Integrated Risk Management

Risk Culture and Vision

DFCC Banking Business (DBB) adopts a comprehensive and well-structured mechanism for assessing, quantifying and managing risk exposures which are material and relevant for its operations within a well-defined risk framework. The articulated set of limits explains the risk appetite of DBB for all material and relevant risk categories and the risk capital position. Risk management is integrated with strategic, business and financial planning and customer/client transactions so that business and risk management goals and responsibilities are aligned across the organisation. Risk is managed in a systematic manner by focusing on a group basis as well as managing risk across the enterprise, individual business units, products, services, transactions and across all geographic locations.

Credit risk amounts to the highest quantum of quantifiable risk faced by any Sri Lankan bank based on the currently effective quantification techniques. In DBB also, credit risk accounted for 89% of risk-weighted assets as at March 2015. However, the Bank is fully aware and takes necessary measures to manage operational risk as a very important risk category. Operational risk incidents may be with high frequency but low impact or with low frequency but high impact all of which warrant being closely monitored and managed prudently.

Following broad risk categories are in focus:

Business risk and strategic risk
Credit risk including settlement risk in Treasury and international operations and credit concentration risk
Interest rate risk in the banking book and the trading book
Liquidity risk
Foreign currency risk
Equity prices risk
Operational risk
Legal risk
Compliance risk
Reputational risk

DBB’s general policies for risk management are outlined as follows:

The Board of Directors’ responsibility for maintenance of a prudent risk management function in DBB.
Communication of the risk policy to all relevant employees of DBB.
Structure of ‘Three Lines of Defence’ in DBB for management of risk which consists of the risk-assuming functions, independent risk management and compliance functions and the internal and external audit functions.
Ensuring compliance with regulatory requirements and other laws underpinning the risk management and business operations of DBB.
Centralised Integrated Risk Management Function which is independent from the risk assuming functions.
Ensuring internal expertise, capabilities for risk management and ability to absorb unexpected losses when entering into new business, developing products or adopting new strategies.
An assessment on risk exposures on an incremental and portfolio basis when designing and redesigning new products and processes before implementation. Such analysis will include among other areas, business opportunities, target customer requirements, core competencies of the Bank and the competitors and financial viability. Adoption of the principle of risk-based pricing. However, ALCO may consider shifting to market-based pricing approach based on the prevailing market conditions and business strategy.
Ensuring that the Board approved target capital requirements, which are more stringent than the minimum regulatory capital requirements, are not compromised. For internal purposes, economic capital is quantified using Basel II recommended guidelines in the Internal Capital Adequacy Assessment Process (ICAAP). A cushion for the regulatory capital over and above the economic capital requirement is maintained to cover for stress losses or losses caused by unquantifiable risks such as strategic risk, liquidity and reputation risk (risk categories which are not in Pillar I of Basel II). Under ICAAP capital is monitored on a quarterly basis based on the stress scenarios.
Aligning risk management strategy to DBB’s business strategy.
Ensuring comprehensive, transparent and objective risk disclosures to the Board, Corporate Management, Regulators, Shareholders and Other Stakeholders.
Continuous review of risk management framework and ICAAP to bring in line with the Basel II recommendations and regulatory guidelines. Maintenance of internal prudential risk limits based on the risk appetite of the DBB wherever relevant, over and above the required regulatory limits.
Ensuring a prudent risk management culture within DBB.
Periodic review of risk management policies and practices to be in line with the development in regulations, business environment and internal environment.

Risk Governance

Approach of ‘Three Lines of Defence’

DBB advocates strong risk governance applied pragmatically and consistently with a strong emphasis on the concept of ‘Three Lines of Defence’. The governance structure encompasses accountability, responsibility, independence, reporting, communication and transparency, both internally and with our relevant external stakeholders.

The First Line of Defence involves the supervision and monitoring of risk management practices by the business managers, corporate management and executive committees while discharging their responsibilities and accountability for day-to-day management of business operations. Independent risk monitoring, validation, policy review and compliance by the IRMD, the compliance function and periodic monitoring and oversight by the Board Integrated Risk Management Committee (BIRMC) constitute the Second Line of Defence. The Third Line of Defence is provided by the independent check and quality assurance of the internal and external audit functions.

DBB exhibits an established risk management culture with effective risk management approaches, systems and controls. Policy manuals, internal controls, segregation of duties, clearly demarcated authority limits and internal audit as key risk management tools. The Group Chief Risk Officer (CRO), who is an Executive Vice-President functions on a Group basis with direct access to the BIRMC.

Governance Structure for Risk Management in DBB

The Concept of ‘Three Lines of Defence’ for Integrated Risk Management Function of DBB

Risk Policies and Guidelines

A set of structured policies and frameworks approved by the BIRMC and the Board forms a key part of the risk governance structure. Integrated Risk Management Framework stipulates, in a broader aspect, the policies, guidelines and organisational structure for the management of overall risk exposures of DBB in an integrated approach. This framework defines risk integration and the aggregation approaches for different risk categories. In addition, separate policy frameworks detail the practices for management of key specific risk categories such as credit risk, market risk, credit concentration risk, liquidity risk, operational risk etc. These policy frameworks are communicated across the Bank. Respective staff members are required to adhere to the specifications of these frameworks when conducting business transactions.

Risk Appetite

Risk appetite of the Bank has been defined in the Overall Risk Limits System. It consists of risk limits arising from regulatory requirements, borrowing covenants and internal prudential purposes. The limit system forms a key part of the key risk indicators and covers key risk areas such as credit, interest rate, liquidity, operational, foreign exchange, concentration and risk capital position amongst others. Lending limits cover the industry sectors and geographical regions as part of the prudential internal limits. These limits are monitored monthly and quarterly on a ‘Traffic Light’ system. These risk appetite limits are reviewed at least annually in line with the risk management capacities, business opportunities, business strategy of DBB and regulatory specifications. Industry sector limits for the lending portfolio considers the inherent diversification within the sub-sectors and the borrowers within broader sectors.

Organisational Structure for Risk Management

Board Integrated Risk Management Committee (BIRMC)

The BIRMC is a Board sub-committee, which operates on a group basis and oversees the risk management function and the Basel II implementation process in line with the Board approved policies and strategies.

The BIRMC functions under the responsibilities set out in the Board-approved Charter for the BIRMC, which incorporates corporate governance requirements for Licensed Commercial Banks issued by the Central Bank of Sri Lanka (CBSL). BIRMC will set the policy and operations for bank-wide risk management including credit risk, market risk, operational risk and liquidity risk. The Committee interacts with the CEO, Credit Committee, ALCO, Operational Risk Management Committee (ORMC) and Group CRO on risk management-related tasks. In addition to the Board’s representatives, the BIRMC consists of the CEO and CRO as voting members. Further, Heads representing Credit, Finance, Treasury, Information Technology and Operations attend the meeting as invitees. A summary of the responsibilities and functions of the BIRMC are outlined in the Report on the Board Integrated Risk Management Committee.

Involvement of Management Committees

Management Committees such as Credit Committee, Asset and Liability Management Committee (ALCO), Operational Risk Management Committee (ORMC), Special Loan Review Committee (SLRC) and Impairment Assessment Committee (IAC) encompass a part of the organisational structure for integrated risk management function in DBB. The responsibilities and tasks of these committees are stipulated in the Board approved charters and TORs and the membership of each committee have been defined to bring an optimal balance for the business and risk management perspective including the CRO as a member.

Credit Risk Appraisal Unit in the Commercial Banking Business

The Credit Risk Appraisal Unit, which directly reports to the Group CRO, engages in credit risk management of the commercial banking business carrying out checks on credit rating and appraisals prior to credit approval in order to ensure quality of appraisals, adherence to defined guidelines and risk in the credit appraisal. Credit proposals from all branches are submitted for the review of this Unit before submission to the credit approving authority.

Organisational Structure for Integrated Risk Management Function

Integrated Risk Management Department (IRMD)

IRMD functions on a group basis and is responsible for measuring and monitoring risk at operational levels on an ongoing basis to ensure compliance with the parameters set out by the Board/BIRMC and other executive committees for carrying out the overall risk management function in DBB. It consists of four separate units such as Risk policy and Modelling, Credit Risk Management, ALM & Market Risk Management and Operational Risk Management. IRMD is involved with product or business strategy development or entering into new business lines from the initial design stage through input to the task/process from a risk management perspective. Credit Risk Management Unit of the IRMD carries out an independent review of the credit ratings of all corporates over a minimum threshold and also carries out random examination of other exposures. Treasury Middle Office which is functionally segregated from the Treasury Department and directly reports to the Group CRO and monitors the Treasury-related market risk limits.

Key Developments in Risk Management Function of DBB during the Year Under Review

During the period under review, several significant initiatives were undertaken paying continuous emphasis on regulatory developments and reassessing DBB’s existing risk management policies guidelines and practices for necessary improvements. In addition to these regulatory specifications, changes in business strategy, industry factors and international best practices were also considered during this improvement process. The following are the key initiatives during the financial year which brought improvements to the overall Integrated Risk Management Function:

DBB developed an ICAAP which is in compliance with Pillar II of the Basel II framework. It focuses on formulating a mechanism to assess DBB’s capital requirement covering all relevant risk and stress conditions in a futuristic perspective in line with the level of assumed risk exposures through its business operations. This ICAAP formulates the Bank’s capital targets, capital management objectives and capital augmentation plans. Further, it evaluates the capital adequacy covering both Pillar I and Pillar II risks as well.
DBB successfully implemented a hedging arrangement, using a derivative instrument in order to manage the possible credit losses in the pawning portfolio which can arise due to adverse movements of gold prices. This derivative transaction was the first of its kind in the Sri Lankan Banking industry.
A set of prudential risk limits were established for maximum expected loss, probable defaults, provisioning, maximum exposures in credit rating grades for better management of the credit risk.
Periodic validation of the credit rating models was carried out, SME rating model was revisited and realigned together with the user guidelines for better discriminatory power and for improved discipline for the usage of the credit rating model.
Credit portfolio segmentation that categorises the borrowers in a methodical manner was implemented during the year. This categorisation is important in several aspects for credit risk management. Application of rating models are customised for differing borrower segments while depth and breadth of credit appraisals can vary based on borrower segments. This borrower segmentation is a prerequisite for DBB to obtain regulatory capital advantage from lending to SME and retail segments.
A disclosure policy was established for DBB during the year complying with regulatory provisions and as an initiative to move to Basel II Pillar III. The appropriateness of the disclosures will be assessed and reviewed on an annual basis or as and when required. All the disclosures are consistent with the Bank’s own risk management practices and the relevant disclosures under different risk types are decided based on the concept of materiality.
Risk reporting process was improved during the year as per the requirements stated in ICAAP framework.
TMO uses a dash board that facilitates the timely reporting of Treasury market positions independently to the management. During the year, the dash board was further improved with more and timely information.
The Bank commenced computation and monitoring of the Liquidity Coverage Ratio under Basel III as per the guidelines issues by the CBSL to be implemented in 2015. The LCR is expected to strengthen the liquidity risk management in the Banking sector ensuring that the Banks have adequate stock of high liquid assets for 30 days that can be easily and immediately converted to cash even under a liquidity stressed scenario. The test computations have indicated that DBB is comfortably in compliance with the requirements.
During the year, interest margins came under pressure with the sharp drop in the market rates, where lending rates dropped more than the deposits rates. Scenario analyses and simulations to assess the expected behaviour of the interest margins enabled DBB to take proactive measures to manage the erosion of margins.
IRMD continued to calculate Loss Ratios for key lending products using historical recovery data in support of impairment assessment under IFRS. During 2014, a review on the Loss Ratio Methodology was conducted in line with the historical evidence. The methodology was refined to incorporate the cash flow patterns and recovery experience of impaired assets of the Bank.
The stress testing policy was amended to accommodate comprehensive range of stress tests and the stress testing was carried out in accordance. The frequency for stress testing for relevant risk categories were increased.
IRMD continued to support the pawning business of the Bank through timely studies, research and providing necessary market information to the business. IRMD was actively engaged with the business of arriving at advance rates and interest rates for pawning products while managing the market and credit risk aspect.
As part of the risk management practices, DBB computed the key credit risk quantification parameters such as Probability of Default (PD), Loss Given Default (LGD) and the Loss Ratios which are defined and recommended under the Basel II and IFRS. The results indicated improvements in the credit risk rating process, rating models, recovery process and the collateral quality in DBB over a period.
DBB realigned the credit work flow in order to ensure that every credit proposal sent for approval is independently evaluated. The new work flow ensures that every credit proposal is independently evaluated by either the Quality Assurance Unit (QAU) or the IRMD based on the region/origination unit and approving authority.
In order to improve and align the credit appraisal processes and overall credit risk management, the DBB introduced a new SME rating model to be used for both DFCC and DVB (SME) clients.
Having duly recognised the global trend on increasing threats on system and information security, DBB paid increased attention on IT security under its operational risk management practices.

DFCC Bank’s External Credit Rating

The Bank continued to maintain its foreign currency credit rating of B+ (stable outlook) by the Fitch Ratings and B (stable outlook) assigned by Standard & Poor’s. The sovereign rating of BB- assigned for the Government of Sri Lanka is the benchmark for the foreign currency rating of other institutions within the country. During the year under review, the DFCC Bank’s local currency rating of ‘AA-’ was also maintained. DFCC Bank’s credit rating is influenced by the growing significance of the commercial banking business segment due to the highly integrated nature within the Group in operations and management. The commercial banking business of the Group – DVB, carries a stand-alone credit rating of ‘AA-’ assigned by Fitch Ratings Lanka. The increased significance of Group’s commercial banking business segment is a result of its business diversification strategy to bring earnings growth while managing the excessive dependence on the project lending business.

Credit Risk

Credit risk is the risk of loss to the Bank if a customer or counterparty fails to meet its financial obligations in accordance with agreed terms and conditions. It arises principally from On-Balance Sheet lending such as loans, leases, trade finance, overdrafts as well as through Off-Balance Sheet products such as guarantees and letters of credit. A deterioration of counterparty credit quality can lead to potential credit-related losses for a Bank. Credit risk is the largest component of the quantified risk in DBB and accounts for 89% of Risk-Weighted Assets at DBB.

DFCC Bank, being a leading Development Finance Institution in Sri Lanka, is faced with a relatively high level of credit risk when conducting its development finance activities. The goal of credit risk management is to maximise the risk adjusted rate of return by maintaining the credit risk exposure within acceptable levels.

Credit Risk Management Process at DBB

The DBB’s Credit Policies approved by the Board of Directors define the credit objectives, outlining the credit strategy to be adopted at DBB. The policies are based on CBSL Direction on Integrated Risk Management, Basel recommendations, business practices of DBB and risk appetite of DBB.

Credit risk management guidelines identify target markets and industry sectors, define risk tolerance limits and recommend control measures to manage concentration risk. Standardised formats and clearly documented processes and procedure ensure uniformity of practices across DBB.

Credit Risk Culture	Credit Risk Management Framework and Credit Policy
Credit Risk Culture	Governance structure and specific organisational structure for credit risk management
	IRMD creates awareness of credit risk management through training programmes and experience sharing sessions
Credit approval process	Structured and standardised credit approval process as documented in credit manuals. The entire gamut of activities involving credit appraisal, documentation, funds disbursement, monitoring performance, restructuring and recovery procedure are described in detail in these manuals which are reviewed annually
	Standardised appraisal formats have been designed for each product type
	Clearly defined credit workflow ensures segregation of duties among credit originators, independent review and approval authority
	Delegation of Lending Authority sets out approval limits based on a combination of risk level, as defined by risk rating and security type, and loan size, proposed tenure, borrower and group exposure, IRM’s involvement in independent rating reviews of borrowers above a defined threshold for credit proposals.
	GCRO is a member of the Credit Committee, evaluates credit proposals from a risk perspective
	Risk based pricing is practiced at DFCC Bank, any deviations are allowed only for funding through credit lines and where strong justification is made due to business development purposes.
Control Measures	Negative sectors and special clearance sectors are identified based on the country’s laws and regulations, DBB’s corporate values and policies and level of risk exposure. Negative sectors are recognised as industry sectors to which lending is disallowed while special clearance sectors are industry sectors and credit products to which DBB practices caution in lending, to special clearance section.
	Exposure limits on single borrower, group exposure, and advisory limits on industry sectors, large group borrowers and selected geographical regions are set by the Board of Directors on recommendation of IRMD
Credit Risk Management	Timely identification of problem credits through productwise and concentration analysis in relation to industries, specific products and geographical locations such as branches/regions/provinces
	Industry reports/periodical economic analysis provide direction to lending units to identify profitable business sectors to grow the group’s portfolio and to identify industry related risk sources and their impact
	Evaluation of new products from a credit risk perspective
	Post sanction review of loans within stipulated time frame is in place in accordance with Loan Review Policy to ensure credit quality is maintained
	Independent rating review by Credit Risk Management Unit of IRMD ensures proper identification of credit quality at a timer of credit origination and annual credit reviews.
Credit Risk Monitoring and Reporting	Analysis of total portfolio in terms of NP movement, product distribution, industry sectors, Top 20 exposures, borrower rating distribution, region-wise portfolio distribution, collateral distribution is carried out periodically and reporting to BIRMC.
Credit Risk Monitoring and Reporting	Routine monitoring of excesses/arrears clients for recovery purposes together with lending units ensuring timely action taken to regularise the position
	Close monitoring of potentially high risk advances of significant value, booked at branches.
	Reporting quarterly to BIRMC on credit concentration risk positions with regards to regulatory limits such as single borrower and group exposure limits and internal advisory limits on industry sectors, large group borrowers and selected geographical regions as well as exposure based on credit rating grades.
	Monthly reporting on Key Risk Indicators to BIRMC and the Board
Credit Risk Mitigation	Borrower’s ability to pay is the primary source of recovery. Collateral acts as the secondary source in the event borrower’s cash inflow is impaired.

Market Risk

Market risk is the possibility of loss arising from changes in the value of a financial instrument as a result of changes in market variables such as interest rates, exchange rates, equity prices and commodity prices. As a financial intermediary the DBB is exposed primarily to the interest rate risk and as an authorized dealer, commercial Banking business is exposed to the exchange rate risk on foreign currency portfolio positions.

Market risk could impact DBB mainly in two ways; viz., loss of cash flows or loss of economic value. Market risk can be looked at in two dimensions; as traded market risk, which is associated with the trading book and non-traded market risk, which is associated with the banking book.

The ALCO oversees the management of both the traded and the non-traded market risk. The Group Treasury manages the foreign exchange risk with permitted hedging mechanisms. Trends in relevant local as well as international markets are analyzed and reported by IRMD and the Treasury to ALCO and BIRMC. The market risks are controlled through various limits. These limits are stipulated by the Group’s Investment Policy, Treasury Manual & Policy, and limits system of DBB.

Treasury Middle Office (TMO) is segregated from the Treasury Front Office (TFO) and Treasury Back Office (TBO) and reports to CRO. The role of the TMO includes the day-to-day operational function of monitoring and controlling risks assumed in the TFO and TBO based on clearly defined limits and controls. Being independent of the dealers, the TMO provides an objective view on Front Office activities and monitors the limits. TMO has the authority to escalate limit excesses as per delegation of authority to the relevant hierarchy. The Treasury information management system maintained by TMO includes a dashboard that facilitates the timely reporting of Treasury market positions independently to management.

The Treasury telephone voice logging system is fully deployed and is under the purview of the TMO in order to minimise operational risks associated with the voice-based market activities.

The strengthened treasury and market risk management practices contribute positively to the overall risk rating of the Group and efficiency in the overall Treasury operations.

TBO which is reporting to Head of Accounting and Reporting is responsible for accounting, processing settlements and valuations of all treasury products and transactions. The treasury transactions related information is independently submitted by TBO to relevant authorities.

Interest Rate Risk

Interest rate risk can be termed as the risk of loss in the net interest income (earnings perspective) or the net worth (economic value perspective) due to adverse changes in the market interest rates. ALM unit routinely assesses the DBB’s asset and liability profile in terms of interest rate risk and the trends in costs and yields are reported to ALCO for necessary realignment in the asset and liability structure and the pricing mechanism.

Foreign Exchange Rate Risk

Foreign exchange rate risk can be termed as possibility of adverse impact to the Group’s capital or earnings due to fluctuations in the market exchange rates. This risk arises due to holding assets or liabilities in foreign currencies. Net Open Position (NOP) on foreign currency indicates the level of net foreign currency exposure that has been assumed by the Bank at a point of time. This figure represents the unhedged position of the Bank in all the foreign currencies. DBB accrues foreign currency exposure through purchase and sale of foreign currency from customers in its commercial banking and international trade business and through borrowings and lendings in foreign currency.

DBB manages the foreign currency risk using a set of tools which includes limits for net unhedged exposures, hedging through forward contracts and hedging through creating offsetting foreign currency asset or liability. TMO monitors the end of the day NOP as calculated by the TBO, and the NOP movement in relation to the spot movement. The daily inter-bank foreign currency transactions are monitored for consistency with preset limits and any excesses are reported to the management and to BIRMC. The unhedged foreign currency exposure of DBB is closely monitored and necessary steps are taken to hedge in accordance with the market volatilities.

Indirect Exposures to Commodity Prices Risk - Gold Prices

The DBB’s pawning portfolio amounted to LKR 1,720 million at 31 March 2015, which was only 0.8% of total assets of DBB. This indicates that the risk exposure arising from the pawning portfolio is at a comfortably absorbable level to DBB, if it crystallises in the future.

Equity Prices Risk

Equity prices risk is the risk of losses in the marked-to-market equity portfolio, due to the decline in the market prices. The direct exposure to the equity prices risk by the DBB arises from the trading and available-for-sale equity portfolios. Indirect exposure to equity prices risk arises through the margin lending portfolio of DVB in the event of crystallisation of credit risk of margin borrowers. The Investment Committee of DFCC Bank is responsible for managing equity portfolio in line with the policies and the guidelines set out by the Board and the BIRMC. Allocation of limits for equities, sectors and for collateral form part of the tools for managing the equity portfolio. Rigorous appraisal, proper market timing and close monitoring of the portfolio performance in relation to the market performance facilitate the management of the equity portfolio within the framework of investment strategy and the risk policy. DBB’s long- term investment horizon for equity investments smoothens out the adverse implications of the short-term market volatilities while enabling the Group to reap optimal benefits from the selected securities in the portfolio.

The indirect exposure to equity prices risk arising from margin lending of DVB is managed through the specific margin trading policy framework under the supervision of the Credit Committee. Each margin lending customer is carefully appraised for his track record with the Bank and the financial strength to meet margin calls, if needed, while the equity exposure arising in terms of collateral is assessed under a structured process set out in the Margin Trading Policy before the origination of the facility. Fundamentals of the lodged shares, market liquidity of the share and the diversification of the portfolio are considered as part of the assessment. Margin lending is governed by proper documentation and daily monitoring and management reporting as specified in the Margin Trading Policy.

The DBB’s direct exposure to equity market accounted for 10% of the Group’s assets inclusive of DFCC Bank’s residual investment in the Commercial Bank of Ceylon PLC based on the marked-to-market values as at 31 March 2015. This equity portfolio which is classified as AFS, indicates an unrealized capital gain of LKR 17,380 million, which is reported under the other comprehensive income and the fair value reserve based on the marked-to-market value. Since there is such a large unrealised gains, the equity portfolio has to decline in current market value by more than 82.2% for the Group to recognise any possible negative impact to the income statement in case of a disposal of the portfolio. A value decline of 82.2% of the equity portfolio can be considered as a remote occurrence which is termed as a black swan event.

Liquidity Risk

Liquidity risk is the risk of not having sufficient funds to meet financial obligations in time and in full, at a reasonable cost. Liquidity risk arises from mismatched maturities of assets and liabilities. DBB has a well set out framework for liquidity risk management and a contingency funding plan. The liquidity risk management process includes regular analysis and monitoring of the liquidity position by ALCO and maintenance of market accessibility. Regular cash flow forecasts, liquidity ratios and maturity gap analysis are used as analytical tools by the ALCO. Any negative mismatches up to the next quarter revealed through the cash flow gap statements are matched against cash availability either through incremental deposits or committed lines of credit. Additionally ALCO monitors the maturity gap limits set up across all time buckets. Whilst comfortably meeting the regulatory requirements relating to liquidity, for internal monitoring purposes, DBB takes into consideration the liquidity of each eligible instrument relating to the market at a given point in time as well as undrawn commitments to borrowers when stress testing its liquidity position. The maintenance of a strong credit rating [AA- (LKA)] assigned by Fitch Ratings Lanka and reputation in the market enables the DBB to access domestic wholesale funds. For short-term liquidity support the Bank also has access to the money market at competitive rates.

The CBSL Direction No. 7 of 2011 specifies that liquidity can be measured through stock or flow approaches. Under the stock approach, liquidity is measured in terms of key ratios which portray the liquidity in the balance sheet. Under the flow approach banks should prepare a statement of maturities of assets and liabilities placing all cash inflows and outflows in the time bands according to the residual time to maturity in major currencies. DFCC Bank primarily uses the flow approach in measuring and managing liquidity risk while DVB uses both the flow and stock approaches. In line with the long-term project financing business, the Bank focuses on long-term funding through dedicated credit lines while its commercial banking business focuses on Current and Savings Accounts (CASA) and Term Deposits as the key source of funding for its lending.

The structure and procedures for asset and liability management at DFCC Bank and DFCC Vardhana Bank have been clearly set out in the Board approved ALCO Charters.

In October 2014, the Central Bank issued consultative guidelines for implementation of the minimum liquidity standards (Liquidity Coverage Ratio) under Basel III. Accordingly, Banks will be required to maintain an adequate level of unencumbered High Quality Liquid Assets (HQLAs) that can be easily and readily converted into cash to meet their liquidity needs for a 30 calendar day time horizon under a significantly severe liquidity stress scenario. These guidelines are to be implemented from April 2015. The initial test computations of LCR performed for DFCC and DVB indicated that the Banks are already in compliance with the Basel III minimum requirements having sufficient High Quality Liquid Assets well in excess of the minimum requirements specified by the Central Bank (The Minimum requirement is 60% in HQLAs to be maintained over the immediate 30 day net cash outflow).

DFCC Bank’s Exposure to Exchange Rate Risk and Placement of International Bond

In October 2013, the Bank issued its debut foreign currency international bond of USD 100 million with an original maturity of 5 years. The Bank entered into a hedging agreement with the CBSL in order to mitigate the foreign exchange rate risk to the extent of USD 75 million. The balance part of this foreign currency borrowing continues to be managed actively within the Bank in line with the market movements as a part of managing the Bank’s overall unhedged foreign currency exposure.

As at 31 March 2015, DBB carried a net unhedged foreign currency liability equivalent to USD 13.5 million, which is closely monitored.

Operational Risk

Operational risk is defined as the potential risk of loss resulting from inadequate or failed internal processes, people, systems and external events. It covers a wide area ranging from losses arising from fraudulent activities, unauthorised trade or account activities, human errors, omissions, inefficiencies in reporting, technology failures or from external events such as natural disasters, terrorism or even political instability. The objective of DBB is to manage, control and mitigate operational risk in a cost effective manner consistent with the Group’s risk appetite. The Group has ensured an escalated level of rigor in operational risk management approaches for sensitive areas of its operations.

ORMC oversees and directs the management of operational risk of DBB at an operational level with facilitation from the Operational Risk Management Unit of the IRMD. Active representation of the relevant departments and units of DBB has been ensured in the process of operational risk management through the operational risk coordination officers.

Segregation of duties with demarcated authority limits, internal and external audit, strict monitoring facilitated by the technology platform and back-up facilities for information are the fundamental tools of operational risk management. Audit findings and management responses are forwarded to the Board’s Audit sub-committee for their examination. Effective internal control systems, supervision by the Board, senior management and the line managers forms part of ‘First Line of Defence’ for operational risk management at DBB. The Group demands a high level of technical skills, professionalism and ethical conduct from its staff and these serve as insulators for many operational risk factors.

The Group business continuity plan deals with natural or other catastrophes. The loss of physical assets is mitigated through insurance.

The following are other key aspects of the operational risk management process in DBB:

Monitoring of the Key Risk Indicators (KRIs) for the departments/functions under the defined threshold limits using a traffic light system.
Operational risk incident reporting system and the independent analysis of the incidents by IRMD, and recognising necessary improvements in the systems, processes and procedures.
Trend analysis on operational risk incidents and review at the ORMC and the BIRMC.
Review of downtime of the critical systems and assess the reasons. The necessary risk and business impact is evaluated. Rectification measures are introduced once the tolerance levels are compromised.
Review of HR attrition and exit interview comments in details including a trend analysis with the involvement of the IRMD. The key findings of the analysis are evaluated at the ORMC and the BIRMC in an operational risk perspective.
Establishment of whistle blowing process.
Establishment of the complaint management process of the Bank under the Board approved complaints management policy. IRMD’s periodical evaluation on the effectiveness of the complaints management process and reports to the ORMC and the BIRMC.

Reputation Risk

Reputation risk is the risk of losing public trust or the tarnishing of the DBB’s image in the public eye. It could arise from environmental, social, regulatory or operational risk factors. Events that could lead to reputation risk events are closely monitored, utilizing an early warning system that includes inputs from frontline staff, media reports and internal and external market survey results. Though all policies and standards relating to the conduct of the DBB’s business have been promulgated through internal communication and training, a specific policy was established to take action in case of an event which hinders the reputation occurs. DBB has zero tolerance for knowingly engaging in any business, activity or association where foreseeable reputational damage has not been considered and mitigated. While there is a level of risk in every aspect of business activity, appropriate consideration of potential harm to DBB’s good name is a part of all business decisions. The complaints management process and the whistle blowing process of the Bank include a set of key tools to recognise and manage reputational risk.

Business Risk

Business risk is the risk of deterioration in earnings due to the loss of market share, changes in the cost structure and adverse changes in industry or macroeconomic conditions. The DBB’s medium term strategic plan and annual business plan form a strategy road map for sustainable growth. Continuous competitor and customer analysis, and monitoring of the macroeconomic environment enable the DBB to formulate its strategies for growth and business risk management. The processes such as Planning, ALM, IT and Product Development in coordination with business functions facilitate the management of business risk through recognition, measurement and implementation of tasks. Business risk relating to customers is assessed in the credit rating process and is priced accordingly.

Legal Risk

Legal risk arises from unenforceable transactions in a court of law or the failure to successfully defend legal action instituted against the DBB. Legal risk management commences from prior analysis, and a thorough understanding of, and adherence to, related legislation by the staff. Necessary precautions are taken at the design stage of transactions to minimise legal risk exposure. In the event of a legal risk factor, the legal unit of the DBB takes immediate action to address and mitigate these risks. External legal advice is obtained or Counsel retained when required.

Compliance Risk

Compliance risk can be termed as the risk of legal or regulatory sanctions, financial losses or damages to the reputation of the Bank as a result of its failure to comply with all applicable laws, regulations, Codes of Conduct and Standards of good practice. DBB ensures the effective compliance policies and procedures are followed and appropriate corrective actions are taken to rectify any breaches of laws, rules and standards if and when identified. A robust compliance culture has been established within DBB with processes and work flows designed with the required checks and balances to facilitate compliance. The compliance function works closely with the business and operational units to ensure the consistent management of compliance risk. Compliance is a key area of focus during the process of new product development and review. Head of compliance submits quarterly reports on the compliance status to the BIRMC and the Board to enable oversight to be exercised with the added safeguard of being subject to internal audit. A culture of compliance permeates all levels of DBB.

Anti-Money Laundering (AML)/Combating Terrorist Financing (CTF)

In response to international best practices and global standards of AML and combating terrorist financing. Sri Lanka has enacted laws relating to AML and CTF. Further, the Financial Intelligence Unit, under the purview of the Central Bank, has issued rules for Know Your Customer (KYC), and Customer Due Diligence (CDD) to identify and report suspicious transactions. DBB has taken necessary measures to implement these regulatory and legislative requirements for AML and CFT. The steps taken in this respect include customer identification and verification, maintenance of records, ascertaining sources of funds, monitoring and maintenance of AML/CTF programmes. The customers of DBB are subject to KYC/CDD measures.

Business Continuity Management

The Business Continuity Plan (BCP) of DBB ensures timely recovery of critical operations that are required to meet stakeholder needs based on identified disruptions categorised into various severity levels. BCP has been designed to minimise risk to human resources and to enable the resumption of critical operations within reasonable time frames with minimum disruption to customer service and payment settlement systems. The BCP site, which is located in a suburb of Colombo, is prepared in line with the BCP Guidelines issued by the Central Bank and is tested regularly to establish its effectiveness. Training is carried out to ensure that all staff is fully aware of their role within the BCP.

The DBB’s Risk Capital Position and Financial Flexibility

The Group adopts a proactive approach to ensure satisfactory risk capital level throughout its operations. In line with its historical practice and the capital targets, the Group aims to maintain its risk capital position higher than the regulatory minimum requirements of 5% for Tier I and 10% for Total capital. The risk capital position of the DBB (on a group basis) demonstrates the following key features.

DFCC Group Capital Adequacy Ratios
Under Simple Approaches of Basel II

	As at 31st March
Parameter	Tier I %	Total Capital %
Minimum regulatory requirement	5	10
DFCC Group capital position
- 2010	26.2	23.1
- 2011	28.0	26.9
- 2012	21.0	19.9
- 2013	20.8	19.3
- 2014	18.7	17.2
- 2015	17.7	16.6

The Group maintains a healthy risk capital position based on the local regulatory guidelines. The capital position as at 31 March 2015 demonstrates a cushion of about 13.8% and 7.6%, respectively, for Tier I and total capital over the minimum regulatory requirements. This capital position is higher than the Group’s target risk capital ratios.
High capital buffer ensures a stronger balance sheet position of the Group to withstand any unexpected eventualities if crystallised in an extreme situation. In addition, it enables the Group to venture an above average portfolio growth or any new business diversifications in a timely manner without mobilising fresh equity capital from shareholders.
The Group’s Tier I capital is higher than the total capital ratio which reflects that its capital base mainly consists of equity capital which has the higher risk absorption capacity.
Higher Tier I capital ratio relative to the total capital ratio ensures that Group carries flexibility for capital augmentation through mobilising qualifying Tier II capital without a fresh issue of shares and without adversely impacting ROE in case of a future portfolio growth or new business diversification.

Capital Adequacy Management

Capital adequacy measures the adequacy of the Group’s aggregate capital in relation to the risk it assumes. The capital adequacy of the Group has been computed under the following approaches of Basel II which are currently effective in the local banking industry.

Standardised approach for credit risk
Standardised approach for market risk
Basic Indicator approach for operational risk

Graph below shows DFCC Group’s capital allocation and available capital buffer as at 31 March 2015 based on the quantified risk as per the applicable regulatory guidelines. Out of the regulatory risk capital (total capital) available as at 31 March, credit risk accounts to 50.2% of the total capital while the available capital buffer is 43.4%.

Risk-Weighted Assets of DFCC Bank on a Solo and a Group Basis as at 31 March 2015

Risk-weighted assets (quantified risk category as per the CBSL Guidelines)	2015		2014
	Bank	Group	Bank	Group
Credit risk	86,158	150,641	73,852	125,745
Market risk	2,655	2,720	2,896	3,069
Operational risk	7,637	14,034	7,575	13,172
Total	96,450	157,374	84,323	141,987

DFCC Group’s Capital Position in Comparison to the Industry
As at Financial Year end (DFCC Group – 31 March, Industry – 31 December)

Parameter	2014/15		2013/14		2012/13
	Tier I	Total Capital	Tier I	Total Capital	Tier I	Total Capital
Local industry capital adequacy ratios	14.1	16.7	14.9	17.6	14.7	16.4
DFCC Group	17.7	16.6	18.7	17.2	20.8	19.3

(The local industry capital ratios – CBSL Annual Report)

Financial Flexibility in the DFCC Group’sCapital Structure

Apart from the strong capital position reported on-balance sheet, the Group maintains a financial flexibility through the stored value in it its equity investment portfolio. The unrealised capital gain of the Group is LKR 17,380 million, as at 31 March 2015 of the listed equity portfolio is included in the Fair Value Reserve and is currently not taken into consideration in the capital adequacy computation based on regulatory specifications.

Local Supervisory Background

Banking Supervision Department of the Central Bank of Sri Lanka (CBSL) has taken steps to strengthen the risk management aspects of the licensed banks in Sri Lanka by enforcing certain regulations, specifications, guidelines and recommendations from time to time, which are in line with the Basel II recommendations. The following regulatory specifications are particularly crucial;

CBSL Direction No. 10 of 2007 on Maintenance of capital adequacy ratios. In this Direction, specifications were issued for the licensed banks to quantify and maintain the capital adequacy in line with the Basel II Standardized Approach for credit risk and market risk and Basic Indicator Approach for operational risk.
CBSL Direction Nos. 11 and 12 of 2007 on the Corporate Governance of Licensed Banks in Sri Lanka. In this Direction, the licensed banks are required to form a Board sub-committee on Integrated Risk Management with a defined scope of responsibilities.
CBSL Direction No. 7 of 2011 on Integrated Risk Management Frameworks of Licensed Banks issued in October 2011. This specifies the requirement for Integrated Risk Management Framework for the banks and issued specific guidelines for the structure, quantification and management of risk on an integrated approach.
CBSL Direction No. 5 of 2013 – Supervisory Review Process (Pillar 2 of Basel II) for Licensed Commercial Banks and the Licensed Specialised Banks.
CBSL Guidelines issued on 31 March 2014 on quantification of operational risk under the Standardised Approach of Basel II. Under this approach, the gross income of the banks will be recognised in 8 different business lines and different alpha factors (prescribed by the Basel II) will be applicable to quantify the operational risk exposures.
In October 2014, CBSL issued consultative guidelines for implementation of the minimum liquidity standards (Liquidity Coverage Ratio to be maintained by the banks - minimum 60%) under Basel III. Accordingly, Banks will be required to maintain an adequate level of unencumbered High Quality Liquid Assets (HQLAs) that can be easily and readily converted into cash to meet their liquidity needs for a 30 calendar day time horizon under a significantly severe liquidity stress scenario. These guidelines are to be implemented from April 2015.
Guidelines on Stress Testing of Licensed Commercial Banks and Licensed Specialised Banks were released by Bank Supervision Department in September 2014. The new direction has given recommendations for various sensitivity and stress test scenarios to be carried out to determine credit, exchange rate, interest rate, equity, liquidity, operational and other risks.
The regulation issued by CBSL in December 2014 requires LCBs and LSBs to increase their Core capital (equity capital) to LKR 10 billion and LKR 5 billion respectively, commencing 1 January 2016. This new CBSL direction will have no impact on DFCC Group. DVB on a solo basis currently demonstrates a need for fresh capital infusion to meet this regulatory requirement. However, under the on-going arrangements for merger of DFCC Bank and DVB, such a capital infusion requirement will not arise.

