense - Independent risk control and compliance

Integrated Risk Management Department and Compliance Department as a second line of defense confirms all the business activities are conducted in controlled environment. They develop and review policies and procedures, design frameworks, apply various tools and processes to identify and mitigate risk and establish risk appetite.

Third line of Defense - Independent Audit Function

The third line of defense is the Internal Audit Department which provides independent assurance of oversight of the robustness of risk management function including effectiveness of management’s control of its own business activities (the first line) and of the processes maintained by the risk controllers (the second line). Further, statutory audit and regulatory audit shall also form third line of defense of the bank.

As a result of our three lines of defense model, we are able to not only prioritize risk management, but also establish and nurture a ‘risk-aware’ culture across the bank, which helps to ensure the bank’s long-term sustainability.

Bank’s Risk Governance Structure

Bank’s Risk Governance Structure-2023

Risk Appetite

Risk appetite is the aggregate level and types of risk that the Bank is willing to assume, or seeks to avoid, in pursuit of its goals, objectives, and operating plan, consistent with applicable capital, liquidity, and other requirements. The Bank adopts Key Risk Indicators (KRIs) to measure its risk profile. KRIs are defined for each risk type to ensure accurate measurement and are aligned with the bank’s objectives. The risk appetite is evaluated periodically and communicated throughout the Bank. The Risk Committee, in consultation with the Board, develops the risk appetite and executes the strategic, capital, and operating plans within the risk appetite and established limits.

Risk Management Procedure

Effective risk management includes techniques guided by the Bank’s overall risk framework and integrated with the Bank’s strategies and business planning process. The risk management techniques followed by the bank are:

  • Policies and Limits:

    The Bank’s various risk-related policies are designed to address specific types of risk. They are based on recommendations from risk management, internal audit, business lines, and senior executive management. Industry best practices and regulatory requirements are also factored into the policies. Policies are guided by the Bank’s risk framework, and risk appetite, and set the limits and controls within which the Bank operates. Limits control risk-taking activities within the tolerances established by the Board and senior executive management. Limits also establish accountability for key tasks in the risk-taking process and establish the level or conditions under which transactions may be approved or executed.

  • Guidelines and Standards Operating Procedures (SOP):

    Guidelines and SOPs are the directives provided to implement policies. The bank has developed separate SOPs for every function of the bank. They are reviewed from time to time and may change due to market or other circumstances. In case the risk has to be taken outside of the prescribed SOP, approval of the Bank’s senior management is required.

  • Processes and Standards: Processes are the activities:

    associated with identifying, evaluating, documenting, reporting, and controlling risk. Standards define the breadth and quality of information required to make a decision, and the expectations in terms of quality of analysis and presentation. Processes and standards are developed on an overall bank-wide basis, and documented in a series of policies, manuals, and handbooks. Key processes cover the review and approval of new products, models, and stress testing

  • Measurement, Monitoring, and Reporting:

    Risk measurement techniques include the use of models and stress testing. The Bank uses models for a range of purposes including estimating the value of transactions, risk exposures, credit risk ratings and parameters, and economic and regulatory capital. A strong governance framework balances the use of quantitative risk methodologies and includes the application of sound and experienced judgment.

  • Regular Monitoring:

    It ensures that business activities are within approved limits or guidelines, and are aligned with the Bank’s strategies. Breaches, if any, of these limits or guidelines are reported to senior management.

  • Risk Reports:

    Aggregate measures of risk across products and business, and are used to ensure compliance with policies, limits, and guidelines. They also provide a clear statement of the amounts, types, and sensitivities of the various risks in the Bank’s portfolios. Senior management and the Board use this information to understand the Banks’ risk profile and the performance of the portfolios.

