Update your browser to view this website correctly. Outdated Browser
For online banking click here.
A disciplined risk management culture and framework facilitates oversight of and accountability for risk at all levels of the organisation and across all risk types. The Board of Directors exercises oversight and provides guidance to an experienced Senior Management team who works closely with their teams in managing risk. Understanding the highly specialised nature of managing risk, decision-making is highly centralized through a structure of senior and executive risk management committees. The rich risk culture, which seamlessly flows through not only within the Bank, but across the Group accentuates more on two financial subsidiaries, CBC Finance Ltd and Commercial Bank of Maldives (CBM). A Group risk assessment, with a view to pass on best practices across all institutions, is being carried out on a continuous basis to replicate and embrace the same.
In volatile financial markets, it is important to understand the accurate risk profile of the Bank and compare that with the desired risk profile on an ongoing basis. The Bank therefore, has implemented a comprehensive risk appetite framework that helps to better understand and manage the risks by translating risk matrix and methods into strategic decisions, reporting and day-to-day business decisions.
A Risk Appetite Statement (RAS) is in place clearly defining the aggregate quantum of risk the Bank is willing to assume indifferent aspects of business in achieving its strategic objectives. Regulatory requirements, strategic goals, capital adequacy and other prudential factors are incorporated into the RAS to facilitate sustainable value creation to stakeholders whilst ensuring compliance in an efficient manner. Tolerance limits for various types of risks such as credit risk, market risk and operational risk including IT risk has been established by the Bank and these limits are periodically reviewed to capture factors such as:
A comprehensive limit system is adopted to translate the risk appetite of the Bank so that it is understandable and practical to implement, while catering to current sophisticated level of the operations.
As a reputed financial institution which is rich with 100 years of history, Commercial Bank of Ceylon PLC is privileged to have an established risk culture which has supported the Bank to become the largest private sector bank in Sri Lanka. This traditional prudent risk culture was reinforced and complemented with the introduction of a formal integrated risk management function independent to the business units.
The Bank’s risk culture focuses on enabling the risk assuming functions (i.e., business units) to make objective decisions in a consistent manner across the Organisation. ‘Risk Decisions’ are considered to be a shared responsibility of the Business Managers and the Risk Managers; who formulate the ‘first and second lines of defence’ respectively. ‘Third line of defence’ in the risk culture is created by the audit and compliance functions which independently assure integrity and transparency of the risk-related decisions as well as the Risk Management Framework as a whole.
Responsibility of managing the risks across the Bank resides with all levels in the hierarchy from the Board of Directors, Executive Committees to Business and Risk Managers. This structure enables the Bank to take informed decisions after evaluating and challenging them from a risk perspective at various levels.
Risk Management Framework is strengthened by risk-related committees listed below:
|
Committees |
Key Objectives |
Represented by |
|---|---|---|
| Board Integrated Risk Management Committee (BIRMC) | To ensure that the Bank - wide risks are managed within the risk strategy and appetite established by the Board of Directors | Please refer 'Board Integrated Risk Management Committee' Report |
| Board Credit Committee (BCC) | To assist the Board to analyse and review the credit risk control measures in the lending area and compliance with the CBSL regulations and evaluation and recommendation of high value credit proposals. | Mr. K.G.D.D. Dheerasinghe – Chairman, Mr.S. Renganathan – Managing Director / Chief Executive Officer, Mr. S C U Manatunge- Director / Chief Operating Officer, Prof. A.K.W. Jayawardane – Non-Executive Director, Justice K Sripavan- Non-Executive Director |
| Executive Integrated Risk Management Committee (EIRMC) | To monitor and review all the risk exposures and risk-related policies/procedures affecting credit, market and operational areas in line with the directives from BIRMC | Managing Director/Chief Executive Officer, Chief Operating Officer and key members of Integrated Risk Management, Personal Banking, Corporate Banking, Treasury, Inspection, Compliance, and Finance Divisions. |
| Assets and Liabilities Committee (ALCO) | To optimise the Bank's financial goals, while maintaining market and liquidity risks within the Bank's risk appetite. | Managing Director/Chief Executive Officer, Chief Operating Officer and key members of Treasury, Corporate Banking, Personal Banking, Integrated Risk Management, and Finance Divisions. |
| Credit Policy Committee | To review and approve credit policies/procedures to ensure that all credit portfolios are properly managed within the lending strategies of the Bank. | Managing Director/Chief Executive Officer, Chief Operating Officer and key members of Corporate Banking, Personal Banking, Integrated Risk Management, Inspection, Credit Supervision and Recoveries, and Branch Credit Monitoring Divisions. |
| Executive Committee on Monitoring NPAs | To review and monitor the Bank's Non-Performing Advances (NPAs) above Rs.5.0 Mn. classified within the preceding one-year period to initiate timely corrective actions to prevent/reduce credit losses. | Managing Director/Chief Executive Officer, Chief Operating Officer and key members of the Corporate Banking, Personal Banking, Credit Supervision and Recoveries, and Integrated Risk Management Divisions. |
| Business Continuity Management Steering Committee (BCMSC) | To direct, guide and oversee the activities of the Business Continuity Plan (BCP) of the Bank which aligns with the strategic direction provided by the Board with regard to BCP development and maintenance | Key members in the Bank’s Corporate Management covering all business lines that come under their purview |
| Information Security Council (ISC) | To support in continuously meeting the information security objectives and requirements of the Bank. | Key members of Integrated Risk Management, Information Systems Audit, Operations, and IT Divisions. |
An integral part of ICAAP under Pillar 2, stress testing is used to evaluate the sensitivity of the current and forward risk profile relative to risk appetite. It also supports a number of business processes, including strategic planning, the ICAAP including capital management, liquidity management, setting of risk appetite triggers and risk tolerance limits, mitigating risks through actions such as reviewing and changing limits, limiting or reducing exposures and hedging thereof, facilitating the development of risk mitigation or contingency plans across a range of stressed conditions supporting communication with internal and external stakeholders.
The Bank’s Stress Testing Governance Framework sets out the responsibilities for and approaches to stress testing activities which are conducted at Bank, business line and risk type level. The Bank’s stress testing programme uses one or a combination of stress testing techniques, including scenario analysis, sensitivity analysis and reverse stress testing to perform stress testing for different purposes.
The framework covers all the material risks such as credit risk, credit concentration risk, operational risk, liquidity risk, FX risk, IRRBB using EVE and EAR perspectives. The Bank looks at different degrees of stress levels which are defined as Minor, Moderate and Severe stress levels in the Stress Testing Policy. The resultant impact on the capital through these stress tests is carefully analysed. If the stress tests bring about a deterioration of the capital which has no impact on the policy level on capital maintenance, same is defined as Minor Risk, while a deterioration of up o 1% is considered Moderate Risk. If the impact results in the capital falling below the statutory requirement such a level will be considered Severe Risk, warranting immediate attention of the Management to rectify the situation.
If you`d like more help & information, you can:
