As a financial intermediary, we are exposed to various risks, primarily credit risk, market risk, liquidity risk, operational risk, technology risk, compliance risk, legal risk and reputation risk. Our active risk management energises our strategic approach of risk-calibrated growth in core operating profit.

The Board of Directors of the Bank has oversight of all risks in the Bank with specific Committees of the Board constituted to facilitate focussed oversight. There is adequate representation of independent directors on each of these Committees. The Board has framed the specific mandate for each of these Committees. The proceedings and the decision taken by these Committees are reported to the Board. The policies approved by the Board of Directors or Committees of the Board from time to time constitute the governing framework within which business activities are undertaken.

The roles of specific committees of the Board constituted to facilitate focussed oversight of various risks are:

  • Credit Committee: Review of developments in key industrial sectors, major credit portfolios and approval of credit proposals as per the authorisation approved by the Board.
  • Audit Committee: Provide direction to the audit function and monitor the quality of internal and statutory audits; responsibilities include examining the financial statements and auditors' report and overseeing the financial reporting process to ensure fairness, sufficiency and credibility of financial statements.
  • Information Technology Strategy Committee: Approve strategy for IT and policy documents, ensure that the IT strategy is aligned with business strategy, review IT risks, ensure proper balance of IT investments for sustaining the Bank's growth, oversee the aggregate funding of IT at Bank-level, ascertain if the management has resources to ensure the proper management of IT risks, review contribution of IT to business, oversee the activities of Digital Council, review technology from a future readiness perspective, oversee key projects' progress and critical IT systems' performance and the review of special IT initiatives.
  • Risk Committee: Review risk management policies pertaining to credit, market, liquidity, operational, outsourcing, reputation risks, business continuity plan and disaster recovery plan and approve Broker Empanelment Policy and any amendments thereto. The functions of the Committee also include setting limits on any industry or country, review of the Enterprise Risk Management framework, Risk Appetite Framework, stress testing framework, Internal Capital Adequacy Assessment Process and framework for capital allocation; review the status of Basel II and Basel III implementation, risk dashboard covering various risks, outsourcing activities and the activities of the Asset Liability Management Committee. The Committee has oversight on risks of subsidiaries covered under the Group Risk Management Framework. The Committee also carries out Cyber Security risk assessment.

The Financial Crime Prevention Group (FCPG) is responsible for overseeing/handling the fraud prevention, detection, investigation, monitoring, reporting and awareness creation functions.

The Bank has put in place an Enterprise Risk Management (ERM) and Risk Appetite Framework (RAF) that articulates the risk appetite and drills down the same into a limit framework for various risk categories under which various business lines operate. In addition to the ERM and RAF, portfolio reviews are carried out and presented to the Credit and Risk Committees as per the approved calendar of reviews. As a part of the reviews, the prevalent trends across various economic indicators and their impact on the Bank’s portfolio are presented to the Risk Committee. Industry analysis and reviews are also carried out and presented to the Credit Committee.

The Internal Capital Adequacy Assessment Process (ICAAP) encompasses capital planning for a four-year time horizon, assessment of material risks and the relationship between risk and capital. The capital management framework is complemented by the risk management framework, which covers the policies, processes, methodologies and frameworks established for the management of material risks. Stress testing, which is a key aspect of the ICAAP and the risk management framework, provides an insight on the impact of extreme but plausible scenarios on the Bank’s risk profile and capital position.

Several independent groups and sub-groups have been constituted to facilitate independent evaluation, monitoring and reporting of risks. These groups function independently of the business groups.

The Risk Management Group is further organised into the Credit Risk Management Group, Market Risk Management Group, Operational Risk Management Group and Information Security Group.

The Internal Audit Group, being the third line of defence, provides independent assurance that the independent groups monitoring the risks in the Bank, are operating in line with policies, regulations and internal standards defined for management of the various risks in the Bank.

The Risk Management Group reports to the Risk Committee of the Board of Directors. The Compliance Group and the Internal Audit Group report to the Audit Committee of the Board of Directors. The Risk Management, Compliance and Internal Audit Groups have administrative reporting to the Executive Director - Corporate Centre.