Risk Culture

The Bank’s risk culture promotes accountability, and learning from the past, and encourages open communication and transparency on all aspects of risk-taking. To promote a sound risk culture, the bank has focused on three key dimensions: the tone from the top, incentive policies, and risk accountability and ownership

RISK MANAGEMENT FRAMEWORK

Considering the importance of effective risk management and control systems in banks, the Bank has developed strategies for managing each risk element faced by the Bank as a part of the overall strategy for an evolving and efficient risk management system.

The Bank’s risk management framework and control measures aim to strike the appropriate balance between our regulatory requirements, which demonstrate our ability to sustain financial stress and unexpected losses, and our shareholders’ return expectations. The Bank’s risk management is a discipline that encompasses all the activities that affect its risk profile which involves identification, measurement, monitoring, and controlling risks.

Risk assessment comprises three steps risk identification, risk analysis, and risk evaluation. Identification of the nature, sources, cost of risk, areas of impact, events, their causes, and their potential consequences from both existing and new business initiatives is essential to properly manage risks.

Risk analysis involves developing an understanding of the Bank’s risk by considering factors affecting and consequences of an unfavorable event and the likelihood of such an event occurring.

Risk evaluation assists in making decisions, based upon the outcomes of risk analysis, about which risks need treatment for implementation.

After the assessment of exposed risk, risk treatment is concerned with the selection of the best option to eliminate or mitigate unacceptable risks.


a. Credit Risk:
In relation to the Bank’s lending, investment and other contractual commitments, credit risk is the risk that results from the borrowers or counterparties’ failure to fulfill their obligations under contractual agreements.

The transactional/ borrower level and the portfolio level risk analysis make up the integral part of the Bank’s Credit risk management system. The Bank has developed strong procedures, processes, and tools to identify and assess the risks on an individual borrower basis in order to manage credit risk on the transaction level.

Credit Analysis Credit Analysis

Credit Analysis

  • Assessment of Credit worthiness of the borrower
  • Review of borrower's repayment capacity, financial statements, credit history, etc. guided by NRB Unified Directive, Credit Risk Policy, Product Papers, etc. of the Bank.
Credit Analysis Credit Analysis

Credit Scoring

  • Assignment of credit score to borrowers based on their credit history, financial status, security collateral, etc
  • Evaluation of risk of lending to borrowers guided by Internal Risk Rating Policy and Procedures of the Bank
Credit Analysis Credit Analysis

Loan Covenants

  • Certain conditions and covenants are required to be qualified for the loan
  • Includes maintenance of certain level financial performance, providing regular financial reportng or limiting the amount of additional debt the borrower can take on, etc
  • Guided by NRB Unified Directive, Credit Risk Policy, Product Papers, etc. of the Bank
Credit Analysis Credit Analysis

Loan Diversification

  • Diversification of loan porftolio to different borrowers, sectors and products
  • Guided by Credit Risk Concentration Policy of the Bank
Credit Analysis Credit Analysis

Collateral

  • Maintenance of certain margin in terms of primary collateral and secondary collateral
  • Guided by Collateral Management Policy of the Bank
Credit Analysis Credit Analysis

Monitoring & Reporting

  • Monitoring of portfolios of the Bank in terms of individual borrowers, Single Obligor Limit, sectors and products
  • Guided by NRB Directives and Credit Risk Concnetration Management Policy of the Bank
Credit Risk Management System at Borrower-2023

Credit Risk Management System at Borrower/ Transaction Level:

The staff of the Credit Risk Department are deployed in each province or division to be consistent with the idea of provincelevel banking. A decentralized credit risk department shall allow conducting independent site visits for cross-verification of business, collateral, and residence sites. Additionally, this process shall allow for the verification of accuracy and completeness of loan documentation and evaluate loan performance, which would uncover vulnerabilities in the loan portfolio of the Bank. The corporate and SME business files are examined by the credit risk department. Moreover, CRD reviews retail loans that are beyond the CEO’s purview.