Risk Category	Impact	Key Risk Indicators	Statutory/ Internal Limit	Position as at 31.03.2015
Integrated Risk Management	An adequate level of capital is required to absorb unexpected losses without affecting the Bank’s stability. (Total capital as a percentage of total risk-weighted assets)	Capital Adequacy Ratio (Core capital as a percentage of total risk-weighted asset)	Regulatory	Complied
		Capital Adequacy Ratio (Total capital as a percentage of total risk-weighted asset)	Regulatory	Complied <
		Capital Adequacy Ratio (Tier I as a percentage of total risk-weighted assets)	Internal	Complied
Concentration/Credit Risk Management	When the credit portfolio is concentrated to a few borrowers or a few groups of borrowers with large exposures, there is a high risk of a substantial loss due to failure of one such borrower.	Single Borrower Limit - Individual (Amount of accommodation granted to any single company, public corporation, firm, association of persons or an individual/capital base)	Regulatory	Complied
		Single Borrower limit - Group	Regulatory	Complied
		Aggregate large accommodation (Sum of total of the outstanding amount of accommodation granted to customers whose accommodation exceeds 15% of the capital base/outstanding amount of accommodation granted by the Bank to total customers excluding the Government of Sri Lanka)	Regulatory	Complied
		Aggregate limits for related parties (Accommodation to related parties as the CBSL Direction/Regulatory Capital)	Internal	Complied
		Exposure to agriculture sector (As per the CBSL Direction)	Regulatory	Complied
		Exposure to each industry sector (On-Balance Sheet exposure to each industry as a percentage of total Lending Portfolio)	Internal	Complied
		Exposure to selected regions (On-Balance Sheet exposure to the regions as a percentage of the Total Lending Portfolio)	Internal	Complied
		Leases Portfolio (On-Balance Sheet exposure to the leasing product as a percentage of Total Lending Portfolio Plus Securities Portfolio)	Internal	Complied
		Exposure to GOSL	Internal	Complied
		Non-Performing Ratio	Internal	Complied
		Industry HHI	Internal	Complied
		Maximum expected loss limits for each product line	Internal	Complied
		Loan & OD - Exposure in BB and below grades	Internal	Complied
		Loan & OD - Exposure in B and below grades	Internal	Complied
		Leasing - Exposure in BB and below grades	Internal	Complied
		Leasing - Exposure in B and below grades	Internal	Complied
		Target Rating-wise PDs and provisions	Internal	Complied
		Margin trading (Aggregate exposure of margin loans extended/total loans and advances)	Internal	Complied
		Maturity profile of loan book (Loans and advances with maturity of less than one year/total loans and advances	Internal	Complied
		Pawning portfolio (Aggregate exposure of pawning portfolio/total loans and advances)	Internal	Complied
Liquidity Risk Management	If adequate liquidity is not maintained, the Bank will be unable to fund the Bank’s commitments and planned assets growth without incurring costs or losses.	Liquid Asset Ratio for DBU (Average Monthly liquid assets/total monthly deposit liabilities)	Regulatory	Complied
		Liquid Asset Ratio for FCBU	Regulatory	Complied
		Loans to Deposit Ratio	Internal	Limit exceeded
		(However, this ratio was brought within the limit subsequent to the reporting date)
		Liquidity gap limits	Internal	Complied
Market Risk Management		Forex Net Open Long Position	Regulatory	Complied
		Forex Net Open Short Position	Regulatory	Complied
		Limit for counter party Off-Balance Sheet Market Risk	Internal	Complied
		Aggregate interbank exposure	Internal	Complied
		Limit for settlement risk arising from market risk	Internal	Complied
Investment Risk		Equity exposure – Individual (Equity Investment in a private OR public company/Capital fund of the Bank)	Regulatory	Complied
		Equity exposure – Individual (Equity investment in a private OR public company/Paid-up capital of the Company)	Regulatory	Complied
		Aggregate equity exposure in public companies (Aggregate amount of equity investments in public companies/capital fund of the Bank)	Regulatory	Complied
		Aggregate equity exposure in private companies (Aggregate amount of equity investments in private companies/capital fund of the Bank)	Regulatory	Complied
		Aggregate equity exposure in private and public companies (Total investments in private and public companies/capital fund of the bank)	Regulatory	Complied
		Equity exposure (Equity exposure as a percentage of Total Lending Portfolio plus Securities Portfolio)	Internal	Complied
Operational Efficiency		Cost to income ratio (Solo) - Operational Cost/Operational Income	Internal	Complied
Operational Risk	Adequately places policies, processes, and systems will ensure and mitigate against excessive risks arising. This will result in the stability of the Bank.	Reputation risk of the Bank and Group (Zero risk appetite)	Internal	Complied
		Significant regulatory breaches (Zero risk appetite)	Internal	Complied
		Inability to recover from business disruptions over and above the Recovery Time Objectives (RTO) as defined in the BCP of the Bank (Zero risk appetite)	Internal	Complied
		Mis-selling of financial products and services (Zero risk appetite)	Internal	Complied
		Failure to undertake risk-based customer due diligence (Zero risk appetite)	Internal	Complied
		Internal fraud (Zero tolerance for losses due to acts of a type intended to defraud, misappropriate property or circumvent regulations, the law or bank policy, excluding diversity/discrimination events, which involves at least one internal party).	Internal	Complied
		External fraud (Very low appetite for losses due to act of a type intended to defraud misappropriate property or circumvent laws, by a third party)	Internal	Complied
		Employee practices and workplace safety (Zero appetite for losses arising from acts inconsistent with employment, health or safety laws or agreements from payment of personal injury claims, or from diversity/discrimination events)	Internal	Complied
		Client products and business practices (Zero risk appetite for losses arising from an unintentional or negligent, failure to meet a professional obligation to specific clients (including fiduciary and suitability requirements) or from the nature or design of a product).	Internal	Complied
		Damage to physical assets (Very low appetite for loss arises from loss or damage to physical assets from natural disaster or other events).	Internal	Complied
		Business disruption and systems failures (Very low appetite for business disruptions/system failures for more than 30 minutes during service hours).	Internal	Complied
		Execution, delivery and process management (Very low appetite for losses from failed transaction processing or process management).	Internal	Complied