ICICI Bank Annual Report 2020

risk governance framework

ICICI Bank is committed to managing its risk in a manner that furthers the goal of achieving risk-calibrated, sustainable growth.

As a financial intermediary, the Bank is exposed to various risks, primarily credit risk, market risk, liquidity risk, operational risk, information technology risk, compliance risk, legal risk and reputation risk.

The Board of Directors of the Bank has oversight of all risks in the Bank with specific Committees of the Board constituted to facilitate focussed oversight. There is adequate representation of Independent Directors on each of these Committees. The Board has framed the specific mandate for each of these Committees. The proceedings and the decision taken by these Committees are reported to the Board. The policies approved by the Board of Directors or Committees of the Board from time to time constitute the governing framework within which business activities are undertaken. The Bank has put in place an Enterprise Risk Management and Risk Appetite Framework that articulates the risk appetite and drills down the same into a limit framework for various risk categories. The trends in the portfolio and risks are reported to the Board Committees periodically.

Several independent groups and sub-groups have been constituted to facilitate independent evaluation, monitoring and reporting of risks. These groups function independently of the business groups.

The Risk Management Group is further organised into the Credit Risk Management Group, Market Risk Management Group, Operational Risk Management Group and Information Security Group.

The Internal Audit Group provides independent assurance that the aforesaid independent groups monitoring the risks in the Bank, are operating in line with policies, regulations and internal standards defined for management of the various risks in the Bank.

The Risk Management Group reports to the Risk Committee of the Board of Directors. The Compliance Group and the Internal Audit Group report to the Audit Committee of the Board of Directors. The Risk Management, Compliance and Internal Audit Groups have administrative reporting to the President - Corporate Centre.

Governance structure for Information Technology

The Information Technology (IT) governance structure in the Bank consists of the IT Strategy Committee at the apex which is supported by the Risk Committee and Audit Committee. The Information Technology Strategy Committee is chaired by an Independent Director and is responsible for approving the policies and strategies for information technology and ensuring that the Bank's IT strategy is aligned with the Bank's business objectives. At the executive management level, the Committees which oversee the various aspects of IT operations and IT risk are the IT Steering Committee and Information and Cyber Security Committee. The proceedings of the IT Steering Committee and Information and Cyber Security Committee are reviewed by the IT Strategy Committee. Further, the Business Continuity Management (BCM) Steering Committee approves and monitors the implementation of the comprehensive BCM plan, which includes a business continuity plan for processes, the disaster recovery plan for IT systems and an emergency response plan for mitigating the risk of injuries to customers and employees and damage to the Bank's assets.