Credit Risk Management System at Portfolio Level:

The Risk Management Committee is in charge of managing risk connected with all of the Bank’s operations, including making sure internal risk management, control systems, and compliance with applicable laws and regulations are complied. At least on a quarterly basis, the member secretary of the Risk Management Committee updates the Board on the issues seen and decisions made by RMC related to internal risk management and control systems. The Risk Management Committee reviews the Bank’s risk position in relation to its risk profile and suggesting an action plan on regular basis.

CREDIT RISK CONCERN AND MITIGATION PLAN

Credit Policy

Credit Policy

Disciplined lending based on Bank’s Credit Policy

Counterparty Limits

Counterparty Limits

Aggregate facility levels by counterparty are considered and limit breaches are subject to escalation procedures.

Concentration Risk

Concentration Risk

Portfolio controls economic sectors, industries, product lines, etc. to reflect risk appetite and risk trigger levels.

Stress Testing and Scenario Analysis

Stress Testing and Scenario Analysis

Simulation of outcomes and calculation of associated impact

Risk Assurance and Oversight

Risk Assurance and Oversight

Simulation of outcomes and calculation of associated impact

Risk Based Pricing

Risk Based Pricing

Implementation of uniform lending pricing system

b. Operational Risk
Operational Risk is the risk of loss resulting from inadequate or failed internal processes, people, and systems or from external events. The Bank believes that operational risk can be minimized to the extent possible by discarding manual processes and ensuring the highest level of integrity through transparency and proactive management of all operational risk types. To achieve the desired risk management result, the Operations Risk Department ensures a constructive and collaborative approach in providing oversight to which the Risk Management Committee takes decisions to ensure accountability on time. The Risk Management Committee takes active participation in reviewing risk management protocols and results to facilitate evidence-based affirming and effective risk management techniques. The Bank in line with Basel provisions calculates risk exposure and allocates sufficient capital/cushion for perceived operational risk.

Risk Mitigation and Monitoring

Risk Mitigation and Monitoring

The Bank shall indulge in activities where risks are known and reasonable in accordance with the risk appetite of the Bank. The risk appetite and tolerance level of the Bank for various sources of operation risk are demonstrated below:

Risk Mitigation and Monitoring

c. Market Risk:
Market Risk is the risk to the Bank’s earnings and capital due to changes in the market level of interest rates or prices of securities, foreign exchange, commodities and equities, as well as the volatilities of those changes.

Market Risk mainly comprise of the following five risks throughout the Bank:
a) Interest rate risk
b) Foreign exchange risk
c) Position Risk
d) Commodities price risk
e) Concentration Risk

In order to manage market risk, the Bank has outlined limits to achieve or avoid in its market related policies and through various internal circulars that are circulated as per requirement. The Bank’s Market Risk Management Unit, oversees the functions of Treasury Mid Office and daily, weekly, and monthly reports are prepared to capture the current market scenario as well as predict the future market scenario. Worst market case scenarios and the bank’s ability to absorb them are analyzed through regulatory approved and internally developed stress case scenarios.

Market Risks are discussed at Asset Liability Management Committee (ALCO) of the Bank regularly. ALCO ensures the functioning of the jobs in line with the policies and procedures and suggests/recommends necessary steps collectively to address the risk of interest rate movement, exchange rate movement and equity price changes.

The Bank assesses the open position on a daily basis and calculates risk exposure for the allocation of required capital in line with Basel provisions. Likely impact on earnings due to changes in the market condition and changes in the standing of the counterparty are well assessed periodically and necessary actions are taken as appropriate. Treasury front office is equipped with an advanced dealing platform for liquidity and efficient dealing. Similarly, the unit is equipped with modern and advanced information system on global news, market movements and any incidents so that bank can manage and maintain the position favorably. The Bank in line with Basel provisions calculates risk exposure and allocates sufficient capital/cushion for perceived market risks.

Market Risk

d. Strategic Risk
Strategic Risk is subject to occurrence from the pursuit of an unsuccessful business plan of the Bank. There is possibility of adverse effects on Bank’s financial result and capital due to the absence of appropriate policies and strategies or their inadequate implementation. Strategic Risk may also arise from changes to the regulatory framework or ineffective positioning in the macroeconomic environment. Strategic risk induces operational loss that consequentially hampers the capital base.

Risk Mitigation and Monitoring

The Bank, through its Corporate Strategy ensures adequate process of identification, measurement, monitoring and controlling strategic risk by conducting a strategic risk review on a yearly basis including the Bank’s financial performance quarterly comparison with the banking industry and ongoing business plan. The monitoring of business plan achievement and performance of the bank is also outlined in the budget and business plan. Each department reviews their budget and business plan and conducts gap analysis to challenge the predefined objectives for periodic validation.

e. Reputation Risk
Reputation risk is the current or prospective risk to earnings and capital that arises from a decline in the customer base, costly litigation due to adverse perception of the stakeholders. Reputation risk exposure is present throughout the organization as it bears potential loss to the bank due to inappropriate actions or activity or lack of governance oversight.

Risk Mitigation and Monitoring

To protect the Bank’s reputation among all the related stakeholders and to maintain an overall positive image, the Bank has been promoting awareness by encouraging businesses and functions to take account of Bank’s reputation in all decision making including dealing with customers and vendors. Further, effective implementation of reporting systems and promote effective and proactive stakeholder management through continuous engagements and transparency of banking affairs.

The responsibility to monitor and control reputation risk is currently handled by Central Information and Grievance Handling Desk (CIGHD), a unit with the authority and responsibility to provide comprehensive information to customers. The unit receives, coordinates, and responds to customer information, complaints and grievance handling including information/ complaints received from digital platforms (Social media, website, emails, suggestion box, etc.) The unit is also responsible for coordinating with concerned departments for quick resolution and acts by Right to Information Act, 2007, and disclosure policy of the Bank. To channelize the information and complaint handling procedure, a central level digital platform attested to the website of the Bank, which is integrated in Customer Relationship Management model. Furthermore, a suggestion box including a customer feedback form is placed in each branch to gain an overview of customer grievances regarding banking services in case the customer wishes to lodge through physical means.

Associated with the monitoring and control of reputation risk, senior-level executives (Chief Information Officer and Grievance Handling Officer) oversee the functionality of the CIGHD unit. The Bank has deputed Branch Managers and Operation Officers as Branch Information Officer and Grievance Handling Officer respectively to receive and report customer information and grievances to the Chief Information Officer and Chief Grievance Handling Officer. Further, to manage and control reputation risk due to operation-related work, clear job description, line of authority, policy and procedure, and staff code of conduct is in place.

f. Compliance Risk
Compliance Risk is associated with the risk of legal or regulatory sanctions, material financial loss, or loss to reputation the Bank may suffer as a result of its failure to comply with laws, regulations, rules, related organization’s standards, and codes of business conduct applicable to its banking activities. The Siddhartha Bank has board approved “Compliance Policy” devised to ensure a proper compliance orientation and focus within the Bank to address compliance risk inherent in banking business operations.

Risk Mitigation and Monitoring

  • Zero tolerance policy is adopted in relation to compliance of regulations and internal policies
  • Comprehensive compliance policies/procedures are implemented and circulated to the Bank’s Department and its branches
  • Compliance risks are identified and measured in relation to its regular business operations and development of new products and business practices.
  • Regulations, changes in regulations, policies are timely disseminated to ensure compliance at all times.
  • Employee training and education is carried out and policies/ regulations/manuals are made available
  • Monitor timely submission of regulatory returns by the reporting unit through a system of monthly/quarterly/annual return checklist.

g. Money Laundering/ Terrorist Financing Risk
The Bank has implemented sound mechanisms in place so as to ensure that it prevents risks associated with money laundering and terrorist financing.

Risk Mitigation and Monitoring

  • Implemented risk management system for proper Identification and analysis of ML/FT risks related to risk factor such as customer, product & service, delivery channel & geography, and effective implementation of the Bank’s policies and procedures that commensurate with the relevant inherent and residual risks identified.
  • Board level AML/CFT Committee ensures the oversight of AML Governance within the Bank.
  • AML/CFT Department screens, monitors and reports the issues related to AML/CFT and develop AML compliance programs to adequately address the ML/FT risks identified through risk assessment.
  • Installed dedicated AML Monitoring System, that analyzes, monitors, detects and generates reports on customer’s transaction profiles and generates red flags, alerts, for the suspicious transaction, on a daily basis, through various scenarios constructed on the basis of indicators of suspicion.
  • Installed World compliance online search database tools for screening of on boarding /existing customer.
  • Various elements of a sound risk management approach is applied across most areas of the AML programs, including Know Your Customer, Customer Due Diligence, Customer Risk Rating, Red Alerts and Transaction Monitoring, Sanctions Screening, PEPs screening, Adverse Media Screening, Reporting and Retention of Record.

h. Information Technology Security Risk
The Bank is aware that with increase dependency in technology and with digital first strategy it is exposed to IT risks and thus has made considerable investment to ensure that customer data and the Banking system is more secure.

Risk Mitigation and Monitoring

The Bank has invested in software’s and network security devices that makes the Bank’s system more secure and impenetrable. Information Security Department (ISD) and Identity Access Management (IAM) unit are formed which is responsible for protecting the information/data of the organization from unauthorized elements (external and internal) and CIA (confidentiality, Integrity and Availability) by implementing and maintaining organization-wide Information Security Policy, Standards, Guidelines and Procedures.

ISD works in consortium with IT Department, PSD and other related departments in order to conduct functionality and gap analysis to quantify various IT risks pertaining to different key business areas and infrastructure and comply with statutory and regulatory requirements. ISD conduct gap analysis in accordance with NRB IT Guidelines and External Audit report.

The ISD scope and key activities carried out for IT Risk Management of Bank is mentioned below:

  • Enhanced Information Technology (IT) Security following the periodic operational security procedures reviewing the Bank’s Information Security Policy, ICT policy, Standard Operating Procedures, Profile and user manual.
  • Reviewed best practices of the industry including PCI DSS, ISO 27001:2013, ISACA’s COBIT 5 framework on Governance & Management of IT; IS acquisition, Development and Implementation; IS operation, maintenance and service management; Protection of Information Assets.
  • Reviewed IT Risk Management Framework and IT Risk assessment of define scoping systems, application/database and network devices, which would help, further in IT/Operation risk assessment in determining the probability of occurrence of the incident.
  • Developed a security infrastructure and scope for IT Risk Assessment to protect SBL assets through accountability and inventory list, data classification/categorization, and handling procedures.
  • To protect against the loss of data in the event of physical disaster or other incidents, which may lead to the loss of data (e.g. data corruption), the ISD has maintained and reviewed the system data backup documents as a part of the process of onboarding and off boarding applications/database, system, network etc.
  • Security alerts are monitored and analyzed and distributed to appropriate information security IT team, technical and business unit, management personnel.
  • Phishing simulation are carried out by Information Security Department (ISD) as a sample basis within Branches including Departments that ISD can use to educate and train bank’s staff/executives/stakeholders and the enterprise workforce to recognize and avoid falling victim to a real phishing campaign.
  • Protection of system and data are ensured by implementing seamless access management processes, which aim to ensure that only authorized users are able to access it. Detect and prevent unauthorized access with timely and periodic review with Information Security Department of user rights assigned.
  • Implemented Web Application Firewall (WAF) to ensure it is continuously blocking web malicious traffic and allowing legitimate traffic. Regularly review logs to identify any potential security threats.
  • The development, implementation and execution of the vulnerability management procedure defined in SBL Information Security Policy, is the responsibility of the Security Operations area under the authority of the Information Security Department. Performed and reviewed Internal/External Vulnerability assessment.
  • Implemented and deployed Kaspersky Embedded System (KES) in the ATM machines that stops threats and coordinates enforcement with network and cloud security to prevent successful cyber-attacks.
  • Deployed a new generation firewall and review the Firewall rule set policy to intact ACL (Access Control list).

i) Environment and Social Risk:
The Bank aims to ensure that it minimizes the environment and social risks resulting from its business operations as financing activities. The key environmental and social risk associated with businesses are assessed with the use of environmental and social due diligence checklist.

Risk Mitigation and Monitoring

The environmental and social due diligence check list guides the identification of key risk in businesses and helps in development of mitigating factors to overcome the identified risk to help sustainably operate businesses. Following the questionnaire in the ESDD checklist, a risk rating of High, Medium or Low is deduce. As per the ESRM policy, a risk rating of High or Medium is required to prepare an E&S Risk Summary and Corrective Action Plan.

Based on the E&S summary, a corrective action plan is prepared which are develop identifying the risk, mitigation measure, timeline for implementation and who should be responsible for implementation. Transaction specific corrective action plan and covenants can be part of the loan documents.

Monitoring is done in a periodic manner to ensure that environment and social risks identified and summarized in E&S risk summary are being mitigated as per the timeline set out in corrective action plan. It also ensures that the E&S risk profile of the transaction hasn’t increased. The Bank has developed a mechanism to ensure that the E&S risk associated with businesses are embedded in the proposals itself and are addressed during the time of decision making with the E&S risk information available.

DISCLOSURE OF RISK REPORTING

Credit Risk

Credit Concentration Risk

The Credit Concentration Risk review and analysis of the Bank includes the following parameters as channeled by the Bank’s Risk Appetite Level and Risk Trigger Level of the Bank:

  • Single Obligor Limit
  • Sectoral Lending (16 sectors as prescribed by NRB)
  • Top Borrower Wise Exposure
  • Single Borrower’s Concentration
  • Additional Sectors Concentration

Single Obligor Concentration (Loan Limit % of Core Capital):

Single Obligor Concentration

Sector wise loan concentration of the Bank

Sector wise loan concentration of the Bank
Top borrower wise exposure
Single Borrower's Concentration
Additional Sectors Concentration

Market Risk :

1. Stress Testing
As part of the Bank focus on fostering risk culture stress testing is consider as a critical tool for risk management program. Stress testing, as an important risk management tool identifies potential risks and supports the optimization of capital and liquidity buffers. It enables the exploration of vulnerabilities in business models whilst overcoming the limitations of historical data. Stress tests are used to measure the impact of extreme, yet plausible events. Where necessary, measures are taken on the basis of the results of the stress tests that are in line with the Bank’s risk appetite.

Central Bank has advised all banks to perform and submit stress testing on quarterly basis. The outcome of stress testing in credit, market and liquidity scenarios is submitted to Central Bank upon review of senior management and Board on quarterly basis. The output of stress testing are taken into account for assessing potential risk, mitigation of such risk as well as current and future capital requirement of the Bank.


2. Net Open Position:
Net open currency position is the un-hedged position in all the foreign currencies that exposes the Bank to the foreign exchange risk.

2. Net Open Position

3. Deposit Mix and Concentration (Amount in Millions)

4. CASA Mix (Amount in Millions)

5. Concentration of deposit on Top 20 depositors as of 16th July 2023

AML/CFT RISK ASSESSMENT

The Bank has conducted the AML/CFT risk assessment in accordance with the requirement of Unified Directives No. 19 (9) (3) issued by Nepal Rastra Bank and prepared the AML/CFT risk assessment report for the period July 16 2022 to July 16 2023. The Bank has assessed the risks inherent in its business, taking into account risk factors including those relating to its customers, countries or geographical areas in which it operates products & services, and its delivery channels.

Based on the annual risk assessment conducted by the Bank on the various risk factors such as Customer, Product & Services, Delivery channel, and Geography, overall inherent risk of the Bank for FY 2022-23 is Medium rating.

The Bank has various control mechanisms for offsetting overall inherent risk. AML control of the Bank is assessed based on various preventive controls such as policy & procedures, training, AML program, AML governance, Management Oversight, and detective control such as monitoring & control, independent testing & assurance, and detection & filing of STR/SARs. Hence the AML control of the Bank is adequate and helps detect/ control potential AML risk but has the scope of improvement, hence control effectiveness is assessed as 89%. The residual risk is the risk remaining post-assessment of control against the identified inherent risk. Hence the residual risk of the Bank after applying the control measures is the Medium rating.

Summary of Bank ICAAP assessment:

The Bank operates a prudent approach to risk with rigorous management controls to support sustainable business growth and minimize risk and losses. The bank has been promoting riskbased controls through a strong and independent risk function (Integrated Risk Management Department). The risk department maintains control frameworks to identify and escalate current and emerging risks that support the Bank’s activities are within the risk appetite and are driven by risk decision-making.

Within the purview of robust risk management, the Bank’s mission and value propositions are cascaded from the senior management down to every employee who has a role in risk management. The Bank’s risk governance framework consists of key policies, standards, and processes through which the Bank identifies, assesses, measures, monitors and controls risk across every operational and business activity. The Bank’s risk management policy also emphasizes risk culture and lays out standards, procedures and programs that are designed to set, reinforce and enhance the Bank’s overall risk culture integrate its values and conduct expectations into the organization providing employees with tools to assist them with making prudent and ethical risk decisions and to escalate issues appropriately The Bank monitors its risks through the coordinated efforts of the risk management departments taking into account current fluctuations in the risks taken and prospects of the bank business and operations to ensure alignment of regulatory capital requirements with the true risk profile of the Bank thus ensuring long term strategy and soundness of the Bank.

The Bank believes that the assessment of capital is a comprehensive and regular process where business plans and strategies are formulated within the defined risk appetite and preferences, risk management systems in making decisions regarding capital requirements and its management. Within the bank’s internal governance framework, the ICAAP process ensures that the management body:

  • Adequately identifies, measures, aggregates and monitors the Bank’s risks;
  • Ensures that the Bank holds adequate internal capital in relation to risk profile; and
  • Uses sound risk management systems and develops them further.

The ICAAP process constitutes key governance parameters for capital management as prescribed in the regulatory framework, which mainly consists of three pillars designed to mutually reinforcing adequate capital base corresponding to overall risk profile of the Bank.

The Bank has adequate capital for its size and complexity of business. The Bank manages its capital to ensure that it is able to operate above the regulatory and internal capital requirements. The ICAAP indicate that the Bank’s capital adequacy ratio and Tier- I capital ratio remains well above internal requirement of 11.5% and 8.75% throughout the period of fiscal year 2022-23. It indicates that the Bank was able to maintain a sufficient capital base to meet the minimum capital requirements.

The Bank has adopted the regulator driven risk assessment methodology for assessment of material risk & potential capital charge impact under ICAAP. Simplified Standard Approach, Net Open Position approach and Basic Indicator Approach is applied for measurement of Credit Risk, Market Risk and Operational Risk respectively. The Bank considers that the risk assessment undertaken for the above risks reflects an acceptable level of its risk profile. Over and above risks, additional capital shall be set aside using best practices for their assessment and associated capital charge by supervisory review.

The Bank has developed various internal risk assessment methodologies and tools for assessment of material credit risk, market risk and operational risk and scenarios for stress testing. The risk analysis, outcome and mitigating measures for effective internal control are presented to the Senior Management through Risk management committee for its effective implementation.

Risk Management